Now I don't get the about:blank screen when I open up my browser, however I did get a pop warning called System Integrety Scan Wizard. Also, after running SpySweeper I was unable to open up my recycle bin and empty it, but I may not have let everything running finish. I'm not sure. It still seems to be slow. Also, while SpySweeper was running I got two pop ups. One was two windows trying to open called UL Window Seek and UL Window URL. One opened and said it was search control project. Here are my logs:
********
12:56 PM: | Start of Session, Saturday, June 10, 2006 |
12:56 PM: Spy Sweeper started
12:56 PM: Sweep initiated using definitions version 696
12:56 PM: Found Trojan Horse: trojan-downloader-zlob
12:56 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
12:56 PM: atmclk.exe (ID = 1052560)
12:56 PM: Found Adware: virtumonde
12:56 PM: HKCR\clsid\{295ba105-3506-4d25-b0dd-54346320bdc5}\inprocserver32\ (2 subtraces) (ID = 1232672)
12:56 PM: pmnnk.dll (ID = 1232672)
12:56 PM: Starting Memory Sweep
12:57 PM: Detected running threat: C:\WINDOWS\SYSTEM32\pmnnk.dll (ID = 394)
1:04 PM: Memory Sweep Complete, Elapsed Time: 00:08:20
1:04 PM: Starting Registry Sweep
1:04 PM: Found Adware: blazefind
1:04 PM: HKLM\software\microsoft\windows\ || infamous (ID = 104517)
1:04 PM: Found Adware: cws_pnpsvc
1:04 PM: HKLM\system\currentcontrolset\services\eventlog\application\pnpsvc\ (2 subtraces) (ID = 123428)
1:04 PM: HKLM\system\currentcontrolset\services\pnpsvc\ (13 subtraces) (ID = 123429)
1:04 PM: Found Adware: prosearching hijack
1:04 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 134068)
1:04 PM: Found Adware: psguard\winhound fakealert
1:04 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet update\ (2 subtraces) (ID = 136964)
1:05 PM: Found Adware: security2k hijacker
1:05 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
1:05 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
1:05 PM: Found Trojan Horse: trojan agent winlogonhook
1:05 PM: HKLM\software\microsoft\mssmgr\ (14 subtraces) (ID = 937101)
1:05 PM: Found Adware: 2020search hijack
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 1192309)
1:05 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1192312)
1:05 PM: HKCR\infodocreader.infodocreader\ (5 subtraces) (ID = 1232619)
1:05 PM: HKCR\infodocreader.infodocreader.1\ (3 subtraces) (ID = 1232625)
1:05 PM: HKCR\clsid\{295ba105-3506-4d25-b0dd-54346320bdc5}\ (12 subtraces) (ID = 1232629)
1:05 PM: HKLM\software\classes\infodocreader.infodocreader\ (5 subtraces) (ID = 1232642)
1:05 PM: HKLM\software\classes\infodocreader.infodocreader.1\ (3 subtraces) (ID = 1232648)
1:05 PM: HKLM\software\classes\clsid\{295ba105-3506-4d25-b0dd-54346320bdc5}\ (12 subtraces) (ID = 1232652)
1:05 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{295ba105-3506-4d25-b0dd-54346320bdc5}\ (ID = 1232665)
1:05 PM: Found Adware: prosearch.com hijack
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 1250783)
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || local page (ID = 1250784)
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || start page (ID = 1250785)
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || search page_bak (ID = 1250789)
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || searchurl (ID = 1250790)
1:05 PM: HKLM\software\microsoft\internet explorer\main\ || start page_bak (ID = 1250791)
1:05 PM: Found Adware: spyware soft stop fakealert
1:05 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {5aaf6542-f4ba-4df4-873d-4902ecbe794c} (ID = 1391008)
1:05 PM: Found Adware: popuper
1:05 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || dcomcfg.exe (ID = 1497181)
1:05 PM: Found Adware: zippy-lookup
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-501\software\_zippy\ (18 subtraces) (ID = 646226)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1013\software\_zippy\ (18 subtraces) (ID = 646226)
1:05 PM: Found Adware: commonname
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\internet keyword\ (ID = 106883)
1:05 PM: Found Adware: cws-aboutblank
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
1:05 PM: Found Adware: cws_yun
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\windows\currentversion\yun\ (1 subtraces) (ID = 124513)
1:05 PM: Found Adware: lopdotcom
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\windows\currentversion\run\ || aida (ID = 130496)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || search page (ID = 134071)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\internet keyword\ (ID = 484608)
1:05 PM: Found Adware: sidesearch
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\_zippy\ (2401 subtraces) (ID = 646226)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || search bar (ID = 1192307)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\search\ || searchassistant (ID = 1192311)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || default_search_url (ID = 1339808)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || searchurl (ID = 1339809)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || start page_bak (ID = 1339810)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1010\software\microsoft\internet explorer\main\ || local page (ID = 1339811)
1:05 PM: Found Adware: clientman
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1009\software\ipend\ (8 subtraces) (ID = 105893)
1:05 PM: Found Adware: find4u hijack
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1009\software\microsoft\internet explorer\searchurl\ (ID = 117211)
1:05 PM: Found Adware: 180search assistant/zango
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1009\software\180solutions\ (10 subtraces) (ID = 135617)
1:05 PM: Found Adware: surfsidekick
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1009\software\surfsidekick2\ (3 subtraces) (ID = 143410)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
1:05 PM: HKU\WRSS_Profile_S-1-5-21-2671886697-3193749939-1414110769-1009\software\_zippy\ (4 subtraces) (ID = 646226)
1:05 PM: Registry Sweep Complete, Elapsed Time:00:00:41
1:05 PM: Starting Cookie Sweep
1:05 PM: Found Spy Cookie: adknowledge cookie
1:05 PM: guest@adknowledge[2].txt (ID = 2072)
1:05 PM: Found Spy Cookie: adrevolver cookie
1:05 PM: guest@adrevolver[1].txt (ID = 2088)
1:05 PM: Found Spy Cookie: adserver cookie
1:05 PM: guest@adserver[2].txt (ID = 2141)
1:05 PM: Found Spy Cookie: belnk cookie
1:05 PM: guest@ath.belnk[2].txt (ID = 2293)
1:05 PM: Found Spy Cookie: atwola cookie
1:05 PM: guest@atwola[2].txt (ID = 2255)
1:05 PM: Found Spy Cookie: banner cookie
1:05 PM: guest@banner[1].txt (ID = 2276)
1:05 PM: guest@belnk[1].txt (ID = 2292)
1:05 PM: guest@dist.belnk[1].txt (ID = 2293)
1:05 PM: Found Spy Cookie: realmedia cookie
1:05 PM: guest@realmedia[2].txt (ID = 3235)
1:05 PM: katie@adrevolver[1].txt (ID = 2088)
1:05 PM: katie@atwola[1].txt (ID = 2255)
1:05 PM: katie@banner[1].txt (ID = 2276)
1:05 PM: katie@realmedia[1].txt (ID = 3235)
1:05 PM: neal lambert@atwola[1].txt (ID = 2255)
1:05 PM: Found Spy Cookie: cassava cookie
1:05 PM: neal lambert@cassava[1].txt (ID = 2362)
1:05 PM: Found Spy Cookie: pesttrap cookie
1:05 PM: neal lambert@www.pesttrap[1].txt (ID = 6462)
1:05 PM: Found Spy Cookie: 2o7.net cookie
1:05 PM: amie lambert@2o7[1].txt (ID = 1957)
1:05 PM: Found Spy Cookie: about cookie
1:05 PM: amie lambert@about[1].txt (ID = 2037)
1:05 PM: Found Spy Cookie: yieldmanager cookie
1:05 PM: amie lambert@ad.yieldmanager[2].txt (ID = 3751)
1:05 PM: Found Spy Cookie: advertising cookie
1:05 PM: amie lambert@advertising[2].txt (ID = 2175)
1:05 PM: Found Spy Cookie: atlas dmt cookie
1:05 PM: amie lambert@atdmt[1].txt (ID = 2253)
1:05 PM: amie lambert@atwola[1].txt (ID = 2255)
1:05 PM: Found Spy Cookie: bizrate cookie
1:05 PM: amie lambert@bizrate[1].txt (ID = 2308)
1:05 PM: Found Spy Cookie: centrport net cookie
1:05 PM: amie lambert@centrport[1].txt (ID = 2374)
1:05 PM: Found Spy Cookie: hitslink cookie
1:05 PM: amie lambert@counter2.hitslink[1].txt (ID = 2790)
1:05 PM: Found Spy Cookie: coremetrics cookie
1:05 PM: amie lambert@data.coremetrics[1].txt (ID = 2472)
1:05 PM: amie lambert@edfinancial.122.2o7[1].txt (ID = 1958)
1:05 PM: Found Spy Cookie: ru4 cookie
1:05 PM: amie lambert@edge.ru4[1].txt (ID = 3269)
1:05 PM: Found Spy Cookie: touchclarity cookie
1:05 PM: amie lambert@honda.touchclarity[1].txt (ID = 3566)
1:05 PM: Found Spy Cookie: domainsponsor cookie
1:05 PM: amie lambert@landing.domainsponsor[1].txt (ID = 2535)
1:05 PM: Found Spy Cookie: malwarewipe cookie
1:05 PM: amie lambert@malwarewipe[1].txt (ID = 6467)
1:05 PM: Found Spy Cookie: nextag cookie
1:05 PM: amie lambert@nextag[2].txt (ID = 5014)
1:05 PM: Found Spy Cookie: overture cookie
1:05 PM: amie lambert@overture[2].txt (ID = 3105)
1:05 PM: Found Spy Cookie: qsrch cookie
1:05 PM: amie lambert@qsrch[1].txt (ID = 3215)
1:05 PM: Found Spy Cookie: questionmarket cookie
1:05 PM: amie lambert@questionmarket[1].txt (ID = 3217)
1:05 PM: amie lambert@realmedia[2].txt (ID = 3235)
1:05 PM: Found Spy Cookie: statcounter cookie
1:05 PM: amie lambert@statcounter[1].txt (ID = 3447)
1:05 PM: Found Spy Cookie: webtrendslive cookie
1:05 PM: amie lambert@statse.webtrendslive[2].txt (ID = 3667)
1:05 PM: amie lambert@test.coremetrics[1].txt (ID = 2472)
1:05 PM: Found Spy Cookie: trafficmp cookie
1:05 PM: amie lambert@trafficmp[1].txt (ID = 3581)
1:05 PM: amie lambert@webclipart.about[1].txt (ID = 2038)
1:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
1:05 PM: Starting File Sweep
1:05 PM: Found Adware: internetoptimizer
1:05 PM: c:\windows\stwsi (ID = -2147480829)
1:05 PM: Found Adware: winhound
1:05 PM: c:\documents and settings\amie lambert\application data\winhound.com (11 subtraces) (ID = -2147462035)
1:05 PM: Found Adware: spyware quake
1:05 PM: c:\program files\spywarequake.com (3 subtraces) (ID = -2147450807)
1:06 PM: c:\documents and settings\amie lambert\start menu\programs\spywarequake.com (3 subtraces) (ID = -2147450457)
1:06 PM: c:\windows\system32\cache32_zippy (1 subtraces) (ID = -2147479977)
1:09 PM: Found Trojan Horse: trojan-downloader-aux
1:09 PM: win589.tmp.exe (ID = 301189)
1:10 PM: spyware-quake.exe (ID = 305008)
1:15 PM: sskknwrd.dll (ID = 77733)
1:17 PM: pnpsvc.inf (ID = 56731)
1:19 PM: Found Adware: wildmedia
1:19 PM: update_1.exe (ID = 88868)
1:24 PM: update.exe (ID = 88736)
1:28 PM: srvhdl[1].exe (ID = 301189)
1:29 PM: l[1].exe (ID = 291885)
1:30 PM: inetkw.exe (ID = 53792)
1:31 PM: msedah.dll (ID = 52973)
1:33 PM: Found Adware: directrevenue-abetterinternet
1:33 PM: bi.inf (ID = 83178)
1:35 PM: spywarequake.com 2.1.lnk (ID = 288511)
1:35 PM: spywarequake.com.lnk (ID = 288512)
1:35 PM: spywarequake.com 2.1.lnk (ID = 288511)
1:35 PM: spywarequake.com 2.1.lnk (ID = 288511)
1:35 PM: uninstall spywarequake.com 2.1.lnk (ID = 288513)
1:36 PM: Found Adware: keenvalue/perfectnav
1:36 PM: remove.exe (ID = 64959)
1:48 PM: Found Adware: coolwebsearch (cws)
1:48 PM: winres.dll (ID = 282896)
1:49 PM: Found Adware: tvmedia
1:49 PM: tvmupdater.exe (ID = 81767)
1:49 PM: Found Adware: xpehbam dialer
1:49 PM: seksdialer.exe (ID = 90847)
1:50 PM: Found Adware: exact cashback/bargain buddy
1:50 PM: setup.inf (ID = 50868)
1:50 PM: biini.inf (ID = 83199)
1:50 PM: Warning: Unhandled Archive Type
1:50 PM: Warning: Invalid Stream
1:51 PM: spywarequake.com 2.1.lnk (ID = 305008)
1:51 PM: spywarequake.com.lnk (ID = 305008)
1:51 PM: spywarequake.com 2.1.lnk (ID = 305008)
1:51 PM: spywarequake.com 2.1.lnk (ID = 305008)
1:51 PM: File Sweep Complete, Elapsed Time: 00:45:41
1:51 PM: Full Sweep has completed. Elapsed time 00:55:01
1:51 PM: Traces Found: 2681
1:52 PM: Removal process initiated
1:52 PM: Quarantining All Traces: 180search assistant/zango
1:52 PM: Quarantining All Traces: cws-aboutblank
1:52 PM: Quarantining All Traces: directrevenue-abetterinternet
1:52 PM: Quarantining All Traces: lopdotcom
1:52 PM: Quarantining All Traces: popuper
1:52 PM: Quarantining All Traces: psguard\winhound fakealert
1:52 PM: Quarantining All Traces: security2k hijacker
1:52 PM: security2k hijacker is in use. It will be removed on reboot.
1:52 PM: HKLM: software\microsoft\windows\currentversion\explorer\browser helper objecta\ is in use. It will be removed on reboot.
1:52 PM: Quarantining All Traces: trojan-downloader-zlob
1:52 PM: trojan-downloader-zlob is in use. It will be removed on reboot.
1:52 PM: atmclk.exe is in use. It will be removed on reboot.
1:52 PM: Quarantining All Traces: virtumonde
1:52 PM: virtumonde is in use. It will be removed on reboot.
1:52 PM: pmnnk.dll is in use. It will be removed on reboot.
1:52 PM: C:\WINDOWS\SYSTEM32\pmnnk.dll is in use. It will be removed on reboot.
1:52 PM: Quarantining All Traces: wildmedia
1:52 PM: Quarantining All Traces: blazefind
1:52 PM: Quarantining All Traces: coolwebsearch (cws)
1:52 PM: Quarantining All Traces: cws_pnpsvc
1:52 PM: Quarantining All Traces: internetoptimizer
1:52 PM: Quarantining All Traces: sidesearch
1:52 PM: Quarantining All Traces: spyware soft stop fakealert
1:52 PM: Quarantining All Traces: surfsidekick
1:52 PM: Quarantining All Traces: trojan agent winlogonhook
1:52 PM: Quarantining All Traces: trojan-downloader-aux
1:52 PM: Quarantining All Traces: 2020search hijack
1:52 PM: Quarantining All Traces: clientman
1:52 PM: Quarantining All Traces: commonname
1:52 PM: Quarantining All Traces: cws_yun
1:52 PM: Quarantining All Traces: exact cashback/bargain buddy
1:52 PM: Quarantining All Traces: find4u hijack
1:52 PM: Quarantining All Traces: keenvalue/perfectnav
1:52 PM: Quarantining All Traces: prosearch.com hijack
1:52 PM: Quarantining All Traces: prosearching hijack
1:52 PM: Quarantining All Traces: spyware quake
1:53 PM: spyware quake is in use. It will be removed on reboot.
1:53 PM: spywarequake.com 2.1.lnk is in use. It will be removed on reboot.
1:53 PM: spywarequake.com.lnk is in use. It will be removed on reboot.
1:53 PM: spywarequake.com 2.1.lnk is in use. It will be removed on reboot.
1:53 PM: Quarantining All Traces: tvmedia
1:53 PM: Quarantining All Traces: winhound
1:53 PM: Quarantining All Traces: xpehbam dialer
1:53 PM: Quarantining All Traces: zippy-lookup
1:53 PM: Quarantining All Traces: 2o7.net cookie
1:53 PM: Quarantining All Traces: about cookie
1:53 PM: Quarantining All Traces: adknowledge cookie
1:53 PM: Quarantining All Traces: adrevolver cookie
1:53 PM: Quarantining All Traces: adserver cookie
1:53 PM: Quarantining All Traces: advertising cookie
1:53 PM: Quarantining All Traces: atlas dmt cookie
1:53 PM: Quarantining All Traces: atwola cookie
1:53 PM: Quarantining All Traces: banner cookie
1:53 PM: Quarantining All Traces: belnk cookie
1:53 PM: Quarantining All Traces: bizrate cookie
1:53 PM: Quarantining All Traces: cassava cookie
1:53 PM: Quarantining All Traces: centrport net cookie
1:53 PM: Quarantining All Traces: coremetrics cookie
1:53 PM: Quarantining All Traces: domainsponsor cookie
1:53 PM: Quarantining All Traces: hitslink cookie
1:53 PM: Quarantining All Traces: malwarewipe cookie
1:53 PM: Quarantining All Traces: nextag cookie
1:53 PM: Quarantining All Traces: overture cookie
1:53 PM: Quarantining All Traces: pesttrap cookie
1:53 PM: Quarantining All Traces: qsrch cookie
1:53 PM: Quarantining All Traces: questionmarket cookie
1:53 PM: Quarantining All Traces: realmedia cookie
1:53 PM: Quarantining All Traces: ru4 cookie
1:53 PM: Quarantining All Traces: statcounter cookie
1:53 PM: Quarantining All Traces: touchclarity cookie
1:53 PM: Quarantining All Traces: trafficmp cookie
1:53 PM: Quarantining All Traces: webtrendslive cookie
1:53 PM: Quarantining All Traces: yieldmanager cookie
1:56 PM: Removal process completed. Elapsed time 00:04:31
********
12:54 PM: | Start of Session, Saturday, June 10, 2006 |
12:54 PM: Spy Sweeper started
12:55 PM: Your spyware definitions have been updated.
12:56 PM: | End of Session, Saturday, June 10, 2006 |
Logfile of HijackThis v1.99.1
Scan saved at 2:11:00 PM, on 6/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1129840306\ee\AOLSoftware.exe
C:\WINDOWS\System32\beb14f6c.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Burl Lambert.D691W241\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {295BA105-3506-4D25-B0DD-54346320BDC5} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\System32\hp100.tmp
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129840306\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [beb14f6c.exe] C:\WINDOWS\System32\beb14f6c.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [beb14f6c.exe] C:\Documents and Settings\Burl Lambert.D691W241\Local Settings\Application Data\beb14f6c.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
https://components.v...ner/ext360.html
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) -
http://musicstore.co...ALStreaming.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1131328379515
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\lsass.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pmnnk - C:\WINDOWS\System32\pmnnk.dll (file missing)
O20 - Winlogon Notify: winbjv32 - winbjv32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec Client Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE
O23 - Service: Symantec Client Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Client Firewall Proxy Service (SymPxSvc) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
