Thanks so much for helping me out!
First, here is my
Spy Sweeper report log...
********
7:15 PM: | Start of Session, Wednesday, May 17, 2006 |
7:15 PM: Spy Sweeper started
7:15 PM: Sweep initiated using definitions version 680
7:15 PM: Starting Memory Sweep
7:20 PM: Memory Sweep Complete, Elapsed Time: 00:04:09
7:20 PM: Starting Registry Sweep
7:20 PM: Found Adware: comet cursor
7:20 PM: HKCR\appid\dmserver.exe\ (1 subtraces) (ID = 106303)
7:20 PM: HKCR\appid\{bac984c9-78c8-4105-9e97-1675a4052686}\ (1 subtraces) (ID = 106304)
7:20 PM: HKCR\clsid\{16bc6464-196a-4bab-a14b-f69f8a0a60f7}\ (11 subtraces) (ID = 106322)
7:20 PM: HKCR\clsid\{197ab1d7-a7dd-4c86-a938-1fcc0db21b85}\ (14 subtraces) (ID = 106331)
7:20 PM: HKCR\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}\ (11 subtraces) (ID = 106359)
7:20 PM: HKCR\cssecurity.htmlsecurity.1\ (3 subtraces) (ID = 106426)
7:20 PM: HKCR\cssecurity.htmlsecurity\ (5 subtraces) (ID = 106427)
7:20 PM: HKCR\dmproxy.dmproxyctl.1\ (3 subtraces) (ID = 106428)
7:20 PM: HKCR\dmproxy.dmproxyctl\ (5 subtraces) (ID = 106429)
7:20 PM: HKCR\dmserver.dmnotify.1\ (3 subtraces) (ID = 106430)
7:20 PM: HKCR\dmserver.dmnotify\ (5 subtraces) (ID = 106431)
7:20 PM: HKCR\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ (8 subtraces) (ID = 106455)
7:20 PM: HKCR\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ (8 subtraces) (ID = 106461)
7:20 PM: HKCR\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ (8 subtraces) (ID = 106489)
7:20 PM: HKCR\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ (8 subtraces) (ID = 106503)
7:20 PM: HKCR\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ (8 subtraces) (ID = 106509)
7:20 PM: HKLM\software\classes\appid\dmserver.exe\ (1 subtraces) (ID = 106525)
7:20 PM: HKLM\software\classes\appid\{bac984c9-78c8-4105-9e97-1675a4052686}\ (1 subtraces) (ID = 106526)
7:20 PM: HKLM\software\classes\clsid\{16bc6464-196a-4bab-a14b-f69f8a0a60f7}\ (11 subtraces) (ID = 106541)
7:20 PM: HKLM\software\classes\clsid\{197ab1d7-a7dd-4c86-a938-1fcc0db21b85}\ (14 subtraces) (ID = 106549)
7:20 PM: HKLM\software\classes\clsid\{f59c663d-e891-492c-86e3-0758c71885c2}\ (11 subtraces) (ID = 106577)
7:20 PM: HKLM\software\classes\cssecurity.htmlsecurity\ (5 subtraces) (ID = 106610)
7:20 PM: HKLM\software\classes\dmproxy.dmproxyctl.1\ (3 subtraces) (ID = 106611)
7:20 PM: HKLM\software\classes\dmproxy.dmproxyctl\ (5 subtraces) (ID = 106612)
7:20 PM: HKLM\software\classes\dmserver.dmnotify.1\ (3 subtraces) (ID = 106613)
7:20 PM: HKLM\software\classes\dmserver.dmnotify\ (5 subtraces) (ID = 106614)
7:20 PM: HKLM\software\classes\interface\{4a0f42b7-a61b-4131-bf41-bf05a2635bfd}\ (8 subtraces) (ID = 106636)
7:20 PM: HKLM\software\classes\interface\{9dbdd71c-0a7f-48ac-9ffa-e102b3750b9d}\ (8 subtraces) (ID = 106642)
7:20 PM: HKLM\software\classes\interface\{c2e56e18-2f04-4ab9-9333-b2db3c350956}\ (8 subtraces) (ID = 106667)
7:20 PM: HKLM\software\classes\interface\{e9cbbeed-20b6-456c-8589-cf364d9d2370}\ (8 subtraces) (ID = 106680)
