13 replies to this topic

[solley]

Title, I think, says it all.

Thanks.

HJT Log follows:

Logfile of HijackThis v1.99.1
Scan saved at 11:25:58 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\Spyware Killers\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program Files\PokerTimeMPP\MPPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash...ers/SAXFile.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.stre...oad/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)

[LDTate]

Hello solley, Welcome to the forum.

This is what I suggest you do.


Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

[solley]

Whew...that was tough. Couldn't get through the Spy Sweeper. It would find a bunch of stuff, but when I clicked Next, it would lock up....couldn't even CTRL-Alt-Del...had to power down and try again. Here is the HJT log and below is the log from Spy Sweeper. As for my computer, ZoneAlarm still pops up to tell me that Windows Explorer wants to accept connections.

Logfile of HijackThis v1.99.1
Scan saved at 10:17:08 PM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tim\Desktop\Spyware Killers\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program Files\PokerTimeMPP\MPPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash...ers/SAXFile.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.stre...oad/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)

===============================================================================================================================================================================================================

********
9:06 PM: | Start of Session, Sunday, April 23, 2006 |
9:06 PM: Spy Sweeper started
9:06 PM: Sweep initiated using definitions version 663
9:06 PM: Starting Memory Sweep
9:11 PM: Memory Sweep Complete, Elapsed Time: 00:04:37
9:11 PM: Starting Registry Sweep
9:11 PM: Found Adware: coolsavings
9:11 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
9:11 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
9:11 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
9:11 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
9:11 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
9:11 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
9:11 PM: Found System Monitor: digi-watcher
9:11 PM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
9:11 PM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
9:11 PM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
9:11 PM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
9:11 PM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
9:11 PM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
9:11 PM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
9:11 PM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
9:11 PM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
9:11 PM: Registry Sweep Complete, Elapsed Time:00:00:25
9:11 PM: Starting Cookie Sweep
9:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
9:11 PM: Starting File Sweep
9:12 PM: c:\program files\digi-watcher.com (ID = -2147481084)
10:03 PM: File Sweep Complete, Elapsed Time: 00:51:55
10:03 PM: Full Sweep has completed. Elapsed time 00:57:05
10:03 PM: Traces Found: 84
10:05 PM: Removal process initiated
10:05 PM: Quarantining All Traces: digi-watcher
10:05 PM: Quarantining All Traces: coolsavings
10:05 PM: Removal process completed. Elapsed time 00:00:05
********
6:31 PM: | Start of Session, Sunday, April 23, 2006 |
6:31 PM: Spy Sweeper started
6:31 PM: Sweep initiated using definitions version 663
6:31 PM: Starting Memory Sweep
6:36 PM: Memory Sweep Complete, Elapsed Time: 00:05:24
6:36 PM: Starting Registry Sweep
6:36 PM: Found Adware: coolsavings
6:36 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
6:36 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
6:36 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
6:36 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
6:36 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
6:36 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
6:36 PM: Found System Monitor: digi-watcher
6:36 PM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
6:36 PM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
6:36 PM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
6:36 PM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
6:36 PM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
6:36 PM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
6:36 PM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
6:36 PM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
6:36 PM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
6:37 PM: Registry Sweep Complete, Elapsed Time:00:00:26
6:37 PM: Starting Cookie Sweep
6:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
6:37 PM: Starting File Sweep
6:37 PM: c:\program files\digi-watcher.com (ID = -2147481084)
7:27 PM: File Sweep Complete, Elapsed Time: 00:50:20
7:27 PM: Full Sweep has completed. Elapsed time 00:56:18
7:27 PM: Traces Found: 84
********
1:14 PM: | Start of Session, Sunday, April 23, 2006 |
1:14 PM: Spy Sweeper started
1:14 PM: Sweep initiated using definitions version 663
1:14 PM: Starting Memory Sweep
1:19 PM: Memory Sweep Complete, Elapsed Time: 00:05:06
1:19 PM: Starting Registry Sweep
1:19 PM: Found Adware: coolsavings
1:19 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
1:19 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
1:19 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
1:19 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
