0

I did as said in other "spyfalcon help" thread by following the link and doing everything said on that link. SpyFalcon is uninstalled and has since stopped making the "taskbar popups". However after doing a scan with ad-aware it still found a regkey of spyfalcon (wich i deleted). Here is the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:34:21 PM, on 3/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1137124763\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1137124763\ee\AOLServiceHost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\AOL\1137124763\ee\AOLServiceHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Christopher\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137124763\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [WinRoll] -
O4 - HKCU\..\Run: [Yz Shadow] -
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk144DHUS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m1v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I done know what all this means (in not all that tech savy, but then again I'm not stupid). I would like to thank the guy who gave me the link however and also the guy who made the info on the link. Is there anything else I should do?

2
Contributors
4
Replies
5
Views
11 Years
Discussion Span
Last Post by RavenOne
0

Hey, welcome to Daniweb. Heh ya, ya got several more infections on your computer, but all can be fixed. Begin by installing Ewido, SpySweeper, and Ewido (links are located below in my signature). Update definitions for these, but DO NOT run yet. After doing this, go into Add/Remove programs, and uninstall WeatherBug if its in there. Then, run HJT, close all other windows, and fix the following:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - <default> - (no file)
O4 - HKCU\..\Run: [WinRoll] -
O4 - HKCU\..\Run: [Yz Shadow] -
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxmk144DHUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...tup1.0.0.15.cab

After running HJT, reboot into safe mode. While in safe mode, run SpySweeper, Ewido, and CCleaner, saving both the SpySweeper and Ewido logs.

After the scans, reboot back into normal mode. Run HJT again, and post a log back here, along with the Ewido and Spysweeper logs.

Thanks.

0
"Spy Sweeper Session Log"
********
3:08 PM: |       Start of Session, Saturday, March 11, 2006       |
3:08 PM: Spy Sweeper started
3:08 PM: Sweep initiated using definitions version 630
3:08 PM: Starting Memory Sweep
3:09 PM: Memory Sweep Complete, Elapsed Time: 00:01:14
3:09 PM: Starting Registry Sweep
3:09 PM:   Found Adware: screensavers
3:09 PM:   HKLM\software\screensavers.com\  (11 subtraces) (ID = 140569)
3:10 PM:   Found Adware: accoona toolbar
3:10 PM:   HKCR\abar.abarband\  (5 subtraces) (ID = 520479)
3:10 PM:   HKCR\asearchassist.adefaultsearch\  (5 subtraces) (ID = 520489)
3:10 PM:   HKCR\clsid\{364b6276-c6c1-40b6-a6d7-6c48871fd707}\  (10 subtraces) (ID = 520499)
3:10 PM:   HKCR\clsid\{944864a5-3916-46e2-96a9-a2e84f3f1208}\  (11 subtraces) (ID = 520510)
3:10 PM:   HKCR\typelib\{21f022c8-c045-4555-8a90-651e6a3dc6c6}\  (9 subtraces) (ID = 520528)
3:10 PM:   HKCR\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}\  (9 subtraces) (ID = 520538)
3:10 PM:   HKLM\software\accoona\  (97 subtraces) (ID = 520615)
3:10 PM:   HKLM\software\classes\abar.abarband\  (5 subtraces) (ID = 520739)
3:10 PM:   HKLM\software\classes\asearchassist.adefaultsearch\  (5 subtraces) (ID = 520749)
3:10 PM:   HKLM\software\classes\asearchassist.adefaultsearch.1\  (3 subtraces) (ID = 520755)
3:10 PM:   HKLM\software\classes\clsid\{364b6276-c6c1-40b6-a6d7-6c48871fd707}\  (10 subtraces) (ID = 520759)
3:10 PM:   HKCR\abar.abarband.1\  (3 subtraces) (ID = 954980)
3:10 PM:   HKCR\asearchassist.adefaultsearch.1\  (3 subtraces) (ID = 954985)
3:10 PM:   HKCR\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\  (4 subtraces) (ID = 954998)
3:10 PM:   HKLM\software\classes\clsid\{944864a5-3916-46e2-96a9-a2e84f3f1208}\  (11 subtraces) (ID = 955049)
3:10 PM:   HKLM\software\classes\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\  (4 subtraces) (ID = 955055)
3:10 PM:   HKLM\software\classes\typelib\{21f022c8-c045-4555-8a90-651e6a3dc6c6}\  (9 subtraces) (ID = 955497)
3:10 PM:   HKLM\software\classes\typelib\{ea3956d2-ec38-41ab-b601-47aa281e4952}\  (9 subtraces) (ID = 955503)
3:10 PM:   Found Adware: cnsmin
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1010\software\3721\  (94 subtraces) (ID = 106182)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
3:10 PM:   HKU\S-1-5-21-3991436212-558522827-3833581854-1006\software\microsoft\internet explorer\urlsearchhooks\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ (ID = 955003)
3:10 PM:   HKU\S-1-5-21-3991436212-558522827-3833581854-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\3721\  (85 subtraces) (ID = 106182)
3:10 PM:   Found Adware: dealbar toolbar
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\activshopper\  (11 subtraces) (ID = 726282)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {3d782bb3-f2a5-11d3-bf4c-000000000000} (ID = 826103)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\microsoft\internet explorer\urlsearchhooks\{944864a5-3916-46e2-96a9-a2e84f3f1208}\  (1 subtraces) (ID = 955003)
3:10 PM:   Found Adware: accona toolbar accoona.com hijack
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\microsoft\internet explorer\main\ || search page (ID = 956081)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\microsoft\internet explorer\main\ || search bar (ID = 956082)
3:10 PM:   HKU\WRSS_Profile_S-1-5-21-3991436212-558522827-3833581854-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {5d73ee86-05f1-49ed-b850-e423120ec338} (ID = 1032318)
3:10 PM: Registry Sweep Complete, Elapsed Time:00:00:38