7:20 PM: HKLM\software\classes\interface\{f8c5ea77-7d72-405c-b90a-093655b0f544}\ (8 subtraces) (ID = 106687)
7:20 PM: HKLM\software\classes\typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857}\ (9 subtraces) (ID = 106704)
7:20 PM: HKLM\software\classes\typelib\{32ba13af-001c-456e-8825-8d53077460ac}\ (9 subtraces) (ID = 106705)
7:20 PM: HKLM\software\classes\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}\ (9 subtraces) (ID = 106706)
7:20 PM: HKCR\typelib\{8fcd3b3f-6f3e-4bb2-9c37-b03b27f71857}\ (9 subtraces) (ID = 106755)
7:20 PM: HKCR\typelib\{32ba13af-001c-456e-8825-8d53077460ac}\ (9 subtraces) (ID = 106756)
7:20 PM: HKCR\typelib\{844c39ec-7ea4-4f11-bce6-28404fd768e3}\ (9 subtraces) (ID = 106757)
7:20 PM: Found Adware: cws_ns3
7:20 PM: HKCR\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (6 subtraces) (ID = 119009)
7:20 PM: HKLM\software\classes\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (6 subtraces) (ID = 120846)
7:20 PM: Found Adware: keenvalue/perfectnav
7:20 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
7:20 PM: Found Adware: directrevenue-abetterinternet
7:20 PM: HKLM\software\dbi\ (29 subtraces) (ID = 145915)
7:20 PM: Found Adware: winad
7:20 PM: HKLM\software\classes\winadx.installer\ (3 subtraces) (ID = 147180)
7:20 PM: HKCR\winadx.installer\ (3 subtraces) (ID = 147248)
7:20 PM: Found Adware: cws-aboutblank
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
7:20 PM: Found Adware: gsim
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\dynamic toolbar\gsim\ (8 subtraces) (ID = 127017)
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
7:20 PM: Found Adware: mindset interactive - favoriteman
7:20 PM: HKU\S-1-5-21-1282968177-3619185988-1870696932-1007\software\microsoft\windows\ || server (ID = 1025299)
7:20 PM: Registry Sweep Complete, Elapsed Time:00:00:13
7:20 PM: Starting Cookie Sweep
7:20 PM: Found Spy Cookie: sandboxer cookie
7:20 PM: brian@0[1].txt (ID = 3282)
7:20 PM: Found Spy Cookie: 2o7.net cookie
7:20 PM: brian@2o7[1].txt (ID = 1957)
7:20 PM: Found Spy Cookie: 64.62.232 cookie
7:20 PM: brian@64.62.232[2].txt (ID = 1987)
7:20 PM: Found Spy Cookie: websponsors cookie
7:20 PM: brian@a.websponsors[1].txt (ID = 3665)
7:20 PM: Found Spy Cookie: about cookie
7:20 PM: brian@about[2].txt (ID = 2037)
7:20 PM: Found Spy Cookie: ad-logics cookie
7:20 PM: brian@ad-logics[1].txt (ID = 2049)
7:20 PM: Found Spy Cookie: yieldmanager cookie
7:20 PM: brian@ad.yieldmanager[2].txt (ID = 3751)
7:20 PM: Found Spy Cookie: adknowledge cookie
7:20 PM: brian@adknowledge[2].txt (ID = 2072)
7:20 PM: Found Spy Cookie: adlegend cookie
7:20 PM: brian@adlegend[1].txt (ID = 2074)
7:20 PM: Found Spy Cookie: precisead cookie
7:20 PM: brian@adopt.precisead[2].txt (ID = 3182)
7:20 PM: Found Spy Cookie: specificclick.com cookie
7:20 PM: brian@adopt.specificclick[2].txt (ID = 3400)
7:20 PM: Found Spy Cookie: adorigin cookie
7:20 PM: brian@adorigin[2].txt (ID = 2082)
7:20 PM: Found Spy Cookie: adrevolver cookie
7:20 PM: brian@adrevolver[1].txt (ID = 2088)
