unknown & unremovable spyware?

Started by steph, Nov 27 2006 02:40 AM

You cannot reply to this topic

19 replies to this topic

#1 OFFLINE steph

Member

Members
10 posts

Posted 27 November 2006 - 02:40 AM

Several weeks ago something wiped out my settings on my firewall and since then I have been "exposed" to the outside world. My computer keeps wanting to connect with other IP addresses and other IP addresses want to connect to me. I am not a techie person, but I have general knowledge...but I am at a loss as to what to do about this. I am hoping someone can help me. I will post the hijack log I just ran.

Thanks for any help you can give me. :rolleyes:

Logfile of HijackThis v1.99.1
Scan saved at 9:01:35 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158103662179
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple...TSWeb/msrdp.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Back to top

#2 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 27 November 2006 - 02:54 AM

Welcome to the forum.

Run BitDefender Online Scanner

Using internet Explorer please go HERE to run BitDefender's Online scan.
Read the terms and then click I Agree
You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
Reboot your computer

Post the bit defender log and a new hijackthis log.

Back to top

#3 OFFLINE steph

Member

Members
10 posts

Posted 27 November 2006 - 04:54 AM

Sorry it took so long...I had trouble with my browser opening up the link for bitdefender and I googled it and still had trouble, so I downloaded an evaluation version of bitdefender 10.o...only to find out it was in German! I uninstalled it and googled again to find a link for the 8.o that you suggested. I will post the log and the hijackthis log.

Thanks for your help!

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Nov 26, 2006 - 23:39:12

--------------------------------------------------------------------------------

Scan Info

Scanned Files
357783

Infected Files
1

Virus Detected

Application.JS.ForcePopup.D

...................................................................

Logfile of HijackThis v1.99.1
Scan saved at 11:45:20 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158103662179
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple...TSWeb/msrdp.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Back to top

#4 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 27 November 2006 - 11:38 AM

Please post the logs from any scans you ran with superantispyware.
To find them open superantispyware and go to preferences>statistics/logs double click each entry and a text file will open. Post all of the ones listed.

Back to top

#5 OFFLINE steph

Member

Members
10 posts

Posted 28 November 2006 - 01:58 AM

Here's my superantispyware logs. They go back about a month because I knew I was having problems of some kind and I saw you had recommended that and the AVG to someone else (you seemed very helpful by the way!)

SUPERAntiSpyware Scan Log
Generated 11/27/2006 at 08:40 PM

Application Version : 3.3.1020

Core Rules Database Version : 3137
Trace Rules Database Version: 1154

Scan type : Complete Scan
Total Scan Time : 00:04:43

Memory items scanned : 485
Memory threats detected : 0
Registry items scanned : 6038
Registry threats detected : 0
File items scanned : 2126
File threats detected : 12

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.addynamix[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@www.googleadservices[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@questionmarket[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-wizardsofthecoast.hitbox[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@sales.liveperson[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@apmebf[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@mediaplex[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@edge.ru4[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.inkfrog[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.pointroll[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@fastclick[2].txt

SUPERAntiSpyware Scan Log
Generated 11/26/2006 at 05:49 PM

Application Version : 3.3.1020

Core Rules Database Version : 3135
Trace Rules Database Version: 1152

Scan type : Complete Scan
Total Scan Time : 00:04:11

Memory items scanned : 462
Memory threats detected : 0
Registry items scanned : 6034
Registry threats detected : 0
File items scanned : 2102
File threats detected : 12

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@edge.ru4[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@sales.liveperson[3].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.auctionworks[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@sales.liveperson[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.marketworks[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@sales.liveperson[4].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@apmebf[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@3.adbrite[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.inkfrog[1].txt
C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@server.iad.liveperson[1].txt
C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@server.iad.liveperson[3].txt

SUPERAntiSpyware Scan Log
Generated 11/24/2006 at 10:18 AM

Application Version : 3.3.1020

Core Rules Database Version : 3135
Trace Rules Database Version: 1152

Scan type : Complete Scan
Total Scan Time : 00:04:29

Memory items scanned : 534
Memory threats detected : 0
Registry items scanned : 6034
Registry threats detected : 0
File items scanned : 2100
File threats detected : 8

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@clickbank[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@www.googleadservices[3].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@revsci[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@questionmarket[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@mediaplex[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@www.googleadservices[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@www.googleadservices[1].txt

SUPERAntiSpyware Scan Log
Generated 11/23/2006 at 11:08 PM

Application Version : 3.3.1020

Core Rules Database Version : 3135
Trace Rules Database Version: 1152

Scan type : Complete Scan
Total Scan Time : 00:04:06

Memory items scanned : 420
Memory threats detected : 0
Registry items scanned : 6034
Registry threats detected : 0
File items scanned : 2100
File threats detected : 25

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@stat.dealtime[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@serving-sys[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.auctionworks[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@perf.overture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjnywld5kfp.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@dealtime[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@revsci[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@questionmarket[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-wizardsofthecoast.hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@data1.perf.overture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@realmedia[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@apmebf[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@mediaplex[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@roiservice[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@bluestreak[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@www4.addfreestats[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjnyshdjmgq.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@tradedoubler[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@overture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.inkfrog[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-bestbuy.hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.pointroll[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@fastclick[2].txt

SUPERAntiSpyware Scan Log
Generated 11/20/2006 at 06:21 PM

Application Version : 3.3.1020

Core Rules Database Version : 3133
Trace Rules Database Version: 1151

Scan type : Quick Scan
Total Scan Time : 00:02:41

Memory items scanned : 477
Memory threats detected : 0
Registry items scanned : 878
Registry threats detected : 0
File items scanned : 1966
File threats detected : 36

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@imrworldwide[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-hollywoodmedia.hitbox[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wfliolcpmep.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@serving-sys[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@counter.auctionworks[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjkoondpcho.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjny-1mczeg.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@tacoda[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wfl4oiazocq.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@questionmarket[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-wizardsofthecoast.hitbox[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@realmedia[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@247realmedia[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@hitbox[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@apmebf[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@mediaplex[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@itxt.vibrantmedia[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@edge.ru4[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjmisgdzckp.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-vcommercecorporation.hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@bluestreak[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@adopt.euroclick[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.monster[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjnywld5kfp.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjlywlazoeq.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjnyohazifp.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@overture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-bestbuy.hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@precisionclick[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.pointroll[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjmyuhdpgap.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wgl4epajcap.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjnygodzgap.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@adserver.theonering[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wfkokic5ohq.stats.esomniture[2].txt

SUPERAntiSpyware Scan Log
Generated 11/16/2006 at 07:59 PM

Application Version : 3.3.1020

Core Rules Database Version : 3131
Trace Rules Database Version: 1149

Scan type : Complete Scan
Total Scan Time : 00:23:10

Memory items scanned : 520
Memory threats detected : 0
Registry items scanned : 6034
Registry threats detected : 0
File items scanned : 37392
File threats detected : 35

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@pt.crossmediaservices[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@xiti[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@imrworldwide[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjlyaid5iaq.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@serving-sys[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.addynamix[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@bs.serving-sys[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjkoondpcho.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjny-1scpil.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie frost@serviceswitching[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjny-1kcjsc.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@revsci[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@www.ppctracking[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjlysjajekq.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@questionmarket[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-wizardsofthecoast.hitbox[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjkocmczgko.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@realmedia[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@tribalfusion[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjny-1jdzwg.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@apmebf[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@edge.ru4[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@atwola[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wgmycmc5akp.stats.esomniture[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-gamespot.hitbox[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-gamedaily.hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjliakazikp.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@precisionclick[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ads.pointroll[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wfkigmcjcfp.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjlywlazoeq.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjl4oidpabp.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6whkykgc5ggq.stats.esomniture[2].txt

SUPERAntiSpyware Scan Log
Generated 11/12/2006 at 11:59 PM

Application Version : 3.3.1020

Core Rules Database Version : 3127
Trace Rules Database Version: 1146

Scan type : Complete Scan
Total Scan Time : 00:22:26

Memory items scanned : 435
Memory threats detected : 0
Registry items scanned : 6035
Registry threats detected : 0
File items scanned : 38376
File threats detected : 8

Adware.Tracking Cookie
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjliomdjoap.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@questionmarket[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@ehg-wizardsofthecoast.hitbox[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@realmedia[1].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wjnycocjkeq.stats.esomniture[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@nextag[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@precisionclick[2].txt
c:\documents and settings\stephanie frost\cookies\stephanie_frost@e-2dj6wgl4epajcap.stats.esomniture[2].txt

SUPERAntiSpyware Scan Log
Generated 11/12/2006 at 07:20 PM

Application Version : 3.3.1020

Core Rules Database Version : 3127
Trace Rules Database Version: 1146

Scan type : Quick Scan
Total Scan Time : 00:08:45

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 880
Registry threats detected : 0
File items scanned : 19216
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hotlog[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@spylog[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adtech[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.pointroll[2].txt

SUPERAntiSpyware Scan Log
Generated 11/12/2006 at 03:27 PM

Application Version : 3.3.1020

Core Rules Database Version : 3127
Trace Rules Database Version: 1146

Scan type : Complete Scan
Total Scan Time : 00:21:51

Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 6026
Registry threats detected : 0
File items scanned : 37402
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mb[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@S146260[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adbrite[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@belnk[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dist.belnk[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@1072531080[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[1].txt

SUPERAntiSpyware Scan Log
Generated 11/09/2006 at 09:17 PM

Application Version : 3.3.1020

Core Rules Database Version : 3126
Trace Rules Database Version: 1146

Scan type : Quick Scan
Total Scan Time : 00:08:50

Memory items scanned : 517
Memory threats detected : 0
Registry items scanned : 876
Registry threats detected : 0
File items scanned : 18860
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.addynamix[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@38262[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-wizardsofthecoast.hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@kanoodle[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@belnk[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hitbox[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@38298[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dist.belnk[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.pointroll[2].txt

SUPERAntiSpyware Scan Log
Generated 11/07/2006 at 07:09 PM

Application Version : 3.3.1020

Core Rules Database Version : 3123
Trace Rules Database Version: 1143

Scan type : Quick Scan
Total Scan Time : 00:08:52

Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 876
Registry threats detected : 0
File items scanned : 18836
File threats detected : 45

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@statse.webtrendslive[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfkiqjdzgbp.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-vcommercecorporation.hitbox[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfk4ajcpido.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.realtechnetwork[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wglicmdjiep.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adinterax[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.addynamix[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@stat.onestat[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjmiaod5ikq.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bs.serving-sys[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adserver[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1kcjsc.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@revsci[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjnysidjmkp.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@questionmarket[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adopt.specificclick[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@nextag[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfkywhdjado.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-wizardsofthecoast.hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wflosmazeep.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@belnk[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@apmebf[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wgmiqnazgho.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.pointroll[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@atwola[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjkycoczkgo.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjnysjcjcfq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wgmycmc5akp.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjkokkdzseo.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjnyqlczefq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wgk4qoczgdo.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjkyahd5ihp.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dist.belnk[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjnyckdzigp.stats.esomniture[2].txt

SUPERAntiSpyware Scan Log
Generated 11/04/2006 at 11:46 PM

Application Version : 3.3.1020

Core Rules Database Version : 3120
Trace Rules Database Version: 1142

Scan type : Quick Scan
Total Scan Time : 00:08:33

Memory items scanned : 458
Memory threats detected : 0
Registry items scanned : 876
Registry threats detected : 0
File items scanned : 18810
File threats detected : 40

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@anat.tacoda[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@edge.ru4[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@perf.overture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@counter.auctionworks[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjnyshdjmgq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adbrite[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjkoondpcho.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@LPearthlink2[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfkywpdjogp.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfmicldzebq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wgkiejczacq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tacoda[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www.burstbeacon[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@v7.stats.load[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-viacom.hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@questionmarket[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@nextag[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfkywhdjado.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-wizardsofthecoast.hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@247realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@sales.liveperson[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@apmebf[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wgmiqnazgho.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfmychcjofq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1lazsg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjkykmajoeq.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjnyqlczefq.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mb[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wgk4qoczgdo.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@anad.tacoda[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www.burstnet[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjk4cgdzobo.stats.esomniture[2].txt

SUPERAntiSpyware Scan Log
Generated 10/31/2006 at 07:20 PM

Application Version : 3.3.1020

Core Rules Database Version : 3103
Trace Rules Database Version: 1129

Scan type : Quick Scan
Total Scan Time : 00:08:46

Memory items scanned : 505
Memory threats detected : 0
Registry items scanned : 876
Registry threats detected : 0
File items scanned : 18914
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@anat.tacoda[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@edge.ru4[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adopt.euroclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adbrite[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wfkikgcpegp.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tacoda[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@questionmarket[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@burstnet[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-wizardsofthecoast.hitbox[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad.yieldmanager[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@247realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@apmebf[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mb[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www.burstnet[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@anad.tacoda[1].txt

SUPERAntiSpyware Scan Log
Generated 10/30/2006 at 05:52 PM

Application Version : 3.3.1020

Core Rules Database Version : 3116
Trace Rules Database Version: 1139

Scan type : Complete Scan
Total Scan Time : 00:21:54

Memory items scanned : 474
Memory threats detected : 0
Registry items scanned : 5820
Registry threats detected : 0
File items scanned : 38178
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@edge.ru4[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@questionmarket[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@belnk[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dist.belnk[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt

SUPERAntiSpyware Scan Log
Generated 10/29/2006 at 00:03 AM

Application Version : 3.3.1020

Core Rules Database Version : 3115
Trace Rules Database Version: 1139

Scan type : Complete Scan
Total Scan Time : 00:21:16

Memory items scanned : 471
Memory threats detected : 0
Registry items scanned : 5820
Registry threats detected : 0
File items scanned : 38304
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@edge.ru4[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adinterax[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@questionmarket[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adknowledge[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tribalfusion[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\system@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@burstnet[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www.burstnet[1].txt

SUPERAntiSpyware Scan Log
Generated 10/24/2006 at 11:47 PM

Application Version : 3.3.1020

Core Rules Database Version : 3103
Trace Rules Database Version: 1129

Scan type : Complete Scan
Total Scan Time : 00:20:39

Memory items scanned : 449
Memory threats detected : 0
Registry items scanned : 5819
Registry threats detected : 0
File items scanned : 38324
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@edge.ru4[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjlikndjmho.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@icc.intellisrv[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjkoondpcho.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tacoda[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@counter.inkfrog[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt

SUPERAntiSpyware Scan Log
Generated 10/23/2006 at 09:14 PM

Core Rules Database Version : 3110
Trace Rules Database Version: 1136

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adopt.euroclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@icc.intellisrv[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@counter2.hitslink[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@as-us.falkag[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tacoda[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjlyaodzcbo.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@questionmarket[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjlocndpkkp.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-wizardsofthecoast.hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adknowledge[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tribalfusion[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjlyapazkho.stats.esomniture[2].txt

SUPERAntiSpyware Scan Log
Generated 10/16/2006 at 11:18 PM

Core Rules Database Version : 3105
Trace Rules Database Version: 1131

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adinterax[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@serving-sys[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adtech[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hg1.hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@interclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ehg-wizardsofthecoast.hitbox[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adknowledge[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad.yieldmanager[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hitbox[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt

SUPERAntiSpyware Scan Log
Generated 10/15/2006 at 06:11 PM

Core Rules Database Version : 3103
Trace Rules Database Version: 1129

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bluestreak[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@icc.intellisrv[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adknowledge[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@realmedia[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ad[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fastclick[2].txt

SUPERAntiSpyware Scan Log
Generated 10/12/2006 at 10:01 PM

Core Rules Database Version : 3103
Trace Rules Database Version: 1129

Memory threats detected : 0
Registry threats detected : 0
File threats detected : 87

Adware.Tracking Cookie
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@banner[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@optimost[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@icc.intellisrv[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adlegend[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dealtime[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@ww3.shoshkeles[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@partner2profit[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tripod[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@revsci[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@nextag[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@track.dhl-usa[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@eliteteen[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@hc2.humanclick[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@webstats4u[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@mediaplex[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@creativeby.viewpoint[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@S005-01-10-5-252677-107951[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@eboz[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@75701581[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bizrate[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[7].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@xxxcreatures[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@S146260[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@atwola[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@65793115[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@89119312[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@stats.gamestop[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@trafficstats[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www100.homeclick[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@indextools[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cnt[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dcsq2ggn710000wklriu91im8_8q7p[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@13041680[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@kanoodle[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dcsmykxq6oifwzb6c81qmglut_3q1g[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@e-2dj6wjny-1jdzwg.stats.esomniture[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[4].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@52580280[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@26196844[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@roiservice[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@stat.dealtime[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dcs431n5oe9xjy859u9elftwg_6q7q[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@clickability[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@dcsni6zdb00000wg2qtdmqirt_7m3y[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www.xxxpower[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fcstats.bcentral[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@fortunecity[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adv.webmd[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@13951[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@xxxpower[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@banners.nbcupromotes[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@www.entrepreneur[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@S150088[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@bannerspace[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@tdstats[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@1071971096[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@25963754[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@counter.auctionworks[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@1072237260[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@entrepreneur[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[3].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@S151323[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@vhost.oddcast[2].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@adserver2.teracent[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@birmingham-city-council[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@toplist[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@cgi-bin[5].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@birmingham-gov-uk[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@entrepreneur.us.intellitxt[1].txt
C:\Documents and Settings\Stephanie Frost\cookies\stephanie frost@1071868927[1].txt
C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@stats[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@apmebf[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@bannerspace[2].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@belnk[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@bizrate[2].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@dist.belnk[2].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@eboz[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@hc2.humanclick[2].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@icc.intellisrv[2].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@nextag[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@revsci[2].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@tripod[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@www.oohsexy[1].txt
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\Cookies\stephanie frost@www.shesexy[1].txt

Back to top

#6 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 28 November 2006 - 03:00 AM

Thanks for the logs. Sadly they didn't provide the info I hoped for.

No worries these next two steps will.

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

---------------------------

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Post both logs and a new hijackthis log.

Back to top

#7 OFFLINE steph

Member

Members
10 posts

Posted 28 November 2006 - 05:07 AM

Here are the scans and a new hijackthis log:
(I had to find a different source for the Kaspersky because I couldn't get the active x to install for the life of me from the link you gave me. I tried tweaking my browser settings to prompt for unsigned active x, but it didn't work until I found another site that it would work on - so I hope it is the same version of scan you were looking for) :huh:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 27, 2006 11:45:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/11/2006
Kaspersky Anti-Virus database records: 246156
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 74675
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:45:20

Infected Object Name / Virus Name / Last Action
C:\ADSClient.txt Object is locked skipped
C:\ADSServer.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ehRecvr.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\History\History.IE5\MSHist012006112720061128\index.dat Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\~DF585C.tmp Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\~DFB8B7.tmp Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Temp\~DFB8C4.tmp Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Temporary Internet Files\Content.IE5\D32P6LR1\bind[1].htm Object is locked skipped
C:\Documents and Settings\Stephanie Frost\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stephanie Frost\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stephanie Frost\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP742\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CACDC4BB-6B48-4529-A2B1-E5780939211E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7EC8446F-F832-4899-B3DD-AB070C4D555C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Media Ce.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Stephanie Frost - 06-11-27 23:54:22.93 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Stephanie Frost\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-27 to 2006-11-27 ))))))))))))))))))))))))))))))))))

2006-11-27 22:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2006-11-27 22:48 <DIR> d-------- C:\WINDOWS\LastGood
2006-11-26 22:43 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-11-26 22:18 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-11-26 21:08 <DIR> d-------- C:\WINDOWS\temp
2006-11-26 20:28 <DIR> d-------- C:\WINDOWS\pss
2006-11-23 23:30 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-18 03:01 <DIR> d-------- C:\85acace4e80d438d8eff88ef2bb9
2006-11-12 19:40 <DIR> d-------- C:\Documents and Settings\Stephanie Frost\.SunDownloadManager
2006-11-12 18:51 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-12 18:51 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-12 18:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US
2006-11-12 18:50 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-11-12 18:50 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-04 15:19 56,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ADSFilter.sys
2006-11-04 15:19 <DIR> d-------- C:\Program Files\Common Files\Command Software
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
2006-10-27 15:09 6,049,280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50,688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458,752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 180,736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 02:44 13,312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-26 23:45 -------- d-------- C:\Program Files\Hijackthis
2006-11-26 22:18 -------- d-------- C:\Program Files\Common Files
2006-11-26 16:59 -------- d-------- C:\Program Files\EarthLink TotalAccess
2006-11-12 18:53 -------- d-------- C:\Program Files\Internet Explorer
2006-11-04 15:19 -------- d---s---- C:\Documents and Settings\Stephanie Frost\Application Data\Microsoft
2006-11-04 15:19 -------- d-------- C:\Program Files\Common Files\EarthLink
2006-11-02 22:21 -------- d-------- C:\Program Files\Java
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-24 22:05 -------- d-------- C:\Program Files\SUPERAntiSpyware
2006-10-18 16:07 -------- d-------- C:\Program Files\Google
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-15 16:59 -------- d-------- C:\Program Files\DIGStream
2006-10-14 12:21 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-13 07:35 65536 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\SYSTEM32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys
2006-10-12 21:29 53248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-10-12 21:29 40960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2006-10-12 21:29 288417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-10-12 21:29 135168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-10-12 21:18 -------- d-------- C:\Program Files\Windows Media Player
2006-10-12 20:40 0 --a------ C:\WINDOWS\ORUN32.EXE
2006-10-12 20:40 -------- d-------- C:\Program Files\Smart Panel
2006-10-12 20:39 0 --a------ C:\WINDOWS\SYSTEM32\cmmgr32.exe
2006-10-12 20:33 -------- d-------- C:\Documents and Settings\Stephanie Frost\Application Data\SUPERAntiSpyware.com
2006-10-12 20:32 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-12 19:11 -------- d-------- C:\Program Files\Grisoft
2006-10-01 23:01 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"E6TaskPanel"="\"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe\" -winstart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
"IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
"CTSysVol"="C:\\Program Files\\Creative\\Sound Blaster Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"EPSON Stylus Photo RX500"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2K1.EXE /P24 \"EPSON Stylus Photo RX500\" /O6 \"USB001\" /M \"Stylus Photo RX500\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"Earthlink Protection Control Center"="C:\\Program Files\\EarthLink\\Protection Control Center\\elnk_pcc.exe /minimize"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,40,02,00,00,00,00,00,00,40,02,00,00,0f,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-27 23:55:08.42
C:\ComboFix.txt ... 06-11-27 23:55

Logfile of HijackThis v1.99.1
Scan saved at 11:58:22 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe
C:\WINDOWS\system32\AuthFw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Earthlink Protection Control Center] C:\Program Files\EarthLink\Protection Control Center\elnk_pcc.exe /minimize
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158103662179
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple...TSWeb/msrdp.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Back to top

#8 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 28 November 2006 - 05:13 AM

These logs look ok.
Are you still having problems?

Back to top

#9 OFFLINE steph

Member

Members
10 posts

Posted 29 November 2006 - 03:59 AM

I have my Earthlink Protection Control virus scan scheduled to run every night and last night it found a trojan called cool websearch search me up...I don't know where it came from, but I have run the virus scan again, rebooted and ran super antispyware and AVG and came up with nothing so I think it is gone. The browser seems to be acting normal as far as I can tell - it used to stall out on certain pages.

As for the problem of other IP addresses constantly trying to communicate with my computer and occassionally mine trying to contact some IP address...that is still a big problem. If there is nothing on my computer anymore is it a problem with my settings on my modem? :unsure:

Any help you can offer is much appreciated! :rolleyes:

Back to top

#10 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 29 November 2006 - 04:10 AM

I don't see cool web search in your log but there is a quick tool to clean it up.
Download this:
http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe

Open it up and click scan. If it finds anything let it fix it and let me know.

Back to top

#11 OFFLINE steph

Member

Members
10 posts

Posted 30 November 2006 - 02:28 AM

I ran the scan and it came up with nothing (a good sign), although the description of what that particular spyware does seemed pretty accurate as to what was happening on our machine...especially the homepage change (we kept getting messages about it being changed, but it seemed the same, so I didn't understand it), the search engine problems (I use google a lot because I am doing family research and pages were having problems loading recently, and something just didn't seem quite right), and the difficulty downloading spyware scans (I frequently had to find alternative links than those you provided).

I had to use print screen and paint to make copies of the log of the Earthlink virus scan that we use in case you wanted to take a look at it and see where it found that Search me up trojan. I copied the whole scan bit by bit. The program will let me look at the report, but it won't let me save or print it (Lame). If you start at pcc 11 you will start from the beginning of the scan. I also included a copy of the annoying messages that I keep getting. Any suggestions on what to do about those?

I think I need to come up with a stonger, more reliable virus/spyware scanner because I don't think this covers everything as well as some of the ones you had me use. Would you recommend any of those or anything else as a more permanent solution for protection? I don't want to go through this again!

You have been so helpful. I really appreciate it!

Attached Files

pcc_11.JPG 68.92K 15 downloads
pcc_10.JPG 67.67K 8 downloads
pcc_9.JPG 67.88K 10 downloads
pcc_8.JPG 57.36K 9 downloads
pcc_7.JPG 66.34K 6 downloads
pcc_6.JPG 68K 6 downloads
pcc_5.JPG 73.05K 6 downloads
pcc_4.JPG 71.57K 9 downloads
pcc_3.JPG 64.6K 7 downloads
pcc_2.JPG 71.77K 11 downloads
example_of_firewall_messages.JPG 90.02K 10 downloads

Back to top

#12 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 30 November 2006 - 02:58 AM

First off your computer is acting normally right? Not any of the problems you were having before?

I can't get much info from those screenshots but it looks like its just finding text files. Kaspersky came up clean and trust me its a lot more reliable than that earthlink suite your currently using.(but hopefully not for long!)

Also I looked up that IP address.
http://www.midcocomm.com/ Do you use this for internet access?
-------------------------------------------------------------------------------------

Get rid of that earthlink security stuff. From the amount of junk it couldn't remove it just proves its not very reliable.

Look at my list here:
http://forum.ccleane...?showtopic=7323

I suggest you choose AVG antivirus, and Comodo Firewall.
Both are free and both will keep you nice, clean and protected.

Also take a read through this link for some more info:
http://www.castlecop...tlite7736-.html

If you have any question don't hesitate to ask.

Back to top

#13 OFFLINE steph

Member

Members
10 posts

Posted 01 December 2006 - 03:58 AM

Thank you for the advice! I have begun using the Comodo and will continue using the AVG and Superantispyware. I like the Comodo - it seems very thorough. I have turned off the Earthlink pcc. My computer seems to be acting normal performance-wise.

I don't use midcocomm for my internet service - that's the kind of IP's that have been "attacking" me - telecommunications from all over the world and something called RIPE, as well as some other things. The comodo is now blocking them, but it doesn't seem right that they should be trying to reach me at least every 1-5 minutes. It's downright spooky.

Do you know anything about the Google toolbar notifyer? Is that safe to let through (going out) the firewall? Is it updating or is it letting someone know of my searches? Since I had that Search me up on my system I wonder if it was related to Google (or was pretending to be Google) so that I would trust it and let it in.

Thanks for all your time spent in helping me!

Back to top

#14 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 01 December 2006 - 04:07 AM

Google toolbar notifier is safe. I believe it just updates the google toolbar.
I would suggest though that you at least take a look at firefox:
http://www.mozilla.com/en-US/firefox/

Its a much safer browser plus its got a lot of nice features.
-spell checking
-tabs(you can have multiple windows open without having lots of windows open)
-Customizable in every way imaginable:
https://addons.mozilla.org/
-Built in google/yahoo/ect search

You could then get rid of that google toolbar.

---------

Just to be sure maybe we should run a rootkit scan. Follow these directions:

Download GMER from Here
Unzip it and start GMER.exe. Click the rootkit-tab and click scan.
Once done, click the Copy button. This will copy the results to clipboard.
You can then right click into a notepad file or straight back on here and choose Paste to post the results back.

Download Blacklight beta HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the blbeta.exe file.

Back to top

#15 OFFLINE steph

Member

Members
10 posts

Posted 03 December 2006 - 12:17 PM

I have downloaded the Firefox to give it a try. I was having problems posting yesterday and I couldn't tell if that had something to do with it or if it was a problem with the server for my broadband (too much internet traffic)? I am trying again to post now...if you see this then it was just internet traffic and nothing else.

Did not have any backlight findings. Here's the gmer log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-01 22:40:17
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

Code 85E1D480 ZwCreateSection
Code 85E1D318 ZwSetInformationFile
Code 85E1D940 ZwSetSystemInformation
Code 85E1D5B0 ZwWriteFile
Code 85E1D47F NtCreateSection
Code 85E1D317 NtSetInformationFile
Code 85E1D5AF NtWriteFile

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntkrnlpa.exe!IoGetBootDiskInformation + 66F 8057571B 7 Bytes JMP 85E1D814
PAGE ntkrnlpa.exe!NtSetInformationFile 80579DAE 7 Bytes JMP 85E1D31C
PAGE ntkrnlpa.exe!NtWriteFile 8057BC6C 7 Bytes JMP 85E1D5B4
PAGE ntkrnlpa.exe!NtCreateSection 805A9DE6 7 Bytes JMP 85E1D484
PAGE ntkrnlpa.exe!ObCloseHandle + 17 805BAEA7 7 Bytes JMP 85E1D6E4
PAGE ntkrnlpa.exe!ZwSetSystemInformation 8060DB34 5 Bytes JMP 85E1D944
PAGE Fastfat.SYS EC055948 7 Bytes JMP 85E1D1B4

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe[164] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe[164] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe[164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[212] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[212] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\EarthLink TotalAccess\TaskPanl.exe[344] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\EarthLink TotalAccess\TaskPanl.exe[344] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\EarthLink TotalAccess\TaskPanl.exe[344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[664] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Internet Explorer\iexplore.exe[664] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Internet Explorer\iexplore.exe[664] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E1F5415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E38C510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E38C491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E38C4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E38C3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E38C413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E38C54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[664] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E38C44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1472] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\EXPLORER.EXE[1512] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\EXPLORER.EXE[1512] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\EXPLORER.EXE[1512] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\EHOME\EHTRAY.EXE[1604] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\EHOME\EHTRAY.EXE[1604] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\EHOME\EHTRAY.EXE[1604] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1620] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1620] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe[1628] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe[1628] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1640] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1640] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1640] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[1648] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[1648] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1656] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1656] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\SYSTEM32\RUNDLL32.EXE[1656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1676] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1676] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe[1688] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe[1688] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1696] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1696] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[1708] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[1708] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1760] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1760] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE[1768] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE[1768] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_S4I2K1.EXE[1768] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe[1828] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe[1828] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\Program Files\Comodo\Firewall\cpf.exe[1876] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Comodo\Firewall\cpf.exe[1876] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [ 05, 5F ]
.text C:\Program Files\Comodo\Firewall\cpf.exe[1876] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Comodo\Firewall\cpf.exe[1876] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Comodo\Firewall\cpf.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[1952] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[1952] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[1952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\DOCUME~1\STEPHA~1\LOCALS~1\Temp\Temporary Directory 1 for gmer[1].zip\gmer.exe[1952] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\Program Files\Dell Support\DSAgnt.exe[2004] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Dell Support\DSAgnt.exe[2004] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\Program Files\Dell Support\DSAgnt.exe[2004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\SYSTEM32\MsPMSPSv.exe[2184] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[2224] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\DLLHOST.EXE[2580] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\SYSTEM32\ALG.EXE[2936] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]
.text C:\WINDOWS\EHOME\EHMSAS.EXE[3184] ntdll.dll!LdrUnloadDll 7C91718B 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\EHOME\EHMSAS.EXE[3184] ntdll.dll!LdrUnloadDll + 4 7C91718F 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\EHOME\EHMSAS.EXE[3184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes [ FF, 25, 1E, 00, 08, 5F ]
.text C:\WINDOWS\EHOME\EHMSAS.EXE[3184] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, 7F, E2 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL Code 85E1D1B0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL Code 85E1D1B0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B98556F9] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B98556F9] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B98556F9] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B98556F9] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [B98556F9] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN F6BE8C74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP F6BE5400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP F6BE5400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible F6BE8BCE

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Stephanie Frost\Favorites\Banking\Capital One - Credit cards, loans and savings products.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\eBay Store :favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\eBay.com Seller List joeandsteph.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Gmail - Inbox (223).url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Births and Marriages\Louisburgh, Co. Mayo assorted baptisms.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Geneology\County Mayo, Records.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Geneology\Deese Genes Have Irish Eyes.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Geneology\Durham County Library Reference Pages; Genealogy.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Geneology\Families and People\Flax Growers of Ireland, 1796 - County Mayo.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Geneology\Families and People\Gannon Family Genealogy Forum.url:favicon
ADS C:\Documents and Settings\Stephanie Frost\Favorites\Irish Geneology\Search Ireland - Free Birth, Death, and Marriage Records Online.url:favicon
ADS ...

---- EOF - GMER 1.0.12 ----

Back to top

#16 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 03 December 2006 - 09:35 PM

Well everything seems to be fine.
The connections that your firewall is blocking are a mystery though. You could try monitoring/writing down all the connections that programs on your computer connect to and see if its one of them.

You can delete these using hijackthis:

R3 - URLSearchHook: (no name) - ~4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

(run scan, then check them off, then press fixed checked)

If you just certain that something is still on your computer you could try a panda scan here:

Run Panda Activescan from Here.

Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

Other then that I think your pretty much clean and good to go.

Back to top

#17 OFFLINE steph

Member

Members
10 posts

Posted 03 December 2006 - 11:23 PM

Here's my new Hijackthis log:

And I ran the Panda scan just for the fun of it and it came up with some stuff, so here's that log as well: :unsure:

BTW, any advice on a good registry scanner?

Logfile of HijackThis v1.99.1
Scan saved at 5:45:34 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\hijackthis\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite....loadManager.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.johannrain-softwareentwicklung....can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158103662179
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple...TSWeb/msrdp.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ADSService - Copyright© Aluria Software, LLC - C:\PROGRA~1\EARTHL~3\PROTEC~1\ADSSER~1.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: EarthLink Firewall Process Path Service (ElnkFWPPService) - Aluria Software, LLC. - C:\PROGRA~1\EARTHL~3\PROTEC~1\EFWPPS~1.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.advertising.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.landing.domainsponsor.com/]
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.empnads.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.go.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.target.com/]
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Stephanie Frost\Application Data\Mozilla\Firefox\Profiles\ssxfh4zs.default\cookies.txt[.metriweb.be/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@anm.co[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@ccbill[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@ct.360i[2].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@empnads[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@go[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@landing.domainsponsor[2].txt
Spyware:Cookie/MetriWeb Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@metriweb[1].txt
Spyware:Cookie/Omniture Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@omniture[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie frost@target[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@ads.pointroll[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@bravenet[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@did-it[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@fastclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Stephanie Frost\Cookies\stephanie_frost@serving-sys[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stephanie Frost\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Stephanie Frost\Desktop\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Apmebf Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@apmebf[1].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@apmebf[1].txt]
Spyware:Cookie/Azjmp Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@azjmp[1].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@azjmp[1].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@belnk[1].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@belnk[1].txt]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@bravenet[2].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@bravenet[2].txt]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@dist.belnk[2].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@dist.belnk[2].txt]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@realmedia[1].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@realmedia[1].txt]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@realmedia[2].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@realmedia[2].txt]
Spyware:Cookie/Tickle Not disinfected C:\Program Files\Enigma Software Group\SpyHunter\Backup\stephanie frost@tickle[2].txt.dat[Documents and Settings/Stephanie Frost/Cookies/stephanie frost@tickle[2].txt]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe

Back to top

#18 OFFLINE rridgely

I hate computers

Moderators
8,858 posts

Gender:Male

Posted 03 December 2006 - 11:30 PM

Everything found by panda is ok. Its just cookies. You can clean them up with ccleaner.

I would suggest the only registry ccleaner you use is ccleaners issues scanner. Its the only one I've ever used that is completely safe.

EDIT:
I just found something you need to find and delete.

C:\WINDOWS\SYSTEM32\Process.exe

Delete that file. Other then that you should be ok.