3:10 PM: Starting Cookie Sweep
3:10 PM:   Found Spy Cookie: atwola cookie
3:10 PM:   [email]brandy@atwola[1].txt[/email] (ID = 2255)
3:10 PM:   Found Spy Cookie: 2o7.net cookie
3:10 PM:   [email]brandy@msnportal.112.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   [email]babe@2o7[2].txt[/email] (ID = 1957)
3:10 PM:   Found Spy Cookie: websponsors cookie
3:10 PM:   [email]babe@a.websponsors[2].txt[/email] (ID = 3665)
3:10 PM:   Found Spy Cookie: about cookie
3:10 PM:   [email]babe@about[1].txt[/email] (ID = 2037)
3:10 PM:   Found Spy Cookie: yieldmanager cookie
3:10 PM:   [email]babe@ad.yieldmanager[1].txt[/email] (ID = 3751)
3:10 PM:   [email]babe@ad.yieldmanager[3].txt[/email] (ID = 3751)
3:10 PM:   Found Spy Cookie: adecn cookie
3:10 PM:   [email]babe@adecn[1].txt[/email] (ID = 2063)
3:10 PM:   Found Spy Cookie: adknowledge cookie
3:10 PM:   [email]babe@adknowledge[2].txt[/email] (ID = 2072)
3:10 PM:   Found Spy Cookie: specificclick.com cookie
3:10 PM:   [email]babe@adopt.specificclick[2].txt[/email] (ID = 3400)
3:10 PM:   Found Spy Cookie: ask cookie
3:10 PM:   [email]babe@ask[1].txt[/email] (ID = 2245)
3:10 PM:   Found Spy Cookie: atlas dmt cookie
3:10 PM:   [email]babe@atdmt[2].txt[/email] (ID = 2253)
3:10 PM:   Found Spy Cookie: belnk cookie
3:10 PM:   [email]babe@ath.belnk[2].txt[/email] (ID = 2293)
3:10 PM:   [email]babe@atwola[1].txt[/email] (ID = 2255)
3:10 PM:   Found Spy Cookie: a cookie
3:10 PM:   [email]babe@a[1].txt[/email] (ID = 2027)
3:10 PM:   [email]babe@belnk[1].txt[/email] (ID = 2292)
3:10 PM:   Found Spy Cookie: burstnet cookie
3:10 PM:   [email]babe@burstnet[1].txt[/email] (ID = 2336)
3:10 PM:   Found Spy Cookie: casalemedia cookie
3:10 PM:   [email]babe@casalemedia[1].txt[/email] (ID = 2354)
3:10 PM:   [email]babe@chicagosuntimes.122.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   Found Spy Cookie: classmates cookie
3:10 PM:   [email]babe@classmates[2].txt[/email] (ID = 2384)
3:10 PM:   Found Spy Cookie: overture cookie
3:10 PM:   [email]babe@data3.perf.overture[1].txt[/email] (ID = 3106)
3:10 PM:   [email]babe@data4.perf.overture[2].txt[/email] (ID = 3106)
3:10 PM:   [email]babe@dist.belnk[1].txt[/email] (ID = 2293)
3:10 PM:   Found Spy Cookie: ru4 cookie
3:10 PM:   [email]babe@edge.ru4[1].txt[/email] (ID = 3269)
3:10 PM:   Found Spy Cookie: exitexchange cookie
3:10 PM:   [email]babe@exitexchange[1].txt[/email] (ID = 2633)
3:10 PM:   Found Spy Cookie: hypertracker.com cookie
3:10 PM:   [email]babe@hypertracker[1].txt[/email] (ID = 2817)
3:10 PM:   Found Spy Cookie: mediaplex cookie
3:10 PM:   [email]babe@mediaplex[1].txt[/email] (ID = 6442)
3:10 PM:   [email]babe@msnportal.112.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   Found Spy Cookie: offeroptimizer cookie
3:10 PM:   [email]babe@offeroptimizer[1].txt[/email] (ID = 3087)
3:10 PM:   [email]babe@partygaming.122.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   Found Spy Cookie: questionmarket cookie
3:10 PM:   [email]babe@questionmarket[1].txt[/email] (ID = 3217)
3:10 PM:   Found Spy Cookie: rn11 cookie
3:10 PM:   [email]babe@rn11[2].txt[/email] (ID = 3261)
3:10 PM:   Found Spy Cookie: dealtime cookie
3:10 PM:   [email]babe@stat.dealtime[2].txt[/email] (ID = 2506)
3:10 PM:   Found Spy Cookie: tacoda cookie
3:10 PM:   [email]babe@tacoda[1].txt[/email] (ID = 6444)
3:10 PM:   Found Spy Cookie: webpower cookie
3:10 PM:   [email]babe@webpower[1].txt[/email] (ID = 3660)
3:10 PM:   Found Spy Cookie: burstbeacon cookie
3:10 PM:   [email]babe@www.burstbeacon[1].txt[/email] (ID = 2335)
3:10 PM:   Found Spy Cookie: mytemplatestorage cookie
3:10 PM:   [email]babe@www.mytemplatestorage[1].txt[/email] (ID = 3050)
3:10 PM:   [email]babe@yieldmanager[2].txt[/email] (ID = 3749)
3:10 PM:   Found Spy Cookie: 123count cookie
3:10 PM:   [email]christopher@123count[1].txt[/email] (ID = 1927)
3:10 PM:   [email]christopher@2o7[2].txt[/email] (ID = 1957)
3:10 PM:   Found Spy Cookie: 64.62.232 cookie
3:10 PM:   [email]christopher@64.62.232[2].txt[/email] (ID = 1987)
3:10 PM:   Found Spy Cookie: 91338698 cookie
3:10 PM:   [email]christopher@91338698[2].txt[/email] (ID = 2025)
3:10 PM:   [email]christopher@a.websponsors[2].txt[/email] (ID = 3665)
3:10 PM:   [email]christopher@about[2].txt[/email] (ID = 2037)
3:10 PM:   Found Spy Cookie: 4u.pl cookie
3:10 PM:   [email]christopher@ad.stat.4u[2].txt[/email] (ID = 1978)
3:10 PM:   [email]christopher@ad.yieldmanager[1].txt[/email] (ID = 3751)
3:10 PM:   [email]christopher@adecn[1].txt[/email] (ID = 2063)
3:10 PM:   [email]christopher@adknowledge[2].txt[/email] (ID = 2072)
3:10 PM:   Found Spy Cookie: adlegend cookie
3:10 PM:   [email]christopher@adlegend[1].txt[/email] (ID = 2074)
3:10 PM:   [email]christopher@adopt.specificclick[2].txt[/email] (ID = 3400)
3:10 PM:   Found Spy Cookie: adrevolver cookie
3:10 PM:   [email]christopher@adrevolver[2].txt[/email] (ID = 2088)
3:10 PM:   [email]christopher@adrevolver[3].txt[/email] (ID = 2088)
3:10 PM:   Found Spy Cookie: cc214142 cookie
3:10 PM:   [email]christopher@ads.cc214142[1].txt[/email] (ID = 2367)
3:10 PM:   Found Spy Cookie: advertising cookie
3:10 PM:   [email]christopher@advertising[2].txt[/email] (ID = 2175)
3:10 PM:   [email]christopher@anat.tacoda[1].txt[/email] (ID = 6445)
3:10 PM:   Found Spy Cookie: falkag cookie
3:10 PM:   [email]christopher@as-us.falkag[1].txt[/email] (ID = 2650)
3:10 PM:   [email]christopher@ask[1].txt[/email] (ID = 2245)
3:10 PM:   [email]christopher@atdmt[2].txt[/email] (ID = 2253)
3:10 PM:   [email]christopher@atwola[1].txt[/email] (ID = 2255)
3:10 PM:   Found Spy Cookie: bannerspace cookie
3:10 PM:   [email]christopher@bannerspace[1].txt[/email] (ID = 2284)
3:10 PM:   Found Spy Cookie: banners cookie
3:10 PM:   [email]christopher@banners[1].txt[/email] (ID = 2282)
3:10 PM:   [email]christopher@belnk[1].txt[/email] (ID = 2292)
3:10 PM:   [email]christopher@burstnet[1].txt[/email] (ID = 2336)
3:10 PM:   [email]christopher@casalemedia[1].txt[/email] (ID = 2354)
3:10 PM:   [email]christopher@classmates[1].txt[/email] (ID = 2384)
3:10 PM:   Found Spy Cookie: clickzs cookie
3:10 PM:   [email]christopher@cz11.clickzs[1].txt[/email] (ID = 2413)
3:10 PM:   [email]christopher@cz7.clickzs[2].txt[/email] (ID = 2413)
3:10 PM:   [email]christopher@data1.perf.overture[1].txt[/email] (ID = 3106)
3:10 PM:   [email]christopher@data3.perf.overture[1].txt[/email] (ID = 3106)
3:10 PM:   Found Spy Cookie: wtlive.com cookie
3:10 PM:   [email]christopher@dcstest.wtlive[1].txt[/email] (ID = 3700)
3:10 PM:   [email]christopher@dist.belnk[2].txt[/email] (ID = 2293)
3:10 PM:   [email]christopher@edge.ru4[2].txt[/email] (ID = 3269)
3:10 PM:   [email]christopher@entrepreneur.122.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   [email]christopher@exitexchange[2].txt[/email] (ID = 2633)
3:10 PM:   Found Spy Cookie: fastclick cookie
3:10 PM:   [email]christopher@fastclick[1].txt[/email] (ID = 2651)
3:10 PM:   Found Spy Cookie: gamespy cookie
3:10 PM:   [email]christopher@gamespy[1].txt[/email] (ID = 2719)
3:10 PM:   Found Spy Cookie: maxserving cookie