7:20 PM: brian@adrevolver[3].txt (ID = 2088)
7:20 PM: Found Spy Cookie: addynamix cookie
7:20 PM: brian@ads.addynamix[2].txt (ID = 2062)
7:20 PM: Found Spy Cookie: pointroll cookie
7:20 PM: brian@ads.pointroll[2].txt (ID = 3148)
7:20 PM: Found Spy Cookie: adtech cookie
7:20 PM: brian@adtech[2].txt (ID = 2155)
7:20 PM: Found Spy Cookie: alt cookie
7:20 PM: brian@alt[2].txt (ID = 2217)
7:20 PM: Found Spy Cookie: apmebf cookie
7:20 PM: brian@apmebf[2].txt (ID = 2229)
7:20 PM: Found Spy Cookie: falkag cookie
7:20 PM: brian@as-us.falkag[2].txt (ID = 2650)
7:20 PM: Found Spy Cookie: askmen cookie
7:20 PM: brian@askmen[2].txt (ID = 2247)
7:20 PM: Found Spy Cookie: ask cookie
7:20 PM: brian@ask[1].txt (ID = 2245)
7:20 PM: Found Spy Cookie: belnk cookie
7:20 PM: brian@ath.belnk[2].txt (ID = 2293)
7:20 PM: Found Spy Cookie: atwola cookie
7:20 PM: brian@atwola[2].txt (ID = 2255)
7:20 PM: Found Spy Cookie: bannerspace cookie
7:20 PM: brian@bannerspace[1].txt (ID = 2284)
7:20 PM: Found Spy Cookie: banner cookie
7:20 PM: brian@banner[2].txt (ID = 2276)
7:20 PM: brian@belnk[2].txt (ID = 2292)
7:20 PM: Found Spy Cookie: bizrate cookie
7:20 PM: brian@bizrate[1].txt (ID = 2308)
7:20 PM: Found Spy Cookie: bluestreak cookie
7:20 PM: brian@bluestreak[1].txt (ID = 2314)
7:20 PM: Found Spy Cookie: bs.serving-sys cookie
7:20 PM: brian@bs.serving-sys[1].txt (ID = 2330)
7:20 PM: Found Spy Cookie: burstnet cookie
7:20 PM: brian@burstnet[1].txt (ID = 2336)
7:20 PM: Found Spy Cookie: enhance cookie
7:20 PM: brian@c.enhance[1].txt (ID = 2614)
7:20 PM: Found Spy Cookie: zedo cookie
7:20 PM: brian@c5.zedo[1].txt (ID = 3763)
7:20 PM: Found Spy Cookie: casalemedia cookie
7:20 PM: brian@casalemedia[2].txt (ID = 2354)
7:20 PM: Found Spy Cookie: cd freaks cookie
7:20 PM: brian@cdfreaks[2].txt (ID = 2370)
7:20 PM: Found Spy Cookie: centrport net cookie
7:20 PM: brian@centrport[2].txt (ID = 2374)
7:20 PM: brian@childparenting.about[1].txt (ID = 2038)
7:20 PM: Found Spy Cookie: classmates cookie
7:20 PM: brian@classmates[1].txt (ID = 2384)
7:20 PM: Found Spy Cookie: clickbank cookie
7:20 PM: brian@clickbank[2].txt (ID = 2398)
7:20 PM: brian@club.cdfreaks[1].txt (ID = 2371)
7:20 PM: Found Spy Cookie: did-it cookie
7:20 PM: brian@did-it[1].txt (ID = 2523)
7:20 PM: brian@dist.belnk[2].txt (ID = 2293)
7:20 PM: Found Spy Cookie: ru4 cookie
7:20 PM: brian@edge.ru4[1].txt (ID = 3269)
7:20 PM: brian@entrepreneur.122.2o7[1].txt (ID = 1958)
7:20 PM: Found Spy Cookie: go.com cookie
7:20 PM: brian@espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: exitexchange cookie
7:20 PM: brian@exitexchange[1].txt (ID = 2633)
7:20 PM: Found Spy Cookie: findwhat cookie
7:20 PM: brian@findwhat[1].txt (ID = 2674)
7:20 PM: brian@games.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: gamespy cookie
7:20 PM: brian@gamespy[1].txt (ID = 2719)
7:20 PM: brian@genealogy.about[1].txt (ID = 2038)
7:20 PM: brian@go[1].txt (ID = 2728)
7:20 PM: Found Spy Cookie: clickandtrack cookie
