Options

Guard.temp Virus

Unknown
edited November 2005 in Spyware & Virus Removal
I believe I have a Trojan virus. Norton pops up with guard.tmp and a few other files it finds infected. I have tried various programs to remove this virus, but without any luck ... and then I came upon this site. As instructed, I ran and removed all spyware that both Ad-Aware and Spybot Search&Destroy found. I downloaded Hijack This and below is my log. Any help would be greatly appreciated. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 2:38:12 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\system32\MSTMON_Q.EXE
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QM\QM.EXE
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: QM.lnk = C:\Program Files\QM\QM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://chat.1800flowers.com/netagent/objects/emagic.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/023699e413368da0f801/netzip/RdxIE2.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\n02ulaf91d2.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CallAttendant Home Service (CallAttendant) - Unknown owner - C:\Program Files\ObjectWorld\CallAttendant Home\Bin\CAServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Comments

  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2005
    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    Click the Free Trial link under to "SpySweeper" to download the program.
    Install it. Once the program is installed, it will open.
    It will prompt you to update to the latest definitions, click Yes.
    Once the definitions are installed, click Options on the left side.
    Click the Sweep Options tab.
    Under What to Sweep please put a check next to the following:
    Sweep Memory
    Sweep Registry
    Sweep Cookies
    Sweep All User Accounts
    Enable Direct Disk Sweeping
    Sweep Contents of Compressed Files
    Sweep for Rootkits
    Please UNCHECK Do not Sweep System Restore Folder.
    Click Sweep Now on the left side.
    Click the Start button.
    When it's done scanning, click the Next button.
    Make sure everything has a check next to it, then click the Next button.
    It will remove all of the items found.
    Click Session Log in the upper right corner, copy everything in that window.
    Click the Summary tab and click Finish.
    Paste the contents of the session log you copied into your next reply, with a fresh hijackthis log.
  • acechamp
    edited November 2005
    Thanks ... below is my very long Spy Sweeper session log:

