WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Really, REALLY slow computer

Started by tvhevh , Mar 23 2006 09:07 PM

This topic is locked

17 replies to this topic

#1 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 23 March 2006 - 09:07 PM

All:

In the past two days, this PC has slowed up considerably. It takes forever to do anything, and I can't figure out why.

Here's a HJT log I just ran (yes, I know it has McAfee, but it didn't run this slow before, and McAfee was on and running):

Logfile of HijackThis v1.99.1
Scan saved at 8:57:18 PM, on 3/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Desktop\NEW FOLDER (2)\HijackThis.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WINDOW~4\WinSB.DLL (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [WTSI] C:\WINDOWS\System32\wapisvit.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {0AA55FA0-3A6E-11D3-B9D9-E071A3C103D0} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

Thanks--Tom vonHatten

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 02 April 2006 - 06:26 AM

Hello tvhevh, Welcome to the forum.

This is what I suggest you do.

Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 03 April 2006 - 11:56 PM

I've done all that you listed, and think things are a little faster than they were before. i won't really know until tomorrow afternoon--it's really, REALLY late, and I'm going to bed after posting this. The HJT log will be first, then the Spy sweeper log.

Thanks--Tom vonHatten

Logfile of HijackThis v1.99.1
Scan saved at 1:41:52 AM, on 4/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\Default\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {0AA55FA0-3A6E-11D3-B9D9-E071A3C103D0} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