1:19 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
1:19 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
1:19 PM: Found System Monitor: digi-watcher
1:19 PM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
1:19 PM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
1:19 PM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
1:19 PM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
1:19 PM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
1:19 PM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
1:19 PM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
1:19 PM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
1:19 PM: HKLM\software\microsoft\windows\currentversion\uninstall\watcher 2.22\ (5 subtraces) (ID = 125203)
1:19 PM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
1:20 PM: Registry Sweep Complete, Elapsed Time:00:00:25
1:20 PM: Starting Cookie Sweep
1:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
1:20 PM: Starting File Sweep
1:20 PM: c:\documents and settings\tim\start menu\programs\digi-watcher.com (7 subtraces) (ID = -2147470074)
1:20 PM: c:\program files\digi-watcher.com (718 subtraces) (ID = -2147481084)
2:09 PM: File Sweep Complete, Elapsed Time: 00:49:35
2:09 PM: Full Sweep has completed. Elapsed time 00:55:14
2:09 PM: Traces Found: 816
5:01 PM: Removal process initiated
5:01 PM: Quarantining All Traces: digi-watcher
6:30 PM: Processing Startup Alerts
6:30 PM: Removed Startup entry: GrpConv
6:30 PM: Removed Startup entry: AthenaDelFiles
6:31 PM: | End of Session, Sunday, April 23, 2006 |
********
10:44 AM: | Start of Session, Sunday, April 23, 2006 |
10:44 AM: Spy Sweeper started
10:44 AM: Sweep initiated using definitions version 663
10:44 AM: Starting Memory Sweep
10:49 AM: Memory Sweep Complete, Elapsed Time: 00:04:58
10:49 AM: Starting Registry Sweep
10:49 AM: Found Adware: coolsavings
10:49 AM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
10:49 AM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
10:49 AM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
10:49 AM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
10:49 AM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
10:49 AM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
10:49 AM: Found System Monitor: digi-watcher
10:49 AM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
10:49 AM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
10:49 AM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
10:49 AM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
10:49 AM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
10:49 AM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
10:49 AM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
10:49 AM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
10:49 AM: HKLM\software\microsoft\windows\currentversion\uninstall\watcher 2.22\ (5 subtraces) (ID = 125203)
10:49 AM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
10:49 AM: Registry Sweep Complete, Elapsed Time:00:00:26
10:49 AM: Starting Cookie Sweep
10:49 AM: Found Spy Cookie: about cookie
10:49 AM: tim@about[2].txt (ID = 2037)
10:49 AM: Found Spy Cookie: yieldmanager cookie
10:49 AM: tim@ad.yieldmanager[2].txt (ID = 3751)
10:49 AM: Found Spy Cookie: adknowledge cookie
10:49 AM: tim@adknowledge[1].txt (ID = 2072)
10:49 AM: Found Spy Cookie: specificclick.com cookie
10:49 AM: tim@adopt.specificclick[2].txt (ID = 3400)
10:49 AM: Found Spy Cookie: pointroll cookie
10:49 AM: tim@ads.pointroll[2].txt (ID = 3148)
10:49 AM: Found Spy Cookie: advertising cookie
10:49 AM: tim@advertising[2].txt (ID = 2175)
10:49 AM: Found Spy Cookie: primaryads cookie
10:49 AM: tim@aff.primaryads[2].txt (ID = 3190)
10:49 AM: Found Spy Cookie: ask cookie
10:49 AM: tim@ask[1].txt (ID = 2245)
10:49 AM: Found Spy Cookie: atlas dmt cookie
10:49 AM: tim@atdmt[2].txt (ID = 2253)
10:49 AM: Found Spy Cookie: belnk cookie
10:49 AM: tim@belnk[1].txt (ID = 2292)
10:49 AM: Found Spy Cookie: bizrate cookie
10:49 AM: tim@bizrate[1].txt (ID = 2308)
10:49 AM: Found Spy Cookie: burstnet cookie
10:49 AM: tim@burstnet[2].txt (ID = 2336)
10:49 AM: Found Spy Cookie: gostats cookie
10:49 AM: tim@c2.gostats[2].txt (ID = 2748)
10:49 AM: Found Spy Cookie: counter cookie
10:49 AM: tim@counter[1].txt (ID = 2477)
10:49 AM: tim@cruises.about[1].txt (ID = 2038)
10:49 AM: Found Spy Cookie: overture cookie
10:49 AM: tim@data1.perf.overture[1].txt (ID = 3106)
10:49 AM: tim@data3.perf.overture[1].txt (ID = 3106)
10:49 AM: Found Spy Cookie: 2o7.net cookie
10:49 AM: tim@dealnews.122.2o7[1].txt (ID = 1958)
10:49 AM: tim@dist.belnk[2].txt (ID = 2293)
10:49 AM: tim@dogs.about[2].txt (ID = 2038)
10:49 AM: tim@entrepreneur.122.2o7[1].txt (ID = 1958)
10:49 AM: tim@financialsoft.about[1].txt (ID = 2038)
10:49 AM: Found Spy Cookie: go.com cookie
10:49 AM: tim@go[1].txt (ID = 2728)
10:49 AM: tim@harpo.122.2o7[1].txt (ID = 1958)
10:49 AM: tim@huntsville.about[1].txt (ID = 2038)
10:49 AM: Found Spy Cookie: hypertracker.com cookie
10:49 AM: tim@hypertracker[2].txt (ID = 2817)
10:49 AM: Found Spy Cookie: ic-live cookie
10:49 AM: tim@ic-live[1].txt (ID = 2821)
10:49 AM: tim@iqtv.122.2o7[1].txt (ID = 1958)
10:49 AM: Found Spy Cookie: monstermarketplace cookie
10:49 AM: tim@monstermarketplace[2].txt (ID = 3006)
10:49 AM: tim@msnportal.112.2o7[1].txt (ID = 1958)
10:49 AM: Found Spy Cookie: nextag cookie
10:49 AM: tim@nextag[1].txt (ID = 5014)
10:49 AM: Found Spy Cookie: freestats.net cookie
10:49 AM: tim@nfong.freestats[2].txt (ID = 2705)
10:49 AM: tim@ostg.112.2o7[1].txt (ID = 1958)
10:49 AM: Found Spy Cookie: pricegrabber cookie
10:49 AM: tim@pricegrabber[2].txt (ID = 3185)
10:49 AM: Found Spy Cookie: pub cookie
10:49 AM: tim@pub[2].txt (ID = 3205)
10:49 AM: Found Spy Cookie: questionmarket cookie
10:49 AM: tim@questionmarket[1].txt (ID = 3217)
10:49 AM: tim@riptownmedia.122.2o7[1].txt (ID = 1958)
10:49 AM: Found Spy Cookie: servlet cookie
10:49 AM: tim@servlet[2].txt (ID = 3345)
10:49 AM: Found Spy Cookie: webtrendslive cookie
10:49 AM: tim@statse.webtrendslive[2].txt (ID = 3667)
10:49 AM: tim@stubhub.122.2o7[1].txt (ID = 1958)
10:49 AM: Found Spy Cookie: tacoda cookie
10:49 AM: tim@tacoda[2].txt (ID = 6444)
10:49 AM: tim@tattoo.about[1].txt (ID = 2038)
10:49 AM: Found Spy Cookie: aa cookie
10:49 AM: tim@www.aa[2].txt (ID = 2030)
10:49 AM: Found Spy Cookie: burstbeacon cookie
10:49 AM: tim@www.burstbeacon[2].txt (ID = 2335)
10:49 AM: Found Spy Cookie: mytemplatestorage cookie
10:49 AM: tim@www.mytemplatestorage[2].txt (ID = 3050)
10:49 AM: Cookie Sweep Complete, Elapsed Time: 00:00:04
10:49 AM: Starting File Sweep
10:49 AM: c:\documents and settings\tim\start menu\programs\digi-watcher.com (7 subtraces) (ID = -2147470074)
10:49 AM: c:\program files\digi-watcher.com (718 subtraces) (ID = -2147481084)
10:51 AM: Found Adware: hiwire
10:51 AM: hiwire.inf (ID = 62166)
10:52 AM: Found Trojan Horse: trojan-backdoor-hooverhooker
10:52 AM: dxfi32.dll (ID = 143763)
10:58 AM: wmeayl32.dll (ID = 143769)
10:59 AM: dxfi32.dll (ID = 143763)
10:59 AM: Found Adware: ispy webcam
10:59 AM: ispy.jpg (ID = 64398)
11:15 AM: winsvwsr32.dll (ID = 143768)
11:19 AM: wcxgg32.dll (ID = 143764)
11:20 AM: wvsrtkj32.dll (ID = 143771)
11:22 AM: Found Adware: cydoor peer-to-peer dependency
11:22 AM: cd_clint.dll (ID = 57300)
11:42 AM: File Sweep Complete, Elapsed Time: 00:53:12
11:42 AM: Full Sweep has completed. Elapsed time 00:58:46
11:42 AM: Traces Found: 870
1:12 PM: Removal process initiated
1:12 PM: Quarantining All Traces: trojan-backdoor-hooverhooker
1:13 PM: Quarantining All Traces: cydoor peer-to-peer dependency
1:13 PM: Quarantining All Traces: hiwire
1:13 PM: Quarantining All Traces: ispy webcam
1:13 PM: Quarantining All Traces: 2o7.net cookie
1:13 PM: Quarantining All Traces: aa cookie
1:13 PM: Quarantining All Traces: about cookie
1:13 PM: Quarantining All Traces: adknowledge cookie
1:13 PM: Quarantining All Traces: advertising cookie
1:13 PM: Quarantining All Traces: ask cookie
1:13 PM: Quarantining All Traces: atlas dmt cookie
1:13 PM: Quarantining All Traces: belnk cookie
1:13 PM: Quarantining All Traces: bizrate cookie
1:13 PM: Quarantining All Traces: burstbeacon cookie
1:13 PM: Quarantining All Traces: burstnet cookie
1:13 PM: Quarantining All Traces: counter cookie
1:13 PM: Quarantining All Traces: freestats.net cookie
1:13 PM: Quarantining All Traces: go.com cookie
1:13 PM: Quarantining All Traces: gostats cookie
1:13 PM: Quarantining All Traces: hypertracker.com cookie
1:13 PM: Quarantining All Traces: ic-live cookie
1:13 PM: Quarantining All Traces: monstermarketplace cookie
1:13 PM: Quarantining All Traces: mytemplatestorage cookie
1:13 PM: Quarantining All Traces: nextag cookie
1:13 PM: Quarantining All Traces: overture cookie
1:13 PM: Quarantining All Traces: pointroll cookie
1:13 PM: Quarantining All Traces: pricegrabber cookie
1:13 PM: Quarantining All Traces: primaryads cookie
1:13 PM: Quarantining All Traces: pub cookie
1:13 PM: Quarantining All Traces: questionmarket cookie
1:13 PM: Quarantining All Traces: servlet cookie
1:13 PM: Quarantining All Traces: specificclick.com cookie
1:13 PM: Quarantining All Traces: tacoda cookie
1:13 PM: Quarantining All Traces: webtrendslive cookie
1:13 PM: Quarantining All Traces: yieldmanager cookie
1:13 PM: Removal process completed. Elapsed time 00:00:25
1:14 PM: | End of Session, Sunday, April 23, 2006 |
********
7:53 AM: | Start of Session, Sunday, April 23, 2006 |
7:53 AM: Spy Sweeper started
7:53 AM: Sweep initiated using definitions version 663
7:53 AM: Starting Memory Sweep
7:58 AM: Memory Sweep Complete, Elapsed Time: 00:04:37
7:58 AM: Starting Registry Sweep
7:58 AM: Found Adware: coolsavings
7:58 AM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
7:58 AM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
7:58 AM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
7:58 AM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
7:58 AM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
7:58 AM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
7:58 AM: Found System Monitor: digi-watcher
7:58 AM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
7:58 AM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
7:58 AM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
7:58 AM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
7:58 AM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
7:58 AM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
7:58 AM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
7:58 AM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
7:58 AM: HKLM\software\microsoft\windows\currentversion\uninstall\watcher 2.22\ (5 subtraces) (ID = 125203)
7:58 AM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
7:58 AM: Registry Sweep Complete, Elapsed Time:00:00:34
7:58 AM: Starting Cookie Sweep
7:59 AM: Found Spy Cookie: about cookie
7:59 AM: tim@about[2].txt (ID = 2037)
7:59 AM: Found Spy Cookie: yieldmanager cookie
7:59 AM: tim@ad.yieldmanager[2].txt (ID = 3751)
7:59 AM: Found Spy Cookie: adknowledge cookie
7:59 AM: tim@adknowledge[1].txt (ID = 2072)
7:59 AM: Found Spy Cookie: specificclick.com cookie
7:59 AM: tim@adopt.specificclick[2].txt (ID = 3400)
7:59 AM: Found Spy Cookie: pointroll cookie
7:59 AM: tim@ads.pointroll[2].txt (ID = 3148)
7:59 AM: Found Spy Cookie: advertising cookie
7:59 AM: tim@advertising[2].txt (ID = 2175)
7:59 AM: Found Spy Cookie: primaryads cookie
7:59 AM: tim@aff.primaryads[2].txt (ID = 3190)
7:59 AM: Found Spy Cookie: ask cookie
7:59 AM: tim@ask[1].txt (ID = 2245)
7:59 AM: Found Spy Cookie: atlas dmt cookie
7:59 AM: tim@atdmt[2].txt (ID = 2253)
7:59 AM: Found Spy Cookie: belnk cookie
7:59 AM: tim@belnk[1].txt (ID = 2292)
7:59 AM: Found Spy Cookie: bizrate cookie
7:59 AM: tim@bizrate[1].txt (ID = 2308)
7:59 AM: Found Spy Cookie: burstnet cookie
7:59 AM: tim@burstnet[2].txt (ID = 2336)
7:59 AM: Found Spy Cookie: gostats cookie
7:59 AM: tim@c2.gostats[2].txt (ID = 2748)
7:59 AM: Found Spy Cookie: counter cookie
7:59 AM: tim@counter[1].txt (ID = 2477)
7:59 AM: tim@cruises.about[1].txt (ID = 2038)
7:59 AM: Found Spy Cookie: overture cookie
7:59 AM: tim@data1.perf.overture[1].txt (ID = 3106)
7:59 AM: tim@data3.perf.overture[1].txt (ID = 3106)
7:59 AM: Found Spy Cookie: 2o7.net cookie
7:59 AM: tim@dealnews.122.2o7[1].txt (ID = 1958)
7:59 AM: tim@dist.belnk[2].txt (ID = 2293)
7:59 AM: tim@dogs.about[2].txt (ID = 2038)
7:59 AM: tim@entrepreneur.122.2o7[1].txt (ID = 1958)
7:59 AM: tim@financialsoft.about[1].txt (ID = 2038)
7:59 AM: Found Spy Cookie: go.com cookie
7:59 AM: tim@go[1].txt (ID = 2728)
7:59 AM: tim@harpo.122.2o7[1].txt (ID = 1958)
7:59 AM: tim@huntsville.about[1].txt (ID = 2038)
7:59 AM: Found Spy Cookie: hypertracker.com cookie
7:59 AM: tim@hypertracker[2].txt (ID = 2817)
7:59 AM: Found Spy Cookie: ic-live cookie
7:59 AM: tim@ic-live[1].txt (ID = 2821)
7:59 AM: tim@iqtv.122.2o7[1].txt (ID = 1958)
7:59 AM: Found Spy Cookie: monstermarketplace cookie
7:59 AM: tim@monstermarketplace[2].txt (ID = 3006)
7:59 AM: tim@msnportal.112.2o7[1].txt (ID = 1958)
7:59 AM: Found Spy Cookie: nextag cookie
7:59 AM: tim@nextag[1].txt (ID = 5014)
7:59 AM: Found Spy Cookie: freestats.net cookie
7:59 AM: tim@nfong.freestats[2].txt (ID = 2705)
7:59 AM: tim@ostg.112.2o7[1].txt (ID = 1958)
7:59 AM: Found Spy Cookie: pricegrabber cookie
7:59 AM: tim@pricegrabber[2].txt (ID = 3185)
7:59 AM: Found Spy Cookie: pub cookie
7:59 AM: tim@pub[2].txt (ID = 3205)
7:59 AM: Found Spy Cookie: questionmarket cookie
7:59 AM: tim@questionmarket[1].txt (ID = 3217)
7:59 AM: tim@riptownmedia.122.2o7[1].txt (ID = 1958)
7:59 AM: Found Spy Cookie: servlet cookie
7:59 AM: tim@servlet[2].txt (ID = 3345)
7:59 AM: tim@stubhub.122.2o7[1].txt (ID = 1958)
7:59 AM: Found Spy Cookie: tacoda cookie
7:59 AM: tim@tacoda[2].txt (ID = 6444)
7:59 AM: tim@tattoo.about[1].txt (ID = 2038)
7:59 AM: Found Spy Cookie: aa cookie
7:59 AM: tim@www.aa[2].txt (ID = 2030)
7:59 AM: Found Spy Cookie: burstbeacon cookie
7:59 AM: tim@www.burstbeacon[2].txt (ID = 2335)
7:59 AM: Found Spy Cookie: mytemplatestorage cookie
7:59 AM: tim@www.mytemplatestorage[2].txt (ID = 3050)
7:59 AM: Cookie Sweep Complete, Elapsed Time: 00:00:08
7:59 AM: Starting File Sweep
8:00 AM: c:\documents and settings\tim\start menu\programs\digi-watcher.com (7 subtraces) (ID = -2147470074)
8:00 AM: c:\program files\digi-watcher.com (718 subtraces) (ID = -2147481084)
8:02 AM: Found Adware: hiwire
8:02 AM: hiwire.inf (ID = 62166)
8:03 AM: Found Trojan Horse: trojan-backdoor-hooverhooker
8:03 AM: dxfi32.dll (ID = 143763)
8:09 AM: wmeayl32.dll (ID = 143769)
8:09 AM: dxfi32.dll (ID = 143763)
8:10 AM: Found Adware: ispy webcam
8:10 AM: ispy.jpg (ID = 64398)
8:24 AM: winsvwsr32.dll (ID = 143768)
8:29 AM: wcxgg32.dll (ID = 143764)
8:30 AM: wvsrtkj32.dll (ID = 143771)
8:31 AM: Found Adware: cydoor peer-to-peer dependency
8:31 AM: cd_clint.dll (ID = 57300)
8:50 AM: File Sweep Complete, Elapsed Time: 00:51:26
8:50 AM: Full Sweep has completed. Elapsed time 00:56:53
8:50 AM: Traces Found: 869
9:32 AM: Removal process initiated
9:32 AM: Quarantining All Traces: digi-watcher
********
9:10 PM: | Start of Session, Saturday, April 22, 2006 |
9:10 PM: Spy Sweeper started
9:10 PM: Sweep initiated using definitions version 663
9:10 PM: Starting Memory Sweep
9:16 PM: Memory Sweep Complete, Elapsed Time: 00:05:37
9:16 PM: Starting Registry Sweep
9:16 PM: Found Adware: coolsavings
9:16 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
9:16 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
9:16 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
9:16 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
9:16 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
9:16 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
9:16 PM: Found System Monitor: digi-watcher
9:16 PM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
9:16 PM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
9:16 PM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
9:16 PM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
9:16 PM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
9:16 PM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
9:16 PM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
9:16 PM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
9:16 PM: HKLM\software\microsoft\windows\currentversion\uninstall\watcher 2.22\ (5 subtraces) (ID = 125203)
9:16 PM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
9:16 PM: Registry Sweep Complete, Elapsed Time:00:00:25
9:16 PM: Starting Cookie Sweep
9:16 PM: Found Spy Cookie: about cookie
9:16 PM: tim@about[2].txt (ID = 2037)
9:16 PM: Found Spy Cookie: yieldmanager cookie
9:16 PM: tim@ad.yieldmanager[2].txt (ID = 3751)
9:16 PM: Found Spy Cookie: adknowledge cookie
9:16 PM: tim@adknowledge[1].txt (ID = 2072)
9:16 PM: Found Spy Cookie: specificclick.com cookie
9:16 PM: tim@adopt.specificclick[2].txt (ID = 3400)
9:16 PM: Found Spy Cookie: pointroll cookie
9:16 PM: tim@ads.pointroll[2].txt (ID = 3148)
9:16 PM: Found Spy Cookie: advertising cookie
9:16 PM: tim@advertising[2].txt (ID = 2175)
9:16 PM: Found Spy Cookie: primaryads cookie
9:16 PM: tim@aff.primaryads[2].txt (ID = 3190)
9:16 PM: Found Spy Cookie: ask cookie
9:16 PM: tim@ask[1].txt (ID = 2245)
9:16 PM: Found Spy Cookie: atlas dmt cookie
9:16 PM: tim@atdmt[2].txt (ID = 2253)
9:16 PM: Found Spy Cookie: belnk cookie
9:16 PM: tim@belnk[1].txt (ID = 2292)
9:16 PM: Found Spy Cookie: bizrate cookie
9:16 PM: tim@bizrate[1].txt (ID = 2308)
9:16 PM: Found Spy Cookie: burstnet cookie
9:16 PM: tim@burstnet[2].txt (ID = 2336)
9:16 PM: Found Spy Cookie: gostats cookie
9:16 PM: tim@c2.gostats[2].txt (ID = 2748)
9:16 PM: Found Spy Cookie: counter cookie
9:16 PM: tim@counter[1].txt (ID = 2477)
9:16 PM: tim@cruises.about[1].txt (ID = 2038)
9:16 PM: Found Spy Cookie: overture cookie
9:16 PM: tim@data1.perf.overture[1].txt (ID = 3106)
9:16 PM: tim@data3.perf.overture[1].txt (ID = 3106)
9:16 PM: Found Spy Cookie: 2o7.net cookie
9:16 PM: tim@dealnews.122.2o7[1].txt (ID = 1958)
9:16 PM: tim@dist.belnk[2].txt (ID = 2293)
9:16 PM: tim@dogs.about[2].txt (ID = 2038)
9:16 PM: tim@entrepreneur.122.2o7[1].txt (ID = 1958)
9:16 PM: tim@financialsoft.about[1].txt (ID = 2038)
9:16 PM: Found Spy Cookie: go.com cookie
9:16 PM: tim@go[1].txt (ID = 2728)
9:16 PM: tim@harpo.122.2o7[1].txt (ID = 1958)
9:16 PM: tim@huntsville.about[1].txt (ID = 2038)
9:16 PM: Found Spy Cookie: hypertracker.com cookie
9:16 PM: tim@hypertracker[2].txt (ID = 2817)
9:16 PM: Found Spy Cookie: ic-live cookie
9:16 PM: tim@ic-live[1].txt (ID = 2821)
9:16 PM: tim@iqtv.122.2o7[1].txt (ID = 1958)
9:16 PM: Found Spy Cookie: monstermarketplace cookie
9:16 PM: tim@monstermarketplace[2].txt (ID = 3006)
9:16 PM: tim@msnportal.112.2o7[1].txt (ID = 1958)
9:16 PM: Found Spy Cookie: nextag cookie
9:16 PM: tim@nextag[1].txt (ID = 5014)
9:16 PM: Found Spy Cookie: freestats.net cookie
9:16 PM: tim@nfong.freestats[2].txt (ID = 2705)
9:16 PM: tim@ostg.112.2o7[1].txt (ID = 1958)
9:16 PM: Found Spy Cookie: pricegrabber cookie
9:16 PM: tim@pricegrabber[2].txt (ID = 3185)
9:16 PM: Found Spy Cookie: pub cookie
9:16 PM: tim@pub[2].txt (ID = 3205)
9:16 PM: Found Spy Cookie: questionmarket cookie
9:16 PM: tim@questionmarket[1].txt (ID = 3217)
9:16 PM: tim@riptownmedia.122.2o7[1].txt (ID = 1958)
9:16 PM: Found Spy Cookie: servlet cookie
9:16 PM: tim@servlet[2].txt (ID = 3345)
9:16 PM: tim@stubhub.122.2o7[1].txt (ID = 1958)
9:16 PM: Found Spy Cookie: tacoda cookie
9:16 PM: tim@tacoda[2].txt (ID = 6444)
9:16 PM: tim@tattoo.about[1].txt (ID = 2038)
9:16 PM: Found Spy Cookie: aa cookie
9:16 PM: tim@www.aa[2].txt (ID = 2030)
9:16 PM: Found Spy Cookie: burstbeacon cookie
9:16 PM: tim@www.burstbeacon[2].txt (ID = 2335)
9:16 PM: Found Spy Cookie: mytemplatestorage cookie
9:16 PM: tim@www.mytemplatestorage[2].txt (ID = 3050)
9:16 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
9:16 PM: Starting File Sweep
9:16 PM: c:\documents and settings\tim\start menu\programs\digi-watcher.com (7 subtraces) (ID = -2147470074)
9:16 PM: c:\program files\digi-watcher.com (718 subtraces) (ID = -2147481084)
9:18 PM: Found Adware: hiwire
9:18 PM: hiwire.inf (ID = 62166)
9:19 PM: Found Trojan Horse: trojan-backdoor-hooverhooker
9:19 PM: dxfi32.dll (ID = 143763)
9:28 PM: wmeayl32.dll (ID = 143769)
9:29 PM: dxfi32.dll (ID = 143763)
9:29 PM: Found Adware: ispy webcam
9:29 PM: ispy.jpg (ID = 64398)
9:56 PM: winsvwsr32.dll (ID = 143768)
10:00 PM: wcxgg32.dll (ID = 143764)
10:00 PM: wvsrtkj32.dll (ID = 143771)
10:02 PM: Found Adware: cydoor peer-to-peer dependency
10:02 PM: cd_clint.dll (ID = 57300)
10:28 PM: File Sweep Complete, Elapsed Time: 01:12:04
10:28 PM: Full Sweep has completed. Elapsed time 01:18:20
10:28 PM: Traces Found: 869
********
12:54 PM: | Start of Session, Saturday, April 22, 2006 |
12:54 PM: Spy Sweeper started
12:54 PM: Sweep initiated using definitions version 663
12:54 PM: Starting Memory Sweep
12:59 PM: Memory Sweep Complete, Elapsed Time: 00:05:06
12:59 PM: Starting Registry Sweep
12:59 PM: Found Adware: coolsavings
12:59 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
12:59 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
12:59 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
12:59 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
12:59 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
12:59 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
12:59 PM: Found System Monitor: digi-watcher
12:59 PM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
12:59 PM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
12:59 PM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
12:59 PM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
12:59 PM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
12:59 PM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
12:59 PM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
12:59 PM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
12:59 PM: HKLM\software\microsoft\windows\currentversion\uninstall\watcher 2.22\ (5 subtraces) (ID = 125203)
12:59 PM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
1:00 PM: Registry Sweep Complete, Elapsed Time:00:00:33
1:00 PM: Starting Cookie Sweep
1:00 PM: Found Spy Cookie: about cookie
1:00 PM: tim@about[2].txt (ID = 2037)
1:00 PM: Found Spy Cookie: yieldmanager cookie
1:00 PM: tim@ad.yieldmanager[2].txt (ID = 3751)
1:00 PM: Found Spy Cookie: adknowledge cookie
1:00 PM: tim@adknowledge[1].txt (ID = 2072)
1:00 PM: Found Spy Cookie: specificclick.com cookie
1:00 PM: tim@adopt.specificclick[2].txt (ID = 3400)
1:00 PM: Found Spy Cookie: pointroll cookie
1:00 PM: tim@ads.pointroll[2].txt (ID = 3148)
1:00 PM: Found Spy Cookie: advertising cookie
1:00 PM: tim@advertising[2].txt (ID = 2175)
1:00 PM: Found Spy Cookie: primaryads cookie
1:00 PM: tim@aff.primaryads[2].txt (ID = 3190)
1:00 PM: Found Spy Cookie: ask cookie
1:00 PM: tim@ask[1].txt (ID = 2245)
1:00 PM: Found Spy Cookie: atlas dmt cookie
1:00 PM: tim@atdmt[2].txt (ID = 2253)
1:00 PM: Found Spy Cookie: belnk cookie
1:00 PM: tim@belnk[1].txt (ID = 2292)
1:00 PM: Found Spy Cookie: bizrate cookie
1:00 PM: tim@bizrate[1].txt (ID = 2308)
1:00 PM: Found Spy Cookie: burstnet cookie
1:00 PM: tim@burstnet[2].txt (ID = 2336)
1:00 PM: Found Spy Cookie: gostats cookie
1:00 PM: tim@c2.gostats[2].txt (ID = 2748)
1:00 PM: Found Spy Cookie: counter cookie
1:00 PM: tim@counter[1].txt (ID = 2477)
1:00 PM: tim@cruises.about[1].txt (ID = 2038)
1:00 PM: Found Spy Cookie: overture cookie
1:00 PM: tim@data1.perf.overture[1].txt (ID = 3106)
1:00 PM: tim@data3.perf.overture[1].txt (ID = 3106)
1:00 PM: Found Spy Cookie: 2o7.net cookie
1:00 PM: tim@dealnews.122.2o7[1].txt (ID = 1958)
1:00 PM: tim@dist.belnk[2].txt (ID = 2293)
1:00 PM: tim@dogs.about[2].txt (ID = 2038)
1:00 PM: tim@entrepreneur.122.2o7[1].txt (ID = 1958)
1:00 PM: tim@financialsoft.about[1].txt (ID = 2038)
1:00 PM: Found Spy Cookie: go.com cookie
1:00 PM: tim@go[1].txt (ID = 2728)
1:00 PM: tim@harpo.122.2o7[1].txt (ID = 1958)
1:00 PM: tim@huntsville.about[1].txt (ID = 2038)
1:00 PM: Found Spy Cookie: hypertracker.com cookie
1:00 PM: tim@hypertracker[2].txt (ID = 2817)
1:00 PM: Found Spy Cookie: ic-live cookie
1:00 PM: tim@ic-live[1].txt (ID = 2821)
1:00 PM: tim@iqtv.122.2o7[1].txt (ID = 1958)
1:00 PM: Found Spy Cookie: monstermarketplace cookie
1:00 PM: tim@monstermarketplace[2].txt (ID = 3006)
1:00 PM: tim@msnportal.112.2o7[1].txt (ID = 1958)
1:00 PM: Found Spy Cookie: nextag cookie
1:00 PM: tim@nextag[1].txt (ID = 5014)
1:00 PM: Found Spy Cookie: freestats.net cookie
1:00 PM: tim@nfong.freestats[2].txt (ID = 2705)
1:00 PM: tim@ostg.112.2o7[1].txt (ID = 1958)
1:00 PM: Found Spy Cookie: pricegrabber cookie
1:00 PM: tim@pricegrabber[2].txt (ID = 3185)
1:00 PM: Found Spy Cookie: pub cookie
1:00 PM: tim@pub[2].txt (ID = 3205)
1:00 PM: Found Spy Cookie: questionmarket cookie
1:00 PM: tim@questionmarket[1].txt (ID = 3217)
1:00 PM: tim@riptownmedia.122.2o7[1].txt (ID = 1958)
1:00 PM: Found Spy Cookie: servlet cookie
1:00 PM: tim@servlet[2].txt (ID = 3345)
1:00 PM: tim@stubhub.122.2o7[1].txt (ID = 1958)
1:00 PM: Found Spy Cookie: tacoda cookie
1:00 PM: tim@tacoda[2].txt (ID = 6444)
1:00 PM: tim@tattoo.about[1].txt (ID = 2038)
1:00 PM: Found Spy Cookie: aa cookie
1:00 PM: tim@www.aa[2].txt (ID = 2030)
1:00 PM: Found Spy Cookie: burstbeacon cookie
1:00 PM: tim@www.burstbeacon[2].txt (ID = 2335)
1:00 PM: Found Spy Cookie: mytemplatestorage cookie
1:00 PM: tim@www.mytemplatestorage[2].txt (ID = 3050)
1:00 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
1:00 PM: Starting File Sweep
1:00 PM: c:\documents and settings\tim\start menu\programs\digi-watcher.com (7 subtraces) (ID = -2147470074)
1:00 PM: c:\program files\digi-watcher.com (718 subtraces) (ID = -2147481084)
1:02 PM: Found Adware: hiwire
1:02 PM: hiwire.inf (ID = 62166)
1:03 PM: Found Trojan Horse: trojan-backdoor-hooverhooker
1:03 PM: dxfi32.dll (ID = 143763)
1:10 PM: wmeayl32.dll (ID = 143769)
1:10 PM: dxfi32.dll (ID = 143763)
1:11 PM: Found Adware: ispy webcam
1:11 PM: ispy.jpg (ID = 64398)
1:27 PM: winsvwsr32.dll (ID = 143768)
1:31 PM: wcxgg32.dll (ID = 143764)
1:32 PM: wvsrtkj32.dll (ID = 143771)
1:34 PM: Found Adware: cydoor peer-to-peer dependency
1:34 PM: cd_clint.dll (ID = 57300)
1:54 PM: File Sweep Complete, Elapsed Time: 00:54:27
1:54 PM: Full Sweep has completed. Elapsed time 01:00:20
1:54 PM: Traces Found: 869
4:10 PM: Removal process initiated
4:10 PM: Quarantining All Traces: digi-watcher
********
11:41 AM: | Start of Session, Saturday, April 22, 2006 |
11:41 AM: Spy Sweeper started
11:41 AM: Sweep initiated using definitions version 663
11:41 AM: Starting Memory Sweep
11:47 AM: Memory Sweep Complete, Elapsed Time: 00:05:52
11:47 AM: Starting Registry Sweep
11:47 AM: Found Adware: coolsavings
11:47 AM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
11:47 AM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
11:47 AM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
11:47 AM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
11:47 AM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
11:47 AM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
11:47 AM: Found System Monitor: digi-watcher
11:47 AM: HKCR\.dgw\ (1 subtraces) (ID = 125191)
11:47 AM: HKCR\applications\watcher.exe\ (4 subtraces) (ID = 125192)
11:47 AM: HKCR\clsid\{a4545e47-89ca-11d6-af8d-000347889858}\ (20 subtraces) (ID = 125193)
11:47 AM: HKCR\clsid\{e2cfc218-a5ad-11d6-8e1a-000086427baf}\ (3 subtraces) (ID = 125194)
11:47 AM: HKCR\dgw_auto_file\ (4 subtraces) (ID = 125195)
11:47 AM: HKCR\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125196)
11:47 AM: HKLM\software\classes\.dgw\ (1 subtraces) (ID = 125197)
11:47 AM: HKLM\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125199)
11:47 AM: HKLM\software\classes\clsid\{a4545e47-89ca-11d6-af8d-000347889858}\ (20 subtraces) (ID = 125200)
11:47 AM: HKLM\software\classes\dgw_auto_file\ (4 subtraces) (ID = 125201)
11:47 AM: HKLM\software\classes\dwbutton.dwbuttonctrl.1\ (5 subtraces) (ID = 125202)
11:47 AM: HKLM\software\microsoft\windows\currentversion\uninstall\watcher 2.22\ (5 subtraces) (ID = 125203)
11:47 AM: HKU\S-1-5-21-1994147569-3410684558-4128728577-1008\software\classes\applications\watcher.exe\ (4 subtraces) (ID = 125198)
11:47 AM: Registry Sweep Complete, Elapsed Time:00:00:25
11:47 AM: Starting Cookie Sweep
11:47 AM: Found Spy Cookie: about cookie
11:47 AM: tim@about[2].txt (ID = 2037)
11:47 AM: Found Spy Cookie: yieldmanager cookie
11:47 AM: tim@ad.yieldmanager[2].txt (ID = 3751)
11:47 AM: Found Spy Cookie: adknowledge cookie
11:47 AM: tim@adknowledge[1].txt (ID = 2072)
11:47 AM: Found Spy Cookie: specificclick.com cookie
11:47 AM: tim@adopt.specificclick[2].txt (ID = 3400)
11:47 AM: Found Spy Cookie: primaryads cookie
11:47 AM: tim@aff.primaryads[2].txt (ID = 3190)
11:47 AM: Found Spy Cookie: ask cookie
11:47 AM: tim@ask[1].txt (ID = 2245)
11:47 AM: Found Spy Cookie: belnk cookie
11:47 AM: tim@belnk[1].txt (ID = 2292)
11:47 AM: Found Spy Cookie: bizrate cookie
11:47 AM: tim@bizrate[1].txt (ID = 2308)
11:47 AM: Found Spy Cookie: burstnet cookie
11:47 AM: tim@burstnet[2].txt (ID = 2336)
11:47 AM: Found Spy Cookie: gostats cookie
11:47 AM: tim@c2.gostats[2].txt (ID = 2748)
11:47 AM: Found Spy Cookie: counter cookie
11:47 AM: tim@counter[1].txt (ID = 2477)
11:47 AM: tim@cruises.about[1].txt (ID = 2038)
11:47 AM: Found Spy Cookie: overture cookie
11:47 AM: tim@data1.perf.overture[1].txt (ID = 3106)
11:47 AM: tim@data3.perf.overture[1].txt (ID = 3106)
11:47 AM: Found Spy Cookie: 2o7.net cookie
11:47 AM: tim@dealnews.122.2o7[1].txt (ID = 1958)
11:47 AM: tim@dist.belnk[2].txt (ID = 2293)
11:47 AM: tim@dogs.about[2].txt (ID = 2038)
11:47 AM: tim@entrepreneur.122.2o7[1].txt (ID = 1958)
11:47 AM: tim@financialsoft.about[1].txt (ID = 2038)
11:47 AM: Found Spy Cookie: go.com cookie
11:47 AM: tim@go[1].txt (ID = 2728)
11:47 AM: tim@harpo.122.2o7[1].txt (ID = 1958)
11:47 AM: tim@huntsville.about[1].txt (ID = 2038)
11:47 AM: Found Spy Cookie: hypertracker.com cookie
11:47 AM: tim@hypertracker[2].txt (ID = 2817)
11:47 AM: Found Spy Cookie: ic-live cookie
11:47 AM: tim@ic-live[1].txt (ID = 2821)
11:47 AM: tim@iqtv.122.2o7[1].txt (ID = 1958)
11:47 AM: Found Spy Cookie: monstermarketplace cookie
11:47 AM: tim@monstermarketplace[2].txt (ID = 3006)
11:47 AM: tim@msnportal.112.2o7[1].txt (ID = 1958)
11:47 AM: Found Spy Cookie: nextag cookie
11:47 AM: tim@nextag[1].txt (ID = 5014)
11:47 AM: Found Spy Cookie: freestats.net cookie
11:47 AM: tim@nfong.freestats[2].txt (ID = 2705)
11:47 AM: tim@ostg.112.2o7[1].txt (ID = 1958)
11:47 AM: Found Spy Cookie: pricegrabber cookie
11:47 AM: tim@pricegrabber[2].txt (ID = 3185)
11:47 AM: Found Spy Cookie: pub cookie
11:47 AM: tim@pub[2].txt (ID = 3205)
11:47 AM: tim@riptownmedia.122.2o7[1].txt (ID = 1958)
11:47 AM: Found Spy Cookie: servlet cookie
11:47 AM: tim@servlet[2].txt (ID = 3345)
11:47 AM: tim@stubhub.122.2o7[1].txt (ID = 1958)
11:47 AM: Found Spy Cookie: tacoda cookie
11:47 AM: tim@tacoda[2].txt (ID = 6444)
11:47 AM: tim@tattoo.about[1].txt (ID = 2038)
11:47 AM: Found Spy Cookie: aa cookie
11:47 AM: tim@www.aa[2].txt (ID = 2030)
11:47 AM: Found Spy Cookie: burstbeacon cookie
11:47 AM: tim@www.burstbeacon[2].txt (ID = 2335)
11:47 AM: Found Spy Cookie: mytemplatestorage cookie
11:47 AM: tim@www.mytemplatestorage[2].txt (ID = 3050)
11:47 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
11:48 AM: Starting File Sweep
11:48 AM: c:\documents and settings\tim\start menu\programs\digi-watcher.com (13 subtraces) (ID = -2147470074)
11:48 AM: c:\program files\digi-watcher.com (728 subtraces) (ID = -2147481084)
11:49 AM: Found Adware: hiwire
11:49 AM: hiwire.inf (ID = 62166)
11:50 AM: Found Trojan Horse: trojan-backdoor-hooverhooker
11:50 AM: dxfi32.dll (ID = 143763)
11:56 AM: wmeayl32.dll (ID = 143769)
11:57 AM: dxfi32.dll (ID = 143763)
11:57 AM: Found Adware: ispy webcam
11:57 AM: ispy.jpg (ID = 64398)
12:13 PM: winsvwsr32.dll (ID = 143768)
12:17 PM: wcxgg32.dll (ID = 143764)
12:17 PM: wvsrtkj32.dll (ID = 143771)
12:19 PM: Found Adware: cydoor peer-to-peer dependency
12:19 PM: cd_clint.dll (ID = 57300)
12:19 PM: dwbutton.ocx (ID = 59049)
12:32 PM: scheduler.exe (ID = 59056)
12:32 PM: scheduler.exe (ID = 59056)
12:32 PM: watcherntservice.exe (ID = 59062)
12:33 PM: watcher.exe (ID = 59060)
12:34 PM: dgw2avi.exe (ID = 59047)
12:34 PM: dgw2avi.exe (ID = 59047)
12:36 PM: keyhook.dll (ID = 59052)
12:36 PM: watcherservice.exe (ID = 59064)
12:38 PM: readme.txt (ID = 59054)
12:41 PM: shortcut to watcher.lnk (ID = 59060)
12:41 PM: dgw to avi converter.lnk (ID = 59047)
12:41 PM: watcher scheduler.lnk (ID = 59056)
12:41 PM: dgw to avi converter.lnk (ID = 59047)
12:41 PM: run as nt service.lnk (ID = 59062)
12:41 PM: watcher.lnk (ID = 59060)
12:41 PM: watcher scheduler.lnk (ID = 59056)
12:41 PM: watcher.lnk (ID = 59060)
12:41 PM: File Sweep Complete, Elapsed Time: 00:53:23
12:41 PM: Full Sweep has completed. Elapsed time 00:58:49
12:41 PM: Traces Found: 945
12:44 PM: Removal process initiated
12:44 PM: Quarantining All Traces: digi-watcher
********
11:37 AM: | Start of Session, Saturday, April 22, 2006 |
11:37 AM: Spy Sweeper started
11:38 AM: Your spyware definitions have been updated.
11:41 AM: | End of Session, Saturday, April 22, 2006 |

[LDTate]

I don't see much left.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O9 - Extra button: PokerTime Poker - {7220F1C9-B7E0-47a6-A0BD-D5B3940BCC79} - C:\Program Files\PokerTimeMPP\MPPoker.exe

O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)

O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)

O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Open C:\Windows\Prefetch\ Delete ALL files in this folder.



Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

[solley]

Sheesh....ATF Cleaner freed 4576813056 bytes.

As for how my computer behaves at the moment...

1) When I switch users, XP shows that I have 1 program running, even though my task bar is empty.

2) I intentionally disabled my wireless network connection and the re-connected. I then get an alert from ZoneAlarm:

==============================================
SERVER PROGRAM
Windows Explorer wants to accept connections from the Internet.
Identification: Not available in ZoneAlarm
Application: explorer.exe
Source IP: 192.168.1.1:Port 1900 <----I think that's my router???
===============================================

Edit: Forgot my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:15:56 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\RealVNC\WinVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\AnalogX\POW\pow.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Tim\Desktop\Spyware Killers\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/...rch/search.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: POW!.lnk = C:\Program Files\AnalogX\POW\pow.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Harmony Remote.lnk = C:\Program Files\Logitech\Harmony Remote\harmonyClient.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt0_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash...ers/SAXFile.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {405BBF5B-2FD8-4614-AC51-D8566F635B94} (SafeWallet Class) - http://idsm.citadelp...s/WalletCab.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish....fishActivia.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernet...urferplugin.ocx
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compu...hat/RTCChat.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell...t/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://mediamax.stre...oad/XUpload.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\winvnc.exe" -service (file missing)

Edited by solley, 24 April 2006 - 06:28 PM.

[LDTate]

192.168.1.1 Record Type: IP Address Cached Whois: 2006-04-24 IP Location: - - Private Ip Address Lan Blacklist Status: Clear

[LDTate]

Good Job

Log looks good How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.





If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

[solley]

Wow....you're quick. You may have missed my 2 edits. The first was my HJT log and the 2nd was labeled "1)" and concerns switching users and having a program running, according to XP, but nothing in my task bar.

[LDTate]

1) When I switch users, XP shows that I have 1 program running, even though my task bar is empty.

What rights does that user have? Could be a hidden system file.

2) I intentionally disabled my wireless network connection and the re-connected. I then get an alert from ZoneAlarm:

What type of alarm? If your Router has a built-in Firewall, you don't need Zone Alarm

[solley]

Good Job

Log looks good How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.





If you dont have these programs I would recommend that you get them. Spywareblaster, Spywareguard. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

Before I do the system restore thing....are you saying it is OK to give Server rights to explorer.exe in ZoneAlarm?

[LDTate]

No, you don't need to give it server rights just access. Before checking the box each time to block access just hit the deny button and see what happens the first time.

[solley]

1) When I switch users, XP shows that I have 1 program running, even though my task bar is empty.

What rights does that user have? Could be a hidden system file.

2) I intentionally disabled my wireless network connection and the re-connected. I then get an alert from ZoneAlarm:

What type of alarm? If your Router has a built-in Firewall, you don't need Zone Alarm

1) Admin

2) My router has a built-in firewall, but don't I need something (like ZA) to keep my computer from sending stuff OUT?

[LDTate]

1) Admin

do ALT/CTRL/DEL and look in the taskmanager. That will show what's running

2) My router has a built-in firewall, but don't I need something (like ZA) to keep my computer from sending stuff OUT?

You can have both I suppose, but if you have the book that came with your router you should be able to configure that for incoming and outgoing.

You could also checkout Zone Alarms web site

[LDTate]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php