7:20 PM: brian@hits.clickandtrack[2].txt (ID = 2397)
7:20 PM: Found Spy Cookie: hitstats.net cookie
7:20 PM: brian@hitstats[1].txt (ID = 2791)
7:20 PM: Found Spy Cookie: hotlog cookie
7:20 PM: brian@hotlog[2].txt (ID = 2801)
7:20 PM: Found Spy Cookie: hypertracker.com cookie
7:20 PM: brian@hypertracker[2].txt (ID = 2817)
7:20 PM: Found Spy Cookie: ic-live cookie
7:20 PM: brian@ic-live[1].txt (ID = 2821)
7:20 PM: brian@insider.espn.go[2].txt (ID = 2729)
7:20 PM: brian@internetgames.about[1].txt (ID = 2038)
7:20 PM: Found Spy Cookie: sb01 cookie
7:20 PM: brian@jp1.sb01[2].txt (ID = 3288)
7:20 PM: Found Spy Cookie: l2m.net cookie
7:20 PM: brian@l2m[1].txt (ID = 2913)
7:20 PM: Found Spy Cookie: domainsponsor cookie
7:20 PM: brian@landing.domainsponsor[1].txt (ID = 2535)
7:20 PM: Found Spy Cookie: maxserving cookie
7:20 PM: brian@maxserving[1].txt (ID = 2966)
7:20 PM: Found Spy Cookie: metareward.com cookie
7:20 PM: brian@metareward[1].txt (ID = 2990)
7:20 PM: brian@msnportal.112.2o7[1].txt (ID = 1958)
7:20 PM: brian@my.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: mygeek cookie
7:20 PM: brian@mygeek[1].txt (ID = 3041)
7:20 PM: Found Spy Cookie: nextag cookie
7:20 PM: brian@nextag[2].txt (ID = 5014)
7:20 PM: brian@northwestairlines.112.2o7[1].txt (ID = 1958)
7:20 PM: Found Spy Cookie: one-time-offer cookie
7:20 PM: brian@one-time-offer[2].txt (ID = 3095)
7:20 PM: Found Spy Cookie: overture cookie
7:20 PM: brian@overture[2].txt (ID = 3105)
7:20 PM: Found Spy Cookie: touchclarity cookie
7:20 PM: brian@partypoker.touchclarity[1].txt (ID = 3567)
7:20 PM: Found Spy Cookie: partypoker cookie
7:20 PM: brian@partypoker[2].txt (ID = 3111)
7:20 PM: Found Spy Cookie: passion cookie
7:20 PM: brian@passion[2].txt (ID = 3113)
7:20 PM: Found Spy Cookie: paypopup cookie
7:20 PM: brian@paypopup[1].txt (ID = 3119)
7:20 PM: brian@perf.overture[1].txt (ID = 3106)
7:20 PM: brian@popunder.paypopup[1].txt (ID = 3120)
7:20 PM: Found Spy Cookie: valuead cookie
7:20 PM: brian@premiumnetworkrocks.valuead[1].txt (ID = 3627)
7:20 PM: Found Spy Cookie: pricegrabber cookie
7:20 PM: brian@pricegrabber[2].txt (ID = 3185)
7:20 PM: Found Spy Cookie: pro-market cookie
7:20 PM: brian@pro-market[1].txt (ID = 3197)
7:20 PM: Found Spy Cookie: pub cookie
7:20 PM: brian@pub[2].txt (ID = 3205)
7:20 PM: Found Spy Cookie: qsrch cookie
7:20 PM: brian@qsrch[1].txt (ID = 3215)
7:20 PM: Found Spy Cookie: questionmarket cookie
7:20 PM: brian@questionmarket[1].txt (ID = 3217)
7:20 PM: brian@r.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: realmedia cookie
7:20 PM: brian@realmedia[2].txt (ID = 3235)
7:20 PM: Found Spy Cookie: rednova cookie
7:20 PM: brian@rednova[1].txt (ID = 3245)
7:20 PM: Found Spy Cookie: reunion cookie
7:20 PM: brian@reunion[1].txt (ID = 3255)
7:20 PM: Found Spy Cookie: revenue.net cookie
7:20 PM: brian@revenue[1].txt (ID = 3257)
7:20 PM: Found Spy Cookie: rn11 cookie
7:20 PM: brian@rn11[2].txt (ID = 3261)
7:20 PM: Found Spy Cookie: adjuggler cookie
7:20 PM: brian@rotator.adjuggler[2].txt (ID = 2071)
7:20 PM: brian@rotator.dex.adjuggler[1].txt (ID = 2070)
7:20 PM: brian@rsi.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: seeq cookie
7:20 PM: brian@seeq[1].txt (ID = 3331)
7:20 PM: Found Spy Cookie: server.iad.liveperson cookie
7:20 PM: brian@server.iad.liveperson[2].txt (ID = 3341)
7:20 PM: Found Spy Cookie: serving-sys cookie
7:20 PM: brian@serving-sys[2].txt (ID = 3343)
7:20 PM: Found Spy Cookie: servlet cookie
7:20 PM: brian@servlet[1].txt (ID = 3345)
7:20 PM: brian@sports-att.espn.go[2].txt (ID = 2729)
7:20 PM: brian@sports.espn.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: statcounter cookie
7:20 PM: brian@statcounter[1].txt (ID = 3447)
7:20 PM: Found Spy Cookie: statstracking cookie
7:20 PM: brian@stats-tracking[1].txt (ID = 3453)
7:20 PM: Found Spy Cookie: tacoda cookie
7:20 PM: brian@tacoda[1].txt (ID = 6444)
7:20 PM: brian@thunderbolt.adjuggler[1].txt (ID = 2070)
7:20 PM: Found Spy Cookie: toplist cookie
7:20 PM: brian@toplist[1].txt (ID = 3557)
7:20 PM: Found Spy Cookie: toprebates.com cookie
7:20 PM: brian@toprebates[2].txt (ID = 3561)
7:20 PM: Found Spy Cookie: trafficmp cookie
7:20 PM: brian@trafficmp[2].txt (ID = 3581)
7:20 PM: Found Spy Cookie: trb.com cookie
7:20 PM: brian@trb[1].txt (ID = 3587)
7:20 PM: Found Spy Cookie: tribalfusion cookie
7:20 PM: brian@tribalfusion[1].txt (ID = 3589)
7:20 PM: Found Spy Cookie: tripod cookie
7:20 PM: brian@tripod[1].txt (ID = 3591)
7:20 PM: Found Spy Cookie: tvguide cookie
7:20 PM: brian@tvguide[1].txt (ID = 3599)
7:20 PM: brian@valuead[1].txt (ID = 3626)
7:20 PM: Found Spy Cookie: videodome cookie
7:20 PM: brian@videodome[1].txt (ID = 3638)
7:20 PM: brian@www.abcnews.go[1].txt (ID = 2729)
7:20 PM: Found Spy Cookie: adminder cookie
7:20 PM: brian@www.adminder[1].txt (ID = 2079)
7:20 PM: Found Spy Cookie: burstbeacon cookie
7:20 PM: brian@www.burstbeacon[2].txt (ID = 2335)
7:20 PM: Found Spy Cookie: eadexchange cookie
7:20 PM: brian@www.eadexchange[2].txt (ID = 2556)
7:20 PM: Found Spy Cookie: myaffiliateprogram.com cookie
7:20 PM: brian@www.myaffiliateprogram[2].txt (ID = 3032)
7:20 PM: brian@www.rednova[2].txt (ID = 3246)
7:20 PM: Found Spy Cookie: screensavers.com cookie
7:20 PM: brian@www.screensavers[2].txt (ID = 3298)
7:20 PM: brian@www.toprebates[2].txt (ID = 3562)
7:20 PM: Found Spy Cookie: xiti cookie
7:20 PM: brian@xiti[1].txt (ID = 3717)
7:20 PM: Found Spy Cookie: adserver cookie
7:20 PM: brian@z1.adserver[1].txt (ID = 2142)
7:20 PM: brian@zedo[2].txt (ID = 3762)
7:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
7:20 PM: Starting File Sweep
7:20 PM: Found Adware: clearsearch
7:20 PM: c:\windows\temp\clrsch (ID = -2147481248)
7:20 PM: Found Adware: bullguard popup ad
7:20 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
7:21 PM: Found Adware: coolwebsearch (cws)
7:21 PM: dpuuf.log (ID = 53966)
7:22 PM: texhb.log (ID = 53966)
7:22 PM: kfecu.txt (ID = 53966)
7:22 PM: mspid.log (ID = 53966)
7:22 PM: ygshh.log (ID = 56447)
7:24 PM: mkfky.dat (ID = 56680)
7:24 PM: cywvf.dat (ID = 56680)
7:24 PM: crlnu.dat (ID = 56680)
7:24 PM: bl.dat (ID = 56394)
7:24 PM: hhobq.txt (ID = 56447)
7:24 PM: qhlmb.txt (ID = 56711)
7:24 PM: aemxs.log (ID = 56447)
7:25 PM: djjfs.txt (ID = 56447)
7:25 PM: cqqvs.log (ID = 56447)
7:25 PM: ioimi.txt (ID = 56711)
7:25 PM: pophg.log (ID = 56447)
7:25 PM: hmdjb.txt (ID = 56447)
7:25 PM: vrjau.txt (ID = 56711)
7:26 PM: mwvzk.txt (ID = 53966)
7:26 PM: gsim.inf (ID = 61964)
7:28 PM: keywords.dat (ID = 54234)
7:28 PM: dict.dat (ID = 54051)
7:29 PM: keywords.dat (ID = 54234)
7:29 PM: dict.dat (ID = 54051)
7:33 PM: jguax.log (ID = 56711)
7:39 PM: tpkpl.log (ID = 56447)
7:42 PM: buron.log (ID = 56447)
7:42 PM: tvkuq.log (ID = 56711)
7:45 PM: cwjaw.txt (ID = 56447)
7:58 PM: uxtgy.txt (ID = 53966)
8:01 PM: Found Adware: cydoor peer-to-peer dependency
8:01 PM: cd_clint.dll (ID = 57300)
8:03 PM: bulldownload.exe (ID = 52017)
8:36 PM: dict.dat (ID = 54051)
8:36 PM: keywords.dat (ID = 54234)
8:41 PM: im64.dll (ID = 69841)
8:41 PM: biini.inf (ID = 83199)
8:41 PM: belt.inf (ID = 83154)
8:41 PM: Found System Monitor: potentially rootkit-masked files
8:41 PM: 3m app.doc (ID = 0)
8:41 PM: music.asx (ID = 0)
8:41 PM: thumbs.db (ID = 0)
8:41 PM: blue hills.jpg (ID = 0)
8:41 PM: music.bmp (ID = 0)
8:41 PM: andrew lindsay.doc (ID = 0)
8:41 PM: ringtone-composer.exe (ID = 0)
8:41 PM: winter.jpg (ID = 0)
8:41 PM: water lilies.jpg (ID = 0)
8:41 PM: sunset.jpg (ID = 0)
8:41 PM: beethoven's symphony no. 9 (scherzo).wma (ID = 0)
8:41 PM: new stories (highway blues).wma (ID = 0)
8:41 PM: music.wma (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:41 PM: desktop.ini (ID = 0)
8:47 PM: Warning: Unhandled Archive Type
8:58 PM: Warning: Unhandled Archive Type
8:59 PM: Warning: Unhandled Archive Type
9:00 PM: Warning: Invalid Stream
9:01 PM: File Sweep Complete, Elapsed Time: 01:40:41
9:01 PM: Full Sweep has completed. Elapsed time 01:45:19
9:01 PM: Traces Found: 537
9:07 PM: Removal process initiated
9:07 PM: Quarantining All Traces: clearsearch
9:07 PM: Quarantining All Traces: cws_ns3
9:07 PM: Quarantining All Traces: cws-aboutblank
9:07 PM: Quarantining All Traces: directrevenue-abetterinternet
9:07 PM: Quarantining All Traces: potentially rootkit-masked files
9:07 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:07 PM: music.asx is in use. It will be removed on reboot.
9:07 PM: thumbs.db is in use. It will be removed on reboot.
9:07 PM: blue hills.jpg is in use. It will be removed on reboot.
9:07 PM: music.bmp is in use. It will be removed on reboot.
9:07 PM: winter.jpg is in use. It will be removed on reboot.
9:07 PM: water lilies.jpg is in use. It will be removed on reboot.
9:07 PM: sunset.jpg is in use. It will be removed on reboot.
9:07 PM: beethoven's symphony no. 9 (scherzo).wma is in use. It will be removed on reboot.
9:07 PM: new stories (highway blues).wma is in use. It will be removed on reboot.
9:07 PM: music.wma is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: desktop.ini is in use. It will be removed on reboot.
