Guard.temp Virus

Comments

• Crunchie Mandurah. Western Australia. Member

  November 2005 edited November 2005

  Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  Click the Free Trial link under to "SpySweeper" to download the program.
  Install it. Once the program is installed, it will open.
  It will prompt you to update to the latest definitions, click Yes.
  Once the definitions are installed, click Options on the left side.
  Click the Sweep Options tab.
  Under What to Sweep please put a check next to the following:
  Sweep Memory
  Sweep Registry
  Sweep Cookies
  Sweep All User Accounts
  Enable Direct Disk Sweeping
  Sweep Contents of Compressed Files
  Sweep for Rootkits
  Please UNCHECK Do not Sweep System Restore Folder.
  Click Sweep Now on the left side.
  Click the Start button.
  When it's done scanning, click the Next button.
  Make sure everything has a check next to it, then click the Next button.
  It will remove all of the items found.
  Click Session Log in the upper right corner, copy everything in that window.
  Click the Summary tab and click Finish.
  Paste the contents of the session log you copied into your next reply, with a fresh hijackthis log.

  0
• acechamp

  November 2005 edited November 2005

  Thanks ... below is my very long Spy Sweeper session log:
  
  ********
  11:01 AM: | Start of Session, Tuesday, November 15, 2005 |
  11:01 AM: Spy Sweeper started
  11:01 AM: Sweep initiated using definitions version 573
  11:01 AM: Starting Memory Sweep
  11:02 AM: Found Adware: icannnews
  11:02 AM: Detected running threat: C:\WINDOWS\SYSTEM32\n02ulaf91d2.dll (ID = 83)
  11:04 AM: Detected running threat: C:\WINDOWS\SYSTEM32\cbsNOL22.dll (ID = 83)
  11:04 AM: Detected running threat: C:\WINDOWS\SYSTEM32\guard.tmp (ID = 83)
  11:05 AM: Memory Sweep Complete, Elapsed Time: 00:04:16
  11:05 AM: Starting Registry Sweep
  11:05 AM: Found Adware: buddylinks
  11:05 AM: HKLM\software\microsoft\code store database\distribution units\{fddce9ff-1fc6-413c-80b1-37b101fda1d4}\ (14 subtraces) (ID = 105289)
  11:06 AM: Found System Monitor: sc-keylog
  11:06 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\ (6 subtraces) (ID = 140468)
  11:06 AM: Found Adware: wurldmedia
  11:06 AM: HKCR\appid\sostatatl.exe\ (1 subtraces) (ID = 147535)
  11:06 AM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (1 subtraces) (ID = 147536)
  11:06 AM: HKCR\interface\{9603a736-05b9-4d78-bdd5-bdcb0914e522}\ (8 subtraces) (ID = 147565)
  11:06 AM: HKCR\interface\{bc12b055-c9f5-407d-9b66-1851973f32af}\ (8 subtraces) (ID = 147569)
  11:06 AM: Found Adware: marketscore
  11:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{6ac4c165-4857-48cf-9877-65e283dde598}\ (14 subtraces) (ID = 647403)
  11:06 AM: Found Adware: ebates money maker
  11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
  11:06 AM: Found Adware: webrebates
  11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
  11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
  11:06 AM: Found Adware: sidesearch
  11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
  11:06 AM: Registry Sweep Complete, Elapsed Time:00:00:30
  11:06 AM: Starting Cookie Sweep
  11:07 AM: Found Spy Cookie: primaryads cookie
  11:07 AM: [name removed]@1.primaryads[1].txt (ID = 3190)
  11:07 AM: Found Spy Cookie: 3 cookie
  11:07 AM: [name removed]@207.36.3[2].txt (ID = 1960)
  11:07 AM: Found Spy Cookie: qsrch cookie
  11:07 AM: [name removed]@2cool.qsrch[1].txt (ID = 3216)
  11:07 AM: Found Spy Cookie: l2m.net cookie
  11:07 AM: [name removed]@33362002a.l2m[2].txt (ID = 2914)
  11:07 AM: [name removed]@33673508a.l2m[1].txt (ID = 2914)
  11:07 AM: [name removed]@43614673a.l2m[2].txt (ID = 2914)
  11:07 AM: Found Spy Cookie: 64.62.232 cookie
  11:07 AM: [name removed]@64.62.232[2].txt (ID = 1987)
  11:07 AM: [name removed]@64.62.232[3].txt (ID = 1987)
  11:07 AM: Found Spy Cookie: websponsors cookie
  11:07 AM: [name removed]@a.websponsors[1].txt (ID = 3665)
  11:07 AM: Found Spy Cookie: go.com cookie
  11:07 AM: [name removed]@abc.abcnews.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@abc.go[2].txt (ID = 2729)
  11:07 AM: [name removed]@abclocal.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@abcnews.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: about cookie
  11:07 AM: [name removed]@about[2].txt (ID = 2037)
  11:07 AM: Found Spy Cookie: ad-rotator cookie
  11:07 AM: [name removed]@ad-rotator[1].txt (ID = 2051)
  11:07 AM: Found Spy Cookie: yieldmanager cookie
  11:07 AM: [name removed]@ad.yieldmanager[2].txt (ID = 3751)
  11:07 AM: Found Spy Cookie: adecn cookie
  11:07 AM: [name removed]@adecn[2].txt (ID = 2063)
  11:07 AM: Found Spy Cookie: adknowledge cookie
  11:07 AM: [name removed]@adknowledge[1].txt (ID = 2072)
  11:07 AM: Found Spy Cookie: adlegend cookie
  11:07 AM: [name removed]@adlegend[2].txt (ID = 2074)
  11:07 AM: Found Spy Cookie: hbmediapro cookie
  11:07 AM: [name removed]@adopt.hbmediapro[1].txt (ID = 2768)
  11:07 AM: Found Spy Cookie: precisead cookie
  11:07 AM: [name removed]@adopt.precisead[1].txt (ID = 3182)
  11:07 AM: Found Spy Cookie: specificclick.com cookie
  11:07 AM: [name removed]@adopt.specificclick[2].txt (ID = 3400)
  11:07 AM: Found Spy Cookie: adorigin cookie
  11:07 AM: [name removed]@adorigin[2].txt (ID = 2082)
  11:07 AM: Found Spy Cookie: adprofile cookie
  11:07 AM: [name removed]@adprofile[2].txt (ID = 2084)
  11:07 AM: Found Spy Cookie: adrevservice cookie
  11:07 AM: [name removed]@adrevservice[1].txt (ID = 2091)
  11:07 AM: Found Spy Cookie: ads-fr.spray.net cookie
  11:07 AM: [name removed]@ads-fr.spray[1].txt (ID = 2102)
  11:07 AM: [name removed]@ads.adorigin[1].txt (ID = 2083)
  11:07 AM: Found Spy Cookie: ads.businessweek cookie
  11:07 AM: [name removed]@ads.businessweek[1].txt (ID = 2113)
  11:07 AM: Found Spy Cookie: cc214142 cookie
  11:07 AM: [name removed]@ads.cc214142[2].txt (ID = 2367)
  11:07 AM: Found Spy Cookie: gorillanation cookie
  11:07 AM: [name removed]@ads.gorillanation[1].txt (ID = 2744)
  11:07 AM: Found Spy Cookie: ads.infosdunet.firstream.net cookie
  11:07 AM: [name removed]@ads.infosdunet.firstream[1].txt (ID = 2120)
  11:07 AM: Found Spy Cookie: linksponsor cookie
  11:07 AM: [name removed]@ads.linksponsor[1].txt (ID = 2925)
  11:07 AM: [name removed]@ads.specificclick[2].txt (ID = 3400)
  11:07 AM: Found Spy Cookie: ads.techtv.com cookie
  11:07 AM: [name removed]@ads.techtv[1].txt (ID = 2129)
  11:07 AM: Found Spy Cookie: bpath cookie
  11:07 AM: [name removed]@ads15.bpath[1].txt (ID = 2321)
  11:07 AM: [name removed]@ads18.bpath[1].txt (ID = 2321)
  11:07 AM: Found Spy Cookie: affiliate cookie
  11:07 AM: [name removed]@affiliate[1].txt (ID = 2199)
  11:07 AM: [name removed]@ak-sports.espn.go[2].txt (ID = 2729)
  11:07 AM: [name removed]@alcoholism.about[1].txt (ID = 2038)
  11:07 AM: [name removed]@ancienthistory.about[1].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: anm.co.uk cookie
  11:07 AM: [name removed]@anm.co[2].txt (ID = 2223)
  11:07 AM: Found Spy Cookie: ask cookie
  11:07 AM: [name removed]@ask[2].txt (ID = 2245)
  11:07 AM: Found Spy Cookie: belnk cookie
  11:07 AM: [name removed]@ath.belnk[2].txt (ID = 2293)
  11:07 AM: Found Spy Cookie: atwola cookie
  11:07 AM: [name removed]@atwola[1].txt (ID = 2255)
  11:07 AM: Found Spy Cookie: azjmp cookie
  11:07 AM: [name removed]@azjmp[2].txt (ID = 2270)
  11:07 AM: Found Spy Cookie: a cookie
  11:07 AM: [name removed]@a[1].txt (ID = 2027)
  11:07 AM: Found Spy Cookie: inet-traffic.com cookie
  11:07 AM: [name removed]@banner2.inet-traffic[2].txt (ID = 2856)
  11:07 AM: Found Spy Cookie: bannerspace cookie
  11:07 AM: [name removed]@bannerspace[2].txt (ID = 2284)
  11:07 AM: Found Spy Cookie: banners cookie
  11:07 AM: [name removed]@banners[1].txt (ID = 2282)
  11:07 AM: Found Spy Cookie: banner cookie
  11:07 AM: [name removed]@banner[2].txt (ID = 2276)
  11:07 AM: [name removed]@beginnersinvest.about[2].txt (ID = 2038)
  11:07 AM: [name removed]@belnk[1].txt (ID = 2292)
  11:07 AM: Found Spy Cookie: bizrate cookie
  11:07 AM: [name removed]@bizrate[1].txt (ID = 2308)
  11:07 AM: [name removed]@boards.espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@boards.go[2].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: 2o7.net cookie
  11:07 AM: [name removed]@brguest.112.2o7[2].txt (ID = 1958)
  11:07 AM: [name removed]@buycom.122.2o7[1].txt (ID = 1958)
  11:07 AM: Found Spy Cookie: goclick cookie
  11:07 AM: [name removed]@c.goclick[1].txt (ID = 2733)
  11:07 AM: Found Spy Cookie: intelliquest cookie
  11:07 AM: [name removed]@c.intelliquest[1].txt (ID = 2870)
  11:07 AM: Found Spy Cookie: gostats cookie
  11:07 AM: [name removed]@c2.gostats[2].txt (ID = 2748)
  11:07 AM: [name removed]@c3.gostats[2].txt (ID = 2748)
  11:07 AM: Found Spy Cookie: callwave cookie
  11:07 AM: [name removed]@callwave[2].txt (ID = 2342)
  11:07 AM: [name removed]@careerplanning.about[2].txt (ID = 2038)
  11:07 AM: [name removed]@cbs.112.2o7[2].txt (ID = 1958)
  11:07 AM: Found Spy Cookie: ccbill cookie
  11:07 AM: [name removed]@ccbill[2].txt (ID = 2369)
  11:07 AM: Found Spy Cookie: cd freaks cookie
  11:07 AM: [name removed]@cdfreaks[2].txt (ID = 2370)
  11:07 AM: [name removed]@cellphones.about[2].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: classmates cookie
  11:07 AM: [name removed]@classmates[1].txt (ID = 2384)
  11:07 AM: [name removed]@club.cdfreaks[1].txt (ID = 2371)
  11:07 AM: [name removed]@cnn.122.2o7[1].txt (ID = 1958)
  11:07 AM: [name removed]@college.espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@collegeapps.about[2].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: columbiahouse cookie
  11:07 AM: [name removed]@columbiahouse[1].txt (ID = 2443)
  11:07 AM: Found Spy Cookie: commerce cookie
  11:07 AM: [name removed]@Commerce[1].txt (ID = 2451)
  11:07 AM: [name removed]@cornerstone.122.2o7[2].txt (ID = 1958)
  11:07 AM: Found Spy Cookie: adultrevenueservice cookie
  11:07 AM: [name removed]@counterimg1.adultrevenueservice[1].txt (ID = 2168)
  11:07 AM: Found Spy Cookie: counter cookie
  11:07 AM: [name removed]@counter[1].txt (ID = 2477)
  11:07 AM: [name removed]@cratebarrel.112.2o7[2].txt (ID = 1958)
  11:07 AM: Found Spy Cookie: 360i cookie
  11:07 AM: [name removed]@ct.360i[2].txt (ID = 1962)
  11:07 AM: Found Spy Cookie: clickzs cookie
  11:07 AM: [name removed]@cz11.clickzs[2].txt (ID = 2413)
  11:07 AM: [name removed]@cz3.clickzs[1].txt (ID = 2413)
  11:07 AM: [name removed]@cz4.clickzs[1].txt (ID = 2413)
  11:07 AM: [name removed]@cz5.clickzs[2].txt (ID = 2413)
  11:07 AM: [name removed]@cz6.clickzs[2].txt (ID = 2413)
  11:07 AM: [name removed]@cz7.clickzs[2].txt (ID = 2413)
  11:07 AM: [name removed]@cz8.clickzs[1].txt (ID = 2413)
  11:07 AM: [name removed]@cz9.clickzs[1].txt (ID = 2413)
  11:07 AM: Found Spy Cookie: dealtime cookie
  11:07 AM: [name removed]@dealtime[2].txt (ID = 2505)
  11:07 AM: [name removed]@ded.gostats[2].txt (ID = 2748)
  11:07 AM: [name removed]@delivery.inet-traffic[2].txt (ID = 2856)
  11:07 AM: Found Spy Cookie: desktop kazaa cookie
  11:07 AM: [name removed]@desktop.kazaa[2].txt (ID = 2515)
  11:07 AM: [name removed]@desktoppub.about[1].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: did-it cookie
  11:07 AM: [name removed]@did-it[2].txt (ID = 2523)
  11:07 AM: Found Spy Cookie: directtrack cookie
  11:07 AM: [name removed]@directtrack[1].txt (ID = 2527)
  11:07 AM: [name removed]@disney.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@dist.belnk[2].txt (ID = 2293)
  11:07 AM: Found Spy Cookie: dl cookie
  11:07 AM: [name removed]@dl[1].txt (ID = 2529)
  11:07 AM: Found Spy Cookie: rn11 cookie
  11:07 AM: [name removed]@e.rn11[1].txt (ID = 3262)
  11:07 AM: Found Spy Cookie: megago cookie
  11:07 AM: [name removed]@eegad.freeservers[2].txt (ID = 2983)
  11:07 AM: [name removed]@email.about[1].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: pch cookie
  11:07 AM: [name removed]@email.superprize.pch[1].txt (ID = 3124)
  11:07 AM: Found Spy Cookie: emode cookie
  11:07 AM: [name removed]@emode[2].txt (ID = 2603)
  11:07 AM: [name removed]@espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@espnradio.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: exitexchange cookie
  11:07 AM: [name removed]@exitexchange[1].txt (ID = 2633)
  11:07 AM: Found Spy Cookie: fastcompany cookie
  11:07 AM: [name removed]@fastcompany[2].txt (ID = 2655)
  11:07 AM: Found Spy Cookie: fe.lea.lycos.com cookie
  11:07 AM: [name removed]@fe.lea.lycos[1].txt (ID = 2660)
  11:07 AM: [name removed]@games.espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@geography.about[1].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: go2net.com cookie
  11:07 AM: [name removed]@go2net[1].txt (ID = 2730)
  11:07 AM: [name removed]@gonyc.about[1].txt (ID = 2038)
  11:07 AM: [name removed]@gorillanation[2].txt (ID = 2746)
  11:07 AM: [name removed]@gostats[2].txt (ID = 2747)
  11:07 AM: Found Spy Cookie: gotoast cookie
  11:07 AM: [name removed]@gotoast[2].txt (ID = 2751)
  11:07 AM: [name removed]@go[1].txt (ID = 2728)
  11:07 AM: [name removed]@go[2].txt (ID = 2728)
  11:07 AM: [name removed]@go[3].txt (ID = 2728)
  11:07 AM: [name removed]@go[4].txt (ID = 2728)
  11:07 AM: [name removed]@go[5].txt (ID = 2728)
  11:07 AM: [name removed]@go[6].txt (ID = 2728)
  11:07 AM: [name removed]@go[7].txt (ID = 2728)
  11:07 AM: [name removed]@go[8].txt (ID = 2728)
  11:07 AM: [name removed]@go[9].txt (ID = 2728)
  11:07 AM: Found Spy Cookie: starware.com cookie
  11:07 AM: [name removed]@h.starware[1].txt (ID = 3442)
  11:07 AM: [name removed]@highbeam.122.2o7[2].txt (ID = 1958)
  11:07 AM: Found Spy Cookie: clickandtrack cookie
  11:07 AM: [name removed]@hits.clickandtrack[2].txt (ID = 2397)
  11:07 AM: Found Spy Cookie: homestore cookie
  11:07 AM: [name removed]@homestore[1].txt (ID = 2793)
  11:07 AM: [name removed]@honeymoons.about[1].txt (ID = 2038)
  11:07 AM: [name removed]@humor.about[1].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: ic-live cookie
  11:07 AM: [name removed]@ic-live[1].txt (ID = 2821)
  11:07 AM: Found Spy Cookie: infoaccumailâ*cookie
  11:07 AM: [name removed]@info.accumail[2].txt (ID = 2862)
  11:07 AM: Found Spy Cookie: infospace cookie
  11:07 AM: [name removed]@infospace[1].txt (ID = 2865)
  11:07 AM: [name removed]@insider.espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@interiordec.about[1].txt (ID = 2038)
  11:07 AM: [name removed]@jcrew.112.2o7[2].txt (ID = 1958)
  11:07 AM: [name removed]@jobsearchtech.about[2].txt (ID = 2038)
  11:07 AM: Found Spy Cookie: kazaalite cookie
  11:07 AM: [name removed]@kazaalite[1].txt (ID = 2895)
  11:07 AM: Found Spy Cookie: kount cookie
  11:07 AM: [name removed]@kount[2].txt (ID = 2911)
  11:07 AM: [name removed]@l2m[1].txt (ID = 2913)
  11:07 AM: Found Spy Cookie: tripod cookie
  11:07 AM: [name removed]@loverslanes2.tripod[2].txt (ID = 3592)
  11:07 AM: Found Spy Cookie: ugo cookie
  11:07 AM: [name removed]@mediamgr.ugo[2].txt (ID = 3609)
  11:07 AM: [name removed]@megadirectory.ask[2].txt (ID = 2246)
  11:07 AM: Found Spy Cookie: metareward.com cookie
  11:07 AM: [name removed]@metareward[1].txt (ID = 2990)
  11:07 AM: [name removed]@movietimes.disney.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: mp3downloadhq cookie
  11:07 AM: [name removed]@mp3downloadhq[1].txt (ID = 3014)
  11:07 AM: Found Spy Cookie: mrskin cookie
  11:07 AM: [name removed]@mrskin[1].txt (ID = 3020)
  11:07 AM: [name removed]@msn.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: touchclarity cookie
  11:07 AM: [name removed]@msn.touchclarity[1].txt (ID = 3566)
  11:07 AM: [name removed]@msnportal.112.2o7[2].txt (ID = 1958)
  11:07 AM: [name removed]@mutualfunds.about[1].txt (ID = 2038)
  11:07 AM: [name removed]@my.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: nextag cookie
  11:07 AM: [name removed]@nextag[2].txt (ID = 5014)
  11:07 AM: Found Spy Cookie: netratingsselect cookie
  11:07 AM: [name removed]@nnselect[2].txt (ID = 3065)
  11:07 AM: Found Spy Cookie: freestats.net cookie
  11:07 AM: [name removed]@nytix.freestats[1].txt (ID = 2705)
  11:07 AM: Found Spy Cookie: offeroptimizer cookie
  11:07 AM: [name removed]@offeroptimizer[2].txt (ID = 3087)
  11:07 AM: [name removed]@offersquest.directtrack[2].txt (ID = 2528)
  11:07 AM: Found Spy Cookie: one-time-offer cookie
  11:07 AM: [name removed]@one-time-offer[1].txt (ID = 3095)
  11:07 AM: Found Spy Cookie: tvguide cookie
  11:07 AM: [name removed]@online.tvguide[1].txt (ID = 3600)
  11:07 AM: Found Spy Cookie: outster cookie
  11:07 AM: [name removed]@outster[2].txt (ID = 3103)
  11:07 AM: Found Spy Cookie: wtlive.com cookie
  11:07 AM: [name removed]@p.wtlive[1].txt (ID = 3700)
  11:07 AM: [name removed]@partypoker.touchclarity[1].txt (ID = 3567)
  11:07 AM: Found Spy Cookie: partypoker cookie
  11:07 AM: [name removed]@partypoker[1].txt (ID = 3111)
  11:07 AM: [name removed]@pittsburgh.about[2].txt (ID = 2038)
  11:07 AM: [name removed]@politicalhumor.about[2].txt (ID = 2038)
  11:07 AM: [name removed]@polo.112.2o7[1].txt (ID = 1958)
  11:07 AM: Found Spy Cookie: mircx cookie
  11:07 AM: [name removed]@pop.mircx[1].txt (ID = 2998)
  11:07 AM: Found Spy Cookie: popups.infostart cookie
  11:07 AM: [name removed]@popups.infostart[1].txt (ID = 3159)
  11:07 AM: Found Spy Cookie: pricegrabber cookie
  11:07 AM: [name removed]@pricegrabber[2].txt (ID = 3185)
  11:07 AM: [name removed]@proxy.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: pub cookie
  11:07 AM: [name removed]@pub[2].txt (ID = 3205)
  11:07 AM: [name removed]@r.espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@rapidresponse.directtrack[2].txt (ID = 2528)
  11:07 AM: Found Spy Cookie: rb4.ampland cookie
  11:07 AM: [name removed]@rb4.ampland[1].txt (ID = 3229)
  11:07 AM: Found Spy Cookie: rc cookie
  11:07 AM: [name removed]@rc[2].txt (ID = 3231)
  11:07 AM: [name removed]@rc[3].txt (ID = 3231)
  11:07 AM: [name removed]@rc[4].txt (ID = 3231)
  11:07 AM: [name removed]@register.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: reunion cookie
  11:07 AM: [name removed]@reunion[1].txt (ID = 3255)
  11:07 AM: Found Spy Cookie: rightmedia cookie
  11:07 AM: [name removed]@rightmedia[2].txt (ID = 3259)
  11:07 AM: Found Spy Cookie: adjuggler cookie
  11:07 AM: [name removed]@rotator.adjuggler[2].txt (ID = 2071)
  11:07 AM: [name removed]@rsi.espn.go[1].txt (ID = 2729)
  11:07 AM: [name removed]@rsi.tvguide[1].txt (ID = 3600)
  11:07 AM: [name removed]@sdc.tvguide[1].txt (ID = 3600)
  11:07 AM: [name removed]@search.disney.go[2].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: search123 cookie
  11:07 AM: [name removed]@search123[1].txt (ID = 3305)
  11:07 AM: [name removed]@sendtofriend.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: adscpm cookie
  11:07 AM: [name removed]@servedby.adscpm[1].txt (ID = 2137)
  11:07 AM: Found Spy Cookie: web-stat cookie
  11:07 AM: [name removed]@server3.web-stat[2].txt (ID = 3649)
  11:07 AM: Found Spy Cookie: servlet cookie
  11:07 AM: [name removed]@servlet[1].txt (ID = 3345)
  11:07 AM: [name removed]@servlet[2].txt (ID = 3345)
  11:07 AM: [name removed]@servlet[3].txt (ID = 3345)
  11:07 AM: Found Spy Cookie: smni cookie
  11:07 AM: [name removed]@smni[2].txt (ID = 3389)
  11:07 AM: Found Spy Cookie: specificpop cookie
  11:07 AM: [name removed]@specificpop[2].txt (ID = 3401)
  11:07 AM: [name removed]@sports-att.espn.go[2].txt (ID = 2729)
  11:07 AM: [name removed]@sports.espn.go[2].txt (ID = 2729)
  11:07 AM: [name removed]@stat.dealtime[2].txt (ID = 2506)
  11:07 AM: Found Spy Cookie: stats.klsoft.com cookie
  11:07 AM: [name removed]@stats.klsoft[1].txt (ID = 3451)
  11:07 AM: Found Spy Cookie: swc cookie
  11:07 AM: [name removed]@swc[1].txt (ID = 3477)
  11:07 AM: [name removed]@tcmen.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: toplist cookie
  11:07 AM: [name removed]@toplist[2].txt (ID = 3557)
  11:07 AM: Found Spy Cookie: tracking cookie
  11:07 AM: [name removed]@tracking[2].txt (ID = 3571)
  11:07 AM: [name removed]@tracking[3].txt (ID = 3571)
  11:07 AM: Found Spy Cookie: trb.com cookie
  11:07 AM: [name removed]@trb[1].txt (ID = 3587)
  11:07 AM: [name removed]@tvguide[1].txt (ID = 3599)
  11:07 AM: Found Spy Cookie: uproar cookie
  11:07 AM: [name removed]@uproar[1].txt (ID = 3612)
  11:07 AM: [name removed]@visualbasic.about[1].txt (ID = 2038)
  11:07 AM: [name removed]@wb11.trb[2].txt (ID = 3588)
  11:07 AM: Found Spy Cookie: webpower cookie
  11:07 AM: [name removed]@webpower[2].txt (ID = 3660)
  11:07 AM: Found Spy Cookie: wirefly cookie
  11:07 AM: [name removed]@wirefly[1].txt (ID = 3693)
  11:07 AM: [name removed]@wireless.tvguide[1].txt (ID = 3600)
  11:07 AM: Found Spy Cookie: ademails.com cookie
  11:07 AM: [name removed]@www.ademails[2].txt (ID = 2066)
  11:07 AM: Found Spy Cookie: adminder cookie
  11:07 AM: [name removed]@www.adminder[1].txt (ID = 2079)
  11:07 AM: Found Spy Cookie: adshooter cookie
  11:07 AM: [name removed]@www.adshooter[1].txt (ID = 2150)
  11:07 AM: Found Spy Cookie: affiliatefuel.com cookie
  11:07 AM: [name removed]@www.affiliatefuel[2].txt (ID = 2202)
  11:07 AM: Found Spy Cookie: buzztone cookie
  11:07 AM: [name removed]@www.buzztone[2].txt (ID = 2339)
  11:07 AM: [name removed]@www.callwave[1].txt (ID = 2343)
  11:07 AM: Found Spy Cookie: ebates cookie
  11:07 AM: [name removed]@www.ebates[2].txt (ID = 2558)
  11:07 AM: [name removed]@www.emode[1].txt (ID = 2604)
  11:07 AM: [name removed]@www.espn.go[1].txt (ID = 2729)
  11:07 AM: Found Spy Cookie: hermoment.com cookie
  11:07 AM: [name removed]@www.hermoment[1].txt (ID = 2774)
  11:07 AM: Found Spy Cookie: hitboss.com cookie
  11:07 AM: [name removed]@www.hitboss[1].txt (ID = 2782)
  11:07 AM: [name removed]@www.metareward[1].txt (ID = 2991)
  11:07 AM: [name removed]@www.mikes-house-of-cartoons.freeservers[2].txt (ID = 2983)
  11:07 AM: Found Spy Cookie: mp3s hits cookie
  11:07 AM: [name removed]@www.mp3****s[1].txt (ID = 3019)
  11:07 AM: [name removed]@www.pch[1].txt (ID = 3124)
  11:07 AM: Found Spy Cookie: redzip cookie
  11:07 AM: [name removed]@www.redzip[1].txt (ID = 3250)
  11:07 AM: Found Spy Cookie: seeq cookie
  11:07 AM: [name removed]@www.seeq[1].txt (ID = 3332)
  11:07 AM: Found Spy Cookie: starpulse cookie
  11:07 AM: [name removed]@www.starpulse[2].txt (ID = 3440)
  11:07 AM: [name removed]@www.starware[1].txt (ID = 3442)
  11:07 AM: Found Spy Cookie: navexcel cookie
  11:07 AM: [name removed]@www.trustedsearch[1].txt (ID = 3060)
  11:07 AM: [name removed]@www.tvguide[1].txt (ID = 3600)
  11:07 AM: [name removed]@www.web-stat[1].txt (ID = 3649)
  11:07 AM: [name removed]@www.wirefly[2].txt (ID = 3694)
  11:07 AM: Found Spy Cookie: xzoomy cookie
  11:07 AM: [name removed]@www.xzoomy[2].txt (ID = 3742)
  11:07 AM: [name removed]@www48.seeq[1].txt (ID = 3332)
  11:07 AM: Found Spy Cookie: xiti cookie
  11:07 AM: [name removed]@xiti[2].txt (ID = 3717)
  11:07 AM: Found Spy Cookie: xren_cj cookie
  11:07 AM: [name removed]@xren_cj[1].txt (ID = 3723)
  11:07 AM: Found Spy Cookie: yadro cookie
  11:07 AM: [name removed]@yadro[1].txt (ID = 3743)
  11:07 AM: [email]system@buycom.122.2o7[1].txt (ID = 1958)
  11:07 AM: [/email][email]system@nextag[1].txt (ID = 5014)
  11:07 AM: [/email][email]system@one-time-offer[2].txt (ID = 3095)
  11:07 AM: [/email][email]system@pricegrabber[1].txt (ID = 3185)
  11:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:51
  11:07 AM: Starting File Sweep
  11:09 AM: Found Adware: targetsaver
  11:09 AM: tsupdate_4_0_3_9_b2.exe (ID = 78281)
  11:09 AM: vocabulary (ID = 78283)
  11:14 AM: glf201glf201.exe (ID = 166444)
  11:17 AM: game_dl.exe (ID = 52005)
  11:22 AM: The Spy Communication shield has blocked access to: [/email]www.ad-w-a-r-e.com
  11:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:28 AM: Found Adware: navexcel navhelper
  11:28 AM: da908ce2-30ce-4beb-8e6c-35654a (ID = 70376)
  11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:34 AM: mobupd.exe (ID = 121220)
  11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:37 AM: game_install.exe (ID = 52006)
  11:37 AM: a0143367.exe (ID = 78276)
  11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:38 AM: class-barrel (ID = 78229)
  11:38 AM: Found Adware: cydoor peer-to-peer dependency
  11:38 AM: cd_clint.dll (ID = 57300)
  11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:43 AM: Found Adware: gain-supported software
  11:43 AM: bundle.inf (ID = 61287)
  11:43 AM: Found Adware: twain-tech
  11:43 AM: polmx.inf (ID = 81856)
  11:43 AM: twaintec.inf (ID = 81888)
  11:43 AM: Found Adware: directrevenue-abetterinternet
  11:43 AM: alchem.inf (ID = 83109)
  11:43 AM: alchem.ini (ID = 83112)
  11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:43 AM: poltt.inf (ID = 83432)
  11:43 AM: poltt.inf (ID = 83432)
  11:43 AM: twaintec.inf (ID = 81889)
  11:43 AM: Warning: Unhandled Archive Type
  11:43 AM: Warning: Unhandled Archive Type
  11:43 AM: Warning: Unhandled Archive Type
  11:43 AM: Warning: Unhandled Archive Type
  11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:44 AM: File Sweep Complete, Elapsed Time: 00:37:42
  11:44 AM: Full Sweep has completed. Elapsed time 00:43:25
  11:44 AM: Traces Found: 341
  11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:45 AM: Removal process initiated
  11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
  11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
  11:46 AM: Quarantining All Traces: directrevenue-abetterinternet
  11:46 AM: Quarantining All Traces: icannnews
  11:46 AM: icannnews is in use. It will be removed on reboot.
  11:46 AM: C:\WINDOWS\SYSTEM32\n02ulaf91d2.dll is in use. It will be removed on reboot.
  11:46 AM: C:\WINDOWS\SYSTEM32\cbsNOL22.dll is in use. It will be removed on reboot.
  11:46 AM: C:\WINDOWS\SYSTEM32\guard.tmp is in use. It will be removed on reboot.
  11:46 AM: Quarantining All Traces: sc-keylog
  11:46 AM: Quarantining All Traces: gain-supported software
  11:46 AM: Quarantining All Traces: marketscore
  11:46 AM: Quarantining All Traces: sidesearch
  11:46 AM: Quarantining All Traces: buddylinks
  11:46 AM: Quarantining All Traces: cydoor peer-to-peer dependency
  11:46 AM: Quarantining All Traces: ebates money maker
  11:46 AM: Quarantining All Traces: navexcel navhelper
  11:46 AM: Quarantining All Traces: targetsaver
  11:47 AM: Quarantining All Traces: twain-tech
  11:47 AM: Quarantining All Traces: webrebates
  11:47 AM: Quarantining All Traces: wurldmedia
  11:47 AM: Quarantining All Traces: 2o7.net cookie
  11:47 AM: Quarantining All Traces: 3 cookie
  11:47 AM: Quarantining All Traces: 360i cookie
  11:47 AM: Quarantining All Traces: 64.62.232 cookie
  11:47 AM: Quarantining All Traces: a cookie
  11:47 AM: Quarantining All Traces: about cookie
  11:47 AM: Quarantining All Traces: adecn cookie
  11:47 AM: Quarantining All Traces: ademails.com cookie
  11:47 AM: Quarantining All Traces: adjuggler cookie
  11:47 AM: Quarantining All Traces: adknowledge cookie
  11:47 AM: Quarantining All Traces: adlegend cookie
  11:47 AM: Quarantining All Traces: adminder cookie
  11:47 AM: Quarantining All Traces: adorigin cookie
  11:47 AM: Quarantining All Traces: adprofile cookie
  11:47 AM: Quarantining All Traces: adrevservice cookie
  11:47 AM: Quarantining All Traces: ad-rotator cookie
  11:47 AM: Quarantining All Traces: ads.businessweek cookie
  11:47 AM: Quarantining All Traces: ads.infosdunet.firstream.net cookie
  11:47 AM: Quarantining All Traces: ads.techtv.com cookie
  11:47 AM: Quarantining All Traces: adscpm cookie
  11:47 AM: Quarantining All Traces: ads-fr.spray.net cookie
  11:47 AM: Quarantining All Traces: adshooter cookie
  11:47 AM: Quarantining All Traces: adultrevenueservice cookie
  11:47 AM: Quarantining All Traces: affiliate cookie
  11:47 AM: Quarantining All Traces: affiliatefuel.com cookie
  11:47 AM: Quarantining All Traces: anm.co.uk cookie
  11:47 AM: Quarantining All Traces: ask cookie
  11:47 AM: Quarantining All Traces: atwola cookie
  11:47 AM: Quarantining All Traces: azjmp cookie
  11:47 AM: Quarantining All Traces: banner cookie
  11:47 AM: Quarantining All Traces: banners cookie
  11:47 AM: Quarantining All Traces: bannerspace cookie
  11:47 AM: Quarantining All Traces: belnk cookie
  11:47 AM: Quarantining All Traces: bizrate cookie
  11:47 AM: Quarantining All Traces: bpath cookie
  11:47 AM: Quarantining All Traces: buzztone cookie
  11:47 AM: Quarantining All Traces: callwave cookie
  11:47 AM: Quarantining All Traces: cc214142 cookie
  11:47 AM: Quarantining All Traces: ccbill cookie
  11:47 AM: Quarantining All Traces: cd freaks cookie
  11:47 AM: Quarantining All Traces: classmates cookie
  11:47 AM: Quarantining All Traces: clickandtrack cookie
  11:47 AM: Quarantining All Traces: clickzs cookie
  11:47 AM: Quarantining All Traces: columbiahouse cookie
  11:47 AM: Quarantining All Traces: commerce cookie
  11:47 AM: Quarantining All Traces: counter cookie
  11:47 AM: Quarantining All Traces: dbbsrv cookie
  11:47 AM: Quarantining All Traces: dealtime cookie
  11:47 AM: Quarantining All Traces: desktop kazaa cookie
  11:47 AM: Quarantining All Traces: did-it cookie
  11:47 AM: Quarantining All Traces: directtrack cookie
  11:47 AM: Quarantining All Traces: dl cookie
  11:47 AM: Quarantining All Traces: ebates cookie
  11:47 AM: Quarantining All Traces: emode cookie
  11:47 AM: Quarantining All Traces: exitexchange cookie
  11:47 AM: Quarantining All Traces: fastcompany cookie
  11:47 AM: Quarantining All Traces: fe.lea.lycos.com cookie
  11:47 AM: Quarantining All Traces: freestats.net cookie
  11:47 AM: Quarantining All Traces: go.com cookie
  11:47 AM: Quarantining All Traces: go2net.com cookie
  11:47 AM: Quarantining All Traces: goclick cookie
  11:47 AM: Quarantining All Traces: gorillanation cookie
  11:47 AM: Quarantining All Traces: gostats cookie
  11:47 AM: Quarantining All Traces: gotoast cookie
  11:47 AM: Quarantining All Traces: hbmediapro cookie
  11:47 AM: Quarantining All Traces: hermoment.com cookie
  11:47 AM: Quarantining All Traces: hitboss.com cookie
  11:47 AM: Quarantining All Traces: homestore cookie
  11:47 AM: Quarantining All Traces: ic-live cookie
  11:47 AM: Quarantining All Traces: inet-traffic.com cookie
  11:47 AM: Quarantining All Traces: infoaccumailâ*cookie
  11:47 AM: Quarantining All Traces: infospace cookie
  11:47 AM: Quarantining All Traces: intelliquest cookie
  11:47 AM: Quarantining All Traces: kazaalite cookie
  11:47 AM: Quarantining All Traces: kount cookie
  11:47 AM: Quarantining All Traces: l2m.net cookie
  11:47 AM: Quarantining All Traces: linksponsor cookie
  11:47 AM: Quarantining All Traces: megago cookie
  11:47 AM: Quarantining All Traces: metareward.com cookie
  11:47 AM: Quarantining All Traces: mircx cookie
  11:47 AM: Quarantining All Traces: mp3downloadhq cookie
  11:47 AM: Quarantining All Traces: mp3s hits cookie
  11:47 AM: Quarantining All Traces: mrskin cookie
  11:47 AM: Quarantining All Traces: navexcel cookie
  11:47 AM: Quarantining All Traces: netratingsselect cookie
  11:47 AM: Quarantining All Traces: nextag cookie
  11:47 AM: Quarantining All Traces: offeroptimizer cookie
  11:47 AM: Quarantining All Traces: one-time-offer cookie
  11:47 AM: Quarantining All Traces: outster cookie
  11:47 AM: Quarantining All Traces: partypoker cookie
  11:47 AM: Quarantining All Traces: pch cookie
  11:47 AM: Quarantining All Traces: popups.infostart cookie
  11:47 AM: Quarantining All Traces: precisead cookie
  11:47 AM: Quarantining All Traces: pricegrabber cookie
  11:47 AM: Quarantining All Traces: primaryads cookie
  11:47 AM: Quarantining All Traces: pub cookie
  11:47 AM: Quarantining All Traces: qsrch cookie
  11:47 AM: Quarantining All Traces: rb4.ampland cookie
  11:47 AM: Quarantining All Traces: rc cookie
  11:47 AM: Quarantining All Traces: redzip cookie
  11:47 AM: Quarantining All Traces: reunion cookie
  11:47 AM: Quarantining All Traces: rightmedia cookie
  11:47 AM: Quarantining All Traces: rn11 cookie
  11:47 AM: Quarantining All Traces: search123 cookie
  11:47 AM: Quarantining All Traces: seeq cookie
  11:47 AM: Quarantining All Traces: servlet cookie
  11:47 AM: Quarantining All Traces: smni cookie
  11:47 AM: Quarantining All Traces: specificclick.com cookie
  11:47 AM: Quarantining All Traces: specificpop cookie
  11:47 AM: Quarantining All Traces: starpulse cookie
  11:47 AM: Quarantining All Traces: starware.com cookie
  11:47 AM: Quarantining All Traces: stats.klsoft.com cookie
  11:47 AM: Quarantining All Traces: swc cookie
  11:47 AM: Quarantining All Traces: toplist cookie
  11:47 AM: Quarantining All Traces: touchclarity cookie
  11:47 AM: Quarantining All Traces: tracking cookie
  11:47 AM: Quarantining All Traces: trb.com cookie
  11:47 AM: Quarantining All Traces: tripod cookie
  11:47 AM: Quarantining All Traces: tvguide cookie
  11:47 AM: Quarantining All Traces: ugo cookie
  11:47 AM: Quarantining All Traces: uproar cookie
  11:47 AM: Quarantining All Traces: webpower cookie
  11:47 AM: Quarantining All Traces: websponsors cookie
  11:47 AM: Quarantining All Traces: web-stat cookie
  11:47 AM: Quarantining All Traces: wirefly cookie
  11:47 AM: Quarantining All Traces: wtlive.com cookie
  11:47 AM: Quarantining All Traces: xiti cookie
  11:47 AM: Quarantining All Traces: xren_cj cookie
  11:47 AM: Quarantining All Traces: xzoomy cookie
  11:47 AM: Quarantining All Traces: yadro cookie
  11:47 AM: Quarantining All Traces: yieldmanager cookie
  11:47 AM: Warning: Timed out waiting for explorer.exe
  11:47 AM: Warning: Timed out waiting for explorer.exe
  11:47 AM: Warning: Timed out waiting for explorer.exe
  11:47 AM: Warning: Quarantine process could not restart Explorer.
  11:47 AM: Warning: Failed to quarantine registry items for: S-1-5-21-670792205-2346120412-70523582-500
  11:48 AM: Removal process completed. Elapsed time 00:02:49
  ********
  10:59 AM: | Start of Session, Tuesday, November 15, 2005 |
  10:59 AM: Spy Sweeper started
  10:59 AM: Your spyware definitions have been updated.
  11:01 AM: | End of Session, Tuesday, November 15, 2005 |
  
  I will post another message in a few seconds with my fresh hijackthis log, as my original message with both the SpySweeper log and the hijackthislog is too long (> 50,000 characters).

  0
• acechamp

  November 2005 edited November 2005

  And here is my fresh hijackthis log:
  
  Logfile of HijackThis v1.99.1
  Scan saved at 11:55:52 AM, on 11/15/2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  C:\Program Files\Symantec AntiVirus\DefWatch.exe
  C:\PROGRA~1\Iomega\System32\AppServices.exe
  C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  C:\WINDOWS\wanmpsvc.exe
  C:\Program Files\Iomega\AutoDisk\ADService.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
  C:\Program Files\UltraMon\UltraMon.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\PROGRA~1\SYMANT~1\VPTray.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\WINDOWS\System32\tbctray.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\WinTV\Ir.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\Program Files\QM\QM.EXE
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  C:\WINDOWS\explorer.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\UltraMon\UltraMonTaskbar.exe
  C:\WINDOWS\system32\msiexec.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
  C:\WINDOWS\system32\MSTMON_Q.EXE
  C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
  C:\WINDOWS\System32\tbctray.exe
  C:\Program Files\WinTV\Ir.exe
  C:\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
  O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
  O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
  O4 - Global Startup: QM.lnk = C:\Program Files\QM\QM.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://chat.1800flowers.com/netagent/objects/emagic.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
  O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/023699e413368da0f801/netzip/RdxIE2.cab
  O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
  O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
  O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
  O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
  O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
  O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
  O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  O23 - Service: CallAttendant Home Service (CallAttendant) - Unknown owner - C:\Program Files\ObjectWorld\CallAttendant Home\Bin\CAServer.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
  O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
  O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  
  And now I am going to restart my computer to have SpySweeper remove the threats it detected that cannot be removed until I restart...

  0
• Crunchie Mandurah. Western Australia. Member

  November 2005 edited November 2005

  Can you please do the following.
  
  ===============
  
  Run HiJackThis, click "Scan", then check(tick) the following, if present:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  
  O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
  
  O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/mini...ransporter.cab?
  O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/023699e413368d...tzip/RdxIE2.cab
  O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/mini...uginstaller.cab
  
  
  Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
  
  ===============
  
  To help protect your system from hostile ActiveX content, or special 'downloadable' files:
  
  Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:
  
  1) Check for any available updates; if present, they'll be automatically downloaded and installed.
  2) Next, "Enable all protection".
  3) Exit the program.
  
  -
  
  Note: Remember to regularly check for updates.
  
  ===============
  
  After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

  0
• acechamp

  November 2005 edited November 2005

  My PC seems to be clean from the popups/adware! Thank you SO much! The only thing is that Norton Virus scan detects Adware.Look2Me in C:\system volume information\_restore{21d7d692-4662-421f-93b0-877bc3820711}\rp1025\a0143449.dll. I am thinking maybe this has to do with the fact that using System Restore to restore my computer to a previous point would reinstate the Adware? I'm not positive though, so please let me know if there's anything I should do about that. Anyway, below is new, hopefully clean, log:
  
  Logfile of HijackThis v1.99.1
  Scan saved at 6:43:47 PM, on 11/15/2005
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  C:\WINDOWS\system32\LEXBCES.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\system32\LEXPPS.EXE
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\Logitech\iTouch\iTouch.exe
  C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
  C:\Program Files\UltraMon\UltraMon.exe
  C:\Program Files\iTunes\iTunesHelper.exe
  C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
  C:\PROGRA~1\SYMANT~1\VPTray.exe
  C:\Program Files\Common Files\Symantec Shared\ccApp.exe
  C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
  C:\WINDOWS\System32\tbctray.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\WinTV\Ir.exe
  C:\Program Files\QM\QM.EXE
  C:\Program Files\UltraMon\UltraMonTaskbar.exe
  C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
  C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  C:\Program Files\Symantec AntiVirus\DefWatch.exe
  C:\PROGRA~1\Iomega\System32\AppServices.exe
  C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
  C:\Program Files\NavNT\rtvscan.exe
  C:\WINDOWS\System32\nvsvc32.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  C:\WINDOWS\wanmpsvc.exe
  C:\Program Files\Iomega\AutoDisk\ADService.exe
  C:\Program Files\iPod\bin\iPodService.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\wuauclt.exe
  C:\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
  O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
  O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
  O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
  O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
  O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
  O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
  O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
  O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
  O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
  O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
  O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
  O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
  O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
  O4 - Global Startup: QM.lnk = C:\Program Files\QM\QM.EXE
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
  O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
  O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
  O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://chat.1800flowers.com/netagent/objects/emagic.cab
  O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
  O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
  O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
  O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
  O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
  O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
  O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
  O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
  O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
  O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
  O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
  O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
  O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
  O23 - Service: CallAttendant Home Service (CallAttendant) - Unknown owner - C:\Program Files\ObjectWorld\CallAttendant Home\Bin\CAServer.exe
  O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
  O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
  O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
  O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
  O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
  O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
  O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
  O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
  O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
  O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
  
  
  Also, is there anywhere I can find the alg.exe file that my computer is missing? I accidentally deleted it a while back, I think, and don't know where I can find another copy. I've read it's a critical system file, so I'm thinking I need it? Thanks...

  0
• Crunchie Mandurah. Western Australia. Member

  November 2005 edited November 2005

  If you have your XP CD you should be able to do an 'over the top' re-install to restore the file alg.exe. Otherwise you may be able to download it from the web?
  
  ==
  
  Congratulations! Your log looks clean - good work!
  
  ===============
  
  Now that your PC is clean you need to follow these easy steps to keeping it this way:
  
  Secure your Internet Explorer by going here and following the instructions there.
  
  Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
  
  Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.
  
  Install and keep updated, Ad-Aware SE, and Spybot S&D.
  Run them both on a regular basis, following the manufacturer's recommendations.
  
  Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
  
  Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
  
  
  Clear your Temp folders.
  Clear out your Temporary internet files and other temp files.
  Go to Start > Settings > Control Panel >Internet Options.
  Under the General tab click the Delete temporary internet files,
  delete all Offline content as well. Clear out Cookies.
  
  Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
  
  Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
  
  C:\Documents and Settings\username\Local Settings\Temp\
  
  In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
  
  Empty the Recycle Bin.
  
  For XP users.
  After something like this it is a good idea to Flush the Restore Points and start fresh.
  To flush the XP system Restore Points.
  
  Go to Start>Run and type msconfig. Press enter.
  
  When msconfig opens, click the Launch System Restore Button.
  On the next page, click the System Restore Settings link on the left.
  
  Check the box labelled 'Turn off System restore'.
  
  Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
  
  Note that all previous restore points will be lost.
  
  ===============
  
  If you have any more problems, post back.
  
  -
  
  Happy surfing,
  
  crunchie.

  0