********
10:40 PM: | Start of Session, Monday, April 03, 2006 |
10:40 PM: Spy Sweeper started
10:40 PM: Sweep initiated using definitions version 648
10:40 PM: Starting Memory Sweep
10:50 PM: Memory Sweep Complete, Elapsed Time: 00:10:03
10:50 PM: Starting Registry Sweep
10:50 PM: Found Trojan Horse: 2nd-thought
10:50 PM: HKCR\applications\mypcsearch.exe\ (ID = 101973)
10:50 PM: HKCR\applications\stc.exe\ (3 subtraces) (ID = 101974)
10:50 PM: HKCR\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (13 subtraces) (ID = 101977)
10:50 PM: HKCR\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (7 subtraces) (ID = 101978)
10:50 PM: HKCR\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (8 subtraces) (ID = 101979)
10:50 PM: HKCR\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (7 subtraces) (ID = 101980)
10:50 PM: HKCR\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (7 subtraces) (ID = 101981)
10:50 PM: HKCR\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (7 subtraces) (ID = 101982)
10:50 PM: HKCR\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (7 subtraces) (ID = 101983)
10:50 PM: HKCR\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (7 subtraces) (ID = 101984)
10:50 PM: HKCR\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (7 subtraces) (ID = 101985)
10:50 PM: HKCR\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (7 subtraces) (ID = 101986)
10:50 PM: HKLM\software\classes\applications\mypcsearch.exe\ (ID = 101989)
10:50 PM: HKLM\software\classes\applications\stc.exe\ (3 subtraces) (ID = 101990)
10:50 PM: HKLM\software\classes\interface\{6e0ed53c-9908-49ed-b055-7cb31b162577}\ (7 subtraces) (ID = 101993)
10:50 PM: HKLM\software\classes\interface\{8c53bd8e-b12d-4c8f-ad0e-c9ddc39d1273}\ (8 subtraces) (ID = 101994)
10:50 PM: HKLM\software\classes\interface\{9bcdd51b-4a7b-446c-8452-d32d38004582}\ (7 subtraces) (ID = 101995)
10:50 PM: HKLM\software\classes\interface\{49db48ff-02b5-4645-b676-94a4df1aa026}\ (7 subtraces) (ID = 101996)
10:50 PM: HKLM\software\classes\interface\{830d3aed-2fa9-454f-b266-d931862bbf34}\ (7 subtraces) (ID = 101997)
10:50 PM: HKLM\software\classes\interface\{a986f4db-792e-4571-8974-0bb6e024766f}\ (7 subtraces) (ID = 101998)
10:50 PM: HKLM\software\classes\interface\{bccab53d-0895-40c3-a942-a03538ce227a}\ (7 subtraces) (ID = 101999)
10:50 PM: HKLM\software\classes\interface\{c0f88e9e-dceb-4655-968a-ae508a677c39}\ (7 subtraces) (ID = 102000)
10:50 PM: HKLM\software\classes\interface\{d7eac2d8-2d52-4010-a4ad-dfdf60c1706c}\ (7 subtraces) (ID = 102001)
10:50 PM: HKLM\software\classes\swrt01.rt\ (3 subtraces) (ID = 102002)
10:50 PM: HKCR\swrt01.rt\ (3 subtraces) (ID = 102024)
10:50 PM: Found Adware: blazefind
10:50 PM: HKCR\clsid\{1e432263-6841-4653-8f02-366a2f77e339}\ (11 subtraces) (ID = 104440)
10:50 PM: HKCR\clsid\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}\ (11 subtraces) (ID = 104444)
10:50 PM: HKCR\clsid\{a1dd937d-71e1-4bb5-bd5d-1b01b9cb1c2f}\ (11 subtraces) (ID = 104453)
10:50 PM: HKLM\software\classes\clsid\{1e432263-6841-4653-8f02-366a2f77e339}\ (11 subtraces) (ID = 104473)
10:50 PM: HKLM\software\classes\clsid\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}\ (11 subtraces) (ID = 104477)
10:50 PM: HKLM\software\classes\clsid\{a1dd937d-71e1-4bb5-bd5d-1b01b9cb1c2f}\ (11 subtraces) (ID = 104485)
10:50 PM: HKLM\software\classes\windowssb.autosearch.1\ (3 subtraces) (ID = 104505)
10:50 PM: HKLM\software\classes\windowssb.autosearch\ (5 subtraces) (ID = 104506)
10:50 PM: HKLM\software\classes\windowssb.band.1\ (3 subtraces) (ID = 104507)
10:50 PM: HKLM\software\classes\windowssb.band\ (5 subtraces) (ID = 104508)
10:50 PM: HKLM\software\classes\windowssb.eventhandler.1\ (3 subtraces) (ID = 104509)
10:50 PM: HKLM\software\classes\windowssb.eventhandler\ (5 subtraces) (ID = 104510)
10:50 PM: HKLM\software\classes\windowssb.eventhandler\curver\ (1 subtraces) (ID = 104511)
10:50 PM: HKLM\software\microsoft\windows\ || infamous (ID = 104517)
10:50 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{9fb534e3-67cb-4307-ae0a-9e8b5581be2c}\ (ID = 104520)
10:50 PM: HKCR\windowssb.autosearch.1\ (3 subtraces) (ID = 104571)
10:50 PM: HKCR\windowssb.autosearch\ (5 subtraces) (ID = 104572)
10:50 PM: HKCR\windowssb.band.1\ (3 subtraces) (ID = 104573)
10:50 PM: HKCR\windowssb.band\ (5 subtraces) (ID = 104574)
10:50 PM: HKCR\windowssb.eventhandler.1\ (3 subtraces) (ID = 104575)
10:50 PM: HKCR\windowssb.eventhandler\ (5 subtraces) (ID = 104576)
10:51 PM: Found Adware: delfin
10:51 PM: HKLM\software\dsi\ (ID = 124852)
10:51 PM: Found Adware: ie driver
10:51 PM: HKLM\software\microsoft\internet explorer\extensions\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (4 subtraces) (ID = 127931)
10:51 PM: HKLM\software\microsoft\windows\currentversion\run\ || bakra (ID = 127986)
10:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{8f9fbeb8-d216-4d6c-8d21-513157e09c0d}\ (4 subtraces) (ID = 128062)
10:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\ (2 subtraces) (ID = 128065)
10:51 PM: Found Adware: wild media - minigolf
10:51 PM: HKLM\software\minigolf\ (1 subtraces) (ID = 135062)
10:51 PM: Found Adware: virtualbouncer
10:51 PM: HKLM\software\classes\clsid\{8940e505-72c6-44de-be85-1d746780efbf}\ (13 subtraces) (ID = 145549)
10:51 PM: HKLM\software\classes\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (9 subtraces) (ID = 145551)
10:51 PM: HKCR\typelib\{5e594162-60a9-487d-84b8-dbdd716cb862}\ (9 subtraces) (ID = 145565)
10:51 PM: Found Adware: websearch toolbar
10:51 PM: HKLM\software\microsoft\windows\currentversion\installer\userdata\aui\ (1 subtraces) (ID = 146479)
10:51 PM: Found Adware: ist surf accuracy
10:51 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfaccuracy (ID = 203069)
10:51 PM: Found Trojan Horse: trojan-backdoor-msdcom32
10:51 PM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || dcom server (ID = 385950)
10:51 PM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || dcom server (ID = 484007)
10:51 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {2c1cd3d7-86ac-4068-93bc-a02304bb8c34} (ID = 510271)
10:51 PM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || dcom server (ID = 1144322)
10:51 PM: HKU\S-1-5-21-1708537768-1993962763-1060284298-1000\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
10:51 PM: Found Adware: purityscan
10:51 PM: HKU\S-1-5-21-1708537768-1993962763-1060284298-1000\software\microsoft\windows\currentversion\run\ || wtsi (ID = 138934)
10:51 PM: Registry Sweep Complete, Elapsed Time:00:00:47
10:51 PM: Starting Cookie Sweep
10:51 PM: Found Spy Cookie: imgis cookie
10:51 PM: default@imgis[1].txt (ID = 2841)
10:51 PM: Found Spy Cookie: linkexchange cookie
10:51 PM: default@linkexchange[1].txt (ID = 2920)
10:51 PM: Found Spy Cookie: ask cookie
10:51 PM: default@www.ask[8].txt (ID = 2246)
10:51 PM: Found Spy Cookie: xiti cookie
10:51 PM: default@xiti[1].txt (ID = 3717)
10:51 PM: Found Spy Cookie: avenuea cookie
10:51 PM: default@avenuea[2].txt (ID = 2259)
10:51 PM: Found Spy Cookie: adscmedia cookie
10:51 PM: default@ads.cimedia[2].txt (ID = 2100)
10:51 PM: Found Spy Cookie: about cookie
10:51 PM: default@about[1].txt (ID = 2037)
10:51 PM: Found Spy Cookie: preferences cookie
10:51 PM: default@gm.preferences[1].txt (ID = 3184)
10:51 PM: Found Spy Cookie: excite cookie
10:51 PM: default@classifieds.excite[1].txt (ID = 2632)
10:51 PM: default@preferences[1].txt (ID = 3183)
10:51 PM: Found Spy Cookie: sexhound cookie
10:51 PM: default@sexhound[2].txt (ID = 3351)
10:51 PM: Found Spy Cookie: admaximize cookie
10:51 PM: default@ads.admaximize[1].txt (ID = 2077)
10:51 PM: Found Spy Cookie: go.com cookie
10:51 PM: default@go[2].txt (ID = 2728)
10:51 PM: Found Spy Cookie: infospace cookie
10:51 PM: default@infospace[2].txt (ID = 2865)
10:51 PM: Found Spy Cookie: click2net cookie
10:51 PM: default@click2net[1].txt (ID = 2392)
10:51 PM: Found Spy Cookie: hyperbanner cookie
10:51 PM: default@hyperbanner[1].txt (ID = 2815)
10:51 PM: Found Spy Cookie: customer cookie
10:51 PM: default@customer[1].txt (ID = 2481)
10:51 PM: default@ask[6].txt (ID = 2245)
10:51 PM: Found Spy Cookie: l2m.net cookie
10:51 PM: default@l2m[1].txt (ID = 2913)
10:51 PM: Found Spy Cookie: datais cookie
10:51 PM: default@ads.datais[1].txt (ID = 2498)
10:51 PM: Found Spy Cookie: dealtime cookie
10:51 PM: default@dealtime[4].txt (ID = 2505)
10:51 PM: Found Spy Cookie: ngadcenter cookie
10:51 PM: default@ngadcenter[2].txt (ID = 3079)
10:51 PM: default@static.admaximize[1].txt (ID = 2077)
10:51 PM: Found Spy Cookie: smni cookie
10:51 PM: default@smni[1].txt (ID = 3389)
10:51 PM: default@sexhound[1].txt (ID = 3351)
10:51 PM: Found Spy Cookie: emode cookie
10:51 PM: default@emode[2].txt (ID = 2603)
10:51 PM: Found Spy Cookie: bizrate cookie
10:51 PM: default@bizrate[1].txt (ID = 2308)
10:51 PM: default@searchb.disney.go[1].txt (ID = 2729)
10:51 PM: default@ask[3].txt (ID = 2245)
10:51 PM: default@www.ask[4].txt (ID = 2246)
10:51 PM: default@preferences[2].txt (ID = 3183)
10:51 PM: default@ads.admaximize[3].txt (ID = 2077)
10:51 PM: default@www.dealtime[1].txt (ID = 2506)
10:51 PM: default@dealtime[1].txt (ID = 2505)
10:51 PM: default@www.ask[1].txt (ID = 2246)
10:51 PM: default@preferences[4].txt (ID = 3183)
10:51 PM: Found Spy Cookie: myaffiliateprogram.com cookie
10:51 PM: default@www.myaffiliateprogram[2].txt (ID = 3032)
10:51 PM: Found Spy Cookie: paycounter cookie
10:51 PM: default@count.paycounter[2].txt (ID = 3116)
10:51 PM: Found Spy Cookie: web-stat cookie
10:51 PM: default@www.web-stat[1].txt (ID = 3649)
10:51 PM: Found Spy Cookie: belointeractive cookie
10:51 PM: default@belointeractive[2].txt (ID = 2294)
10:51 PM: default@bizrate[3].txt (ID = 2308)
10:51 PM: Found Spy Cookie: pokerroom cookie
10:51 PM: default@pokerroom[2].txt (ID = 3149)
10:51 PM: default@www.ask[6].txt (ID = 2246)
10:51 PM: Found Spy Cookie: homestore cookie
10:51 PM: anyuser@homestore[1].txt (ID = 2793)
10:51 PM: default@ask[4].txt (ID = 2245)
10:51 PM: anyuser@smni[1].txt (ID = 3389)
10:51 PM: default@sexhound[3].txt (ID = 3351)
10:51 PM: Found Spy Cookie: clickagents cookie
10:51 PM: default@ads.clickagents[2].txt (ID = 2395)
10:51 PM: Found Spy Cookie: coolsavings cookie
10:51 PM: default@coolsavings[1].txt (ID = 2465)
10:51 PM: Found Spy Cookie: banner cookie
10:51 PM: default@banner[2].txt (ID = 2276)
10:51 PM: Found Spy Cookie: webtrendslive cookie
10:51 PM: default@S116311[1].txt (ID = 3680)
10:51 PM: default@cm.ask[1].txt (ID = 2246)
10:51 PM: Found Spy Cookie: servlet cookie
10:51 PM: default@servlet[2].txt (ID = 3345)
10:51 PM: default@preferences[5].txt (ID = 3183)
10:51 PM: default@stat.dealtime[2].txt (ID = 2506)
10:51 PM: Found Spy Cookie: exitfuel cookie
10:51 PM: default@exitfuel[1].txt (ID = 2635)
10:51 PM: default@disneyshopping.go[1].txt (ID = 2729)
10:51 PM: default@go[1].txt (ID = 2728)
10:51 PM: default@ask[1].txt (ID = 2245)
10:51 PM: default@smni[2].txt (ID = 3389)
10:51 PM: Found Spy Cookie: adultrevenueservice cookie
10:51 PM: default@adultrevenueservice[1].txt (ID = 2167)
10:51 PM: default@linkexchange[3].txt (ID = 2920)
10:51 PM: Found Spy Cookie: stamps.com cookie
10:51 PM: default@stamps[1].txt (ID = 3437)
10:51 PM: default@ask[2].txt (ID = 2245)
10:51 PM: Found Spy Cookie: rightmedia cookie
10:51 PM: default@rightmedia[2].txt (ID = 3259)
10:51 PM: Found Spy Cookie: howstuffworks cookie
10:51 PM: default@howstuffworks[2].txt (ID = 2805)
10:51 PM: Found Spy Cookie: realmedia cookie
10:51 PM: default@icover.realmedia[2].txt (ID = 3236)
10:51 PM: default@exitfuel[2].txt (ID = 2635)
10:51 PM: Found Spy Cookie: go2net.com cookie
10:51 PM: default@go2net[2].txt (ID = 2730)
10:51 PM: default@about[5].txt (ID = 2037)
10:51 PM: default@about[3].txt (ID = 2037)