3:10 PM:   [email]christopher@maxserving[2].txt[/email] (ID = 2966)
3:10 PM:   [email]christopher@mediaplex[1].txt[/email] (ID = 6442)
3:10 PM:   Found Spy Cookie: realmedia cookie
3:10 PM:   [email]christopher@realmedia[2].txt[/email] (ID = 3235)
3:10 PM:   Found Spy Cookie: adjuggler cookie
3:10 PM:   [email]christopher@rotator.adjuggler[1].txt[/email] (ID = 2071)
3:10 PM:   [email]christopher@stat.dealtime[1].txt[/email] (ID = 2506)
3:10 PM:   Found Spy Cookie: statcounter cookie
3:10 PM:   [email]christopher@statcounter[1].txt[/email] (ID = 3447)
3:10 PM:   [email]christopher@tacoda[1].txt[/email] (ID = 6444)
3:10 PM:   Found Spy Cookie: toplist cookie
3:10 PM:   [email]christopher@toplist[1].txt[/email] (ID = 3557)
3:10 PM:   Found Spy Cookie: trafficmp cookie
3:10 PM:   [email]christopher@trafficmp[1].txt[/email] (ID = 3581)
3:10 PM:   Found Spy Cookie: tribalfusion cookie
3:10 PM:   [email]christopher@tribalfusion[1].txt[/email] (ID = 3589)
3:10 PM:   [email]christopher@webpower[2].txt[/email] (ID = 3660)
3:10 PM:   [email]christopher@www.burstbeacon[2].txt[/email] (ID = 2335)
3:10 PM:   [email]christopher@www.classmates[2].txt[/email] (ID = 2385)
3:10 PM:   Found Spy Cookie: myaffiliateprogram.com cookie
3:10 PM:   [email]christopher@www.myaffiliateprogram[1].txt[/email] (ID = 3032)
3:10 PM:   Found Spy Cookie: xiti cookie
3:10 PM:   [email]christopher@xiti[1].txt[/email] (ID = 3717)
3:10 PM:   Found Spy Cookie: yadro cookie
3:10 PM:   [email]christopher@yadro[2].txt[/email] (ID = 3743)
3:10 PM:   [email]christopher@yieldmanager[2].txt[/email] (ID = 3749)
3:10 PM:   Found Spy Cookie: adserver cookie
3:10 PM:   [email]christopher@z1.adserver[1].txt[/email] (ID = 2142)
3:10 PM:   Found Spy Cookie: zedo cookie
3:10 PM:   [email]christopher@zedo[1].txt[/email] (ID = 3762)
3:10 PM:   [email]owner@ad.yieldmanager[2].txt[/email] (ID = 3751)
3:10 PM:   [email]owner@adknowledge[2].txt[/email] (ID = 2072)
3:10 PM:   Found Spy Cookie: adprofile cookie
3:10 PM:   [email]owner@adprofile[2].txt[/email] (ID = 2084)
3:10 PM:   Found Spy Cookie: askmen cookie
3:10 PM:   [email]owner@askmen[1].txt[/email] (ID = 2247)
3:10 PM:   [email]owner@ask[1].txt[/email] (ID = 2245)
3:10 PM:   [email]owner@atdmt[2].txt[/email] (ID = 2253)
3:10 PM:   Found Spy Cookie: azjmp cookie
3:10 PM:   [email]owner@azjmp[2].txt[/email] (ID = 2270)
3:10 PM:   Found Spy Cookie: bizrate cookie
3:10 PM:   [email]owner@bizrate[1].txt[/email] (ID = 2308)
3:10 PM:   [email]owner@burstnet[1].txt[/email] (ID = 2336)
3:10 PM:   Found Spy Cookie: coolsavings cookie
3:10 PM:   [email]owner@coolsavings[1].txt[/email] (ID = 2465)
3:10 PM:   [email]owner@data1.perf.overture[1].txt[/email] (ID = 3106)
3:10 PM:   [email]owner@data2.perf.overture[1].txt[/email] (ID = 3106)
3:10 PM:   [email]owner@data4.perf.overture[2].txt[/email] (ID = 3106)
3:10 PM:   Found Spy Cookie: did-it cookie
3:10 PM:   [email]owner@did-it[1].txt[/email] (ID = 2523)
3:10 PM:   Found Spy Cookie: tripod cookie
3:10 PM:   [email]owner@htmlgear.tripod[1].txt[/email] (ID = 3592)
3:10 PM:   [email]owner@mediaplex[2].txt[/email] (ID = 6442)
3:10 PM:   Found Spy Cookie: metareward.com cookie
3:10 PM:   [email]owner@metareward[2].txt[/email] (ID = 2990)
3:10 PM:   [email]owner@msnportal.112.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   [email]owner@overture[1].txt[/email] (ID = 3105)
3:10 PM:   [email]owner@pch.122.2o7[1].txt[/email] (ID = 1958)
3:10 PM:   [email]owner@realmedia[2].txt[/email] (ID = 3235)
3:10 PM:   [email]owner@rotator.adjuggler[2].txt[/email] (ID = 2071)
3:10 PM:   Found Spy Cookie: pch cookie
3:10 PM:   [email]owner@sb.pch[1].txt[/email] (ID = 3124)
3:10 PM:   [email]owner@statcounter[2].txt[/email] (ID = 3447)
3:10 PM:   [email]owner@tacoda[1].txt[/email] (ID = 6444)
3:10 PM:   [email]owner@tribalfusion[1].txt[/email] (ID = 3589)
3:10 PM:   [email]owner@www.burstbeacon[1].txt[/email] (ID = 2335)
3:10 PM:   [email]owner@z1.adserver[1].txt[/email] (ID = 2142)
3:10 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
3:10 PM: Starting File Sweep
3:10 PM:   Found Adware: winad
3:10 PM:   c:\program files\media gateway (1 subtraces) (ID = -2147477127)
3:11 PM:   asearchassist.dll (ID = 184243)
3:12 PM:   Found Adware: ps2
3:12 PM:   ps2.bat (ID = 72827)
3:12 PM:   ps2.bat (ID = 72827)
3:12 PM:   ps2.bat (ID = 72827)
3:12 PM:   ps2.bat (ID = 72827)
3:12 PM:   ps2.bat (ID = 72827)
3:12 PM:   ps2.bat (ID = 72827)
3:18 PM:   ps2.exe (ID = 72827)
3:18 PM:   ps2.bat (ID = 72827)
3:23 PM:   mediagateway.exe (ID = 161149)
3:38 PM:   Warning: Failed to open file "f:\my files\my movies\
3:43 PM: File Sweep Complete, Elapsed Time: 00:32:30
3:43 PM: Full Sweep has completed.  Elapsed time 00:34:39
3:43 PM: Traces Found: 580
3:43 PM: Removal process initiated
3:43 PM:   Quarantining All Traces: screensavers
3:43 PM:   Quarantining All Traces: accoona toolbar
3:43 PM:   Quarantining All Traces: cnsmin
3:43 PM:   Quarantining All Traces: dealbar toolbar
3:44 PM:   Quarantining All Traces: accona toolbar accoona.com hijack
3:44 PM:   Quarantining All Traces: atwola cookie
3:44 PM:   Quarantining All Traces: 2o7.net cookie
3:44 PM:   Quarantining All Traces: websponsors cookie
3:44 PM:   Quarantining All Traces: about cookie
3:44 PM:   Quarantining All Traces: yieldmanager cookie
3:44 PM:   Quarantining All Traces: adecn cookie
3:44 PM:   Quarantining All Traces: adknowledge cookie
3:44 PM:   Quarantining All Traces: specificclick.com cookie
3:44 PM:   Quarantining All Traces: ask cookie
3:44 PM:   Quarantining All Traces: atlas dmt cookie
3:44 PM:   Quarantining All Traces: belnk cookie
3:44 PM:   Quarantining All Traces: a cookie
3:44 PM:   Quarantining All Traces: burstnet cookie
3:44 PM:   Quarantining All Traces: casalemedia cookie
3:44 PM:   Quarantining All Traces: classmates cookie
3:44 PM:   Quarantining All Traces: overture cookie
3:44 PM:   Quarantining All Traces: ru4 cookie
3:44 PM:   Quarantining All Traces: exitexchange cookie
3:44 PM:   Quarantining All Traces: hypertracker.com cookie
3:44 PM:   Quarantining All Traces: mediaplex cookie
3:44 PM:   Quarantining All Traces: offeroptimizer cookie
3:44 PM:   Quarantining All Traces: questionmarket cookie
3:44 PM:   Quarantining All Traces: rn11 cookie
3:44 PM:   Quarantining All Traces: dealtime cookie
3:45 PM:   Quarantining All Traces: tacoda cookie
3:45 PM:   Quarantining All Traces: webpower cookie
3:45 PM:   Quarantining All Traces: burstbeacon cookie
3:45 PM:   Quarantining All Traces: mytemplatestorage cookie
3:45 PM:   Quarantining All Traces: 123count cookie
3:45 PM:   Quarantining All Traces: 64.62.232 cookie
3:45 PM:   Quarantining All Traces: 91338698 cookie
3:45 PM:   Quarantining All Traces: 4u.pl cookie
3:45 PM:   Quarantining All Traces: adlegend cookie
3:45 PM:   Quarantining All Traces: adrevolver cookie
3:45 PM:   Quarantining All Traces: cc214142 cookie
3:45 PM:   Quarantining All Traces: advertising cookie
3:45 PM:   Quarantining All Traces: falkag cookie
3:45 PM:   Quarantining All Traces: bannerspace cookie
3:45 PM:   Quarantining All Traces: banners cookie
3:45 PM:   Quarantining All Traces: clickzs cookie
3:45 PM:   Quarantining All Traces: wtlive.com cookie
3:45 PM:   Quarantining All Traces: fastclick cookie
3:45 PM:   Quarantining All Traces: gamespy cookie
3:45 PM:   Quarantining All Traces: maxserving cookie
3:45 PM:   Quarantining All Traces: realmedia cookie
3:45 PM:   Quarantining All Traces: adjuggler cookie
3:45 PM:   Quarantining All Traces: statcounter cookie
3:45 PM:   Quarantining All Traces: toplist cookie
3:45 PM:   Quarantining All Traces: trafficmp cookie
3:45 PM:   Quarantining All Traces: tribalfusion cookie
3:45 PM:   Quarantining All Traces: myaffiliateprogram.com cookie
3:45 PM:   Quarantining All Traces: xiti cookie
3:45 PM:   Quarantining All Traces: yadro cookie
3:45 PM:   Quarantining All Traces: adserver cookie
3:45 PM:   Quarantining All Traces: zedo cookie
3:45 PM:   Quarantining All Traces: adprofile cookie
3:45 PM:   Quarantining All Traces: askmen cookie
3:45 PM:   Quarantining All Traces: azjmp cookie
3:45 PM:   Quarantining All Traces: bizrate cookie
3:45 PM:   Quarantining All Traces: coolsavings cookie
3:45 PM:   Quarantining All Traces: did-it cookie
3:45 PM:   Quarantining All Traces: tripod cookie
3:45 PM:   Quarantining All Traces: metareward.com cookie
3:45 PM:   Quarantining All Traces: pch cookie
3:45 PM:   Quarantining All Traces: winad
3:45 PM:   Quarantining All Traces: ps2
3:45 PM: Removal process completed.  Elapsed time 00:02:30
********
4:39 AM: |       Start of Session, Saturday, March 11, 2006       |
4:39 AM: Spy Sweeper started
4:39 AM: Your spyware definitions have been updated.
4:40 AM: Updating spyware definitions
4:40 AM: Your definitions are up to date.
2:52 PM: Processing Startup Alerts
2:52 PM:   Allowed Startup entry: msnmsgr
2:52 PM:   Allowed Startup entry: AIM
2:52 PM:   Allowed Startup entry: MSMSGS
2:52 PM: Processing Startup Alerts
2:52 PM:   Removed Startup entry: Yahoo! Pager
3:08 PM: Program Version 4.5.9  (Build 709)  Using Spyware Definitions 630
3:08 PM: |       End of Session, Saturday, March 11, 2006       |


"Scan report_20060311.txt"
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------


+ Created on:           3:59:30 PM, 3/11/2006
+ Report-Checksum:      683BB841


+ Scan result:


HKU\S-1-5-21-3991436212-558522827-3833581854-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
HKU\S-1-5-21-3991436212-558522827-3833581854-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@my.adocean[2].txt -> TrackingCookie.Adocean : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned with backup
C:\Documents and Settings\Christopher\Cookies\christopher@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup


::Report End


"hijackthis"
Logfile of HijackThis v1.99.1
Scan saved at 4:05:20 PM, on 3/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Common Files\AOL\1137124763\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1137124763\ee\AOLServiceHost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Common Files\AOL\1137124763\ee\AOLServiceHost.exe
C:\Program Files\Xfire\Xfire.exe
C:\Documents and Settings\Christopher\Desktop\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137124763\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [Steam] "f:\program files\valve\steam\steam.exe" -silent
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m1v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by pritaeas: Fixed formatting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.