9:07 PM: Quarantining All Traces: comet cursor
9:07 PM: Quarantining All Traces: coolwebsearch (cws)
9:07 PM: Quarantining All Traces: mindset interactive - favoriteman
9:07 PM: Quarantining All Traces: winad
9:07 PM: Quarantining All Traces: bullguard popup ad
9:08 PM: Quarantining All Traces: cydoor peer-to-peer dependency
9:08 PM: Quarantining All Traces: gsim
9:08 PM: Quarantining All Traces: keenvalue/perfectnav
9:08 PM: Quarantining All Traces: 2o7.net cookie
9:08 PM: Quarantining All Traces: 64.62.232 cookie
9:08 PM: Quarantining All Traces: about cookie
9:08 PM: Quarantining All Traces: addynamix cookie
9:08 PM: Quarantining All Traces: adjuggler cookie
9:08 PM: Quarantining All Traces: adknowledge cookie
9:08 PM: Quarantining All Traces: adlegend cookie
9:08 PM: Quarantining All Traces: ad-logics cookie
9:08 PM: Quarantining All Traces: adminder cookie
9:08 PM: Quarantining All Traces: adorigin cookie
9:08 PM: Quarantining All Traces: adrevolver cookie
9:08 PM: Quarantining All Traces: adserver cookie
9:08 PM: Quarantining All Traces: adtech cookie
9:08 PM: Quarantining All Traces: alt cookie
9:08 PM: Quarantining All Traces: apmebf cookie
9:08 PM: Quarantining All Traces: ask cookie
9:08 PM: Quarantining All Traces: askmen cookie
9:08 PM: Quarantining All Traces: atwola cookie
9:08 PM: Quarantining All Traces: banner cookie
9:08 PM: Quarantining All Traces: bannerspace cookie
9:08 PM: Quarantining All Traces: belnk cookie
9:08 PM: Quarantining All Traces: bizrate cookie
9:08 PM: Quarantining All Traces: bluestreak cookie
9:08 PM: Quarantining All Traces: bs.serving-sys cookie
9:08 PM: Quarantining All Traces: burstbeacon cookie
9:08 PM: Quarantining All Traces: burstnet cookie
9:08 PM: Quarantining All Traces: casalemedia cookie
9:08 PM: Quarantining All Traces: cd freaks cookie
9:08 PM: Quarantining All Traces: centrport net cookie
9:08 PM: Quarantining All Traces: classmates cookie
9:08 PM: Quarantining All Traces: clickandtrack cookie
9:08 PM: Quarantining All Traces: clickbank cookie
9:08 PM: Quarantining All Traces: did-it cookie
9:08 PM: Quarantining All Traces: domainsponsor cookie
9:08 PM: Quarantining All Traces: eadexchange cookie
9:08 PM: Quarantining All Traces: enhance cookie
9:08 PM: Quarantining All Traces: exitexchange cookie
9:08 PM: Quarantining All Traces: falkag cookie
9:08 PM: Quarantining All Traces: findwhat cookie
9:08 PM: Quarantining All Traces: gamespy cookie
9:08 PM: Quarantining All Traces: go.com cookie
9:08 PM: Quarantining All Traces: hitstats.net cookie
9:08 PM: Quarantining All Traces: hotlog cookie
9:08 PM: Quarantining All Traces: hypertracker.com cookie
9:08 PM: Quarantining All Traces: ic-live cookie
9:08 PM: Quarantining All Traces: l2m.net cookie
9:08 PM: Quarantining All Traces: maxserving cookie
9:08 PM: Quarantining All Traces: metareward.com cookie
9:08 PM: Quarantining All Traces: myaffiliateprogram.com cookie
9:08 PM: Quarantining All Traces: mygeek cookie
9:08 PM: Quarantining All Traces: nextag cookie
9:08 PM: Quarantining All Traces: one-time-offer cookie
9:08 PM: Quarantining All Traces: overture cookie
9:08 PM: Quarantining All Traces: partypoker cookie
9:08 PM: Quarantining All Traces: passion cookie
9:08 PM: Quarantining All Traces: paypopup cookie
9:08 PM: Quarantining All Traces: pointroll cookie
9:08 PM: Quarantining All Traces: precisead cookie
9:08 PM: Quarantining All Traces: pricegrabber cookie
9:08 PM: Quarantining All Traces: pro-market cookie
9:08 PM: Quarantining All Traces: pub cookie
9:08 PM: Quarantining All Traces: qsrch cookie
9:08 PM: Quarantining All Traces: questionmarket cookie
9:08 PM: Quarantining All Traces: realmedia cookie
9:08 PM: Quarantining All Traces: rednova cookie
9:08 PM: Quarantining All Traces: reunion cookie
9:08 PM: Quarantining All Traces: revenue.net cookie
9:08 PM: Quarantining All Traces: rn11 cookie
9:08 PM: Quarantining All Traces: ru4 cookie
9:08 PM: Quarantining All Traces: sandboxer cookie
9:08 PM: Quarantining All Traces: sb01 cookie
9:08 PM: Quarantining All Traces: screensavers.com cookie
9:08 PM: Quarantining All Traces: seeq cookie
9:08 PM: Quarantining All Traces: server.iad.liveperson cookie
9:08 PM: Quarantining All Traces: serving-sys cookie
9:08 PM: Quarantining All Traces: servlet cookie
9:08 PM: Quarantining All Traces: specificclick.com cookie
9:08 PM: Quarantining All Traces: statcounter cookie
9:08 PM: Quarantining All Traces: statstracking cookie
9:08 PM: Quarantining All Traces: tacoda cookie
9:08 PM: Quarantining All Traces: toplist cookie
9:08 PM: Quarantining All Traces: toprebates.com cookie
9:08 PM: Quarantining All Traces: touchclarity cookie
9:08 PM: Quarantining All Traces: trafficmp cookie
9:08 PM: Quarantining All Traces: trb.com cookie
9:08 PM: Quarantining All Traces: tribalfusion cookie
9:08 PM: Quarantining All Traces: tripod cookie
9:08 PM: Quarantining All Traces: tvguide cookie
9:08 PM: Quarantining All Traces: valuead cookie
9:08 PM: Quarantining All Traces: videodome cookie
9:08 PM: Quarantining All Traces: websponsors cookie
9:08 PM: Quarantining All Traces: xiti cookie
9:08 PM: Quarantining All Traces: yieldmanager cookie
9:08 PM: Quarantining All Traces: zedo cookie
9:08 PM: Preparing to restart your computer. Please wait...
9:08 PM: Removal process completed. Elapsed time 00:01:32
********
7:13 PM: | Start of Session, Wednesday, May 17, 2006 |
7:13 PM: Spy Sweeper started
7:13 PM: Your spyware definitions have been updated.
7:15 PM: | End of Session, Wednesday, May 17, 2006 |
Next, here is my
Ediwdo report log.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:28:22 PM, 5/17/2006
+ Report-Checksum: 7D20D3D0
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{0B043178-7412-F22A-4F6E-DA5B78A513E5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{19899FD2-72DC-ADED-A735-6279FA695369} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25713B9E-3A18-4906-71FE-9FE3C5B4B02A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B33C71B-605A-1734-B317-E595374F9DA9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C6CC514-0686-8D4A-3795-115CE35C21E9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8464A5-089B-AA14-00B6-7BC0B335C697} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50851802-1398-D825-BABC-F1EC05737E05} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{515E6800-C37D-9309-FEE4-5E5649A955B4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5594286E-2D6D-EE06-1F69-72D3E29EFE21} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58A18AE6-6FAA-D8C2-14DB-4B8800933F55} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5DB4FA6D-8DF7-FEDD-6004-A7710DCAC5DE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64B26103-2B1C-551B-4BBE-4C0B592B4757} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67878067-8C35-4F5D-4D85-1A13C5E41DE1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BA5F227-1540-0895-1ED0-89D9E68F534F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BF9C3C4-0A9A-7E95-B93A-7BDCB4DCE7F1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{80CDCDFA-69CC-380D-123F-DF6C7FC64845} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81DE9EF1-9091-D3E5-B58C-E083B9CEB6D3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{846C9BB6-DD44-7AC5-7649-16F81934AA00} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{881A5C23-96F5-9D86-B285-C0FC40116992} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{983D1105-2366-D1D5-E5DA-05F4CC5CDA8E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A81ADE0-5E7F-0E4E-78B9-FD1D291D1B99} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8D30C47-4510-9BB5-0432-574064529B27} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97AC2A2-0659-AC43-72DB-D9D913C43C45} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CB83A090-647D-46EC-C087-3515DC944D17} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D476F3A0-4D6E-CAD1-1014-B290A1A15520} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DB26F49F-94D2-381B-21DE-2CF4D74E0AC6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE3AE878-C016-F46D-089A-80B24A7316D7} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E738C459-A711-F262-AA4A-278418C66737} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAA00845-B10D-A53B-8771-FBD4916BCE85} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7C42564-EA95-5F04-2382-4C97CB847F28} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F9538E86-36EE-4A7E-6596-B6F8EAA229D9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkicjd5odo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkiggcpoeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkyukajglo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfkyumdpmap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfligldjaap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfloeld5mfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmienc5idp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmigmczadp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmikpd5aeq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wfmycpdzsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkoomczmgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkosnczcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkosoajclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjkyulajmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjl4khczogo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjliahdjkap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjlokhajaaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjloohcjako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjlowpdzoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjmiwhdzobq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjnyoiajieo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@e-2dj6wjnyqocjkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Brian\Cookies\brian@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
::Report End
Finally, here is my
HijackThis new log.
Logfile of HijackThis v1.99.1
Scan saved at 10:37:12 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\NetDrive\wdService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Brian\Desktop\Security\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_19_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe