Bogged down with spyware...Adaware not finding all

[sacredfeminine81]

Logfile of HijackThis v1.99.1
Scan saved at 9:46:00 PM, on 2/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\AOL\1138893477\ee\AOLSoftware.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Brianne\Desktop\VundoFix\VundoFix\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free-popup-killer.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.free-popup-killer.com/ie/?q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138893477\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup...86/client/muweb_site.cab?1129641340192
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - http://studentupdate.wpunj.edu/webinstall/webinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe















********
4:49 PM: | Start of Session, Sunday, February 05, 2006 |
4:49 PM: Spy Sweeper started
4:49 PM: Sweep initiated using definitions version 611
4:49 PM: Starting Memory Sweep
4:50 PM: Memory Sweep Complete, Elapsed Time: 00:01:05
4:50 PM: Starting Registry Sweep
4:50 PM: Registry Sweep Complete, Elapsed Time:00:00:08
4:50 PM: Starting Cookie Sweep
4:50 PM: Found Spy Cookie: atwola cookie
4:50 PM: brianne@ar.atwola[2].txt (ID = 2256)
4:50 PM: Found Spy Cookie: atlas dmt cookie
4:50 PM: brianne@atdmt[1].txt (ID = 2253)
4:50 PM: brianne@atwola[1].txt (ID = 2255)
4:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:50 PM: Starting File Sweep
4:51 PM: Found Adware: isearch desktop search
4:51 PM: c:\program files\mozilla firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de} (6 subtraces) (ID = -2147480808)
4:51 PM: Found Adware: directrevenue-abetterinternet
4:51 PM: c:\windows\inst (ID = -2147480086)
4:51 PM: Found Adware: delfin
4:51 PM: c:\windows\system32\picsvr (ID = -2147481118)
4:51 PM: Found Adware: look2me
4:51 PM: appwrap[2].exe (ID = 65722)
4:51 PM: appwrap[4].exe (ID = 65739)
4:51 PM: appwrap[1].exe (ID = 65722)
4:51 PM: appwrap[2].exe (ID = 65739)
4:51 PM: vmstmp.exe (ID = 57817)
4:51 PM: Found Adware: cashfiesta
4:51 PM: procmod.dll (ID = 52293)
4:52 PM: appwrap[3].exe (ID = 65811)
4:53 PM: appwrap[5].exe (ID = 65739)
4:53 PM: Found Adware: limeshop
4:53 PM: cj.class (ID = 65490)
4:53 PM: ck.class (ID = 65491)
4:53 PM: cl.class (ID = 65492)
4:53 PM: cn.class (ID = 65494)
4:53 PM: Found Adware: ebates money maker
4:53 PM: cq.class (ID = 59535)
4:54 PM: cashbar.dll (ID = 52288)
4:54 PM: cashfiesta.exe (ID = 52289)
4:56 PM: dg.class (ID = 65505)
4:56 PM: ct.class (ID = 59541)
4:58 PM: cu.class (ID = 65497)
4:58 PM: cv.class (ID = 65498)
4:58 PM: cx.class (ID = 65500)
4:58 PM: cz.class (ID = 59552)
4:58 PM: d.class (ID = 59554)
4:58 PM: da.class (ID = 65502)
4:58 PM: db.class (ID = 59560)
4:58 PM: di.class (ID = 59572)
4:58 PM: dj.class (ID = 65507)
4:58 PM: dl.class (ID = 65509)
4:58 PM: dn.class (ID = 59585)
4:58 PM: dq.class (ID = 65510)
4:58 PM: dr.class (ID = 65511)
4:58 PM: appwrap[3].exe (ID = 65739)
4:58 PM: dv.class (ID = 65515)
4:58 PM: dw.class (ID = 59602)
4:58 PM: dy.class (ID = 59606)
4:58 PM: dz.class (ID = 59607)
4:58 PM: ea.class (ID = 65517)
4:58 PM: ed.class (ID = 65520)
4:58 PM: f.class (ID = 59661)
4:58 PM: h.class (ID = 59664)
4:59 PM: Found Adware: altnet
4:59 PM: __unin__.exe (ID = 49795)
5:00 PM: wmv1215.dbd (ID = 57687)
5:00 PM: wmv2007.dbd (ID = 57693)
5:00 PM: wmv1920.dbd (ID = 57692)
5:01 PM: impcfw.dll (ID = 52292)
5:01 PM: cfshtie.dll (ID = 52291)
5:01 PM: isearch.jar (ID = 64329)
5:02 PM: l.class (ID = 59674)
5:02 PM: main.class (ID = 65536)
5:02 PM: n.class (ID = 59688)
5:05 PM: Found Adware: targetsaver
5:05 PM: vocabulary (ID = 78283)
5:05 PM: bb.class (ID = 59450)
5:05 PM: by.class (ID = 65480)
5:05 PM: cd.class (ID = 59508)
5:05 PM: c.class (ID = 65482)
5:05 PM: cp.class (ID = 65496)
5:05 PM: cr.class (ID = 59536)
5:05 PM: cs.class (ID = 59538)
5:05 PM: de.class (ID = 59565)
5:05 PM: dd.class (ID = 65504)
5:05 PM: df.class (ID = 59566)
5:05 PM: dp.class (ID = 59587)
5:05 PM: ds.class (ID = 65512)
5:05 PM: y.class (ID = 59732)
5:05 PM: browsers.dls (ID = 59483)
5:05 PM: system.dls (ID = 59702)
5:05 PM: dt.class (ID = 65513)
5:06 PM: r.class (ID = 59695)
5:06 PM: w.class (ID = 59719)
5:06 PM: topmoxie_conflicts2.htm (ID = 59712)
5:06 PM: topmoxie_proxy.htm (ID = 59713)
5:06 PM: b.class (ID = 59447)
5:07 PM: bc.class (ID = 65467)
5:07 PM: be.class (ID = 59456)
5:07 PM: bf.class (ID = 59458)
5:07 PM: bg.class (ID = 65469)
5:07 PM: bh.class (ID = 59462)
5:07 PM: bi.class (ID = 65470)
5:07 PM: bk.class (ID = 59467)
5:07 PM: bl.class (ID = 65472)
5:07 PM: bm.class (ID = 65473)
5:07 PM: bn.class (ID = 59474)
5:07 PM: bo.class (ID = 59476)
5:07 PM: bp.class (ID = 59477)
5:07 PM: br.class (ID = 59481)
5:07 PM: bt.class (ID = 65475)
5:07 PM: bu.class (ID = 65476)
5:07 PM: bw.class (ID = 65478)
5:07 PM: bx.class (ID = 65479)
5:08 PM: bz.class (ID = 65481)
5:08 PM: ca.class (ID = 65483)
5:08 PM: cb.class (ID = 65484)
5:08 PM: cc.class (ID = 65485)
5:08 PM: ce.class (ID = 59509)
5:11 PM: class-barrel (ID = 78229)
5:12 PM: cf.class (ID = 65486)
5:12 PM: ch.class (ID = 65488)
5:12 PM: build2.exe (ID = 64311)
5:12 PM: Found Adware: 180search assistant/zango
5:12 PM: salmau.dat (ID = 93788)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: ceres.inf (ID = 83251)
5:12 PM: uninstall (ID = 64345)
5:12 PM: a.class (ID = 59443)
5:12 PM: wmv0204.ddx (ID = 57682)
5:12 PM: wmv0504.ddx (ID = 57682)
5:12 PM: wmv0904.ddx (ID = 57684)
5:12 PM: wmv0412.ddx (ID = 57682)
5:12 PM: wmv0106.ddx (ID = 57679)
5:12 PM: wmv0315.ddx (ID = 57682)
5:12 PM: wmv1204.ddx (ID = 57682)
5:12 PM: wmv1125.ddx (ID = 57685)
5:12 PM: wmv1909.ddx (ID = 57684)
5:12 PM: ba.class (ID = 65466)
5:12 PM: bd.class (ID = 65468)
5:12 PM: bj.class (ID = 65471)
5:12 PM: bq.class (ID = 59480)
5:12 PM: bs.class (ID = 65474)
5:12 PM: bv.class (ID = 65477)
5:12 PM: cg.class (ID = 65487)
5:12 PM: ci.class (ID = 65489)
5:12 PM: cm.class (ID = 65493)
5:12 PM: co.class (ID = 65495)
5:12 PM: cw.class (ID = 65499)
5:12 PM: cy.class (ID = 65501)
5:12 PM: dc.class (ID = 59561)
5:12 PM: dh.class (ID = 65506)
5:12 PM: dk.class (ID = 65508)
5:12 PM: du.class (ID = 59596)
5:13 PM: cashfiesta.lnk (ID = 52290)
5:13 PM: e.class (ID = 65516)
5:13 PM: eb.class (ID = 65518)
5:13 PM: ec.class (ID = 65519)
5:13 PM: g.class (ID = 65521)
5:13 PM: i.class (ID = 59665)
5:13 PM: j.class (ID = 59670)
5:13 PM: k.class (ID = 65522)
5:13 PM: m.class (ID = 59679)
5:13 PM: p.class (ID = 59689)
5:13 PM: q.class (ID = 59693)
5:13 PM: s.class (ID = 59698)
5:13 PM: t.class (ID = 59708)
5:13 PM: u.class (ID = 59715)
5:13 PM: v.class (ID = 59718)
5:13 PM: x.class (ID = 65545)
5:13 PM: File Sweep Complete, Elapsed Time: 00:22:34
5:13 PM: Full Sweep has completed. Elapsed time 00:23:55
5:13 PM: Traces Found: 161
********
8:27 PM: | Start of Session, Thursday, February 02, 2006 |
8:27 PM: Spy Sweeper started
8:27 PM: Sweep initiated using definitions version 556
8:27 PM: Starting Memory Sweep
8:28 PM: Memory Sweep Complete, Elapsed Time: 00:01:09
8:28 PM: Starting Registry Sweep
8:28 PM: Registry Sweep Complete, Elapsed Time:00:00:08
8:28 PM: Starting Cookie Sweep
8:28 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:28 PM: Starting File Sweep
8:29 PM: Found Adware: abetterinternet
8:29 PM: c:\windows\inst (ID = -2147480086)
8:29 PM: Found Adware: isearch desktop search
8:29 PM: c:\program files\mozilla firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de} (6 subtraces) (ID = -2147480808)
8:29 PM: Found Adware: delfin
8:29 PM: c:\windows\system32\nsvsvc (ID = -2147481119)
8:29 PM: c:\windows\system32\picsvr (ID = -2147481118)
8:29 PM: Found Adware: look2me
8:29 PM: appwrap[2].exe (ID = 65722)
8:29 PM: appwrap[4].exe (ID = 65739)
8:29 PM: appwrap[1].exe (ID = 65722)
8:29 PM: appwrap[2].exe (ID = 65739)
8:29 PM: vmstmp.exe (ID = 57817)
8:29 PM: Found Adware: cashfiesta
8:29 PM: procmod.dll (ID = 52293)
8:29 PM: removedisplayutility.exe (ID = 57780)
8:29 PM: appwrap[3].exe (ID = 65811)
8:30 PM: appwrap[5].exe (ID = 65739)
8:30 PM: Found Adware: limeshop
8:30 PM: cj.class (ID = 65490)
8:30 PM: ck.class (ID = 65491)
8:30 PM: cl.class (ID = 65492)
8:30 PM: cn.class (ID = 65494)
8:30 PM: Found Adware: ebates money maker
8:30 PM: cq.class (ID = 59535)
8:30 PM: cashbar.dll (ID = 52288)
8:31 PM: cashfiesta.exe (ID = 52289)
8:31 PM: dg.class (ID = 65505)
8:31 PM: ct.class (ID = 59541)
8:32 PM: cu.class (ID = 65497)
8:32 PM: cv.class (ID = 65498)
8:32 PM: cx.class (ID = 65500)
8:32 PM: cz.class (ID = 59552)
8:32 PM: d.class (ID = 59554)
8:32 PM: da.class (ID = 65502)
8:32 PM: db.class (ID = 59560)
8:32 PM: di.class (ID = 59572)
8:32 PM: dj.class (ID = 65507)
8:32 PM: dl.class (ID = 65509)
8:32 PM: dn.class (ID = 59585)
8:32 PM: dq.class (ID = 65510)
8:32 PM: dr.class (ID = 65511)
8:32 PM: appwrap[3].exe (ID = 65739)
8:32 PM: dv.class (ID = 65515)
8:32 PM: dw.class (ID = 59602)
8:32 PM: dy.class (ID = 59606)
8:32 PM: dz.class (ID = 59607)
8:32 PM: ea.class (ID = 65517)
8:32 PM: ed.class (ID = 65520)
8:32 PM: f.class (ID = 59661)
8:32 PM: h.class (ID = 59664)
8:32 PM: Found Adware: altnet
8:32 PM: __unin__.exe (ID = 49795)
8:33 PM: wmv1215.dbd (ID = 57687)
8:33 PM: wmv2007.dbd (ID = 57693)
8:33 PM: wmv1920.dbd (ID = 57692)
8:33 PM: cfshtie.dll (ID = 52291)
8:33 PM: impcfw.dll (ID = 52292)
8:33 PM: isearch.jar (ID = 64329)
8:34 PM: l.class (ID = 59674)
8:34 PM: main.class (ID = 65536)
8:34 PM: n.class (ID = 59688)
8:35 PM: Found Adware: targetsaver
8:35 PM: vocabulary (ID = 78283)
8:35 PM: bb.class (ID = 59450)
8:35 PM: by.class (ID = 65480)
8:35 PM: cd.class (ID = 59508)
8:35 PM: c.class (ID = 65482)
8:35 PM: cp.class (ID = 65496)
8:35 PM: cr.class (ID = 59536)
8:35 PM: cs.class (ID = 59538)
8:35 PM: de.class (ID = 59565)
8:35 PM: dd.class (ID = 65504)
8:35 PM: df.class (ID = 59566)
8:35 PM: dp.class (ID = 59587)
8:35 PM: ds.class (ID = 65512)
8:35 PM: y.class (ID = 59732)
8:35 PM: browsers.dls (ID = 59483)
8:35 PM: system.dls (ID = 59702)
8:35 PM: dt.class (ID = 65513)
8:35 PM: r.class (ID = 59695)
8:36 PM: w.class (ID = 59719)
8:36 PM: topmoxie_conflicts2.htm (ID = 59712)
8:36 PM: topmoxie_proxy.htm (ID = 59713)
8:36 PM: b.class (ID = 59447)
8:36 PM: bc.class (ID = 65467)
8:36 PM: be.class (ID = 59456)
8:36 PM: bf.class (ID = 59458)
8:36 PM: bg.class (ID = 65469)
8:36 PM: bh.class (ID = 59462)
8:36 PM: bi.class (ID = 65470)
8:36 PM: bk.class (ID = 59467)
8:36 PM: bl.class (ID = 65472)
8:36 PM: bm.class (ID = 65473)
8:36 PM: bn.class (ID = 59474)
8:36 PM: bo.class (ID = 59476)
8:36 PM: bp.class (ID = 59477)
8:36 PM: br.class (ID = 59481)
8:36 PM: bt.class (ID = 65475)
8:36 PM: bu.class (ID = 65476)
8:36 PM: bw.class (ID = 65478)
8:36 PM: bx.class (ID = 65479)
8:37 PM: bz.class (ID = 65481)
8:37 PM: ca.class (ID = 65483)
8:37 PM: cb.class (ID = 65484)
8:37 PM: cc.class (ID = 65485)
8:37 PM: ce.class (ID = 59509)
8:38 PM: class-barrel (ID = 78229)
8:38 PM: cf.class (ID = 65486)
8:38 PM: ch.class (ID = 65488)
8:38 PM: build2.exe (ID = 64311)
8:39 PM: Found Adware: 180search assistant/zango
8:39 PM: salmau.dat (ID = 93788)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: ceres.inf (ID = 83251)
8:39 PM: uninstall (ID = 64345)
8:39 PM: a.class (ID = 59443)
8:39 PM: wmv0204.ddx (ID = 57686)
8:39 PM: wmv0504.ddx (ID = 57686)
8:39 PM: wmv0904.ddx (ID = 57691)
8:39 PM: wmv0412.ddx (ID = 57686)
8:39 PM: wmv0106.ddx (ID = 57679)
8:39 PM: wmv0315.ddx (ID = 57686)
8:39 PM: wmv1204.ddx (ID = 57686)
8:39 PM: wmv1125.ddx (ID = 57685)
8:39 PM: wmv1909.ddx (ID = 57691)
8:39 PM: ba.class (ID = 65466)
8:39 PM: bd.class (ID = 65468)
8:39 PM: bj.class (ID = 65471)
8:39 PM: bq.class (ID = 59480)
8:39 PM: bs.class (ID = 65474)
8:39 PM: bv.class (ID = 65477)
8:39 PM: cg.class (ID = 65487)
8:39 PM: ci.class (ID = 65489)
8:39 PM: cm.class (ID = 65493)
8:39 PM: co.class (ID = 65495)
8:39 PM: cw.class (ID = 65499)
8:39 PM: cy.class (ID = 65501)
8:39 PM: dc.class (ID = 59561)
8:39 PM: dh.class (ID = 65506)
8:39 PM: dk.class (ID = 65508)
8:39 PM: du.class (ID = 59596)
8:39 PM: e.class (ID = 65516)
8:39 PM: eb.class (ID = 65518)
8:39 PM: ec.class (ID = 65519)
8:39 PM: g.class (ID = 65521)
8:39 PM: i.class (ID = 59665)
8:39 PM: j.class (ID = 59670)
8:39 PM: k.class (ID = 65522)
8:39 PM: m.class (ID = 59679)
8:39 PM: p.class (ID = 59689)
8:39 PM: q.class (ID = 59693)
8:39 PM: s.class (ID = 59698)
8:39 PM: t.class (ID = 59708)
8:39 PM: u.class (ID = 59715)
8:39 PM: v.class (ID = 59718)
8:39 PM: x.class (ID = 65545)
8:39 PM: cashfiesta.lnk (ID = 52290)
8:39 PM: File Sweep Complete, Elapsed Time: 00:10:38
8:39 PM: Full Sweep has completed. Elapsed time 00:12:03
8:39 PM: Traces Found: 160
9:13 PM: Warning: Driver not initialized
9:13 PM: Warning: Driver not initialized
9:13 PM: Warning: Driver not initialized
9:14 PM: Warning: Driver not initialized
9:14 PM: Warning: Driver not initialized
10:03 PM: Your spyware definitions have been updated.
10:11 PM: BHO Shield: found: -- BHO installation allowed at user request
10:13 PM: Processing Startup Alerts
10:13 PM: Allowed Startup entry: AIM
1:41 PM: Processing Startup Alerts
1:41 PM: Allowed Startup entry: srePostpone
10:12 PM: Your spyware definitions have been updated.
4:49 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 611
4:49 PM: | End of Session, Sunday, February 05, 2006 |
********
8:27 PM: | Start of Session, Thursday, February 02, 2006 |
8:27 PM: Spy Sweeper started
8:27 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 556
8:27 PM: | End of Session, Thursday, February 02, 2006 |





ANY help would be appreciated.

 

[Harvey]

From the number of malicious files you found, I'd guess this was one of your first scan sessions for malware. Your results are proof positive that one spyware remover is not enough. I use Ad-Aware and Spybot, and I'm considering adding HijackThis, as well.

I once read the manual for the human body. It says, there's supposed to be only one asshole issued for each human being. Viruses, spyware and spam are proof positive that someone's been over-producing. :|

I hope you finally got it all. Keep your shields up and your phasers set on kill.

 

[sacredfeminine81]

Hey Harvey,
I keep running Adaware and also downloaded the spy sweeper and spybot and microsoft one...all those together can't get rid of everything. It's freakin depressing cuz I'm no expert but I'm not a moron either. I even manually deleted some of the registry entries I knew to be spyware and the little bastards still keep coming. ARGH!!!

 

[LouPoir]

That's a bummer. I find you need to run AdAware and Spybot on a regular basis, at least weekly, or your screwed.

Looks like it may be time to reformat/reinstall -

Lou

 

[ChiBOY83]

It looks like you are running norton as well. I guarantee you put on a new scanner and you will find several virii having fun living in your system

 

[Gamer X]

1. format c:
2. install a fresh windows
3. install NOD 32
4. profit

 

[secretanchitman]

use ad-aware, microsoft antispyware, spybot, and hijackthis...and maybe even webroot too. that should definitely clear it up.

or follow the steps as gamer x said above me.

 

[mechBgon]

Here's my suggestion:

1) run LiveUpdate to update Symantec, and go through all the antivirus panels for both the real-time protection, and the on-demand-scan settings too. Max out every possible setting (heuristics, compressed-file scanning, optional types of threats like hack tools and spyware).

2) You already have Microsoft AntiSpyware beta. Update the signatures, but don't scan yet.

3) download and install Spybot Search & Destroy 1.4 from http://www.safer-networking.org. Update it, but don't scan yet. You're going to do the scans in Safe Mode later so stuff will have less chance to fight back.

4) download and install SpywareBlaster from http://www.javacoolsoftware.com, update it, and immunize.

4) download and unzip the manual scanner written up in this text file, and also get the scan.bat file mentioned there. Don't scan yet

5) you already have Webroot Spysweeper, so update it and don't scan yet.

6) download and run F-Secure's BlackLight Beta from http://www.f-secure.com/blacklight. This is a rootkit detection tool. If it finds rootkits, have it rename them.

Now take a deep breath, restart the system in Safe Mode, launch the McAfee scanner I wrote up, and then make pizza, because it's gonna take a while for these scans to complete.

Once the manual scanner has scanned to completion, its command-line box vanishes. Now stay in Safe Mode and run further scans with Symantec, with Microsoft AntiSpyware, with Webroot Spysweeper and with Spybot S&D (and immunize with Spybot too). Kill everything discovered by the tools, and then restart in normal Windows and see where you're at.

If it looks ok, now scan the system with Microsoft Baseline Security Analyzer (search Microsoft.com for "MBSA," it's free). Fix anything it dings you for.

Good luck Plan B is to do a fresh installation of Windows. If you do, make sure to take precautions against worm attack and in any event you should look into using a Limited user account to eliminate accidental spyware installation.

 

[WildHorse]

Hi, sacredfeminine81,

In addition to regular cleaning with your spywear cleaner (I use Lavasoft Ad-Aware, also paid for Search & Destroy but got rid of it) :

(1) Download the free "hosts" file from here.

It'll prevent most spy bots, etc. from getting into your computer to begin with.
It comes as a zip file.

(2) Since you have Windows SP2, extract the hosts zip file to:

C:\WINDOWS\system32\drivers\etc


(3) Bookmark the web page in #1 above. Check it approx. every 2 weeks for an updated hosts file. Whenever an update is released, repeat 1 and 2 above.

You will rarely, probably never, get any spywear again.

 

[John]

Adware, Spyware & Virus Removal Guide

 

[Swufabuda]

I noticed that you had the look2me adware in one of your scans.. I had the same thing. I can tell you now that none of the spyware scanners , adware scanners or antivirus scanners will get rid of that thing. So go to this site and post your problem you should get someone with knowledge about these things to help you. I did and that's the only way I got rid of it... Go here http://www.bleepingcomputer.com/

 

[Anubis]

even tho its not free Spyware Doctor is a pretty sweet progir, found and fixed the issues i was haveing with a comp when adaware+spubot+ various other things wouldent

 

[Fingolfin269]

Originally posted by: LouPoir
That's a bummer. I find you need to run AdAware and Spybot on a regular basis, at least weekly, or your screwed.

Looks like it may be time to reformat/reinstall -

Lou

I run a spyware scan about once a month, if that, and rarely find anything other than cookies. Then again I don't use Internet Explorer or download teh pr0n.