    ********
    11:01 AM: | Start of Session, Tuesday, November 15, 2005 |
    11:01 AM: Spy Sweeper started
    11:01 AM: Sweep initiated using definitions version 573
    11:01 AM: Starting Memory Sweep
    11:02 AM: Found Adware: icannnews
    11:02 AM: Detected running threat: C:\WINDOWS\SYSTEM32\n02ulaf91d2.dll (ID = 83)
    11:04 AM: Detected running threat: C:\WINDOWS\SYSTEM32\cbsNOL22.dll (ID = 83)
    11:04 AM: Detected running threat: C:\WINDOWS\SYSTEM32\guard.tmp (ID = 83)
    11:05 AM: Memory Sweep Complete, Elapsed Time: 00:04:16
    11:05 AM: Starting Registry Sweep
    11:05 AM: Found Adware: buddylinks
    11:05 AM: HKLM\software\microsoft\code store database\distribution units\{fddce9ff-1fc6-413c-80b1-37b101fda1d4}\ (14 subtraces) (ID = 105289)
    11:06 AM: Found System Monitor: sc-keylog
    11:06 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\explorer\ (6 subtraces) (ID = 140468)
    11:06 AM: Found Adware: wurldmedia
    11:06 AM: HKCR\appid\sostatatl.exe\ (1 subtraces) (ID = 147535)
    11:06 AM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (1 subtraces) (ID = 147536)
    11:06 AM: HKCR\interface\{9603a736-05b9-4d78-bdd5-bdcb0914e522}\ (8 subtraces) (ID = 147565)
    11:06 AM: HKCR\interface\{bc12b055-c9f5-407d-9b66-1851973f32af}\ (8 subtraces) (ID = 147569)
    11:06 AM: Found Adware: marketscore
    11:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{6ac4c165-4857-48cf-9877-65e283dde598}\ (14 subtraces) (ID = 647403)
    11:06 AM: Found Adware: ebates money maker
    11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
    11:06 AM: Found Adware: webrebates
    11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
    11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
    11:06 AM: Found Adware: sidesearch
    11:06 AM: HKU\S-1-5-21-670792205-2346120412-70523582-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
    11:06 AM: Registry Sweep Complete, Elapsed Time:00:00:30
    11:06 AM: Starting Cookie Sweep
    11:07 AM: Found Spy Cookie: primaryads cookie
    11:07 AM: [name removed]@1.primaryads[1].txt (ID = 3190)
    11:07 AM: Found Spy Cookie: 3 cookie
    11:07 AM: [name removed]@207.36.3[2].txt (ID = 1960)
    11:07 AM: Found Spy Cookie: qsrch cookie
    11:07 AM: [name removed]@2cool.qsrch[1].txt (ID = 3216)
    11:07 AM: Found Spy Cookie: l2m.net cookie
    11:07 AM: [name removed]@33362002a.l2m[2].txt (ID = 2914)
    11:07 AM: [name removed]@33673508a.l2m[1].txt (ID = 2914)
    11:07 AM: [name removed]@43614673a.l2m[2].txt (ID = 2914)
    11:07 AM: Found Spy Cookie: 64.62.232 cookie
    11:07 AM: [name removed]@64.62.232[2].txt (ID = 1987)
    11:07 AM: [name removed]@64.62.232[3].txt (ID = 1987)
    11:07 AM: Found Spy Cookie: websponsors cookie
    11:07 AM: [name removed]@a.websponsors[1].txt (ID = 3665)
    11:07 AM: Found Spy Cookie: go.com cookie
    11:07 AM: [name removed]@abc.abcnews.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@abc.go[2].txt (ID = 2729)
    11:07 AM: [name removed]@abclocal.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@abcnews.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: about cookie
    11:07 AM: [name removed]@about[2].txt (ID = 2037)
    11:07 AM: Found Spy Cookie: ad-rotator cookie
    11:07 AM: [name removed]@ad-rotator[1].txt (ID = 2051)
    11:07 AM: Found Spy Cookie: yieldmanager cookie
    11:07 AM: [name removed]@ad.yieldmanager[2].txt (ID = 3751)
    11:07 AM: Found Spy Cookie: adecn cookie
    11:07 AM: [name removed]@adecn[2].txt (ID = 2063)
    11:07 AM: Found Spy Cookie: adknowledge cookie
    11:07 AM: [name removed]@adknowledge[1].txt (ID = 2072)
    11:07 AM: Found Spy Cookie: adlegend cookie
    11:07 AM: [name removed]@adlegend[2].txt (ID = 2074)
    11:07 AM: Found Spy Cookie: hbmediapro cookie
    11:07 AM: [name removed]@adopt.hbmediapro[1].txt (ID = 2768)
    11:07 AM: Found Spy Cookie: precisead cookie
    11:07 AM: [name removed]@adopt.precisead[1].txt (ID = 3182)
    11:07 AM: Found Spy Cookie: specificclick.com cookie
    11:07 AM: [name removed]@adopt.specificclick[2].txt (ID = 3400)
    11:07 AM: Found Spy Cookie: adorigin cookie
    11:07 AM: [name removed]@adorigin[2].txt (ID = 2082)
    11:07 AM: Found Spy Cookie: adprofile cookie
    11:07 AM: [name removed]@adprofile[2].txt (ID = 2084)
    11:07 AM: Found Spy Cookie: adrevservice cookie
    11:07 AM: [name removed]@adrevservice[1].txt (ID = 2091)
    11:07 AM: Found Spy Cookie: ads-fr.spray.net cookie
    11:07 AM: [name removed]@ads-fr.spray[1].txt (ID = 2102)
    11:07 AM: [name removed]@ads.adorigin[1].txt (ID = 2083)
    11:07 AM: Found Spy Cookie: ads.businessweek cookie
    11:07 AM: [name removed]@ads.businessweek[1].txt (ID = 2113)
    11:07 AM: Found Spy Cookie: cc214142 cookie
    11:07 AM: [name removed]@ads.cc214142[2].txt (ID = 2367)
    11:07 AM: Found Spy Cookie: gorillanation cookie
    11:07 AM: [name removed]@ads.gorillanation[1].txt (ID = 2744)
    11:07 AM: Found Spy Cookie: ads.infosdunet.firstream.net cookie
    11:07 AM: [name removed]@ads.infosdunet.firstream[1].txt (ID = 2120)
    11:07 AM: Found Spy Cookie: linksponsor cookie
    11:07 AM: [name removed]@ads.linksponsor[1].txt (ID = 2925)
    11:07 AM: [name removed]@ads.specificclick[2].txt (ID = 3400)
    11:07 AM: Found Spy Cookie: ads.techtv.com cookie
    11:07 AM: [name removed]@ads.techtv[1].txt (ID = 2129)
    11:07 AM: Found Spy Cookie: bpath cookie
    11:07 AM: [name removed]@ads15.bpath[1].txt (ID = 2321)
    11:07 AM: [name removed]@ads18.bpath[1].txt (ID = 2321)
    11:07 AM: Found Spy Cookie: affiliate cookie
    11:07 AM: [name removed]@affiliate[1].txt (ID = 2199)
    11:07 AM: [name removed]@ak-sports.espn.go[2].txt (ID = 2729)
    11:07 AM: [name removed]@alcoholism.about[1].txt (ID = 2038)
    11:07 AM: [name removed]@ancienthistory.about[1].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: anm.co.uk cookie
    11:07 AM: [name removed]@anm.co[2].txt (ID = 2223)
    11:07 AM: Found Spy Cookie: ask cookie
    11:07 AM: [name removed]@ask[2].txt (ID = 2245)
    11:07 AM: Found Spy Cookie: belnk cookie
    11:07 AM: [name removed]@ath.belnk[2].txt (ID = 2293)
    11:07 AM: Found Spy Cookie: atwola cookie
    11:07 AM: [name removed]@atwola[1].txt (ID = 2255)
    11:07 AM: Found Spy Cookie: azjmp cookie
    11:07 AM: [name removed]@azjmp[2].txt (ID = 2270)
    11:07 AM: Found Spy Cookie: a cookie
    11:07 AM: [name removed]@a[1].txt (ID = 2027)
    11:07 AM: Found Spy Cookie: inet-traffic.com cookie
    11:07 AM: [name removed]@banner2.inet-traffic[2].txt (ID = 2856)
    11:07 AM: Found Spy Cookie: bannerspace cookie
    11:07 AM: [name removed]@bannerspace[2].txt (ID = 2284)
    11:07 AM: Found Spy Cookie: banners cookie
    11:07 AM: [name removed]@banners[1].txt (ID = 2282)
    11:07 AM: Found Spy Cookie: banner cookie
    11:07 AM: [name removed]@banner[2].txt (ID = 2276)
    11:07 AM: [name removed]@beginnersinvest.about[2].txt (ID = 2038)
    11:07 AM: [name removed]@belnk[1].txt (ID = 2292)
    11:07 AM: Found Spy Cookie: bizrate cookie
    11:07 AM: [name removed]@bizrate[1].txt (ID = 2308)
    11:07 AM: [name removed]@boards.espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@boards.go[2].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: 2o7.net cookie
    11:07 AM: [name removed]@brguest.112.2o7[2].txt (ID = 1958)
    11:07 AM: [name removed]@buycom.122.2o7[1].txt (ID = 1958)
    11:07 AM: Found Spy Cookie: goclick cookie
    11:07 AM: [name removed]@c.goclick[1].txt (ID = 2733)
    11:07 AM: Found Spy Cookie: intelliquest cookie
    11:07 AM: [name removed]@c.intelliquest[1].txt (ID = 2870)
    11:07 AM: Found Spy Cookie: gostats cookie
    11:07 AM: [name removed]@c2.gostats[2].txt (ID = 2748)
    11:07 AM: [name removed]@c3.gostats[2].txt (ID = 2748)
    11:07 AM: Found Spy Cookie: callwave cookie
    11:07 AM: [name removed]@callwave[2].txt (ID = 2342)
    11:07 AM: [name removed]@careerplanning.about[2].txt (ID = 2038)
    11:07 AM: [name removed]@cbs.112.2o7[2].txt (ID = 1958)
    11:07 AM: Found Spy Cookie: ccbill cookie
    11:07 AM: [name removed]@ccbill[2].txt (ID = 2369)
    11:07 AM: Found Spy Cookie: cd freaks cookie
    11:07 AM: [name removed]@cdfreaks[2].txt (ID = 2370)
    11:07 AM: [name removed]@cellphones.about[2].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: classmates cookie
    11:07 AM: [name removed]@classmates[1].txt (ID = 2384)
    11:07 AM: [name removed]@club.cdfreaks[1].txt (ID = 2371)
    11:07 AM: [name removed]@cnn.122.2o7[1].txt (ID = 1958)
    11:07 AM: [name removed]@college.espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@collegeapps.about[2].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: columbiahouse cookie
    11:07 AM: [name removed]@columbiahouse[1].txt (ID = 2443)
    11:07 AM: Found Spy Cookie: commerce cookie
    11:07 AM: [name removed]@Commerce[1].txt (ID = 2451)
    11:07 AM: [name removed]@cornerstone.122.2o7[2].txt (ID = 1958)
    11:07 AM: Found Spy Cookie: adultrevenueservice cookie
    11:07 AM: [name removed]@counterimg1.adultrevenueservice[1].txt (ID = 2168)
    11:07 AM: Found Spy Cookie: counter cookie
    11:07 AM: [name removed]@counter[1].txt (ID = 2477)
    11:07 AM: [name removed]@cratebarrel.112.2o7[2].txt (ID = 1958)
    11:07 AM: Found Spy Cookie: 360i cookie
    11:07 AM: [name removed]@ct.360i[2].txt (ID = 1962)
    11:07 AM: Found Spy Cookie: clickzs cookie
    11:07 AM: [name removed]@cz11.clickzs[2].txt (ID = 2413)
    11:07 AM: [name removed]@cz3.clickzs[1].txt (ID = 2413)
    11:07 AM: [name removed]@cz4.clickzs[1].txt (ID = 2413)
    11:07 AM: [name removed]@cz5.clickzs[2].txt (ID = 2413)
    11:07 AM: [name removed]@cz6.clickzs[2].txt (ID = 2413)
    11:07 AM: [name removed]@cz7.clickzs[2].txt (ID = 2413)
    11:07 AM: [name removed]@cz8.clickzs[1].txt (ID = 2413)
    11:07 AM: [name removed]@cz9.clickzs[1].txt (ID = 2413)
    11:07 AM: Found Spy Cookie: dealtime cookie
    11:07 AM: [name removed]@dealtime[2].txt (ID = 2505)
    11:07 AM: [name removed]@ded.gostats[2].txt (ID = 2748)
    11:07 AM: [name removed]@delivery.inet-traffic[2].txt (ID = 2856)
    11:07 AM: Found Spy Cookie: desktop kazaa cookie
    11:07 AM: [name removed]@desktop.kazaa[2].txt (ID = 2515)
    11:07 AM: [name removed]@desktoppub.about[1].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: did-it cookie
    11:07 AM: [name removed]@did-it[2].txt (ID = 2523)
    11:07 AM: Found Spy Cookie: directtrack cookie
    11:07 AM: [name removed]@directtrack[1].txt (ID = 2527)
    11:07 AM: [name removed]@disney.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@dist.belnk[2].txt (ID = 2293)
    11:07 AM: Found Spy Cookie: dl cookie
    11:07 AM: [name removed]@dl[1].txt (ID = 2529)
    11:07 AM: Found Spy Cookie: rn11 cookie
    11:07 AM: [name removed]@e.rn11[1].txt (ID = 3262)
    11:07 AM: Found Spy Cookie: megago cookie
    11:07 AM: [name removed]@eegad.freeservers[2].txt (ID = 2983)
    11:07 AM: [name removed]@email.about[1].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: pch cookie
    11:07 AM: [name removed]@email.superprize.pch[1].txt (ID = 3124)
    11:07 AM: Found Spy Cookie: emode cookie
    11:07 AM: [name removed]@emode[2].txt (ID = 2603)
    11:07 AM: [name removed]@espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@espnradio.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: exitexchange cookie
    11:07 AM: [name removed]@exitexchange[1].txt (ID = 2633)
    11:07 AM: Found Spy Cookie: fastcompany cookie
    11:07 AM: [name removed]@fastcompany[2].txt (ID = 2655)
    11:07 AM: Found Spy Cookie: fe.lea.lycos.com cookie
    11:07 AM: [name removed]@fe.lea.lycos[1].txt (ID = 2660)
    11:07 AM: [name removed]@games.espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@geography.about[1].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: go2net.com cookie
    11:07 AM: [name removed]@go2net[1].txt (ID = 2730)
    11:07 AM: [name removed]@gonyc.about[1].txt (ID = 2038)
    11:07 AM: [name removed]@gorillanation[2].txt (ID = 2746)
    11:07 AM: [name removed]@gostats[2].txt (ID = 2747)
    11:07 AM: Found Spy Cookie: gotoast cookie
    11:07 AM: [name removed]@gotoast[2].txt (ID = 2751)
    11:07 AM: [name removed]@go[1].txt (ID = 2728)
    11:07 AM: [name removed]@go[2].txt (ID = 2728)
    11:07 AM: [name removed]@go[3].txt (ID = 2728)
    11:07 AM: [name removed]@go[4].txt (ID = 2728)
    11:07 AM: [name removed]@go[5].txt (ID = 2728)
    11:07 AM: [name removed]@go[6].txt (ID = 2728)
    11:07 AM: [name removed]@go[7].txt (ID = 2728)
    11:07 AM: [name removed]@go[8].txt (ID = 2728)
    11:07 AM: [name removed]@go[9].txt (ID = 2728)
    11:07 AM: Found Spy Cookie: starware.com cookie
    11:07 AM: [name removed]@h.starware[1].txt (ID = 3442)
    11:07 AM: [name removed]@highbeam.122.2o7[2].txt (ID = 1958)
    11:07 AM: Found Spy Cookie: clickandtrack cookie
    11:07 AM: [name removed]@hits.clickandtrack[2].txt (ID = 2397)
    11:07 AM: Found Spy Cookie: homestore cookie
    11:07 AM: [name removed]@homestore[1].txt (ID = 2793)
    11:07 AM: [name removed]@honeymoons.about[1].txt (ID = 2038)
    11:07 AM: [name removed]@humor.about[1].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: ic-live cookie
    11:07 AM: [name removed]@ic-live[1].txt (ID = 2821)
    11:07 AM: Found Spy Cookie: infoaccumailâ*cookie
    11:07 AM: [name removed]@info.accumail[2].txt (ID = 2862)
    11:07 AM: Found Spy Cookie: infospace cookie
    11:07 AM: [name removed]@infospace[1].txt (ID = 2865)
    11:07 AM: [name removed]@insider.espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@interiordec.about[1].txt (ID = 2038)
    11:07 AM: [name removed]@jcrew.112.2o7[2].txt (ID = 1958)
    11:07 AM: [name removed]@jobsearchtech.about[2].txt (ID = 2038)
    11:07 AM: Found Spy Cookie: kazaalite cookie
    11:07 AM: [name removed]@kazaalite[1].txt (ID = 2895)
    11:07 AM: Found Spy Cookie: kount cookie
    11:07 AM: [name removed]@kount[2].txt (ID = 2911)
    11:07 AM: [name removed]@l2m[1].txt (ID = 2913)
    11:07 AM: Found Spy Cookie: tripod cookie
    11:07 AM: [name removed]@loverslanes2.tripod[2].txt (ID = 3592)
    11:07 AM: Found Spy Cookie: ugo cookie
    11:07 AM: [name removed]@mediamgr.ugo[2].txt (ID = 3609)
    11:07 AM: [name removed]@megadirectory.ask[2].txt (ID = 2246)
    11:07 AM: Found Spy Cookie: metareward.com cookie
    11:07 AM: [name removed]@metareward[1].txt (ID = 2990)
    11:07 AM: [name removed]@movietimes.disney.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: mp3downloadhq cookie
    11:07 AM: [name removed]@mp3downloadhq[1].txt (ID = 3014)
    11:07 AM: Found Spy Cookie: mrskin cookie
    11:07 AM: [name removed]@mrskin[1].txt (ID = 3020)
    11:07 AM: [name removed]@msn.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: touchclarity cookie
    11:07 AM: [name removed]@msn.touchclarity[1].txt (ID = 3566)
    11:07 AM: [name removed]@msnportal.112.2o7[2].txt (ID = 1958)
    11:07 AM: [name removed]@mutualfunds.about[1].txt (ID = 2038)
    11:07 AM: [name removed]@my.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: nextag cookie
    11:07 AM: [name removed]@nextag[2].txt (ID = 5014)
    11:07 AM: Found Spy Cookie: netratingsselect cookie
    11:07 AM: [name removed]@nnselect[2].txt (ID = 3065)
    11:07 AM: Found Spy Cookie: freestats.net cookie
    11:07 AM: [name removed]@nytix.freestats[1].txt (ID = 2705)
    11:07 AM: Found Spy Cookie: offeroptimizer cookie
    11:07 AM: [name removed]@offeroptimizer[2].txt (ID = 3087)
    11:07 AM: [name removed]@offersquest.directtrack[2].txt (ID = 2528)
    11:07 AM: Found Spy Cookie: one-time-offer cookie
    11:07 AM: [name removed]@one-time-offer[1].txt (ID = 3095)
    11:07 AM: Found Spy Cookie: tvguide cookie
    11:07 AM: [name removed]@online.tvguide[1].txt (ID = 3600)
    11:07 AM: Found Spy Cookie: outster cookie
    11:07 AM: [name removed]@outster[2].txt (ID = 3103)
    11:07 AM: Found Spy Cookie: wtlive.com cookie
    11:07 AM: [name removed]@p.wtlive[1].txt (ID = 3700)
    11:07 AM: [name removed]@partypoker.touchclarity[1].txt (ID = 3567)
    11:07 AM: Found Spy Cookie: partypoker cookie
    11:07 AM: [name removed]@partypoker[1].txt (ID = 3111)
    11:07 AM: [name removed]@pittsburgh.about[2].txt (ID = 2038)
    11:07 AM: [name removed]@politicalhumor.about[2].txt (ID = 2038)
    11:07 AM: [name removed]@polo.112.2o7[1].txt (ID = 1958)
    11:07 AM: Found Spy Cookie: mircx cookie
    11:07 AM: [name removed]@pop.mircx[1].txt (ID = 2998)
    11:07 AM: Found Spy Cookie: popups.infostart cookie
    11:07 AM: [name removed]@popups.infostart[1].txt (ID = 3159)
    11:07 AM: Found Spy Cookie: pricegrabber cookie
    11:07 AM: [name removed]@pricegrabber[2].txt (ID = 3185)
    11:07 AM: [name removed]@proxy.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: pub cookie
    11:07 AM: [name removed]@pub[2].txt (ID = 3205)
    11:07 AM: [name removed]@r.espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@rapidresponse.directtrack[2].txt (ID = 2528)
    11:07 AM: Found Spy Cookie: rb4.ampland cookie
    11:07 AM: [name removed]@rb4.ampland[1].txt (ID = 3229)
    11:07 AM: Found Spy Cookie: rc cookie
    11:07 AM: [name removed]@rc[2].txt (ID = 3231)
    11:07 AM: [name removed]@rc[3].txt (ID = 3231)
    11:07 AM: [name removed]@rc[4].txt (ID = 3231)
    11:07 AM: [name removed]@register.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: reunion cookie
    11:07 AM: [name removed]@reunion[1].txt (ID = 3255)
    11:07 AM: Found Spy Cookie: rightmedia cookie
    11:07 AM: [name removed]@rightmedia[2].txt (ID = 3259)
    11:07 AM: Found Spy Cookie: adjuggler cookie
    11:07 AM: [name removed]@rotator.adjuggler[2].txt (ID = 2071)
    11:07 AM: [name removed]@rsi.espn.go[1].txt (ID = 2729)
    11:07 AM: [name removed]@rsi.tvguide[1].txt (ID = 3600)
    11:07 AM: [name removed]@sdc.tvguide[1].txt (ID = 3600)
    11:07 AM: [name removed]@search.disney.go[2].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: search123 cookie
    11:07 AM: [name removed]@search123[1].txt (ID = 3305)
    11:07 AM: [name removed]@sendtofriend.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: adscpm cookie
    11:07 AM: [name removed]@servedby.adscpm[1].txt (ID = 2137)
    11:07 AM: Found Spy Cookie: web-stat cookie
    11:07 AM: [name removed]@server3.web-stat[2].txt (ID = 3649)
    11:07 AM: Found Spy Cookie: servlet cookie
    11:07 AM: [name removed]@servlet[1].txt (ID = 3345)
    11:07 AM: [name removed]@servlet[2].txt (ID = 3345)
    11:07 AM: [name removed]@servlet[3].txt (ID = 3345)
    11:07 AM: Found Spy Cookie: smni cookie
    11:07 AM: [name removed]@smni[2].txt (ID = 3389)
    11:07 AM: Found Spy Cookie: specificpop cookie
    11:07 AM: [name removed]@specificpop[2].txt (ID = 3401)
    11:07 AM: [name removed]@sports-att.espn.go[2].txt (ID = 2729)
    11:07 AM: [name removed]@sports.espn.go[2].txt (ID = 2729)
    11:07 AM: [name removed]@stat.dealtime[2].txt (ID = 2506)
    11:07 AM: Found Spy Cookie: stats.klsoft.com cookie
    11:07 AM: [name removed]@stats.klsoft[1].txt (ID = 3451)
    11:07 AM: Found Spy Cookie: swc cookie
    11:07 AM: [name removed]@swc[1].txt (ID = 3477)
    11:07 AM: [name removed]@tcmen.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: toplist cookie
    11:07 AM: [name removed]@toplist[2].txt (ID = 3557)
    11:07 AM: Found Spy Cookie: tracking cookie
    11:07 AM: [name removed]@tracking[2].txt (ID = 3571)
    11:07 AM: [name removed]@tracking[3].txt (ID = 3571)
    11:07 AM: Found Spy Cookie: trb.com cookie
    11:07 AM: [name removed]@trb[1].txt (ID = 3587)
    11:07 AM: [name removed]@tvguide[1].txt (ID = 3599)
    11:07 AM: Found Spy Cookie: uproar cookie
    11:07 AM: [name removed]@uproar[1].txt (ID = 3612)
    11:07 AM: [name removed]@visualbasic.about[1].txt (ID = 2038)
    11:07 AM: [name removed]@wb11.trb[2].txt (ID = 3588)
    11:07 AM: Found Spy Cookie: webpower cookie
    11:07 AM: [name removed]@webpower[2].txt (ID = 3660)
    11:07 AM: Found Spy Cookie: wirefly cookie
    11:07 AM: [name removed]@wirefly[1].txt (ID = 3693)
    11:07 AM: [name removed]@wireless.tvguide[1].txt (ID = 3600)
    11:07 AM: Found Spy Cookie: ademails.com cookie
    11:07 AM: [name removed]@www.ademails[2].txt (ID = 2066)
    11:07 AM: Found Spy Cookie: adminder cookie
    11:07 AM: [name removed]@www.adminder[1].txt (ID = 2079)
    11:07 AM: Found Spy Cookie: adshooter cookie
    11:07 AM: [name removed]@www.adshooter[1].txt (ID = 2150)
    11:07 AM: Found Spy Cookie: affiliatefuel.com cookie
    11:07 AM: [name removed]@www.affiliatefuel[2].txt (ID = 2202)
    11:07 AM: Found Spy Cookie: buzztone cookie
    11:07 AM: [name removed]@www.buzztone[2].txt (ID = 2339)
    11:07 AM: [name removed]@www.callwave[1].txt (ID = 2343)
    11:07 AM: Found Spy Cookie: ebates cookie
    11:07 AM: [name removed]@www.ebates[2].txt (ID = 2558)
    11:07 AM: [name removed]@www.emode[1].txt (ID = 2604)
    11:07 AM: [name removed]@www.espn.go[1].txt (ID = 2729)
    11:07 AM: Found Spy Cookie: hermoment.com cookie
    11:07 AM: [name removed]@www.hermoment[1].txt (ID = 2774)
    11:07 AM: Found Spy Cookie: hitboss.com cookie
    11:07 AM: [name removed]@www.hitboss[1].txt (ID = 2782)
    11:07 AM: [name removed]@www.metareward[1].txt (ID = 2991)
    11:07 AM: [name removed]@www.mikes-house-of-cartoons.freeservers[2].txt (ID = 2983)
    11:07 AM: Found Spy Cookie: mp3s hits cookie
    11:07 AM: [name removed]@www.mp3****s[1].txt (ID = 3019)
    11:07 AM: [name removed]@www.pch[1].txt (ID = 3124)
    11:07 AM: Found Spy Cookie: redzip cookie
    11:07 AM: [name removed]@www.redzip[1].txt (ID = 3250)
    11:07 AM: Found Spy Cookie: seeq cookie
    11:07 AM: [name removed]@www.seeq[1].txt (ID = 3332)
    11:07 AM: Found Spy Cookie: starpulse cookie
    11:07 AM: [name removed]@www.starpulse[2].txt (ID = 3440)
    11:07 AM: [name removed]@www.starware[1].txt (ID = 3442)
    11:07 AM: Found Spy Cookie: navexcel cookie
    11:07 AM: [name removed]@www.trustedsearch[1].txt (ID = 3060)
    11:07 AM: [name removed]@www.tvguide[1].txt (ID = 3600)
    11:07 AM: [name removed]@www.web-stat[1].txt (ID = 3649)
    11:07 AM: [name removed]@www.wirefly[2].txt (ID = 3694)
    11:07 AM: Found Spy Cookie: xzoomy cookie
    11:07 AM: [name removed]@www.xzoomy[2].txt (ID = 3742)
    11:07 AM: [name removed]@www48.seeq[1].txt (ID = 3332)
    11:07 AM: Found Spy Cookie: xiti cookie
    11:07 AM: [name removed]@xiti[2].txt (ID = 3717)
    11:07 AM: Found Spy Cookie: xren_cj cookie
    11:07 AM: [name removed]@xren_cj[1].txt (ID = 3723)
    11:07 AM: Found Spy Cookie: yadro cookie
    11:07 AM: [name removed]@yadro[1].txt (ID = 3743)
    11:07 AM: [email]system@buycom.122.2o7[1].txt (ID = 1958)
    11:07 AM: [/email][email]system@nextag[1].txt (ID = 5014)
    11:07 AM: [/email][email]system@one-time-offer[2].txt (ID = 3095)
    11:07 AM: [/email][email]system@pricegrabber[1].txt (ID = 3185)
    11:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:51
    11:07 AM: Starting File Sweep
    11:09 AM: Found Adware: targetsaver
    11:09 AM: tsupdate_4_0_3_9_b2.exe (ID = 78281)
    11:09 AM: vocabulary (ID = 78283)
    11:14 AM: glf201glf201.exe (ID = 166444)
    11:17 AM: game_dl.exe (ID = 52005)
    11:22 AM: The Spy Communication shield has blocked access to: [/email]www.ad-w-a-r-e.com
    11:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:28 AM: Found Adware: navexcel navhelper
    11:28 AM: da908ce2-30ce-4beb-8e6c-35654a (ID = 70376)
    11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:34 AM: mobupd.exe (ID = 121220)
    11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:37 AM: game_install.exe (ID = 52006)
    11:37 AM: a0143367.exe (ID = 78276)
    11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:38 AM: class-barrel (ID = 78229)
    11:38 AM: Found Adware: cydoor peer-to-peer dependency
    11:38 AM: cd_clint.dll (ID = 57300)
    11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:43 AM: Found Adware: gain-supported software
    11:43 AM: bundle.inf (ID = 61287)
    11:43 AM: Found Adware: twain-tech
    11:43 AM: polmx.inf (ID = 81856)
    11:43 AM: twaintec.inf (ID = 81888)
    11:43 AM: Found Adware: directrevenue-abetterinternet
    11:43 AM: alchem.inf (ID = 83109)
    11:43 AM: alchem.ini (ID = 83112)
    11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:43 AM: poltt.inf (ID = 83432)
    11:43 AM: poltt.inf (ID = 83432)
    11:43 AM: twaintec.inf (ID = 81889)
    11:43 AM: Warning: Unhandled Archive Type
    11:43 AM: Warning: Unhandled Archive Type
    11:43 AM: Warning: Unhandled Archive Type
    11:43 AM: Warning: Unhandled Archive Type
    11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:44 AM: File Sweep Complete, Elapsed Time: 00:37:42
    11:44 AM: Full Sweep has completed. Elapsed time 00:43:25
    11:44 AM: Traces Found: 341
    11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:45 AM: Removal process initiated
    11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
    11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
    11:46 AM: Quarantining All Traces: directrevenue-abetterinternet
    11:46 AM: Quarantining All Traces: icannnews
    11:46 AM: icannnews is in use. It will be removed on reboot.
    11:46 AM: C:\WINDOWS\SYSTEM32\n02ulaf91d2.dll is in use. It will be removed on reboot.
    11:46 AM: C:\WINDOWS\SYSTEM32\cbsNOL22.dll is in use. It will be removed on reboot.
    11:46 AM: C:\WINDOWS\SYSTEM32\guard.tmp is in use. It will be removed on reboot.
    11:46 AM: Quarantining All Traces: sc-keylog
    11:46 AM: Quarantining All Traces: gain-supported software
    11:46 AM: Quarantining All Traces: marketscore
    11:46 AM: Quarantining All Traces: sidesearch
    11:46 AM: Quarantining All Traces: buddylinks
    11:46 AM: Quarantining All Traces: cydoor peer-to-peer dependency
    11:46 AM: Quarantining All Traces: ebates money maker
    11:46 AM: Quarantining All Traces: navexcel navhelper
    11:46 AM: Quarantining All Traces: targetsaver
    11:47 AM: Quarantining All Traces: twain-tech
    11:47 AM: Quarantining All Traces: webrebates
    11:47 AM: Quarantining All Traces: wurldmedia
    11:47 AM: Quarantining All Traces: 2o7.net cookie
    11:47 AM: Quarantining All Traces: 3 cookie
    11:47 AM: Quarantining All Traces: 360i cookie
    11:47 AM: Quarantining All Traces: 64.62.232 cookie
    11:47 AM: Quarantining All Traces: a cookie
    11:47 AM: Quarantining All Traces: about cookie
    11:47 AM: Quarantining All Traces: adecn cookie
    11:47 AM: Quarantining All Traces: ademails.com cookie
    11:47 AM: Quarantining All Traces: adjuggler cookie
    11:47 AM: Quarantining All Traces: adknowledge cookie
    11:47 AM: Quarantining All Traces: adlegend cookie
    11:47 AM: Quarantining All Traces: adminder cookie
    11:47 AM: Quarantining All Traces: adorigin cookie
    11:47 AM: Quarantining All Traces: adprofile cookie
    11:47 AM: Quarantining All Traces: adrevservice cookie
    11:47 AM: Quarantining All Traces: ad-rotator cookie
    11:47 AM: Quarantining All Traces: ads.businessweek cookie
    11:47 AM: Quarantining All Traces: ads.infosdunet.firstream.net cookie
    11:47 AM: Quarantining All Traces: ads.techtv.com cookie
    11:47 AM: Quarantining All Traces: adscpm cookie
    11:47 AM: Quarantining All Traces: ads-fr.spray.net cookie
    11:47 AM: Quarantining All Traces: adshooter cookie
    11:47 AM: Quarantining All Traces: adultrevenueservice cookie
    11:47 AM: Quarantining All Traces: affiliate cookie
    11:47 AM: Quarantining All Traces: affiliatefuel.com cookie
    11:47 AM: Quarantining All Traces: anm.co.uk cookie
    11:47 AM: Quarantining All Traces: ask cookie
    11:47 AM: Quarantining All Traces: atwola cookie
    11:47 AM: Quarantining All Traces: azjmp cookie
    11:47 AM: Quarantining All Traces: banner cookie
    11:47 AM: Quarantining All Traces: banners cookie
    11:47 AM: Quarantining All Traces: bannerspace cookie
    11:47 AM: Quarantining All Traces: belnk cookie
    11:47 AM: Quarantining All Traces: bizrate cookie
    11:47 AM: Quarantining All Traces: bpath cookie
    11:47 AM: Quarantining All Traces: buzztone cookie
    11:47 AM: Quarantining All Traces: callwave cookie
    11:47 AM: Quarantining All Traces: cc214142 cookie
    11:47 AM: Quarantining All Traces: ccbill cookie
    11:47 AM: Quarantining All Traces: cd freaks cookie
    11:47 AM: Quarantining All Traces: classmates cookie
    11:47 AM: Quarantining All Traces: clickandtrack cookie
    11:47 AM: Quarantining All Traces: clickzs cookie
    11:47 AM: Quarantining All Traces: columbiahouse cookie
    11:47 AM: Quarantining All Traces: commerce cookie
    11:47 AM: Quarantining All Traces: counter cookie
    11:47 AM: Quarantining All Traces: dbbsrv cookie
    11:47 AM: Quarantining All Traces: dealtime cookie
    11:47 AM: Quarantining All Traces: desktop kazaa cookie
    11:47 AM: Quarantining All Traces: did-it cookie
    11:47 AM: Quarantining All Traces: directtrack cookie
    11:47 AM: Quarantining All Traces: dl cookie
    11:47 AM: Quarantining All Traces: ebates cookie
    11:47 AM: Quarantining All Traces: emode cookie
    11:47 AM: Quarantining All Traces: exitexchange cookie
    11:47 AM: Quarantining All Traces: fastcompany cookie
    11:47 AM: Quarantining All Traces: fe.lea.lycos.com cookie
    11:47 AM: Quarantining All Traces: freestats.net cookie
    11:47 AM: Quarantining All Traces: go.com cookie
    11:47 AM: Quarantining All Traces: go2net.com cookie
    11:47 AM: Quarantining All Traces: goclick cookie
    11:47 AM: Quarantining All Traces: gorillanation cookie
    11:47 AM: Quarantining All Traces: gostats cookie
    11:47 AM: Quarantining All Traces: gotoast cookie
    11:47 AM: Quarantining All Traces: hbmediapro cookie
    11:47 AM: Quarantining All Traces: hermoment.com cookie
    11:47 AM: Quarantining All Traces: hitboss.com cookie
    11:47 AM: Quarantining All Traces: homestore cookie
    11:47 AM: Quarantining All Traces: ic-live cookie
    11:47 AM: Quarantining All Traces: inet-traffic.com cookie
    11:47 AM: Quarantining All Traces: infoaccumailâ*cookie
    11:47 AM: Quarantining All Traces: infospace cookie
    11:47 AM: Quarantining All Traces: intelliquest cookie
    11:47 AM: Quarantining All Traces: kazaalite cookie
    11:47 AM: Quarantining All Traces: kount cookie
    11:47 AM: Quarantining All Traces: l2m.net cookie
    11:47 AM: Quarantining All Traces: linksponsor cookie
    11:47 AM: Quarantining All Traces: megago cookie
    11:47 AM: Quarantining All Traces: metareward.com cookie
    11:47 AM: Quarantining All Traces: mircx cookie
    11:47 AM: Quarantining All Traces: mp3downloadhq cookie
    11:47 AM: Quarantining All Traces: mp3s hits cookie
    11:47 AM: Quarantining All Traces: mrskin cookie
    11:47 AM: Quarantining All Traces: navexcel cookie
    11:47 AM: Quarantining All Traces: netratingsselect cookie
    11:47 AM: Quarantining All Traces: nextag cookie
    11:47 AM: Quarantining All Traces: offeroptimizer cookie
    11:47 AM: Quarantining All Traces: one-time-offer cookie
    11:47 AM: Quarantining All Traces: outster cookie
    11:47 AM: Quarantining All Traces: partypoker cookie
    11:47 AM: Quarantining All Traces: pch cookie
    11:47 AM: Quarantining All Traces: popups.infostart cookie
    11:47 AM: Quarantining All Traces: precisead cookie
    11:47 AM: Quarantining All Traces: pricegrabber cookie
    11:47 AM: Quarantining All Traces: primaryads cookie
    11:47 AM: Quarantining All Traces: pub cookie
    11:47 AM: Quarantining All Traces: qsrch cookie
    11:47 AM: Quarantining All Traces: rb4.ampland cookie
    11:47 AM: Quarantining All Traces: rc cookie
    11:47 AM: Quarantining All Traces: redzip cookie
    11:47 AM: Quarantining All Traces: reunion cookie
    11:47 AM: Quarantining All Traces: rightmedia cookie
    11:47 AM: Quarantining All Traces: rn11 cookie
    11:47 AM: Quarantining All Traces: search123 cookie
    11:47 AM: Quarantining All Traces: seeq cookie
    11:47 AM: Quarantining All Traces: servlet cookie
    11:47 AM: Quarantining All Traces: smni cookie
    11:47 AM: Quarantining All Traces: specificclick.com cookie
    11:47 AM: Quarantining All Traces: specificpop cookie
    11:47 AM: Quarantining All Traces: starpulse cookie
    11:47 AM: Quarantining All Traces: starware.com cookie
    11:47 AM: Quarantining All Traces: stats.klsoft.com cookie
    11:47 AM: Quarantining All Traces: swc cookie
    11:47 AM: Quarantining All Traces: toplist cookie
    11:47 AM: Quarantining All Traces: touchclarity cookie
    11:47 AM: Quarantining All Traces: tracking cookie
    11:47 AM: Quarantining All Traces: trb.com cookie
    11:47 AM: Quarantining All Traces: tripod cookie
    11:47 AM: Quarantining All Traces: tvguide cookie
    11:47 AM: Quarantining All Traces: ugo cookie
    11:47 AM: Quarantining All Traces: uproar cookie
    11:47 AM: Quarantining All Traces: webpower cookie
    11:47 AM: Quarantining All Traces: websponsors cookie
    11:47 AM: Quarantining All Traces: web-stat cookie
    11:47 AM: Quarantining All Traces: wirefly cookie
    11:47 AM: Quarantining All Traces: wtlive.com cookie
    11:47 AM: Quarantining All Traces: xiti cookie
    11:47 AM: Quarantining All Traces: xren_cj cookie
    11:47 AM: Quarantining All Traces: xzoomy cookie
    11:47 AM: Quarantining All Traces: yadro cookie
    11:47 AM: Quarantining All Traces: yieldmanager cookie
    11:47 AM: Warning: Timed out waiting for explorer.exe
    11:47 AM: Warning: Timed out waiting for explorer.exe
    11:47 AM: Warning: Timed out waiting for explorer.exe
    11:47 AM: Warning: Quarantine process could not restart Explorer.
    11:47 AM: Warning: Failed to quarantine registry items for: S-1-5-21-670792205-2346120412-70523582-500
    11:48 AM: Removal process completed. Elapsed time 00:02:49
    ********
    10:59 AM: | Start of Session, Tuesday, November 15, 2005 |
    10:59 AM: Spy Sweeper started
    10:59 AM: Your spyware definitions have been updated.
    11:01 AM: | End of Session, Tuesday, November 15, 2005 |

    I will post another message in a few seconds with my fresh hijackthis log, as my original message with both the SpySweeper log and the hijackthislog is too long (> 50,000 characters).
  • acechamp
    edited November 2005
    And here is my fresh hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:55:52 AM, on 11/15/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\tbctray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QM\QM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\WINDOWS\system32\MSTMON_Q.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\System32\tbctray.exe
    C:\Program Files\WinTV\Ir.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: QM.lnk = C:\Program Files\QM\QM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://chat.1800flowers.com/netagent/objects/emagic.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
    O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/023699e413368da0f801/netzip/RdxIE2.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: CallAttendant Home Service (CallAttendant) - Unknown owner - C:\Program Files\ObjectWorld\CallAttendant Home\Bin\CAServer.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe" -service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

    And now I am going to restart my computer to have SpySweeper remove the threats it detected that cannot be removed until I restart...
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2005
    Can you please do the following.

    ===============

    Run HiJackThis, click "Scan", then check(tick) the following, if present:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://download.weatherbug.com/mini...ransporter.cab?
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/023699e413368d...tzip/RdxIE2.cab
    O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/mini...uginstaller.cab


    Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

    ===============

    To help protect your system from hostile ActiveX content, or special 'downloadable' files:

    Download, install and keep updated, SpywareBlaster. If you've installed it for the first time:

    1) Check for any available updates; if present, they'll be automatically downloaded and installed.
    2) Next, "Enable all protection".
    3) Exit the program.

    -

    Note: Remember to regularly check for updates.

    ===============

    After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
  • acechamp
    edited November 2005
    My PC seems to be clean from the popups/adware! Thank you SO much! The only thing is that Norton Virus scan detects Adware.Look2Me in C:\system volume information\_restore{21d7d692-4662-421f-93b0-877bc3820711}\rp1025\a0143449.dll. I am thinking maybe this has to do with the fact that using System Restore to restore my computer to a previous point would reinstate the Adware? I'm not positive though, so please let me know if there's anything I should do about that. Anyway, below is new, hopefully clean, log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:43:47 PM, on 11/15/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\UltraMon\UltraMon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\tbctray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WinTV\Ir.exe
    C:\Program Files\QM\QM.EXE
    C:\Program Files\UltraMon\UltraMonTaskbar.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] C:\WINDOWS\system32\MSTMON_Q.EXE
    O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
    O4 - Global Startup: QM.lnk = C:\Program Files\QM\QM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {140F03AE-0588-11D4-BD45-0050048A82BF} (eShare Web Collaboration Class) - http://chat.1800flowers.com/netagent/objects/emagic.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart.com/photo/upload/XUpload.ocx
    O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/bin/imvid.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: CallAttendant Home Service (CallAttendant) - Unknown owner - C:\Program Files\ObjectWorld\CallAttendant Home\Bin\CAServer.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Movielink Core Service - Movielink LLC - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe


    Also, is there anywhere I can find the alg.exe file that my computer is missing? I accidentally deleted it a while back, I think, and don't know where I can find another copy. I've read it's a critical system file, so I'm thinking I need it? Thanks...
  • CrunchieCrunchie Mandurah. Western Australia. Member
    edited November 2005
    If you have your XP CD you should be able to do an 'over the top' re-install to restore the file alg.exe. Otherwise you may be able to download it from the web?

    ==

    Congratulations! Your log looks clean - good work!

    ===============

    Now that your PC is clean you need to follow these easy steps to keeping it this way:

    Secure your Internet Explorer by going here and following the instructions there.

    Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.

    Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.

    Install and keep updated, Ad-Aware SE, and Spybot S&D.
    Run them both on a regular basis, following the manufacturer's recommendations.

    Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.

    Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.


    Clear your Temp folders.
    Clear out your Temporary internet files and other temp files.
    Go to Start > Settings > Control Panel >Internet Options.
    Under the General tab click the Delete temporary internet files,
    delete all Offline content as well. Clear out Cookies.

    Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

    Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)

    C:\Documents and Settings\username\Local Settings\Temp\

    In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.

    Empty the Recycle Bin.

    For XP users.
    After something like this it is a good idea to Flush the Restore Points and start fresh.
    To flush the XP system Restore Points.

    Go to Start>Run and type msconfig. Press enter.

    When msconfig opens, click the Launch System Restore Button.
    On the next page, click the System Restore Settings link on the left.

    Check the box labelled 'Turn off System restore'.

    Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.

    Note that all previous restore points will be lost.

    ===============

    If you have any more problems, post back.

    -

    Happy surfing,

    crunchie.
Sign In or Register to comment.