10:51 PM: default@go[3].txt (ID = 2728)
10:51 PM: default@homepage.belointeractive[1].txt (ID = 2295)
10:51 PM: default@preferences[3].txt (ID = 3183)
10:51 PM: default@sexhound[5].txt (ID = 3351)
10:51 PM: default@s2a.realmedia[2].txt (ID = 3236)
10:51 PM: default@bizrate[2].txt (ID = 2308)
10:51 PM: default@oas-central.realmedia[2].txt (ID = 3236)
10:51 PM: anyuser@www.ask[1].txt (ID = 2246)
10:51 PM: Found Spy Cookie: cgi-win cookie
10:51 PM: default@cgi-win[2].txt (ID = 2376)
10:51 PM: Found Spy Cookie: adorigin cookie
10:51 PM: default@adorigin[1].txt (ID = 2082)
10:51 PM: default@www.myaffiliateprogram[1].txt (ID = 3032)
10:51 PM: default@www.ask[2].txt (ID = 2246)
10:51 PM: Found Spy Cookie: adjuggler cookie
10:51 PM: default@rotator.adjuggler[1].txt (ID = 2071)
10:51 PM: Found Spy Cookie: fastclick cookie
10:51 PM: default@fastclick[2].txt (ID = 2651)
10:51 PM: default@adultrevenueservice[2].txt (ID = 2167)
10:51 PM: default@www.ask[3].txt (ID = 2246)
10:51 PM: default@infospace[3].txt (ID = 2865)
10:51 PM: default@ask[5].txt (ID = 2245)
10:51 PM: default@web.ask[2].txt (ID = 2246)
10:51 PM: default@linkexchange[4].txt (ID = 2920)
10:51 PM: default@oas-central.realmedia[1].txt (ID = 3236)
10:51 PM: default@about[4].txt (ID = 2037)
10:51 PM: Found Spy Cookie: wtlive.com cookie
10:51 PM: default@p.wtlive[1].txt (ID = 3700)
10:51 PM: default@www.ask[5].txt (ID = 2246)
10:51 PM: Found Spy Cookie: ad-rotator cookie
10:51 PM: default@ad-rotator[1].txt (ID = 2051)
10:51 PM: Found Spy Cookie: mircx cookie
10:51 PM: default@pop.mircx[1].txt (ID = 2998)
10:51 PM: default@espn.go[1].txt (ID = 2729)
10:51 PM: default@coolsavings[3].txt (ID = 2465)
10:51 PM: default@geography.about[1].txt (ID = 2038)
10:51 PM: default@k-6educators.about[2].txt (ID = 2038)
10:51 PM: Found Spy Cookie: exitexchange cookie
10:51 PM: default@exitexchange[1].txt (ID = 2633)
10:51 PM: Found Spy Cookie: linksponsor cookie
10:51 PM: default@ads.linksponsor[1].txt (ID = 2925)
10:51 PM: Found Spy Cookie: nextag cookie
10:51 PM: default@nextag[3].txt (ID = 5014)
10:51 PM: Found Spy Cookie: tripod cookie
10:51 PM: default@todayinsci.tripod[1].txt (ID = 3592)
10:51 PM: Found Spy Cookie: yadro cookie
10:51 PM: default@yadro[2].txt (ID = 3743)
10:51 PM: default@linkexchange[2].txt (ID = 2920)
10:51 PM: default@jeff.mills.tripod[1].txt (ID = 3592)
10:51 PM: default@answerpoint.ask[1].txt (ID = 2246)
10:51 PM: default@about[6].txt (ID = 2037)
10:51 PM: default@infospace[1].txt (ID = 2865)
10:51 PM: default@dealtime[3].txt (ID = 2505)
10:51 PM: default@web.ask[3].txt (ID = 2246)
10:51 PM: default@web.ask[1].txt (ID = 2246)
10:51 PM: Found Spy Cookie: atwola cookie
10:51 PM: default@atwola[2].txt (ID = 2255)
10:51 PM: default@smni[4].txt (ID = 3389)
10:51 PM: default@adorigin[2].txt (ID = 2082)
10:51 PM: Found Spy Cookie: pricegrabber cookie
10:51 PM: default@www.pricegrabber[2].txt (ID = 3186)
10:51 PM: default@servlet[1].txt (ID = 3345)
10:51 PM: Found Spy Cookie: metareward.com cookie
10:51 PM: default@metareward[2].txt (ID = 2990)
10:51 PM: Found Spy Cookie: www.mature-post cookie
10:51 PM: default@www.mature-post[1].txt (ID = 3703)
10:51 PM: default@infospace[5].txt (ID = 2865)
10:51 PM: default@sewing.about[2].txt (ID = 2038)
10:51 PM: Found Spy Cookie: domain sponsor cookie
10:51 PM: default@search.domainsponsor[1].txt (ID = 2534)
10:51 PM: Found Spy Cookie: 89.com cookie
10:51 PM: default@216.71.89[1].txt (ID = 2022)
10:51 PM: default@www.myaffiliateprogram[4].txt (ID = 3032)
10:51 PM: default@www.ask[9].txt (ID = 2246)
10:51 PM: default@pricegrabber[1].txt (ID = 3185)
10:51 PM: default@espn.go[3].txt (ID = 2729)
10:51 PM: Found Spy Cookie: reunion cookie
10:51 PM: default@reunion[2].txt (ID = 3255)
10:51 PM: default@mentalhealth.about[1].txt (ID = 2038)
10:51 PM: Found Spy Cookie: specificclick.com cookie
10:51 PM: default@ads.specificclick[1].txt (ID = 3400)
10:51 PM: Found Spy Cookie: burstbeacon cookie
10:51 PM: default@www.burstbeacon[2].txt (ID = 2335)
10:51 PM: Found Spy Cookie: gorillanation cookie
10:51 PM: default@ads.gorillanation[1].txt (ID = 2744)
10:51 PM: default@about[7].txt (ID = 2037)
10:51 PM: default@howstuffworks[3].txt (ID = 2805)
10:51 PM: default@inventors.about[1].txt (ID = 2038)
10:51 PM: default@specialed.about[1].txt (ID = 2038)
10:51 PM: default@go2net[1].txt (ID = 2730)
10:51 PM: default@go[5].txt (ID = 2728)
10:51 PM: default@news.ask[1].txt (ID = 2246)
10:51 PM: default@nascar.about[2].txt (ID = 2038)
10:51 PM: default@dealtime[2].txt (ID = 2505)
10:51 PM: default@bizrate[4].txt (ID = 2308)
10:51 PM: Found Spy Cookie: one-time-offer cookie
10:51 PM: default@one-time-offer[1].txt (ID = 3095)
10:51 PM: default@ask[7].txt (ID = 2245)
10:51 PM: default@sports.espn.go[1].txt (ID = 2729)
10:51 PM: default@atwola[3].txt (ID = 2255)
10:51 PM: default@boards.espn.go[1].txt (ID = 2729)
10:51 PM: default@www3.nextag[1].txt (ID = 5015)
10:51 PM: default@web.ask[4].txt (ID = 2246)
10:51 PM: default@nextag[2].txt (ID = 5014)
10:51 PM: default@stat.dealtime[3].txt (ID = 2506)
10:51 PM: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie
10:51 PM: default@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt (ID = 2501)
10:51 PM: Found Spy Cookie: gotoast cookie
10:51 PM: default@gotoast[2].txt (ID = 2751)
10:51 PM: default@S005-01-9-28-233860-106434[2].txt (ID = 3679)
10:51 PM: default@go[6].txt (ID = 2728)
10:51 PM: default@smni[3].txt (ID = 3389)
10:51 PM: Found Spy Cookie: popups.infostart cookie
10:51 PM: default@popups.infostart[1].txt (ID = 3159)
10:51 PM: default@msn.espn.go[1].txt (ID = 2729)
10:51 PM: default@abcnews.go[1].txt (ID = 2729)
10:51 PM: default@rpm.espn.go[1].txt (ID = 2729)
10:51 PM: default@sendtofriend.espn.go[1].txt (ID = 2729)
10:51 PM: default@emode[3].txt (ID = 2603)
10:51 PM: Found Spy Cookie: clickxchange adware cookie
10:51 PM: default@www.clickxchange[2].txt (ID = 2409)
10:51 PM: Found Spy Cookie: 2o7.net cookie
10:51 PM: default@112.2o7[1].txt (ID = 1958)
10:51 PM: Found Spy Cookie: seeq cookie
10:51 PM: default@www48.seeq[1].txt (ID = 3332)
10:51 PM: Found Spy Cookie: xuppa cookie
10:51 PM: default@xuppa[2].txt (ID = 3729)
10:51 PM: Found Spy Cookie: 66.70.21 cookie
10:51 PM: default@66.70.21[1].txt (ID = 1999)
10:51 PM: Found Spy Cookie: popuptraffic cookie
10:51 PM: default@www.popuptraffic[2].txt (ID = 3164)
10:51 PM: Found Spy Cookie: netflip.com cookie
10:51 PM: default@netflip[2].txt (ID = 3063)
10:51 PM: Found Spy Cookie: ugo cookie
10:51 PM: default@mediamgr.ugo[2].txt (ID = 3609)
10:51 PM: default@classiclit.about[2].txt (ID = 2038)
10:51 PM: Found Spy Cookie: adecn cookie
10:51 PM: default@adecn[2].txt (ID = 2063)
10:51 PM: default@careerplanning.about[1].txt (ID = 2038)
10:51 PM: default@add.about[2].txt (ID = 2038)
10:51 PM: default@www.seeq[1].txt (ID = 3332)
10:51 PM: default@bizrate[5].txt (ID = 2308)
10:51 PM: default@atwola[4].txt (ID = 2255)
10:51 PM: Found Spy Cookie: 64.62.232 cookie
10:51 PM: default@64.62.232[2].txt (ID = 1987)
10:51 PM: Found Spy Cookie: belnk cookie
10:51 PM: default@belnk[1].txt (ID = 2292)
10:51 PM: default@dist.belnk[3].txt (ID = 2293)
10:51 PM: default@dcstest.wtlive[1].txt (ID = 3700)
10:51 PM: default@ath.belnk[2].txt (ID = 2293)
10:51 PM: default@reunion[4].txt (ID = 3255)
10:51 PM: default@nextag[4].txt (ID = 5014)
10:51 PM: Found Spy Cookie: azjmp cookie
10:51 PM: default@azjmp[2].txt (ID = 2270)
10:51 PM: default@adopt.specificclick[2].txt (ID = 3400)
10:51 PM: default@64.62.232[3].txt (ID = 1987)
10:51 PM: default@64.62.232[4].txt (ID = 1987)
10:51 PM: Found Spy Cookie: fe.lea.lycos.com cookie
10:51 PM: default@fe.lea.lycos[1].txt (ID = 2660)
10:51 PM: default@stat.dealtime[4].txt (ID = 2506)
10:51 PM: default@pricegrabber[3].txt (ID = 3185)
10:51 PM: Found Spy Cookie: gamespy cookie
10:51 PM: default@gamespy[1].txt (ID = 2719)
10:51 PM: default@search.domainsponsor[2].txt (ID = 2534)
10:51 PM: default@about[8].txt (ID = 2037)
10:51 PM: default@www.web-stat[2].txt (ID = 3649)
10:51 PM: default@infospace[4].txt (ID = 2865)
10:51 PM: default@msnportal.112.2o7[1].txt (ID = 1958)
10:51 PM: Found Spy Cookie: websponsors cookie
10:51 PM: default@a.websponsors[1].txt (ID = 3665)
10:51 PM: default@beauty.about[1].txt (ID = 2038)
10:51 PM: default@ad.reunion[3].txt (ID = 3256)
10:51 PM: default@belointeractive[1].txt (ID = 2294)
10:51 PM: default@dcsklxjd7oifwzramfu7ehxd9_2j2f[1].txt (ID = 3676)
10:51 PM: default@bizrate[7].txt (ID = 2308)
10:51 PM: default@dist.belnk[2].txt (ID = 2293)
10:51 PM: default@about[2].txt (ID = 2037)
10:51 PM: default@servlet[4].txt (ID = 3345)
10:51 PM: default@reunion[1].txt (ID = 3255)
10:51 PM: Found Spy Cookie: associated new media cookie
10:51 PM: default@anm.co[2].txt (ID = 2223)
10:51 PM: default@ad.reunion[2].txt (ID = 3256)
10:51 PM: default@64.62.232[1].txt (ID = 1987)
10:51 PM: default@atwola[1].txt (ID = 2255)
10:51 PM: default@stat.dealtime[1].txt (ID = 2506)
10:51 PM: Found Spy Cookie: starware.com cookie
10:51 PM: default@starware[2].txt (ID = 3441)
10:51 PM: Found Spy Cookie: 3 cookie
10:51 PM: default@3[2].txt (ID = 1959)
10:51 PM: Found Spy Cookie: cursorzone cookie
10:51 PM: default@cursorzone[2].txt (ID = 2479)
10:51 PM: default@exitexchange[3].txt (ID = 2633)
10:51 PM: default@a.websponsors[2].txt (ID = 3665)
10:51 PM: Found Spy Cookie: screensavers.com cookie
10:51 PM: default@www.screensavers[1].txt (ID = 3298)
10:51 PM: default@go[4].txt (ID = 2728)
10:51 PM: default@adopt.specificclick[3].txt (ID = 3400)
10:51 PM: default@disney.go[2].txt (ID = 2729)
10:51 PM: default@216.71.89[3].txt (ID = 2022)
10:51 PM: default@www.web-stat[4].txt (ID = 3649)
10:51 PM: default@espn.go[2].txt (ID = 2729)
10:51 PM: Found Spy Cookie: precisead cookie
10:51 PM: default@adopt.precisead[2].txt (ID = 3182)
10:51 PM: default@azjmp[3].txt (ID = 2270)
10:51 PM: default@disney.store.go[1].txt (ID = 2729)
10:51 PM: Found Spy Cookie: upspiral cookie
10:51 PM: default@upspiral[1].txt (ID = 3614)
10:51 PM: Found Spy Cookie: trb.com cookie
10:51 PM: default@trb[1].txt (ID = 3587)
10:51 PM: default@trb[2].txt (ID = 3587)
10:51 PM: default@rightmedia[3].txt (ID = 3259)
10:51 PM: default@bizrate[6].txt (ID = 2308)
10:51 PM: default@indigio.122.2o7[2].txt (ID = 1958)
10:51 PM: default@disney.go[1].txt (ID = 2729)
10:51 PM: Found Spy Cookie: offeroptimizer cookie
10:51 PM: default@offeroptimizer[1].txt (ID = 3087)
10:51 PM: default@www.myaffiliateprogram[3].txt (ID = 3032)
10:51 PM: Found Spy Cookie: gostats cookie
10:51 PM: default@c3.gostats[2].txt (ID = 2748)
10:51 PM: default@gostats[2].txt (ID = 2747)
10:51 PM: Found Spy Cookie: try games cookie
10:51 PM: default@www.trygames[1].txt (ID = 3594)
10:51 PM: default@112.2o7[2].txt (ID = 1958)
10:51 PM: Found Spy Cookie: pch cookie
10:52 PM: default@www.pch[1].txt (ID = 3124)
10:52 PM: Found Spy Cookie: burstnet cookie
10:52 PM: default@www.burstnet[2].txt (ID = 2337)
10:52 PM: default@bookspan.122.2o7[1].txt (ID = 1958)
10:52 PM: default@dealtime[5].txt (ID = 2505)
10:52 PM: Found Spy Cookie: did-it cookie
10:52 PM: default@did-it[1].txt (ID = 2523)
10:52 PM: default@pch.122.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: reliablestats cookie
10:52 PM: default@stats1.reliablestats[2].txt (ID = 3254)
10:52 PM: default@sb.pch[2].txt (ID = 3124)
10:52 PM: default@stat.dealtime[5].txt (ID = 2506)
10:52 PM: default@atwola[6].txt (ID = 2255)
10:52 PM: default@howstuffworks[4].txt (ID = 2805)
10:52 PM: default@xiti[2].txt (ID = 3717)
10:52 PM: Found Spy Cookie: passion cookie
10:52 PM: default@passion[2].txt (ID = 3113)
10:52 PM: Found Spy Cookie: a cookie
10:52 PM: default@a[1].txt (ID = 2027)
10:52 PM: default@azjmp[4].txt (ID = 2270)
10:52 PM: default@c3.gostats[3].txt (ID = 2748)
10:52 PM: default@gostats[3].txt (ID = 2747)
10:52 PM: default@metareward[3].txt (ID = 2990)
10:52 PM: default@french.about[1].txt (ID = 2038)
10:52 PM: default@inventors.about[2].txt (ID = 2038)
10:52 PM: default@about[10].txt (ID = 2037)
10:52 PM: default@adopt.specificclick[4].txt (ID = 3400)
10:52 PM: default@metareward[1].txt (ID = 2990)
10:52 PM: Found Spy Cookie: tacoda cookie
10:52 PM: default@tacoda[2].txt (ID = 6444)
10:52 PM: default@vitacost.122.2o7[1].txt (ID = 1958)
10:52 PM: default@go[7].txt (ID = 2728)
10:52 PM: Found Spy Cookie: yieldmanager cookie
10:52 PM: default@ad.yieldmanager[2].txt (ID = 3751)
10:52 PM: default@azjmp[1].txt (ID = 2270)
10:52 PM: default@www.myaffiliateprogram[6].txt (ID = 3032)
10:52 PM: Found Spy Cookie: adprofile cookie
10:52 PM: default@adprofile[2].txt (ID = 2084)
10:52 PM: default@www.nextag[2].txt (ID = 5015)
10:52 PM: default@beauty.about[2].txt (ID = 2038)
10:52 PM: Found Spy Cookie: adknowledge cookie
10:52 PM: default@adknowledge[2].txt (ID = 2072)
10:52 PM: default@infospace[7].txt (ID = 2865)
10:52 PM: default@usautoparts.122.2o7[1].txt (ID = 1958)
10:52 PM: default@msnportal.112.2o7[2].txt (ID = 1958)
10:52 PM: Found Spy Cookie: videodome cookie
10:52 PM: default@videodome[1].txt (ID = 3638)
10:52 PM: Found Spy Cookie: toplist cookie
10:52 PM: default@toplist[1].txt (ID = 3557)
10:52 PM: default@entrepreneur.122.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: rn11 cookie
10:52 PM: default@rn11[2].txt (ID = 3261)
10:52 PM: default@sportingnews.122.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: clickandtrack cookie
10:52 PM: default@hits.clickandtrack[2].txt (ID = 2397)
10:52 PM: default@bookspan.122.2o7[2].txt (ID = 1958)
10:52 PM: default@trb[3].txt (ID = 3587)
10:52 PM: default@microsofteup.112.2o7[1].txt (ID = 1958)
10:52 PM: default@rsi.espn.go[1].txt (ID = 2729)
10:52 PM: default@dist.belnk[4].txt (ID = 2293)
10:52 PM: Found Spy Cookie: overture cookie
10:52 PM: default@data2.perf.overture[2].txt (ID = 3106)
10:52 PM: default@schoolspecialtyinc.122.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: hbmediapro cookie
10:52 PM: default@adopt.hbmediapro[2].txt (ID = 2768)
10:52 PM: default@abcnews.go[2].txt (ID = 2729)
10:52 PM: Found Spy Cookie: partypoker cookie
10:52 PM: default@partypoker[2].txt (ID = 3111)
10:52 PM: Found Spy Cookie: dl cookie
10:52 PM: default@dl[1].txt (ID = 2529)
10:52 PM: default@espn.go[5].txt (ID = 2729)
10:52 PM: default@stats1.reliablestats[1].txt (ID = 3254)
10:52 PM: default@atwola[7].txt (ID = 2255)
10:52 PM: Found Spy Cookie: directtrack cookie
10:52 PM: default@directtrack[1].txt (ID = 2527)
10:52 PM: default@banner[3].txt (ID = 2276)
10:52 PM: default@medium21.directtrack[2].txt (ID = 2528)
10:52 PM: default@buildabear.122.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: 888 cookie
10:52 PM: default@www.888[1].txt (ID = 2020)
10:52 PM: Found Spy Cookie: ic-live cookie
10:52 PM: default@ic-live[1].txt (ID = 2821)
10:52 PM: default@try.starware[1].txt (ID = 3442)
10:52 PM: default@stamps[2].txt (ID = 3437)
10:52 PM: default@888[2].txt (ID = 2019)
10:52 PM: default@exitexchange[2].txt (ID = 2633)
10:52 PM: Found Spy Cookie: affiliatefuel.com cookie
10:52 PM: default@r1.affiliatefuel[1].txt (ID = 2202)
10:52 PM: default@888[1].txt (ID = 2019)
10:52 PM: default@about[9].txt (ID = 2037)
10:52 PM: Found Spy Cookie: cassava cookie
10:52 PM: default@cassava[1].txt (ID = 2362)
10:52 PM: default@server3.web-stat[2].txt (ID = 3649)
10:52 PM: default@rsi.abcnews.go[1].txt (ID = 2729)
10:52 PM: default@howstuffworks[1].txt (ID = 2805)
10:52 PM: default@shopping.howstuffworks[1].txt (ID = 2806)
10:52 PM: default@www.screensavers[3].txt (ID = 3298)
10:52 PM: Found Spy Cookie: sexsearch cookie
10:52 PM: default@tour.splash.sexsearch[2].txt (ID = 3358)
10:52 PM: default@search.espn.go[1].txt (ID = 2729)
10:52 PM: default@pricegrabber[2].txt (ID = 3185)
10:52 PM: default@stat.dealtime[6].txt (ID = 2506)
10:52 PM: default@urbanlegends.about[2].txt (ID = 2038)
10:52 PM: default@i.screensavers[1].txt (ID = 3298)
10:52 PM: default@www.upspiral[1].txt (ID = 3615)
10:52 PM: default@proxy.espn.go[1].txt (ID = 2729)
10:52 PM: Found Spy Cookie: cc214142 cookie
10:52 PM: default@ads.cc214142[2].txt (ID = 2367)
10:52 PM: default@bizrate[8].txt (ID = 2308)
10:52 PM: Found Spy Cookie: hypertracker.com cookie
10:52 PM: default@hypertracker[1].txt (ID = 2817)
10:52 PM: default@ask[9].txt (ID = 2245)
10:52 PM: default@a.websponsors[3].txt (ID = 3665)
10:52 PM: default@www.burstbeacon[1].txt (ID = 2335)
10:52 PM: default@sports.espn.go[2].txt (ID = 2729)
10:52 PM: default@photo.stamps[1].txt (ID = 3438)
10:52 PM: default@frenchfood.about[2].txt (ID = 2038)
10:52 PM: default@politicalhumor.about[1].txt (ID = 2038)
10:52 PM: default@burstnet[1].txt (ID = 2336)
10:52 PM: default@tacoda[1].txt (ID = 6444)
10:52 PM: default@cbs.112.2o7[1].txt (ID = 1958)
10:52 PM: Found Spy Cookie: military cookie
10:52 PM: default@military[1].txt (ID = 2996)
10:52 PM: default@powellsbooks.122.2o7[1].txt (ID = 1958)
10:52 PM: default@fox59.trb[2].txt (ID = 3588)
10:52 PM: default@adopt.specificclick[1].txt (ID = 3400)
10:52 PM: default@disney.go[3].txt (ID = 2729)
10:52 PM: default@data3.perf.overture[2].txt (ID = 3106)
10:52 PM: default@ad.yieldmanager[3].txt (ID = 3751)
10:52 PM: Found Spy Cookie: x10 cookie
10:52 PM: default@affiliates.x10[1].txt (ID = 3712)
10:52 PM: default@chicagosuntimes.122.2o7[1].txt (ID = 1958)
10:52 PM: default@nextag[1].txt (ID = 5014)
10:52 PM: default@data1.perf.overture[1].txt (ID = 3106)
10:52 PM: default@marthastewart.122.2o7[1].txt (ID = 1958)
10:52 PM: default@yieldmanager[1].txt (ID = 3749)
10:52 PM: default@burstnet[2].txt (ID = 2336)
10:52 PM: default@adopt.specificclick[6].txt (ID = 3400)
10:52 PM: default@tacoda[4].txt (ID = 6444)
10:52 PM: default@adknowledge[3].txt (ID = 2072)
10:52 PM: default@www.burstbeacon[4].txt (ID = 2335)
10:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:28
10:52 PM: Starting File Sweep
10:52 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
10:52 PM: Found Adware: twain-tech
10:52 PM: wininit.ini (ID = 81900)
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\system.alt". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
11:05 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
11:31 PM: c:\program files\common files\dpi (ID = -2147481129)
11:53 PM: Found Adware: clearsearch
11:53 PM: c:\program files\lycos\ieagent (ID = -2147481253)
11:53 PM: Found Adware: webrebates
11:53 PM: c:\program files\webrebates (ID = -2147480054)
11:53 PM: c:\program files\maxspeed (ID = -2147480852)
12:06 AM: c:\documents and settings\all users\application data\pcsvc (27 subtraces) (ID = -2147481135)
12:06 AM: delfinky.edx (ID = 57685)
12:06 AM: delfinsi.edx (ID = 57691)
12:06 AM: delfinbd.edx (ID = 57686)
12:06 AM: delfinco.edx (ID = 57686)
12:06 AM: delfinld.edx (ID = 57686)
12:06 AM: delfined.edx (ID = 57686)
12:06 AM: delfinid.edx (ID = 57691)
12:06 AM: delfindl.edx (ID = 57686)
12:06 AM: delfinaf.edx (ID = 57679)
12:06 AM: delfinst.ebd (ID = 57692)
12:06 AM: delfintg.ebd (ID = 57693)
12:06 AM: ink_inkline023-t.dfn (ID = 57718)
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\mcafee\spamkiller\logs\filtering.log". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs961c240a-a70c-4f8f-adfd-3d9845a36420.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9a2f1db9-904b-41bf-a362-8af51ac1e05a.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0c7bc73a-9946-4859-816a-f5937a75d4fa.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3293e630-4dc8-45fa-a82b-c5aff0df8dc3.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse8693cb5-2df7-47a4-b82d-221176a4d09a.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8cd5998e-bd50-4aed-a7cf-29317f948926.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9c7f451d-7eed-4883-b9bf-165ee8bbe618.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs987cdd61-b656-476c-8cc9-87cb787e67d2.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4eca9d7e-87a2-49b1-b8fe-a06b5aca63d5.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs481e789c-0121-4563-b565-c1c43ae2e573.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsba6cadca-362a-41d6-b545-cf9bed1019c9.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse63ccbda-fcd0-4d5c-a486-70d6337e9e47.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4bfe1ef8-cc30-42f3-b948-2edb3031dfb6.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbde5df81-02dc-4383-869c-4717d14e4bee.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3a5fd582-78c6-40d6-8e75-47da83226e11.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf68fbe31-4ed5-41d8-b7e0-d6c698876ac7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs82620e9a-9b8a-48bd-b688-03e44034b677.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7b330c4e-09c6-4da5-8bc6-128fc760a19d.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs872872b3-c3eb-4765-967c-7abf0c51106f.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb6d82c86-407a-4a38-af96-b689ac3c2ac1.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs373a92ee-be97-4f35-b44e-3e29607d19bc.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs74f1c3b6-301a-4a6a-9f99-32553c9eb0da.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse21504ce-edf0-4b04-a358-6ebdd7822102.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs14e6be0c-dd10-404a-b4d3-a53a2455878e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2cb21565-92aa-43fb-8f90-acc1dfcbd4d5.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9db54b04-7849-4013-8ac5-07294cca3126.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs85cc4187-c004-4dcb-ae9a-6a3ee41a7360.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs620ac17a-15d0-471d-a30c-1a5023b091c7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsce1aecca-134a-48ec-931e-7cac7ed5d6aa.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2f82a5bb-33d3-43e6-bde3-6cbd8a3377fa.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd3d76343-a864-4414-a7cc-6e1f4d61e0a3.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9382ee96-6440-4573-b097-51dba640cb8a.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2f82178e-dad6-4715-9ee4-4708827178c3.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsaced4ea3-5261-4159-bc58-355219d8e7e2.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs99c1e457-fb82-4d5c-b109-a2876c539fda.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsab98c248-78b8-425e-b991-618245086145.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc3566f8c-ba3b-4398-ac9b-dd1766b4c932.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb22f4137-5a2b-41b4-ba34-0de6d95f4460.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs35ed86f7-796c-4e6e-b227-66f1b14958f4.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdc729df9-27ae-48ee-83a2-207aabad1999.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdf82be0c-b152-4436-87db-dc4686941736.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3109990d-65aa-4c22-a61c-6caed855f5f7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs10e68016-8663-434a-8f46-1dc4150f7be9.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3e38739f-c2a9-47dc-a445-c476cad6cd90.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2d62650c-7fd5-4cda-958e-ae223fbc6e8e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6ec6c885-c0ab-4719-9deb-0196e9fd56b7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9d3cfd53-2026-4105-8258-25ad6465eddc.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs17c38499-385b-4b59-a86f-0673c90dea0b.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbeab8071-c421-499e-b516-b87eeacda4dd.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\documents and settings\all users\application data\webro

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 April 2006 - 04:31 PM

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)

O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Close ALL windows and browsers except HijackThis and click "Fix checked"

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 04 April 2006 - 06:59 PM

Did it. Things seem to be running faster.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:09:52 PM, on 4/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Default\Desktop\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {0AA55FA0-3A6E-11D3-B9D9-E071A3C103D0} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

Thanks--Tom vonHatten

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 04 April 2006 - 07:06 PM

You need To disable SpySweeper: It stopped our fix.

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck 'automaticly restore default without notifiction".

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank

O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
C:\windows\temp\ <--All files in this folder.

Empty Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 05 April 2006 - 03:36 PM

I did all that I could do per your instructions. Spy Sweeper didn't have the "automatically restore default without notification" check box in the Shields section.

When I rebooted, Spy Sweeper reloaded again. I though it wasn't supposed to do that once I unchecked the "load at Windows startup" box.

Here's the HJT log. Not all that I asked to be cleaned out by HJT was, apparently. PC performance is about the same as before.

Logfile of HijackThis v1.99.1
Scan saved at 4:21:06 PM, on 4/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Documents and Settings\Default\Desktop\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {0AA55FA0-3A6E-11D3-B9D9-E071A3C103D0} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

--Tom vonHatten

#8 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 05 April 2006 - 03:43 PM

C:\windows\temp\W5SwUh.exe

Did you have trouble delete the files in the temp folder?

Close all windows and browsers.
Open HijackThis

Click on Open Misc Tools
Click on Delete a File On Reboot
Click once on the file below to select it:
C:\windows\temp\W5SwUh.exe

Click on the Back button to exit Process Manager

Now, back at the main screen of HijackThis, proceed to Scan.
and put a check by these.

O4 - HKLM\..\Run: [W5SwUh] C:\windows\temp\W5SwUh.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#9 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 06 April 2006 - 06:38 PM

Nope, I don't think I had trouble with deleting the temp files last night. I couldn't find the file in question when I looked this time. I ran HJT, checked the box for the offending file, told HJT to fix it, rebooted, and got this logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:23:41 PM, on 4/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\devldr32.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Documents and Settings\Default\Desktop\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {0AA55FA0-3A6E-11D3-B9D9-E071A3C103D0} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

The computer seems to be OK at the moment. Hard drive space is a little low, though. I need to do some file maintenance and archive some stuff, in all probability.

--Tom vonHatten

#10 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 06 April 2006 - 06:46 PM

These aren't needed at startup and are resource hogs.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Close ALL windows and browsers except HijackThis and click "Fix checked"

lets see if this will help speed it up.

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL

I recommend you download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.

NOTE: To be extra safe you can choose to only remove the items in RED.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Advertisements

Register to Remove

#11 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 08 April 2006 - 03:16 PM

I ran HJT and removed the files you listed. I got RegSweeper, but could only fix 20 registry entries. I uninstalled and reloaded, but it won't let me do anything more until I "upgrade" and pay them their pound of flesh. I have 424 more entries to clean out of the registry. Any suggestions? --Tom vonHatten

#12 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 08 April 2006 - 03:26 PM

Go here and download RegSupreme 1.3.0.38. I haven't used this program so be sure to read the instructions.
http://www.majorgeek...wnload4001.html

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#13 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 08 April 2006 - 03:31 PM

I decided to go back and see if I could RegSeeker from a different place. I found version 1.4.5, and it's acting more like you mentiokned in your previous note. The last version I used did not--it didn't have the check boxes, etc that you listed. This one is listed as "free for personal use only". I'm running ot on the other machine right now. I'll let you know what happens shortly. --Tom vonHatten

#14 tvhevh

Authentic Member

Authentic Member
178 posts

Interests:Motorsports

Posted 08 April 2006 - 04:17 PM

I ran RegSweeper as you instructed. This version found (after X passes) about 1900 items in the registry that were either not used, or invalid, or whatever--the other one found only 444. Rebooted, and can't see any real problems. Things seem faster than before.

Don't know what I had on that earlier use of RegSweeper...this version was completely different than that one.

Here's another log:

Logfile of HijackThis v1.99.1
Scan saved at 5:07:11 PM, on 4/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Default\Desktop\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\CompuServe 2000\cstray.exe
O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Dell Home - {0AA55FA0-3A6E-11D3-B9D9-E071A3C103D0} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,19/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

--Tom vonHatten

#15 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 08 April 2006 - 04:22 PM

Don't know what I had on that earlier use of RegSweeper

You had the pay for version.

Good Job

Log looks good

How is it running any issues?

1.Do one of the following:
In Windows 98/Me/2000, on the Windows desktop, double-click the My Computer icon.
In Windows XP, on the taskbar, click Start > My Computer.

2.Do one of the following:
In Windows 98, on the View menu, click Folder Options.
In Windows Me/2000/XP, on the Tools menu, click Folder Options.
On the View tab, check Hide file extensions for known file types.

3.Do one of the following:
In Windows 98, in the Advanced Settings box, under the "Hidden files" folder, unclick Show all files.
In Windows Me/2000/XP, check Hide protected operating system files. Then, under the "Hidden files" folder, unclick Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply.
Click OK.

If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme