Still getting pop ups(RESOLVED)
-
Still getting pop ups(RESOLVED)
I have ran Microsoft Spyware, adaware, ewido, and AVG. I do not have any infected files according to the scans. I do however seem to keep getting annoying pop ups. This is a
copy of my Hijack This Log. I have just started searching this out and I found this site and wondered if you could help.
Logfile of HijackThis v1.99.1
Scan saved at 10:36:39 AM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ShelleyR\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
-
Welcome to DAL,
Go here and get the VX2 cleaner add-on for your adaware SE. When you get it installed open Adaware SE and click on add-ons and run the VX2 cleaner Version 2.0. if it finds anything allow Adaware SE to remove it please.
Make sure you can see hidden files/folders
In Windows XP
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
After you're cleaned, please "rehide" them again.
Then:
Run hijackthis again and click on the SCAN button and put checks next to these:
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {444B911E-6E55-4A11-B3E9-0D3E21AE0437} - http://www.exfol.com/v/1/i/eins008.exe
Nothing open but hijackthis and click "fix checked"
Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.
Hunt for and delete this:
eins008.exe < file
asusTek_sys_ctrl.cab < file
C:\Program Files\Accoona < folder
Find C:\Windows\Prefetch---delete all files in this folder/NOT THE FOLDER
Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter
Reboot normal mode
Also:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Post that list and a new hijackthis log please. Thanks
-
I am fairly new at all this stuff so I think I've done everything you asked. I also deleted Google tool bar because I never use it, I had only downloaded it because someone told me it would block pop ups. I believe that these are the things you asked for. I really appreciate your help!! Also this is a computer that I use at work.
Ad-Aware SE Personal
Adobe Reader 7.0.5
AgencyLink Web
Allstate IA Download Component
AnswerWorks Runtime
AVG Free Edition
BearShare
Corel Applications
HijackThis 1.99.1
Lavasoft VX2 Cleaner
Macromedia Flash Player 8
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
MSN Messenger 7.5
Panda ActiveScan
Photo Explosion SE
Prime
Prime Workstation
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Support Manager for Internet Explorer
Transfer Manager
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Windows Installer 3.1 (KB893803)
Windows Live Safety scanner
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Logfile of HijackThis v1.99.1
Scan saved at 2:25:47 PM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - <default> - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
-
Excellent job, your log is clean.
I would remove Bearshare from add/remove program, if you don't you will be infected again at sometime I promise.
Other than that how is your computer running?
-
My computer is running fine thanks! I am still getting pop ups every time I log on the internet.
-
where are the popups from?
what do they say?
Let me know please.
-
I am really not sure to tell where they come from. one of the links on top says http:\\cache.trafficmp.com/tmpad/content/performancebridge......it is for credit cards, I am getting direct TV, I am getting Casino's. Things for Smiley's (micromedia flash) all different kinds. Tell me where to look to see where they are coming from and I will do that. I am not having any trouble with my computer other than when I get into the internet then they just start popping up. They are really annoying cause I work in an insurance office and we each have our own pc, we are networked, we each have internet access but mine seems to be the only one having this problem. I did uninstall bearshare.
-
Run hijackthis again,click scan button and put a check next to this:
R3 - URLSearchHook: (no name) - <default> - (no file)
Nothing open and click fix checked.
Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.
This could take quite awhile to do.
-
I really hope this is what you were looking for, as I said before I am fairly new at this. This is the first 1/2 of the bottom of the log.
Wed Dec 21 10:11:46 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Wed Dec 21 10:11:46 2005 => Loading Spyware Signatures from new External Database (Size: 146155).
Wed Dec 21 10:11:47 2005 => Indexed Spyware Databases Successfully Created...
Wed Dec 21 10:12:36 2005 => System found infected with funweb Spyware/Adware ({147a976f-eee1-4377-8ea7-4716e4cdd239})! Action taken: No Action Taken.
Wed Dec 21 10:12:37 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Wed Dec 21 10:12:39 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Wed Dec 21 10:12:39 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Wed Dec 21 10:12:42 2005 => Offending Key found: HKCU\appevents\eventlabels\bearsharechatnotifymsg !!!
Wed Dec 21 10:12:42 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Wed Dec 21 10:12:42 2005 => Offending Key found: HKCU\appevents\schemes\apps\bearshare !!!
Wed Dec 21 10:12:42 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Wed Dec 21 10:12:42 2005 => Offending Key found: HKLM\Software\magnet\handlers\bearshare !!!
Wed Dec 21 10:12:42 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Wed Dec 21 10:12:43 2005 => Offending value found in HKLM\Software\Licenses: {i56b3cf0d9ab991e1} !!!
Wed Dec 21 10:12:43 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Wed Dec 21 10:12:43 2005 => Offending value found in HKLM\Software\Licenses: {056b3cf0d9ab991e1} !!!
Wed Dec 21 10:12:43 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Wed Dec 21 10:12:44 2005 => Offending Folder found: C:\Program Files\hyperlinker
Wed Dec 21 10:12:44 2005 => Object "linkreplacer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Wed Dec 21 10:12:44 2005 => Offending file found: C:\DOCUME~1\ShelleyR\LOCALS~1\Temp\insthelp.dll
Wed Dec 21 10:12:44 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Wed Dec 21 10:12:47 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\insthelp.dll
Wed Dec 21 10:12:47 2005 => System found infected with redv Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.
Wed Dec 21 10:12:47 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\shared\generic\images\1033\script .xml
Wed Dec 21 10:12:47 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:48 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\skins\1033\script.xml
Wed Dec 21 10:12:48 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:48 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\storyboard\skins\1033\script.xml
Wed Dec 21 10:12:48 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:50 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\capture\skins\1033\script.xml
Wed Dec 21 10:12:50 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:52 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\photosuite\skins\1033\script.xml
Wed Dec 21 10:12:52 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:52 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\player\skins\deu\script.xml
Wed Dec 21 10:12:52 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:52 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\player\skins\english\script.xml
Wed Dec 21 10:12:52 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
-
This is the second part of the bottom of the log.
Wed Dec 21 10:12:52 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\player\skins\fra\script.xml
Wed Dec 21 10:12:52 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:52 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 3 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\player\skins\jpn\script.xml
Wed Dec 21 10:12:52 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:53 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 4 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\shared\generic\images\1033\script .xml
Wed Dec 21 10:12:53 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:53 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 4 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\skins\1033\script.xml
Wed Dec 21 10:12:53 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:54 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 4 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\storyboard\skins\1033\script.xml
Wed Dec 21 10:12:54 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:56 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 4 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\capture\skins\1033\script.xml
Wed Dec 21 10:12:56 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:57 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 6 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\shared\generic\images\1033\script .xml
Wed Dec 21 10:12:57 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:58 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 6 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\skins\1033\script.xml
Wed Dec 21 10:12:58 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:12:59 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 6 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\storyboard\skins\1033\script.xml
Wed Dec 21 10:12:59 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:13:00 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 6 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\program files\roxio\easy media creator 7\capture\skins\1033\script.xml
Wed Dec 21 10:13:00 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:13:01 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 7 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\shared\generic\images\1033\script .xml
Wed Dec 21 10:13:01 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:13:02 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temp\temporary directory 7 for roxio easy cd & dvd creator 7.zip\roxio.easy.media.creator.7\common\roxio shared\resources\skins\1033\script.xml
Wed Dec 21 10:13:02 2005 => System found infected with whistlesoftware Spyware/Adware (script.xml)! Action taken: No Action Taken.
Wed Dec 21 10:13:03 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temporary internet files\content.ie5\eiv953lv\global[1].js
Wed Dec 21 10:13:03 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Wed Dec 21 10:13:04 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temporary internet files\content.ie5\ph0atc4w\show_ads[2].js
Wed Dec 21 10:13:04 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Wed Dec 21 10:13:04 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\temporary internet files\content.ie5\sp09irkd\blank[1].htm
Wed Dec 21 10:13:04 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Wed Dec 21 10:13:05 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\Temporary Internet Files\content.ie5\eiv953lv\global[1].js
Wed Dec 21 10:13:05 2005 => System found infected with redv Spyware/Adware (global[1].js)! Action taken: No Action Taken.
Wed Dec 21 10:13:05 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\Temporary Internet Files\content.ie5\ph0atc4w\show_ads[2].js
Wed Dec 21 10:13:05 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.
Wed Dec 21 10:13:05 2005 => Offending file found: C:\Documents and Settings\ShelleyR\Local Settings\Temporary Internet Files\content.ie5\sp09irkd\blank[1].htm
Wed Dec 21 10:13:05 2005 => System found infected with whenu.savenow Spyware/Adware (blank[1].htm)! Action taken: No Action Taken.
Wed Dec 21 10:13:10 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Wed Dec 21 10:13:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mo duleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asusTek_sys_ctrl.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mo duleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe". Action Taken: No Action Taken.
Wed Dec 21 10:13:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Mo duleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:10 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asusTek_sys_ctrl.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Sh aredDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\bdeadmin.exe" refers to invalid object "bdeadmin.exe". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:12 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Ap p Paths\yourapp.Exe" refers to invalid object "C:\Program Files\WexTech\AnswerWorks\yourapp.Exe". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office\XLStart\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\Microsoft Office\Office\Startup\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\Common Files\Adaptec Shared\Upgrade\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\430\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\430\WebExAud\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\430\WebExFlh\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\430\WebExRcd\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\430\WebExVdo\". Action Taken: No Action Taken.
Wed Dec 21 10:13:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\WebEx\WebEx\430\WebexWeb\". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\NewTech Infosystems\NTI CD-Maker\FileCD\". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\NewTech Infosystems\NTI CD-Maker\". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\In staller\Folders" refers to invalid object "C:\Program Files\NewTech Infosystems\". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".com/download/". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".com/download/escan/". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".com/FreeBSD/". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".com/FreeBSD/escan/". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".POC". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object ".rxc". Action Taken: No Action Taken.
Wed Dec 21 10:13:15 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Ex plorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Junior Member
