Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet Explorer problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet Explorer problem

Unread postby ajehan » November 14th, 2005, 4:04 pm

I'm running xp pro sp2 with Norton internet security 2005. The problem i have is that internet explorer redirects every url to one address (http://213.193.215.174/ssredir/gb.html). I have updated the antivirus and have ran spybot. Nothing is fixed, so i am using firefox at the moment. I was reccomended to this site from a forum on pcadvisor. The log file follows:-

Logfile of HijackThis v1.99.1
Scan saved at 19:52:01, on 14/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Block Checker\block-checker.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\system32\msqsearc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Asad\My Documents\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.vwjweschyqohzb.uk/uBippWubZZ ... WfTNc.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msqsearc] c:\windows\system32\msqsearc.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2ConnPatcher] "C:\Program Files\SP2 Connection Patcher\sp2connpatcher.exe" -n=200
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4326655093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
ajehan
Active Member
 
Posts: 3
Joined: November 14th, 2005, 3:56 pm
Advertisement
Register to Remove

Unread postby Susan528 » November 14th, 2005, 5:22 pm

Hello Ajehan and Welcome to Malware Removal,



STEP 1.
======
SpySweeper
Please download WebRoot SpySweeper.
(It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

STEP 2.
======
Download Ewido
  1. Download and install Ewido Security Suite It is a free trial version of the program.
  2. Install ewido security suite
  3. Launch ewido, there should be an icon on your desktop double-click it.
  4. The program will now go to the main screen

STEP 3.
======
Update Ewido
You will need to update ewido to the latest definition files.
  1. On the left hand side of the main screen click update
  2. Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 4.
======
Ewido Scan
Once the updates are installed do the following:
  1. Click on scanner
  2. Click on Complete System Scan and the scan will begin.
  3. NOTE: During some scans with ewido it is finding cases of false positives.**
    o You will need to step through the process of cleaning files one-by-one.
    o If ewido detects a file you KNOW to be legitimate, select none as the action.
    o DO NOT select "Perform action on all infections"
    o If you are unsure of any entry found select none for now.
  4. Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  5. Click Save report.
  6. Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")



STEP 5.
======
Hoster

Please download hoster.
  1. Unzip Hoster.zip
  2. Open Hoster.exe.
  3. Then click on "Restore Original Hosts"
  4. Close program when complete.
  5. Empty Recycle Bin


Please describe how your computer behaves at the moment.
Please post the results from SpySweeper, ewido and a new hijackthis log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby ajehan » November 15th, 2005, 7:05 pm

Thanks for the reply. I carried all the tasks in your reply and Internet Explorer is working fine at the moment. It started working after i scanned with ewido security suite.

The new hijack log is
Logfile of HijackThis v1.99.1
Scan saved at 22:59:00, on 15/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Asad\My Documents\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2ConnPatcher] "C:\Program Files\SP2 Connection Patcher\sp2connpatcher.exe" -n=200
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4326655093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

The Spysweeper logfile is

********
21:31: | Start of Session, 15 November 2005 |
21:31: Spy Sweeper started
21:31: Sweep initiated using definitions version 572
21:31: Starting Memory Sweep
21:33: Memory Sweep Complete, Elapsed Time: 00:01:37
21:33: Starting Registry Sweep
21:33: Found Adware: safesearch
21:33: HKCR\clsid\{00000000-0000-0000-0000-000000000001}\ (1 subtraces) (ID = 140320)
21:33: Found Adware: aksoft
21:33: HKLM\software\aksoft\ (34 subtraces) (ID = 639132)
21:33: Found Adware: systemprocess
21:33: HKCR\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ (4 subtraces) (ID = 860384)
21:33: HKCR\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ (2 subtraces) (ID = 860386)
21:33: HKCR\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ || threadingmodel (ID = 860388)
21:33: HKLM\software\system process\ (10 subtraces) (ID = 860391)
21:33: HKLM\software\system process\ || modid (ID = 860392)
21:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ (1 subtraces) (ID = 860393)
21:33: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ || 1 (ID = 860394)
21:33: HKLM\software\system process\ || started (ID = 860395)
21:33: HKLM\software\system process\ || installed (ID = 860396)
21:33: HKLM\software\system process\ || dllver (ID = 860397)
21:33: HKLM\software\system process\ || lastupdatetime (ID = 860398)
21:33: HKLM\software\system process\files\ (4 subtraces) (ID = 860399)
21:33: HKLM\software\system process\files\ || system.dat (ID = 860400)
21:33: HKLM\software\system process\files\ || navshext.dll (ID = 860401)
21:33: HKLM\software\system process\files\ || ustart.exe (ID = 860402)
21:33: HKLM\software\system process\files\ || p.dat (ID = 860403)
21:33: HKLM\software\classes\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ (4 subtraces) (ID = 860404)
21:33: HKLM\software\classes\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ (2 subtraces) (ID = 860406)
21:33: HKLM\software\classes\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ || threadingmodel (ID = 860408)
21:33: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
21:33: HKLM\software\aksoft\x-tractor\ (33 subtraces) (ID = 982635)
21:33: Found Adware: dluca
21:33: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\program info\ (ID = 125223)
21:33: Found Adware: qsearch
21:33: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\infosoft\qsearch\ (9 subtraces) (ID = 139168)
21:33: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\infosoft\qsearch\ || lastwnk (ID = 139169)
21:33: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\system process\ (1 subtraces) (ID = 860389)
21:33: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\system process\ || lastptime (ID = 860390)
21:33: Registry Sweep Complete, Elapsed Time:00:00:07
21:33: Starting Cookie Sweep
21:33: Found Spy Cookie: sandboxer cookie
21:33: asad@0[10].txt (ID = 3282)
21:33: asad@0[11].txt (ID = 3282)
21:33: asad@0[12].txt (ID = 3282)
21:33: asad@0[13].txt (ID = 3282)
21:33: asad@0[14].txt (ID = 3282)
21:33: asad@0[15].txt (ID = 3282)
21:33: asad@0[17].txt (ID = 3282)
21:33: asad@0[18].txt (ID = 3282)
21:33: asad@0[19].txt (ID = 3282)
21:33: asad@0[1].txt (ID = 3282)
21:33: asad@0[20].txt (ID = 3282)
21:33: asad@0[21].txt (ID = 3282)
21:33: asad@0[22].txt (ID = 3282)
21:33: asad@0[23].txt (ID = 3282)
21:33: asad@0[24].txt (ID = 3282)
21:33: asad@0[25].txt (ID = 3282)
21:33: asad@0[26].txt (ID = 3282)
21:33: asad@0[27].txt (ID = 3282)
21:33: asad@0[28].txt (ID = 3282)
21:33: asad@0[29].txt (ID = 3282)
21:33: asad@0[2].txt (ID = 3282)
21:33: asad@0[30].txt (ID = 3282)
21:33: asad@0[3].txt (ID = 3282)
21:33: asad@0[4].txt (ID = 3282)
21:33: asad@0[5].txt (ID = 3282)
21:33: asad@0[6].txt (ID = 3282)
21:33: asad@0[7].txt (ID = 3282)
21:33: asad@0[8].txt (ID = 3282)
21:33: asad@0[9].txt (ID = 3282)
21:33: Found Spy Cookie: 2o7.net cookie
21:33: asad@112.2o7[1].txt (ID = 1958)
21:33: Found Spy Cookie: dbbsrv cookie
21:33: asad@1800search.com.19522.fb.dbbsrv[1].txt (ID = 2500)
21:33: Found Spy Cookie: 216.221.138 cookie
21:33: asad@216.221.138[1].txt (ID = 1947)
21:33: Found Spy Cookie: 247realmedia cookie
21:33: asad@247realmedia[1].txt (ID = 1953)
21:33: asad@2o7[1].txt (ID = 1957)
21:33: Found Spy Cookie: 365 cookie
21:33: asad@365[1].txt (ID = 1963)
21:33: asad@365[2].txt (ID = 1963)
21:33: Found Spy Cookie: 3 cookie
21:33: asad@3[1].txt (ID = 1959)
21:33: asad@3[2].txt (ID = 1959)
21:33: asad@3[3].txt (ID = 1959)
21:33: asad@3[4].txt (ID = 1959)
21:33: asad@3[5].txt (ID = 1959)
21:33: asad@3[6].txt (ID = 1959)
21:33: asad@3[7].txt (ID = 1959)
21:33: Found Spy Cookie: 5 cookie
21:33: asad@5[1].txt (ID = 1979)
21:33: asad@5[2].txt (ID = 1979)
21:33: asad@5[3].txt (ID = 1979)
21:33: Found Spy Cookie: 64.62.232 cookie
21:33: asad@64.62.232[1].txt (ID = 1987)
21:33: asad@64.62.232[2].txt (ID = 1987)
21:33: asad@64.62.232[4].txt (ID = 1987)
21:33: asad@64.62.232[5].txt (ID = 1987)
21:33: asad@64.62.232[6].txt (ID = 1987)
21:33: Found Spy Cookie: 66.220.17 cookie
21:33: asad@66.220.17[2].txt (ID = 1991)
21:33: Found Spy Cookie: 82155961 cookie
21:33: asad@82155961[1].txt (ID = 2017)
21:33: Found Spy Cookie: 888 cookie
21:33: asad@888[1].txt (ID = 2019)
21:33: asad@888[3].txt (ID = 2019)
21:33: Found Spy Cookie: falkag cookie
21:33: asad@a.as-us.falkag[1].txt (ID = 2650)
21:33: Found Spy Cookie: websponsors cookie
21:33: asad@a.websponsors[2].txt (ID = 3665)
21:33: Found Spy Cookie: abcsearch cookie
21:33: asad@abcsearch[1].txt (ID = 2033)
21:33: Found Spy Cookie: about cookie
21:33: asad@about[2].txt (ID = 2037)
21:33: Found Spy Cookie: ad-logics cookie
21:33: asad@ad-logics[2].txt (ID = 2049)
21:33: Found Spy Cookie: yieldmanager cookie
21:33: asad@ad.yieldmanager[2].txt (ID = 3751)
21:33: Found Spy Cookie: bannerbank cookie
21:33: asad@ad10.bannerbank[1].txt (ID = 2281)
21:33: asad@ad6.bannerbank[1].txt (ID = 2281)
21:33: Found Spy Cookie: adknowledge cookie
21:33: asad@adknowledge[1].txt (ID = 2072)
21:33: Found Spy Cookie: hbmediapro cookie
21:33: asad@adopt.hbmediapro[2].txt (ID = 2768)
21:33: Found Spy Cookie: precisead cookie
21:33: asad@adopt.precisead[2].txt (ID = 3182)
21:33: Found Spy Cookie: adorigin cookie
21:33: asad@adorigin[1].txt (ID = 2082)
21:33: Found Spy Cookie: adrevolver cookie
21:33: asad@adrevolver[1].txt (ID = 2088)
21:33: asad@adrevolver[2].txt (ID = 2088)
21:33: Found Spy Cookie: addynamix cookie
21:33: asad@ads.addynamix[2].txt (ID = 2062)
21:33: Found Spy Cookie: ads.adsag cookie
21:33: asad@ads.adsag[1].txt (ID = 2108)
21:33: Found Spy Cookie: cc214142 cookie
21:33: asad@ads.cc214142[1].txt (ID = 2367)
21:33: Found Spy Cookie: pointroll cookie
21:33: asad@ads.pointroll[2].txt (ID = 3148)
21:33: Found Spy Cookie: ads.tripod.lycos.com cookie
21:33: asad@ads.tripod.lycos[1].txt (ID = 2133)
21:33: asad@ads.tripod.lycos[2].txt (ID = 2133)
21:33: Found Spy Cookie: uproar cookie
21:33: asad@ads.uproar[2].txt (ID = 3613)
21:33: Found Spy Cookie: vendaregroup cookie
21:33: asad@ads.vendaregroup[2].txt (ID = 3635)
21:33: Found Spy Cookie: 4u.pl cookie
21:33: asad@adstat.4u[2].txt (ID = 1978)
21:33: Found Spy Cookie: adtech cookie
21:33: asad@adtech[1].txt (ID = 2155)
21:33: Found Spy Cookie: adultfriendfinder cookie
21:33: asad@adultfriendfinder[1].txt (ID = 2165)
21:33: Found Spy Cookie: adultrevenueservice cookie
21:33: asad@adultrevenueservice[1].txt (ID = 2167)
21:33: Found Spy Cookie: directtrack cookie
21:33: asad@affiliatemarketing.directtrack[2].txt (ID = 2528)
21:33: Found Spy Cookie: alt cookie
21:33: asad@alt[1].txt (ID = 2217)
21:33: Found Spy Cookie: anm.co.uk cookie
21:33: asad@anm.co[2].txt (ID = 2223)
21:33: Found Spy Cookie: apmebf cookie
21:33: asad@apmebf[2].txt (ID = 2229)
21:33: asad@arthistory.about[2].txt (ID = 2038)
21:33: asad@as-eu.falkag[1].txt (ID = 2650)
21:33: asad@as-us.falkag[1].txt (ID = 2650)
21:33: asad@as1.falkag[1].txt (ID = 2650)
21:33: Found Spy Cookie: askmen cookie
21:33: asad@askmen[1].txt (ID = 2247)
21:33: Found Spy Cookie: ask cookie
21:33: asad@ask[2].txt (ID = 2245)
21:33: Found Spy Cookie: belnk cookie
21:33: asad@ath.belnk[1].txt (ID = 2293)
21:33: Found Spy Cookie: atwola cookie
21:33: asad@atwola[2].txt (ID = 2255)
21:33: Found Spy Cookie: azjmp cookie
21:33: asad@azjmp[2].txt (ID = 2270)
21:33: Found Spy Cookie: a cookie
21:33: asad@a[1].txt (ID = 2027)
21:33: Found Spy Cookie: banners cookie
21:33: asad@banners[1].txt (ID = 2282)
21:33: Found Spy Cookie: banner cookie
21:33: asad@banner[1].txt (ID = 2276)
21:33: Found Spy Cookie: adbureau cookie
21:33: asad@bbcww.adbureau[2].txt (ID = 2060)
21:33: asad@belnk[2].txt (ID = 2292)
21:33: Found Spy Cookie: bizrate cookie
21:33: asad@bizrate[1].txt (ID = 2308)
21:33: Found Spy Cookie: bluestreak cookie
21:33: asad@bluestreak[2].txt (ID = 2314)
21:33: asad@boardgames.about[2].txt (ID = 2038)
21:33: Found Spy Cookie: bravenet cookie
21:33: asad@bravenet[2].txt (ID = 2322)
21:33: Found Spy Cookie: bs.serving-sys cookie
21:33: asad@bs.serving-sys[1].txt (ID = 2330)
21:33: Found Spy Cookie: burstnet cookie
21:33: asad@burstnet[1].txt (ID = 2336)
21:33: Found Spy Cookie: enhance cookie
21:33: asad@c.enhance[2].txt (ID = 2614)
21:33: Found Spy Cookie: barelylegal cookie
21:33: asad@c.fsx[2].txt (ID = 2286)
21:33: Found Spy Cookie: goclick cookie
21:33: asad@c.goclick[2].txt (ID = 2733)
21:33: Found Spy Cookie: gostats cookie
21:33: asad@c3.gostats[2].txt (ID = 2748)
21:33: Found Spy Cookie: captaincode cookie
21:33: asad@captaincode[2].txt (ID = 2346)
21:33: Found Spy Cookie: casalemedia cookie
21:33: asad@casalemedia[1].txt (ID = 2354)
21:33: Found Spy Cookie: cassava cookie
21:33: asad@cassava[1].txt (ID = 2362)
21:33: Found Spy Cookie: cd freaks cookie
21:33: asad@cdfreaks[2].txt (ID = 2370)
21:33: Found Spy Cookie: centrport net cookie
21:33: asad@centrport[2].txt (ID = 2374)
21:33: Found Spy Cookie: gamespy cookie
21:33: asad@cheats.gamespy[2].txt (ID = 2719)
21:33: Found Spy Cookie: ugo cookie
21:33: asad@cheats.ugo[2].txt (ID = 3609)
21:33: Found Spy Cookie: clickbank cookie
21:33: asad@clickbank[1].txt (ID = 2398)
21:33: asad@clkhype.adbureau[2].txt (ID = 2060)
21:33: asad@club.cdfreaks[2].txt (ID = 2371)
21:33: Found Spy Cookie: sexsuche cookie
21:33: asad@counter.sexsuche[2].txt (ID = 3360)
21:33: asad@creview.adbureau[2].txt (ID = 2060)
21:33: Found Spy Cookie: 360i cookie
21:33: asad@ct.360i[1].txt (ID = 1962)
21:33: Found Spy Cookie: customer cookie
21:33: asad@customer[1].txt (ID = 2481)
21:33: asad@customer[2].txt (ID = 2481)
21:33: Found Spy Cookie: clickzs cookie
21:33: asad@cz3.clickzs[2].txt (ID = 2413)
21:33: asad@cz4.clickzs[2].txt (ID = 2413)
21:33: asad@cz5.clickzs[1].txt (ID = 2413)
21:33: asad@cz6.clickzs[2].txt (ID = 2413)
21:33: asad@cz7.clickzs[2].txt (ID = 2413)
21:33: asad@cz8.clickzs[2].txt (ID = 2413)
21:33: Found Spy Cookie: dealtime cookie
21:33: asad@dealtime[1].txt (ID = 2505)
21:33: asad@depression.about[1].txt (ID = 2038)
21:33: Found Spy Cookie: did-it cookie
21:33: asad@did-it[1].txt (ID = 2523)
21:33: asad@directtrack[1].txt (ID = 2527)
21:33: asad@dist.belnk[1].txt (ID = 2293)
21:33: asad@dreams.com.18345.fb.dbbsrv[1].txt (ID = 2500)
21:33: Found Spy Cookie: rn11 cookie
21:33: asad@e.rn11[2].txt (ID = 3262)
21:33: Found Spy Cookie: ru4 cookie
21:33: asad@edge.ru4[2].txt (ID = 3269)
21:33: Found Spy Cookie: howstuffworks cookie
21:33: asad@electronics.howstuffworks[1].txt (ID = 2806)
21:33: asad@etype.adbureau[1].txt (ID = 2060)
21:33: Found Spy Cookie: euniverseads cookie
21:33: asad@euniverseads[2].txt (ID = 2629)
21:33: asad@exercise.about[1].txt (ID = 2038)
21:33: Found Spy Cookie: exitexchange cookie
21:33: asad@exitexchange[2].txt (ID = 2633)
21:33: Found Spy Cookie: fe.lea.lycos.com cookie
21:33: asad@fe.lea.lycos[1].txt (ID = 2660)
21:33: asad@fe.lea.lycos[2].txt (ID = 2660)
21:33: asad@fe.lea.lycos[3].txt (ID = 2660)
21:33: Found Spy Cookie: findwhat cookie
21:33: asad@findwhat[1].txt (ID = 2674)
21:33: Found Spy Cookie: fortunecity cookie
21:33: asad@fortunecity[1].txt (ID = 2686)
21:33: Found Spy Cookie: wegcash cookie
21:33: asad@free.wegcash[1].txt (ID = 3682)
21:33: asad@gamespy[1].txt (ID = 2719)
21:33: Found Spy Cookie: gaytrafficbroker cookie
21:33: asad@gaytrafficbroker[1].txt (ID = 2724)
21:33: Found Spy Cookie: go2net.com cookie
21:33: asad@go2net[1].txt (ID = 2730)
21:33: asad@gojapan.about[1].txt (ID = 2038)
21:33: asad@gostats[2].txt (ID = 2747)
21:33: Found Spy Cookie: go.com cookie
21:33: asad@go[1].txt (ID = 2728)
21:33: Found Spy Cookie: starware.com cookie
21:33: asad@h.starware[2].txt (ID = 3442)
21:33: Found Spy Cookie: humanclick cookie
21:33: asad@hc2.humanclick[2].txt (ID = 2810)
21:33: Found Spy Cookie: vioclicks cookie
21:33: asad@hit1.vioclicks[1].txt (ID = 3640)
21:33: Found Spy Cookie: hotlog cookie
21:33: asad@hotlog[1].txt (ID = 2801)
21:33: asad@howstuffworks[2].txt (ID = 2805)
21:33: Found Spy Cookie: hypertracker.com cookie
21:33: asad@hypertracker[2].txt (ID = 2817)
21:33: Found Spy Cookie: screensavers.com cookie
21:33: asad@i.screensavers[2].txt (ID = 3298)
21:33: Found Spy Cookie: imlive.com cookie
21:33: asad@imlive[1].txt (ID = 2843)
21:33: Found Spy Cookie: inet-traffic.com cookie
21:33: asad@inet-traffic[2].txt (ID = 2855)
21:33: asad@iv2.bluestreak[1].txt (ID = 2315)
21:33: Found Spy Cookie: kinghost cookie
21:33: asad@kinghost[1].txt (ID = 2903)
21:33: Found Spy Cookie: kmpads cookie
21:33: asad@kmpads[2].txt (ID = 2909)
21:33: Found Spy Cookie: kount cookie
21:33: asad@kount[1].txt (ID = 2911)
21:33: Found Spy Cookie: domainsponsor cookie
21:33: asad@landing.domainsponsor[1].txt (ID = 2535)
21:33: Found Spy Cookie: maxserving cookie
21:33: asad@maxserving[2].txt (ID = 2966)
21:33: asad@mediamgr.ugo[2].txt (ID = 3609)
21:33: Found Spy Cookie: mensniche cookie
21:33: asad@mensniche[1].txt (ID = 2986)
21:33: Found Spy Cookie: metareward.com cookie
21:33: asad@metareward[2].txt (ID = 2990)
21:33: Found Spy Cookie: metriweb.be cookie
21:33: asad@metriweb[1].txt (ID = 2992)
21:33: asad@money.howstuffworks[2].txt (ID = 2806)
21:33: Found Spy Cookie: monstermarketplace cookie
21:33: asad@monstermarketplace[1].txt (ID = 3006)
21:33: asad@mp3.about[1].txt (ID = 2038)
21:33: Found Spy Cookie: touchclarity cookie
21:33: asad@msn.touchclarity[1].txt (ID = 3566)
21:33: asad@msnportal.112.2o7[1].txt (ID = 1958)
21:33: Found Spy Cookie: myaffiliateprogram.com cookie
21:33: asad@myaffiliateprogram[2].txt (ID = 3031)
21:33: Found Spy Cookie: mygeek cookie
21:33: asad@mygeek[2].txt (ID = 3041)
21:33: Found Spy Cookie: mysearchnow cookie
21:33: asad@mysearchnow[1].txt (ID = 3047)
21:33: Found Spy Cookie: netvenda cookie
21:33: asad@netvenda[1].txt (ID = 3073)
21:33: Found Spy Cookie: nextag cookie
21:33: asad@nextag[1].txt (ID = 5014)
21:33: Found Spy Cookie: offeroptimizer cookie
21:33: asad@offeroptimizer[1].txt (ID = 3087)
21:33: Found Spy Cookie: outster cookie
21:33: asad@outster[2].txt (ID = 3103)
21:33: Found Spy Cookie: overture cookie
21:33: asad@overture[1].txt (ID = 3105)
21:33: Found Spy Cookie: freestats.net cookie
21:33: asad@ozzie.freestats[1].txt (ID = 2705)
21:33: asad@partypoker.touchclarity[1].txt (ID = 3567)
21:33: Found Spy Cookie: partypoker cookie
21:33: asad@partypoker[1].txt (ID = 3111)
21:33: Found Spy Cookie: paycounter cookie
21:33: asad@paycounter[1].txt (ID = 3115)
21:33: Found Spy Cookie: paypopup cookie
21:33: asad@paypopup[1].txt (ID = 3119)
21:33: Found Spy Cookie: pcstats.com cookie
21:33: asad@pcstats[2].txt (ID = 3125)
21:33: Found Spy Cookie: pricegrabber cookie
21:33: asad@pcworld.pricegrabber[1].txt (ID = 3186)
21:33: asad@perf.overture[1].txt (ID = 3106)
21:33: asad@physics.about[1].txt (ID = 2038)
21:33: Found Spy Cookie: mircx cookie
21:33: asad@pop.mircx[1].txt (ID = 2998)
21:33: asad@pricegrabber[1].txt (ID = 3185)
21:33: Found Spy Cookie: pro-market cookie
21:33: asad@pro-market[2].txt (ID = 3197)
21:33: asad@programs.wegcash[2].txt (ID = 3682)
21:33: Found Spy Cookie: qksrv cookie
21:33: asad@qksrv[2].txt (ID = 3213)
21:33: Found Spy Cookie: qsrch cookie
21:33: asad@qsrch[2].txt (ID = 3215)
21:33: Found Spy Cookie: questionmarket cookie
21:33: asad@questionmarket[1].txt (ID = 3217)
21:33: Found Spy Cookie: realmedia cookie
21:33: asad@realmedia[2].txt (ID = 3235)
21:33: Found Spy Cookie: redzip cookie
21:33: asad@redzip[1].txt (ID = 3249)
21:33: Found Spy Cookie: reunion cookie
21:33: asad@reunion[1].txt (ID = 3255)
21:33: Found Spy Cookie: revenue.net cookie
21:33: asad@revenue[1].txt (ID = 3257)
21:33: Found Spy Cookie: rightmedia cookie
21:33: asad@rightmedia[2].txt (ID = 3259)
21:33: Found Spy Cookie: adjuggler cookie
21:33: asad@rotator.adjuggler[2].txt (ID = 2071)
21:33: asad@science.howstuffworks[2].txt (ID = 2806)
21:33: Found Spy Cookie: search123 cookie
21:33: asad@search123[2].txt (ID = 3305)
21:33: Found Spy Cookie: domain sponsor cookie
21:33: asad@searchportal.domainsponsor[1].txt (ID = 2534)
21:33: Found Spy Cookie: searchweb2 cookie
21:33: asad@searchweb2[1].txt (ID = 3325)
21:33: Found Spy Cookie: server.iad.liveperson cookie
21:33: asad@server.iad.liveperson[1].txt (ID = 3341)
21:33: Found Spy Cookie: serving-sys cookie
21:33: asad@serving-sys[1].txt (ID = 3343)
21:33: Found Spy Cookie: servlet cookie
21:33: asad@servlet[1].txt (ID = 3345)
21:33: asad@servlet[2].txt (ID = 3345)
21:33: asad@sexuality.about[2].txt (ID = 2038)
21:33: Found Spy Cookie: specificclick.com cookie
21:33: asad@specificclick[1].txt (ID = 3399)
21:33: Found Spy Cookie: spylog cookie
21:33: asad@spylog[2].txt (ID = 3415)
21:33: asad@starware[2].txt (ID = 3441)
21:33: asad@stat.dealtime[1].txt (ID = 2506)
21:33: Found Spy Cookie: onestat.com cookie
21:33: asad@stat.onestat[2].txt (ID = 3098)
21:33: Found Spy Cookie: statcounter cookie
21:33: asad@statcounter[2].txt (ID = 3447)
21:33: Found Spy Cookie: reliablestats cookie
21:33: asad@stats1.reliablestats[1].txt (ID = 3254)
21:33: Found Spy Cookie: promaxtraffic cookie
21:33: asad@tds.promaxtraffic[1].txt (ID = 3200)
21:33: asad@theaa.touchclarity[1].txt (ID = 3566)
21:33: Found Spy Cookie: tickle cookie
21:33: asad@tickle[1].txt (ID = 3529)
21:33: Found Spy Cookie: toplist cookie
21:33: asad@toplist[1].txt (ID = 3557)
21:33: Found Spy Cookie: sexsearch cookie
21:33: asad@tour.splash.sexsearch[1].txt (ID = 3358)
21:33: Found Spy Cookie: tracking cookie
21:33: asad@tracking[2].txt (ID = 3571)
21:33: Found Spy Cookie: tradedoubler cookie
21:33: asad@tradedoubler[2].txt (ID = 3575)
21:33: Found Spy Cookie: trafficmp cookie
21:33: asad@trafficmp[2].txt (ID = 3581)
21:33: Found Spy Cookie: tribalfusion cookie
21:33: asad@tribalfusion[1].txt (ID = 3589)
21:33: Found Spy Cookie: tripod cookie
21:33: asad@tripod[2].txt (ID = 3591)
21:33: asad@uk.ask[2].txt (ID = 2246)
21:33: asad@vip.clickzs[1].txt (ID = 2413)
21:33: Found Spy Cookie: weborama cookie
21:33: asad@weborama[1].txt (ID = 3658)
21:33: Found Spy Cookie: webpower cookie
21:33: asad@webpower[2].txt (ID = 3660)
21:33: asad@webtrends.imlive[1].txt (ID = 2844)
21:33: Found Spy Cookie: burstbeacon cookie
21:33: asad@www.burstbeacon[2].txt (ID = 2335)
21:33: Found Spy Cookie: epilot cookie
21:33: asad@www.epilot[2].txt (ID = 2622)
21:33: asad@www.gamespy[2].txt (ID = 2719)
21:33: asad@www.myaffiliateprogram[1].txt (ID = 3032)
21:33: Found Spy Cookie: netster cookie
21:33: asad@www.netster[1].txt (ID = 3072)
21:33: asad@www.netvenda[2].txt (ID = 3074)
21:33: asad@www.redzip[2].txt (ID = 3250)
21:33: asad@www.screensavers[1].txt (ID = 3298)
21:33: Found Spy Cookie: starpulse cookie
21:33: asad@www.starpulse[1].txt (ID = 3440)
21:33: Found Spy Cookie: web-stat cookie
21:33: asad@www.web-stat[2].txt (ID = 3649)
21:33: Found Spy Cookie: xiti cookie
21:33: asad@xiti[1].txt (ID = 3717)
21:33: Found Spy Cookie: xuppa cookie
21:33: asad@xuppa[1].txt (ID = 3729)
21:33: Found Spy Cookie: yadro cookie
21:33: asad@yadro[1].txt (ID = 3743)
21:33: asad@yieldmanager[2].txt (ID = 3749)
21:33: asad@yourmomma.com.23229.fb.dbbsrv[2].txt (ID = 2500)
21:33: Found Spy Cookie: adserver cookie
21:33: asad@z1.adserver[2].txt (ID = 2142)
21:33: Found Spy Cookie: zedo cookie
21:33: asad@zedo[1].txt (ID = 3762)
21:33: Cookie Sweep Complete, Elapsed Time: 00:00:03
21:33: Starting File Sweep
21:34: Found Adware: tibs dialer
21:34: hot.lnk (ID = 79312)
21:41: ustart.exe (ID = 161346)
21:43: Found Adware: lopdotcom
21:43: a2647e12.exe (ID = 121)
21:43: sta51.exe (ID = 162)
21:46: File Sweep Complete, Elapsed Time: 00:12:44
21:46: Full Sweep has completed. Elapsed time 00:14:48
21:46: Traces Found: 396
21:54: Removal process initiated
21:54: Quarantining All Traces: lopdotcom
21:54: Quarantining All Traces: qsearch
21:54: Quarantining All Traces: tibs dialer
21:54: Quarantining All Traces: aksoft
21:54: Quarantining All Traces: dluca
21:54: Quarantining All Traces: safesearch
21:54: Quarantining All Traces: systemprocess
21:54: Quarantining All Traces: 216.221.138 cookie
21:54: Quarantining All Traces: 247realmedia cookie
21:54: Quarantining All Traces: 2o7.net cookie
21:54: Quarantining All Traces: 3 cookie
21:54: Quarantining All Traces: 360i cookie
21:54: Quarantining All Traces: 365 cookie
21:54: Quarantining All Traces: 4u.pl cookie
21:54: Quarantining All Traces: 5 cookie
21:54: Quarantining All Traces: 64.62.232 cookie
21:54: Quarantining All Traces: 66.220.17 cookie
21:54: Quarantining All Traces: 82155961 cookie
21:54: Quarantining All Traces: 888 cookie
21:54: Quarantining All Traces: a cookie
21:54: Quarantining All Traces: abcsearch cookie
21:54: Quarantining All Traces: about cookie
21:54: Quarantining All Traces: adbureau cookie
21:54: Quarantining All Traces: addynamix cookie
21:54: Quarantining All Traces: adjuggler cookie
21:54: Quarantining All Traces: adknowledge cookie
21:54: Quarantining All Traces: ad-logics cookie
21:54: Quarantining All Traces: adorigin cookie
21:54: Quarantining All Traces: adrevolver cookie
21:54: Quarantining All Traces: ads.adsag cookie
21:54: Quarantining All Traces: ads.tripod.lycos.com cookie
21:54: Quarantining All Traces: adserver cookie
21:54: Quarantining All Traces: adtech cookie
21:54: Quarantining All Traces: adultfriendfinder cookie
21:54: Quarantining All Traces: adultrevenueservice cookie
21:54: Quarantining All Traces: alt cookie
21:54: Quarantining All Traces: anm.co.uk cookie
21:54: Quarantining All Traces: apmebf cookie
21:54: Quarantining All Traces: ask cookie
21:54: Quarantining All Traces: askmen cookie
21:54: Quarantining All Traces: atwola cookie
21:54: Quarantining All Traces: azjmp cookie
21:54: Quarantining All Traces: banner cookie
21:54: Quarantining All Traces: bannerbank cookie
21:54: Quarantining All Traces: banners cookie
21:54: Quarantining All Traces: barelylegal cookie
21:54: Quarantining All Traces: belnk cookie
21:54: Quarantining All Traces: bizrate cookie
21:54: Quarantining All Traces: bluestreak cookie
21:54: Quarantining All Traces: bravenet cookie
21:54: Quarantining All Traces: bs.serving-sys cookie
21:54: Quarantining All Traces: burstbeacon cookie
21:54: Quarantining All Traces: burstnet cookie
21:54: Quarantining All Traces: captaincode cookie
21:54: Quarantining All Traces: casalemedia cookie
21:54: Quarantining All Traces: cassava cookie
21:54: Quarantining All Traces: cc214142 cookie
21:54: Quarantining All Traces: cd freaks cookie
21:54: Quarantining All Traces: centrport net cookie
21:54: Quarantining All Traces: clickbank cookie
21:54: Quarantining All Traces: clickzs cookie
21:54: Quarantining All Traces: customer cookie
21:54: Quarantining All Traces: dbbsrv cookie
21:54: Quarantining All Traces: dealtime cookie
21:54: Quarantining All Traces: did-it cookie
21:54: Quarantining All Traces: directtrack cookie
21:54: Quarantining All Traces: domain sponsor cookie
21:54: Quarantining All Traces: domainsponsor cookie
21:54: Quarantining All Traces: enhance cookie
21:54: Quarantining All Traces: epilot cookie
21:54: Quarantining All Traces: euniverseads cookie
21:54: Quarantining All Traces: exitexchange cookie
21:54: Quarantining All Traces: falkag cookie
21:54: Quarantining All Traces: fe.lea.lycos.com cookie
21:54: Quarantining All Traces: findwhat cookie
21:54: Quarantining All Traces: fortunecity cookie
21:54: Quarantining All Traces: freestats.net cookie
21:54: Quarantining All Traces: gamespy cookie
21:54: Quarantining All Traces: gaytrafficbroker cookie
21:54: Quarantining All Traces: go.com cookie
21:54: Quarantining All Traces: go2net.com cookie
21:54: Quarantining All Traces: goclick cookie
21:54: Quarantining All Traces: gostats cookie
21:54: Quarantining All Traces: hbmediapro cookie
21:54: Quarantining All Traces: hotlog cookie
21:54: Quarantining All Traces: howstuffworks cookie
21:54: Quarantining All Traces: humanclick cookie
21:54: Quarantining All Traces: hypertracker.com cookie
21:54: Quarantining All Traces: imlive.com cookie
21:54: Quarantining All Traces: inet-traffic.com cookie
21:54: Quarantining All Traces: kinghost cookie
21:54: Quarantining All Traces: kmpads cookie
21:54: Quarantining All Traces: kount cookie
21:54: Quarantining All Traces: maxserving cookie
21:54: Quarantining All Traces: mensniche cookie
21:54: Quarantining All Traces: metareward.com cookie
21:54: Quarantining All Traces: metriweb.be cookie
21:54: Quarantining All Traces: mircx cookie
21:54: Quarantining All Traces: monstermarketplace cookie
21:54: Quarantining All Traces: myaffiliateprogram.com cookie
21:54: Quarantining All Traces: mygeek cookie
21:54: Quarantining All Traces: mysearchnow cookie
21:54: Quarantining All Traces: netster cookie
21:54: Quarantining All Traces: netvenda cookie
21:54: Quarantining All Traces: nextag cookie
21:54: Quarantining All Traces: offeroptimizer cookie
21:54: Quarantining All Traces: onestat.com cookie
21:54: Quarantining All Traces: outster cookie
21:54: Quarantining All Traces: overture cookie
21:54: Quarantining All Traces: partypoker cookie
21:54: Quarantining All Traces: paycounter cookie
21:54: Quarantining All Traces: paypopup cookie
21:54: Quarantining All Traces: pcstats.com cookie
21:54: Quarantining All Traces: pointroll cookie
21:54: Quarantining All Traces: precisead cookie
21:54: Quarantining All Traces: pricegrabber cookie
21:54: Quarantining All Traces: pro-market cookie
21:54: Quarantining All Traces: promaxtraffic cookie
21:54: Quarantining All Traces: qksrv cookie
21:54: Quarantining All Traces: qsrch cookie
21:54: Quarantining All Traces: questionmarket cookie
21:54: Quarantining All Traces: realmedia cookie
21:54: Quarantining All Traces: redzip cookie
21:54: Quarantining All Traces: reliablestats cookie
21:54: Quarantining All Traces: reunion cookie
21:54: Quarantining All Traces: revenue.net cookie
21:54: Quarantining All Traces: rightmedia cookie
21:54: Quarantining All Traces: rn11 cookie
21:54: Quarantining All Traces: ru4 cookie
21:54: Quarantining All Traces: sandboxer cookie
21:54: Quarantining All Traces: screensavers.com cookie
21:54: Quarantining All Traces: search123 cookie
21:54: Quarantining All Traces: searchweb2 cookie
21:54: Quarantining All Traces: server.iad.liveperson cookie
21:54: Quarantining All Traces: serving-sys cookie
21:54: Quarantining All Traces: servlet cookie
21:54: Quarantining All Traces: sexsearch cookie
21:54: Quarantining All Traces: sexsuche cookie
21:54: Quarantining All Traces: specificclick.com cookie
21:54: Quarantining All Traces: spylog cookie
21:54: Quarantining All Traces: starpulse cookie
21:54: Quarantining All Traces: starware.com cookie
21:54: Quarantining All Traces: statcounter cookie
21:54: Quarantining All Traces: tickle cookie
21:54: Quarantining All Traces: toplist cookie
21:54: Quarantining All Traces: touchclarity cookie
21:54: Quarantining All Traces: tracking cookie
21:54: Quarantining All Traces: tradedoubler cookie
21:54: Quarantining All Traces: trafficmp cookie
21:54: Quarantining All Traces: tribalfusion cookie
21:54: Quarantining All Traces: tripod cookie
21:54: Quarantining All Traces: ugo cookie
21:54: Quarantining All Traces: uproar cookie
21:54: Quarantining All Traces: vendaregroup cookie
21:54: Quarantining All Traces: vioclicks cookie
21:54: Quarantining All Traces: weborama cookie
21:54: Quarantining All Traces: webpower cookie
21:54: Quarantining All Traces: websponsors cookie
21:54: Quarantining All Traces: web-stat cookie
21:54: Quarantining All Traces: wegcash cookie
21:54: Quarantining All Traces: xiti cookie
21:54: Quarantining All Traces: xuppa cookie
21:54: Quarantining All Traces: yadro cookie
21:54: Quarantining All Traces: yieldmanager cookie
21:54: Quarantining All Traces: zedo cookie
21:55: Removal process completed. Elapsed time 00:01:26
********
22:39: | Start of Session, 14 November 2005 |
22:39: Spy Sweeper started
22:39: Sweep initiated using definitions version 572
22:39: Starting Memory Sweep
22:41: Memory Sweep Complete, Elapsed Time: 00:01:45
22:41: Starting Registry Sweep
22:41: Found Adware: safesearch
22:41: HKCR\clsid\{00000000-0000-0000-0000-000000000001}\ (1 subtraces) (ID = 140320)
22:41: Found Adware: aksoft
22:41: HKLM\software\aksoft\ (34 subtraces) (ID = 639132)
22:41: Found Adware: systemprocess
22:41: HKCR\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ (4 subtraces) (ID = 860384)
22:41: HKCR\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ (2 subtraces) (ID = 860386)
22:41: HKCR\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ || threadingmodel (ID = 860388)
22:41: HKLM\software\system process\ (10 subtraces) (ID = 860391)
22:41: HKLM\software\system process\ || modid (ID = 860392)
22:41: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ (1 subtraces) (ID = 860393)
22:41: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ || 1 (ID = 860394)
22:41: HKLM\software\system process\ || started (ID = 860395)
22:41: HKLM\software\system process\ || installed (ID = 860396)
22:41: HKLM\software\system process\ || dllver (ID = 860397)
22:41: HKLM\software\system process\ || lastupdatetime (ID = 860398)
22:41: HKLM\software\system process\files\ (4 subtraces) (ID = 860399)
22:41: HKLM\software\system process\files\ || system.dat (ID = 860400)
22:41: HKLM\software\system process\files\ || navshext.dll (ID = 860401)
22:41: HKLM\software\system process\files\ || ustart.exe (ID = 860402)
22:41: HKLM\software\system process\files\ || p.dat (ID = 860403)
22:41: HKLM\software\classes\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\ (4 subtraces) (ID = 860404)
22:41: HKLM\software\classes\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ (2 subtraces) (ID = 860406)
22:41: HKLM\software\classes\clsid\{c2eeb4fa-b6d6-41b9-9cfa-aba87f862bcb}\inprocserver32\ || threadingmodel (ID = 860408)
22:41: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
22:41: HKLM\software\aksoft\x-tractor\ (33 subtraces) (ID = 982635)
22:41: Found Adware: dluca
22:41: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\program info\ (ID = 125223)
22:41: Found Adware: qsearch
22:41: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\infosoft\qsearch\ (9 subtraces) (ID = 139168)
22:41: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\infosoft\qsearch\ || lastwnk (ID = 139169)
22:41: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\system process\ (1 subtraces) (ID = 860389)
22:41: HKU\S-1-5-21-1644491937-1336601894-839522115-1003\software\system process\ || lastptime (ID = 860390)
22:41: Registry Sweep Complete, Elapsed Time:00:00:07
22:41: Starting Cookie Sweep
22:41: Found Spy Cookie: sandboxer cookie
22:41: asad@0[10].txt (ID = 3282)
22:41: asad@0[11].txt (ID = 3282)
22:41: asad@0[12].txt (ID = 3282)
22:41: asad@0[13].txt (ID = 3282)
22:41: asad@0[14].txt (ID = 3282)
22:41: asad@0[15].txt (ID = 3282)
22:41: asad@0[17].txt (ID = 3282)
22:41: asad@0[18].txt (ID = 3282)
22:41: asad@0[19].txt (ID = 3282)
22:41: asad@0[1].txt (ID = 3282)
22:41: asad@0[20].txt (ID = 3282)
22:41: asad@0[21].txt (ID = 3282)
22:41: asad@0[22].txt (ID = 3282)
22:41: asad@0[23].txt (ID = 3282)
22:41: asad@0[24].txt (ID = 3282)
22:41: asad@0[25].txt (ID = 3282)
22:41: asad@0[26].txt (ID = 3282)
22:41: asad@0[27].txt (ID = 3282)
22:41: asad@0[28].txt (ID = 3282)
22:41: asad@0[29].txt (ID = 3282)
22:41: asad@0[2].txt (ID = 3282)
22:41: asad@0[30].txt (ID = 3282)
22:41: asad@0[3].txt (ID = 3282)
22:41: asad@0[4].txt (ID = 3282)
22:41: asad@0[5].txt (ID = 3282)
22:41: asad@0[6].txt (ID = 3282)
22:41: asad@0[7].txt (ID = 3282)
22:41: asad@0[8].txt (ID = 3282)
22:41: asad@0[9].txt (ID = 3282)
22:41: Found Spy Cookie: 2o7.net cookie
22:41: asad@112.2o7[1].txt (ID = 1958)
22:41: Found Spy Cookie: dbbsrv cookie
22:41: asad@1800search.com.19522.fb.dbbsrv[1].txt (ID = 2500)
22:41: Found Spy Cookie: 216.221.138 cookie
22:41: asad@216.221.138[1].txt (ID = 1947)
22:41: Found Spy Cookie: 247realmedia cookie
22:41: asad@247realmedia[1].txt (ID = 1953)
22:41: asad@2o7[1].txt (ID = 1957)
22:41: Found Spy Cookie: 365 cookie
22:41: asad@365[1].txt (ID = 1963)
22:41: asad@365[2].txt (ID = 1963)
22:41: Found Spy Cookie: 3 cookie
22:41: asad@3[1].txt (ID = 1959)
22:41: asad@3[2].txt (ID = 1959)
22:41: asad@3[3].txt (ID = 1959)
22:41: asad@3[4].txt (ID = 1959)
22:41: asad@3[5].txt (ID = 1959)
22:41: asad@3[6].txt (ID = 1959)
22:41: asad@3[7].txt (ID = 1959)
22:41: Found Spy Cookie: 5 cookie
22:41: asad@5[1].txt (ID = 1979)
22:41: asad@5[2].txt (ID = 1979)
22:41: asad@5[3].txt (ID = 1979)
22:41: Found Spy Cookie: 64.62.232 cookie
22:41: asad@64.62.232[1].txt (ID = 1987)
22:41: asad@64.62.232[2].txt (ID = 1987)
22:41: asad@64.62.232[4].txt (ID = 1987)
22:41: asad@64.62.232[5].txt (ID = 1987)
22:41: asad@64.62.232[6].txt (ID = 1987)
22:41: Found Spy Cookie: 66.220.17 cookie
22:41: asad@66.220.17[2].txt (ID = 1991)
22:41: Found Spy Cookie: 82155961 cookie
22:41: asad@82155961[1].txt (ID = 2017)
22:41: Found Spy Cookie: 888 cookie
22:41: asad@888[1].txt (ID = 2019)
22:41: asad@888[3].txt (ID = 2019)
22:41: Found Spy Cookie: falkag cookie
22:41: asad@a.as-us.falkag[1].txt (ID = 2650)
22:41: Found Spy Cookie: websponsors cookie
22:41: asad@a.websponsors[2].txt (ID = 3665)
22:41: Found Spy Cookie: abcsearch cookie
22:41: asad@abcsearch[1].txt (ID = 2033)
22:41: Found Spy Cookie: about cookie
22:41: asad@about[2].txt (ID = 2037)
22:41: Found Spy Cookie: ad-logics cookie
22:41: asad@ad-logics[2].txt (ID = 2049)
22:41: Found Spy Cookie: yieldmanager cookie
22:41: asad@ad.yieldmanager[2].txt (ID = 3751)
22:41: Found Spy Cookie: bannerbank cookie
22:41: asad@ad10.bannerbank[1].txt (ID = 2281)
22:41: asad@ad6.bannerbank[1].txt (ID = 2281)
22:41: Found Spy Cookie: adknowledge cookie
22:41: asad@adknowledge[1].txt (ID = 2072)
22:41: Found Spy Cookie: hbmediapro cookie
22:41: asad@adopt.hbmediapro[2].txt (ID = 2768)
22:41: Found Spy Cookie: precisead cookie
22:41: asad@adopt.precisead[2].txt (ID = 3182)
22:41: Found Spy Cookie: adorigin cookie
22:41: asad@adorigin[1].txt (ID = 2082)
22:41: Found Spy Cookie: adrevolver cookie
22:41: asad@adrevolver[1].txt (ID = 2088)
22:41: asad@adrevolver[2].txt (ID = 2088)
22:41: Found Spy Cookie: addynamix cookie
22:41: asad@ads.addynamix[2].txt (ID = 2062)
22:41: Found Spy Cookie: ads.adsag cookie
22:41: asad@ads.adsag[1].txt (ID = 2108)
22:41: Found Spy Cookie: cc214142 cookie
22:41: asad@ads.cc214142[1].txt (ID = 2367)
22:41: Found Spy Cookie: pointroll cookie
22:41: asad@ads.pointroll[2].txt (ID = 3148)
22:41: Found Spy Cookie: ads.tripod.lycos.com cookie
22:41: asad@ads.tripod.lycos[1].txt (ID = 2133)
22:41: asad@ads.tripod.lycos[2].txt (ID = 2133)
22:41: Found Spy Cookie: uproar cookie
22:41: asad@ads.uproar[2].txt (ID = 3613)
22:41: Found Spy Cookie: vendaregroup cookie
22:41: asad@ads.vendaregroup[2].txt (ID = 3635)
22:41: Found Spy Cookie: 4u.pl cookie
22:41: asad@adstat.4u[2].txt (ID = 1978)
22:41: Found Spy Cookie: adtech cookie
22:41: asad@adtech[1].txt (ID = 2155)
22:41: Found Spy Cookie: adultfriendfinder cookie
22:41: asad@adultfriendfinder[1].txt (ID = 2165)
22:41: Found Spy Cookie: adultrevenueservice cookie
22:41: asad@adultrevenueservice[1].txt (ID = 2167)
22:41: Found Spy Cookie: directtrack cookie
22:41: asad@affiliatemarketing.directtrack[2].txt (ID = 2528)
22:41: Found Spy Cookie: alt cookie
22:41: asad@alt[1].txt (ID = 2217)
22:41: Found Spy Cookie: anm.co.uk cookie
22:41: asad@anm.co[2].txt (ID = 2223)
22:41: Found Spy Cookie: apmebf cookie
22:41: asad@apmebf[2].txt (ID = 2229)
22:41: asad@arthistory.about[2].txt (ID = 2038)
22:41: asad@as-eu.falkag[1].txt (ID = 2650)
22:41: asad@as-us.falkag[1].txt (ID = 2650)
22:41: asad@as1.falkag[1].txt (ID = 2650)
22:41: Found Spy Cookie: askmen cookie
22:41: asad@askmen[1].txt (ID = 2247)
22:41: Found Spy Cookie: ask cookie
22:41: asad@ask[2].txt (ID = 2245)
22:41: Found Spy Cookie: belnk cookie
22:41: asad@ath.belnk[1].txt (ID = 2293)
22:41: Found Spy Cookie: atwola cookie
22:41: asad@atwola[2].txt (ID = 2255)
22:41: Found Spy Cookie: azjmp cookie
22:41: asad@azjmp[2].txt (ID = 2270)
22:41: Found Spy Cookie: a cookie
22:41: asad@a[1].txt (ID = 2027)
22:41: Found Spy Cookie: banners cookie
22:41: asad@banners[1].txt (ID = 2282)
22:41: Found Spy Cookie: banner cookie
22:41: asad@banner[1].txt (ID = 2276)
22:41: Found Spy Cookie: adbureau cookie
22:41: asad@bbcww.adbureau[2].txt (ID = 2060)
22:41: asad@belnk[2].txt (ID = 2292)
22:41: Found Spy Cookie: bizrate cookie
22:41: asad@bizrate[1].txt (ID = 2308)
22:41: Found Spy Cookie: bluestreak cookie
22:41: asad@bluestreak[2].txt (ID = 2314)
22:41: asad@boardgames.about[2].txt (ID = 2038)
22:41: Found Spy Cookie: bravenet cookie
22:41: asad@bravenet[2].txt (ID = 2322)
22:41: Found Spy Cookie: bs.serving-sys cookie
22:41: asad@bs.serving-sys[1].txt (ID = 2330)
22:41: Found Spy Cookie: burstnet cookie
22:41: asad@burstnet[1].txt (ID = 2336)
22:41: Found Spy Cookie: enhance cookie
22:41: asad@c.enhance[2].txt (ID = 2614)
22:41: Found Spy Cookie: barelylegal cookie
22:41: asad@c.fsx[2].txt (ID = 2286)
22:41: Found Spy Cookie: goclick cookie
22:41: asad@c.goclick[2].txt (ID = 2733)
22:41: Found Spy Cookie: gostats cookie
22:41: asad@c3.gostats[2].txt (ID = 2748)
22:41: Found Spy Cookie: captaincode cookie
22:41: asad@captaincode[2].txt (ID = 2346)
22:41: Found Spy Cookie: casalemedia cookie
22:41: asad@casalemedia[1].txt (ID = 2354)
22:41: Found Spy Cookie: cassava cookie
22:41: asad@cassava[1].txt (ID = 2362)
22:41: Found Spy Cookie: cd freaks cookie
22:41: asad@cdfreaks[2].txt (ID = 2370)
22:41: Found Spy Cookie: centrport net cookie
22:41: asad@centrport[2].txt (ID = 2374)
22:41: Found Spy Cookie: gamespy cookie
22:41: asad@cheats.gamespy[2].txt (ID = 2719)
22:41: Found Spy Cookie: ugo cookie
22:41: asad@cheats.ugo[2].txt (ID = 3609)
22:41: Found Spy Cookie: clickbank cookie
22:41: asad@clickbank[1].txt (ID = 2398)
22:41: asad@clkhype.adbureau[2].txt (ID = 2060)
22:41: asad@club.cdfreaks[2].txt (ID = 2371)
22:41: Found Spy Cookie: sexsuche cookie
22:41: asad@counter.sexsuche[2].txt (ID = 3360)
22:41: asad@creview.adbureau[2].txt (ID = 2060)
22:41: Found Spy Cookie: 360i cookie
22:41: asad@ct.360i[1].txt (ID = 1962)
22:41: Found Spy Cookie: customer cookie
22:41: asad@customer[1].txt (ID = 2481)
22:41: asad@customer[2].txt (ID = 2481)
22:41: Found Spy Cookie: clickzs cookie
22:41: asad@cz3.clickzs[2].txt (ID = 2413)
22:41: asad@cz4.clickzs[2].txt (ID = 2413)
22:41: asad@cz5.clickzs[1].txt (ID = 2413)
22:41: asad@cz6.clickzs[2].txt (ID = 2413)
22:41: asad@cz7.clickzs[2].txt (ID = 2413)
22:41: asad@cz8.clickzs[2].txt (ID = 2413)
22:41: Found Spy Cookie: dealtime cookie
22:41: asad@dealtime[1].txt (ID = 2505)
22:41: asad@depression.about[1].txt (ID = 2038)
22:41: Found Spy Cookie: did-it cookie
22:41: asad@did-it[1].txt (ID = 2523)
22:41: asad@directtrack[1].txt (ID = 2527)
22:41: asad@dist.belnk[1].txt (ID = 2293)
22:41: asad@dreams.com.18345.fb.dbbsrv[1].txt (ID = 2500)
22:41: Found Spy Cookie: rn11 cookie
22:41: asad@e.rn11[2].txt (ID = 3262)
22:41: Found Spy Cookie: ru4 cookie
22:41: asad@edge.ru4[2].txt (ID = 3269)
22:41: Found Spy Cookie: howstuffworks cookie
22:41: asad@electronics.howstuffworks[1].txt (ID = 2806)
22:41: asad@etype.adbureau[1].txt (ID = 2060)
22:41: Found Spy Cookie: euniverseads cookie
22:41: asad@euniverseads[2].txt (ID = 2629)
22:41: asad@exercise.about[1].txt (ID = 2038)
22:41: Found Spy Cookie: exitexchange cookie
22:41: asad@exitexchange[2].txt (ID = 2633)
22:41: Found Spy Cookie: fe.lea.lycos.com cookie
22:41: asad@fe.lea.lycos[1].txt (ID = 2660)
22:41: asad@fe.lea.lycos[2].txt (ID = 2660)
22:41: asad@fe.lea.lycos[3].txt (ID = 2660)
22:41: Found Spy Cookie: findwhat cookie
22:41: asad@findwhat[1].txt (ID = 2674)
22:41: Found Spy Cookie: fortunecity cookie
22:41: asad@fortunecity[1].txt (ID = 2686)
22:41: Found Spy Cookie: wegcash cookie
22:41: asad@free.wegcash[1].txt (ID = 3682)
22:41: asad@gamespy[1].txt (ID = 2719)
22:41: Found Spy Cookie: gaytrafficbroker cookie
22:41: asad@gaytrafficbroker[1].txt (ID = 2724)
22:41: Found Spy Cookie: go2net.com cookie
22:41: asad@go2net[1].txt (ID = 2730)
22:41: asad@gojapan.about[1].txt (ID = 2038)
22:41: asad@gostats[2].txt (ID = 2747)
22:41: Found Spy Cookie: go.com cookie
22:41: asad@go[1].txt (ID = 2728)
22:41: Found Spy Cookie: starware.com cookie
22:41: asad@h.starware[2].txt (ID = 3442)
22:41: Found Spy Cookie: humanclick cookie
22:41: asad@hc2.humanclick[2].txt (ID = 2810)
22:41: Found Spy Cookie: vioclicks cookie
22:41: asad@hit1.vioclicks[1].txt (ID = 3640)
22:41: Found Spy Cookie: hotlog cookie
22:41: asad@hotlog[1].txt (ID = 2801)
22:41: asad@howstuffworks[2].txt (ID = 2805)
22:41: Found Spy Cookie: hypertracker.com cookie
22:41: asad@hypertracker[2].txt (ID = 2817)
22:41: Found Spy Cookie: screensavers.com cookie
22:41: asad@i.screensavers[2].txt (ID = 3298)
22:41: Found Spy Cookie: imlive.com cookie
22:41: asad@imlive[1].txt (ID = 2843)
22:41: Found Spy Cookie: inet-traffic.com cookie
22:41: asad@inet-traffic[2].txt (ID = 2855)
22:41: asad@iv2.bluestreak[1].txt (ID = 2315)
22:41: Found Spy Cookie: kinghost cookie
22:41: asad@kinghost[1].txt (ID = 2903)
22:41: Found Spy Cookie: kmpads cookie
22:41: asad@kmpads[2].txt (ID = 2909)
22:41: Found Spy Cookie: kount cookie
22:41: asad@kount[1].txt (ID = 2911)
22:41: Found Spy Cookie: domainsponsor cookie
22:41: asad@landing.domainsponsor[1].txt (ID = 2535)
22:41: Found Spy Cookie: maxserving cookie
22:41: asad@maxserving[2].txt (ID = 2966)
22:41: asad@mediamgr.ugo[2].txt (ID = 3609)
22:41: Found Spy Cookie: mensniche cookie
22:41: asad@mensniche[1].txt (ID = 2986)
22:41: Found Spy Cookie: metareward.com cookie
22:41: asad@metareward[2].txt (ID = 2990)
22:41: Found Spy Cookie: metriweb.be cookie
22:41: asad@metriweb[1].txt (ID = 2992)
22:41: asad@money.howstuffworks[2].txt (ID = 2806)
22:41: Found Spy Cookie: monstermarketplace cookie
22:41: asad@monstermarketplace[1].txt (ID = 3006)
22:41: asad@mp3.about[1].txt (ID = 2038)
22:41: Found Spy Cookie: touchclarity cookie
22:41: asad@msn.touchclarity[1].txt (ID = 3566)
22:41: asad@msnportal.112.2o7[1].txt (ID = 1958)
22:41: Found Spy Cookie: myaffiliateprogram.com cookie
22:41: asad@myaffiliateprogram[2].txt (ID = 3031)
22:41: Found Spy Cookie: mygeek cookie
22:41: asad@mygeek[2].txt (ID = 3041)
22:41: Found Spy Cookie: mysearchnow cookie
22:41: asad@mysearchnow[1].txt (ID = 3047)
22:41: Found Spy Cookie: netvenda cookie
22:41: asad@netvenda[1].txt (ID = 3073)
22:41: Found Spy Cookie: nextag cookie
22:41: asad@nextag[1].txt (ID = 5014)
22:41: Found Spy Cookie: offeroptimizer cookie
22:41: asad@offeroptimizer[1].txt (ID = 3087)
22:41: Found Spy Cookie: outster cookie
22:41: asad@outster[2].txt (ID = 3103)
22:41: Found Spy Cookie: overture cookie
22:41: asad@overture[1].txt (ID = 3105)
22:41: Found Spy Cookie: freestats.net cookie
22:41: asad@ozzie.freestats[1].txt (ID = 2705)
22:41: asad@partypoker.touchclarity[1].txt (ID = 3567)
22:41: Found Spy Cookie: partypoker cookie
22:41: asad@partypoker[1].txt (ID = 3111)
22:41: Found Spy Cookie: paycounter cookie
22:41: asad@paycounter[1].txt (ID = 3115)
22:41: Found Spy Cookie: paypopup cookie
22:41: asad@paypopup[1].txt (ID = 3119)
22:41: Found Spy Cookie: pcstats.com cookie
22:41: asad@pcstats[2].txt (ID = 3125)
22:41: Found Spy Cookie: pricegrabber cookie
22:41: asad@pcworld.pricegrabber[1].txt (ID = 3186)
22:41: asad@perf.overture[1].txt (ID = 3106)
22:41: asad@physics.about[1].txt (ID = 2038)
22:41: Found Spy Cookie: mircx cookie
22:41: asad@pop.mircx[1].txt (ID = 2998)
22:41: asad@pricegrabber[1].txt (ID = 3185)
22:41: Found Spy Cookie: pro-market cookie
22:41: asad@pro-market[2].txt (ID = 3197)
22:41: asad@programs.wegcash[2].txt (ID = 3682)
22:41: Found Spy Cookie: qksrv cookie
22:41: asad@qksrv[2].txt (ID = 3213)
22:41: Found Spy Cookie: qsrch cookie
22:41: asad@qsrch[2].txt (ID = 3215)
22:41: Found Spy Cookie: questionmarket cookie
22:41: asad@questionmarket[1].txt (ID = 3217)
22:41: Found Spy Cookie: realmedia cookie
22:41: asad@realmedia[2].txt (ID = 3235)
22:41: Found Spy Cookie: redzip cookie
22:41: asad@redzip[1].txt (ID = 3249)
22:41: Found Spy Cookie: reunion cookie
22:41: asad@reunion[1].txt (ID = 3255)
22:41: Found Spy Cookie: revenue.net cookie
22:41: asad@revenue[1].txt (ID = 3257)
22:41: Found Spy Cookie: rightmedia cookie
22:41: asad@rightmedia[2].txt (ID = 3259)
22:41: Found Spy Cookie: adjuggler cookie
22:41: asad@rotator.adjuggler[2].txt (ID = 2071)
22:41: asad@science.howstuffworks[2].txt (ID = 2806)
22:41: Found Spy Cookie: search123 cookie
22:41: asad@search123[2].txt (ID = 3305)
22:41: Found Spy Cookie: domain sponsor cookie
22:41: asad@searchportal.domainsponsor[1].txt (ID = 2534)
22:41: Found Spy Cookie: searchweb2 cookie
22:41: asad@searchweb2[1].txt (ID = 3325)
22:41: Found Spy Cookie: server.iad.liveperson cookie
22:41: asad@server.iad.liveperson[1].txt (ID = 3341)
22:41: Found Spy Cookie: serving-sys cookie
22:41: asad@serving-sys[1].txt (ID = 3343)
22:41: Found Spy Cookie: servlet cookie
22:41: asad@servlet[1].txt (ID = 3345)
22:41: asad@servlet[2].txt (ID = 3345)
22:41: asad@sexuality.about[2].txt (ID = 2038)
22:41: Found Spy Cookie: specificclick.com cookie
22:41: asad@specificclick[1].txt (ID = 3399)
22:41: Found Spy Cookie: spylog cookie
22:41: asad@spylog[2].txt (ID = 3415)
22:41: asad@starware[2].txt (ID = 3441)
22:41: asad@stat.dealtime[1].txt (ID = 2506)
22:41: Found Spy Cookie: onestat.com cookie
22:41: asad@stat.onestat[2].txt (ID = 3098)
22:41: Found Spy Cookie: statcounter cookie
22:41: asad@statcounter[2].txt (ID = 3447)
22:41: Found Spy Cookie: reliablestats cookie
22:41: asad@stats1.reliablestats[1].txt (ID = 3254)
22:41: Found Spy Cookie: promaxtraffic cookie
22:41: asad@tds.promaxtraffic[1].txt (ID = 3200)
22:41: asad@theaa.touchclarity[1].txt (ID = 3566)
22:41: Found Spy Cookie: tickle cookie
22:41: asad@tickle[1].txt (ID = 3529)
22:41: Found Spy Cookie: toplist cookie
22:41: asad@toplist[1].txt (ID = 3557)
22:41: Found Spy Cookie: sexsearch cookie
22:41: asad@tour.splash.sexsearch[1].txt (ID = 3358)
22:41: Found Spy Cookie: tracking cookie
22:41: asad@tracking[2].txt (ID = 3571)
22:41: Found Spy Cookie: tradedoubler cookie
22:41: asad@tradedoubler[2].txt (ID = 3575)
22:41: Found Spy Cookie: trafficmp cookie
22:41: asad@trafficmp[2].txt (ID = 3581)
22:41: Found Spy Cookie: tribalfusion cookie
22:41: asad@tribalfusion[1].txt (ID = 3589)
22:41: Found Spy Cookie: tripod cookie
22:41: asad@tripod[2].txt (ID = 3591)
22:41: asad@uk.ask[2].txt (ID = 2246)
22:41: asad@vip.clickzs[1].txt (ID = 2413)
22:41: Found Spy Cookie: weborama cookie
22:41: asad@weborama[1].txt (ID = 3658)
22:41: Found Spy Cookie: webpower cookie
22:41: asad@webpower[2].txt (ID = 3660)
22:41: asad@webtrends.imlive[1].txt (ID = 2844)
22:41: Found Spy Cookie: burstbeacon cookie
22:41: asad@www.burstbeacon[2].txt (ID = 2335)
22:41: Found Spy Cookie: epilot cookie
22:41: asad@www.epilot[2].txt (ID = 2622)
22:41: asad@www.gamespy[2].txt (ID = 2719)
22:41: asad@www.myaffiliateprogram[1].txt (ID = 3032)
22:41: Found Spy Cookie: netster cookie
22:41: asad@www.netster[1].txt (ID = 3072)
22:41: asad@www.netvenda[2].txt (ID = 3074)
22:41: asad@www.redzip[2].txt (ID = 3250)
22:41: asad@www.screensavers[1].txt (ID = 3298)
22:41: Found Spy Cookie: starpulse cookie
22:41: asad@www.starpulse[1].txt (ID = 3440)
22:41: Found Spy Cookie: web-stat cookie
22:41: asad@www.web-stat[2].txt (ID = 3649)
22:41: Found Spy Cookie: xiti cookie
22:41: asad@xiti[1].txt (ID = 3717)
22:41: Found Spy Cookie: xuppa cookie
22:41: asad@xuppa[1].txt (ID = 3729)
22:41: Found Spy Cookie: yadro cookie
22:41: asad@yadro[1].txt (ID = 3743)
22:41: asad@yieldmanager[2].txt (ID = 3749)
22:41: asad@yourmomma.com.23229.fb.dbbsrv[2].txt (ID = 2500)
22:41: Found Spy Cookie: adserver cookie
22:41: asad@z1.adserver[2].txt (ID = 2142)
22:41: Found Spy Cookie: zedo cookie
22:41: asad@zedo[1].txt (ID = 3762)
22:41: Cookie Sweep Complete, Elapsed Time: 00:00:07
22:41: Starting File Sweep
22:42: Found Adware: tibs dialer
22:42: hot.lnk (ID = 79312)
22:49: ustart.exe (ID = 161346)
22:51: Found Adware: lopdotcom
22:51: a2647e12.exe (ID = 121)
22:51: sta51.exe (ID = 162)
22:52: Sweep Canceled
22:52: File Sweep Complete, Elapsed Time: 00:10:45
22:52: Traces Found: 396
********
22:37: | Start of Session, 14 November 2005 |
22:37: Spy Sweeper started
22:38: Your spyware definitions have been updated.
22:39: | End of Session, 14 November 2005 |


The ewido security logfile is >

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 22:55:38, 15/11/2005
+ Report-Checksum: C017BA55

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000001} -> Spyware.AutoSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Asad\Application Data\Mozilla\Firefox\Profiles\jac8bhk4.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.118:C:\Docu
ajehan
Active Member
 
Posts: 3
Joined: November 14th, 2005, 3:56 pm

Unread postby Susan528 » November 15th, 2005, 9:10 pm

Hello Ajehan,

Good work cleaning your log. I am glad Internet Explorer seems to be working fine.

Please set your system to show all files; please see here if you're unsure how to do this.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\Block Checker<==folder
Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby ajehan » November 23rd, 2005, 6:50 pm

Hello
I ran hijackthis and fixed the item you had asked me to. After booting in safe mode i could not located the folder. Does this mean it's already deleted?
Here's the new hojack this log >>>

Logfile of HijackThis v1.99.1
Scan saved at 22:45:07, on 23/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Asad\My Documents\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SP2ConnPatcher] "C:\Program Files\SP2 Connection Patcher\sp2connpatcher.exe" -n=200
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4326655093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
ajehan
Active Member
 
Posts: 3
Joined: November 14th, 2005, 3:56 pm

Unread postby Susan528 » November 23rd, 2005, 7:19 pm

Hello Ajeman,

Your logs looks clean. Please follow the following instructions.

STEP 1.
======
Cleanmgr
To clean temporary files:
  1. Go > start > run and type cleanmgr and click OK
  2. Scan your system for files to remove.
  3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
  4. Click OK to remove those files.
  5. Click Yes to confirm deletion.

STEP 2.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.- Only for Windows XP
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
    Turn off System Restore.
  1. On the Desktop, right-click My Computer.
  2. Click Properties.
  3. Click the System Restore tab.
  4. Check Turn off System Restore.
  5. Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  1. On the Desktop, right-click My Computer.
  2. Click Properties.
  3. Click the System Restore tab.
  4. UN-Check *Turn off System Restore*.
  5. Click Apply, and then click OK.


STEP 4.
======
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.


    See this link for a listing of some online & their stand-alone antivirus programs:
    Virus, Spyware, and Malware Protection and Removal Resources

  2. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  3. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Understanding and Using Firewalls

  4. Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Visit the Microsoft Office Update Site Frequently-If you are running Microsoft Office, or any portion thereof, go to the Microsoft Office Update site and make sure you have at least all the critical updates installed (Free)

  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  8. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  9. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby NonSuch » December 2nd, 2005, 5:41 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware