Spy Sweeper
5:48 PM: Removal process completed. Elapsed time 00:00:11
5:48 PM: Quarantining All Traces: tacoda cookie
5:48 PM: Quarantining All Traces: adjuggler cookie
5:48 PM: Quarantining All Traces: overture cookie
5:48 PM: Quarantining All Traces: nextag cookie
5:48 PM: Quarantining All Traces: ic-live cookie
5:48 PM: Quarantining All Traces: go2net.com cookie
5:48 PM: Quarantining All Traces: freefind.com cookie
5:48 PM: Quarantining All Traces: did-it cookie
5:48 PM: Quarantining All Traces: coremetrics cookie
5:48 PM: Quarantining All Traces: about cookie
5:48 PM: Quarantining All Traces: adrevolver cookie
5:48 PM: Quarantining All Traces: specificclick.com cookie
5:48 PM: Quarantining All Traces: go.com cookie
5:47 PM: Removal process initiated
5:21 PM: Traces Found: 17
5:21 PM: Custom Sweep has completed. Elapsed time 00:26:04
5:21 PM: File Sweep Complete, Elapsed Time: 00:23:25
5:17 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
5:17 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
5:16 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\authentium\curtains150\prf\0ybip-jnwslr\{d2f5620d-8db3-427d-9356-04ab08b907cb}". The operation completed successfully
5:16 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\ln372s1y\caa08daj.htm". The operation completed successfully
5:10 PM: ApplicationMinimized - EXIT
5:10 PM: ApplicationMinimized - EXIT
5:10 PM: ApplicationMinimized - ENTER
5:10 PM: ApplicationMinimized - ENTER
4:58 PM: Starting File Sweep
4:58 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
4:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:58 PM: c:\documents and settings\owner\cookies\owner@wine.about[1].txt (ID = 2038)
4:58 PM: c:\documents and settings\owner\cookies\owner@tacoda[1].txt (ID = 6444)
4:58 PM: Found Spy Cookie: tacoda cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@southernfood.about[1].txt (ID = 2038)
4:58 PM: c:\documents and settings\owner\cookies\owner@rotator.adjuggler[1].txt (ID = 2071)
4:58 PM: Found Spy Cookie: adjuggler cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@overture[1].txt (ID = 3105)
4:58 PM: Found Spy Cookie: overture cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@nextag[1].txt (ID = 5014)
4:58 PM: Found Spy Cookie: nextag cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@ic-live[1].txt (ID = 2821)
4:58 PM: Found Spy Cookie: ic-live cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@go[2].txt (ID = 2728)
4:58 PM: c:\documents and settings\owner\cookies\owner@go2net[1].txt (ID = 2730)
4:58 PM: Found Spy Cookie: go2net.com cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@freefind[2].txt (ID = 2698)
4:58 PM: Found Spy Cookie: freefind.com cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@did-it[1].txt (ID = 2523)
4:58 PM: Found Spy Cookie: did-it cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@data.coremetrics[1].txt (ID = 2472)
4:58 PM: Found Spy Cookie: coremetrics cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@busycooks.about[1].txt (ID = 2038)
4:58 PM: c:\documents and settings\owner\cookies\owner@baking.about[1].txt (ID = 2038)
4:58 PM: Found Spy Cookie: about cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@adrevolver[1].txt (ID = 2088)
4:58 PM: Found Spy Cookie: adrevolver cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@adopt.specificclick[1].txt (ID = 3400)
4:58 PM: Found Spy Cookie: specificclick.com cookie
4:58 PM: c:\documents and settings\owner\cookies\owner@abcnews.go[2].txt (ID = 2729)
4:58 PM: Found Spy Cookie: go.com cookie
4:58 PM: Starting Cookie Sweep
4:58 PM: Registry Sweep Complete, Elapsed Time:00:00:24
4:57 PM: Starting Registry Sweep
4:57 PM: Memory Sweep Complete, Elapsed Time: 00:02:05
4:55 PM: Starting Memory Sweep
4:55 PM: Start Custom Sweep
4:55 PM: Sweep initiated using definitions version 889
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:48 PM: Shield States
4:48 PM: Spyware Definitions: 889
4:48 PM: Spy Sweeper 5.3.2.2361 started
4:48 PM: Spy Sweeper 5.3.2.2361 started
4:48 PM: | Start of Session, Sunday, April 01, 2007 |
***************
HJT
Logfile of HijackThis v1.99.1
Scan saved at 7:09:57 PM, on 4/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://qus8.hpwis.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll (file missing)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chess -
http://download2.games.yahoo.com/games/ ... /ct5_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://download.weatherbug.com/minibug/ ... porter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Still getting TIBS C and DL Searchbar in Spy Catcher