Spyware
Senior Member
True Car Nut
Joined: Jan 2005
Posts: 3,882
Likes: 2
From: Montevideo, MN MWBF '05, '06, '07 WCBF '06 '07 survivor
Originally Posted by lash
OK, what is "ms"? :?
anti spyware it'* called, free for now. pretty good, not ms'*, they bought it.
Senior Member
True Car Nut
Joined: Oct 2005
Posts: 7,030
Likes: 2
From: Central Florida
Originally Posted by sonoma_zr2
Originally Posted by lash
OK, what is "ms"? :?
You'll have to excuse my ignorance. I've always run antivirus software, but just recently started using adaware. Then I noticed that there was still soomething running in the backround and did the spyware check. So I also need the help.
Not trying to hijack, Lakeville...
Thread Starter
Senior Member
True Car Nut
Joined: Sep 2004
Posts: 9,130
Likes: 0
From: Farmington, Minnesota =MWBF '05 SURVIVOR= =CEBF '06 SURVIVOR= =August '06 COTM=
FunWebProducts: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-19\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-20\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-21-1085031214-963894560-839522115-1003\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-18\Software\Fun Web Products
plhive: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{8caa03a3-256c-5f6b-bf8c-99b47b21c16E}
plhive: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8754bdd3-32cg-57aa-c341-a358ccad70e6}
plhive: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8caa03a3-256c-5f6b-bf8c-99b47b21c16E}
plhive: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-21-1085031214-963894560-839522115-1003\Software\plive
plhive: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\plhive.DLL
plhive: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\plhive.Control
plhive: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\plhive.Control .1
plhive: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8754bdd 3-32cg-57aa-c341-a358ccad70e6}
plhive: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{8754bdd3-32cg-57aa-c341-a358ccad70e6}
plhive: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\plh
plhive: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\plh Plugin
plhive: Program directory (Directory, nothing done)
C:\Program Files\plh\
MediaMotor: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E841334-C0A7-48C6-9681-3FCD3B4E104B}
MediaMotor: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E295FDEA-B7A3-4C16-9204-CE01366D1845}
MediaMotor: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm83.ocx
MediaMotor: Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\mm83.ocx
MediaMotor: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}
MediaMotor: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}
MediaMotor: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}
Zeno: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Enhanced Ads by Zeno
Zeno: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Zeno Search Assistant
Zeno: Executable (File, nothing done)
C:\WINDOWS\system32\dwdsregt.exe
Zeno: Text file (File, nothing done)
C:\WINDOWS\system32\zxdnt3d.cfg
Zeno: Text file (File, nothing done)
C:\WINDOWS\system32\msnav32.ax
Zeno: Library (File, nothing done)
C:\WINDOWS\system32\nt68rrtc12.sys
MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_USERS\*-1-5-21-1085031214-963894560-839522115-1003\Software\MyWebSearch
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products
FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\FunWebProducts
MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
FastClick: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
TargetNet: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
Advertising.com: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
ValueClick: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
BFast: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-24 Includes\Cookies.sbi (*)
2006-03-24 Includes\Dialer.sbi (*)
2006-03-24 Includes\Hijackers.sbi (*)
2006-03-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-24 Includes\Malware.sbi (*)
2006-03-24 Includes\PUPS.sbi (*)
2006-03-24 Includes\Revision.sbi (*)
2006-03-24 Includes\Security.sbi (*)
2006-03-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-24 Includes\Trojans.sbi (*)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-19\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-20\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-21-1085031214-963894560-839522115-1003\Software\Fun Web Products
FunWebProducts: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-18\Software\Fun Web Products
plhive: Application ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{8caa03a3-256c-5f6b-bf8c-99b47b21c16E}
plhive: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{8754bdd3-32cg-57aa-c341-a358ccad70e6}
plhive: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{8caa03a3-256c-5f6b-bf8c-99b47b21c16E}
plhive: Settings (Registry key, nothing done)
HKEY_USERS\*-1-5-21-1085031214-963894560-839522115-1003\Software\plive
plhive: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\plhive.DLL
plhive: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\plhive.Control
plhive: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\plhive.Control .1
plhive: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8754bdd 3-32cg-57aa-c341-a358ccad70e6}
plhive: Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{8754bdd3-32cg-57aa-c341-a358ccad70e6}
plhive: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\plh
plhive: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\plh Plugin
plhive: Program directory (Directory, nothing done)
C:\Program Files\plh\
MediaMotor: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E841334-C0A7-48C6-9681-3FCD3B4E104B}
MediaMotor: Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{E295FDEA-B7A3-4C16-9204-CE01366D1845}
MediaMotor: Module usage (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm83.ocx
MediaMotor: Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\SharedDlls\C:\WINDOWS\Downloaded Program Files\mm83.ocx
MediaMotor: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}
MediaMotor: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}
MediaMotor: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}
Zeno: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Enhanced Ads by Zeno
Zeno: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Zeno Search Assistant
Zeno: Executable (File, nothing done)
C:\WINDOWS\system32\dwdsregt.exe
Zeno: Text file (File, nothing done)
C:\WINDOWS\system32\zxdnt3d.cfg
Zeno: Text file (File, nothing done)
C:\WINDOWS\system32\msnav32.ax
Zeno: Library (File, nothing done)
C:\WINDOWS\system32\nt68rrtc12.sys
MyWay.MyWebSearch: Browser helper object (Registry key, nothing done)
HKEY_USERS\*-1-5-21-1085031214-963894560-839522115-1003\Software\MyWebSearch
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
MyWay.MyWebSearch: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\MyWebSearch
Windows Security Center.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Fun Web Products
FunWeb: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\FunWebProducts
MyWebSearch: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
FastClick: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
TargetNet: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
Advertising.com: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
Avenue A, Inc.: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
ValueClick: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
BFast: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
WebTrends live: Tracking cookie (Internet Explorer: Nate) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-03-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-24 Includes\Cookies.sbi (*)
2006-03-24 Includes\Dialer.sbi (*)
2006-03-24 Includes\Hijackers.sbi (*)
2006-03-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-24 Includes\Malware.sbi (*)
2006-03-24 Includes\PUPS.sbi (*)
2006-03-24 Includes\Revision.sbi (*)
2006-03-24 Includes\Security.sbi (*)
2006-03-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-24 Includes\Trojans.sbi (*)
Senior Member
True Car Nut
Joined: Jan 2005
Posts: 3,882
Likes: 2
From: Montevideo, MN MWBF '05, '06, '07 WCBF '06 '07 survivor
Originally Posted by lash
Originally Posted by sonoma_zr2
Originally Posted by lash
OK, what is "ms"? :?
You'll have to excuse my ignorance. I've always run antivirus software, but just recently started using adaware. Then I noticed that there was still soomething running in the backround and did the spyware check. So I also need the help.
Not trying to hijack, Lakeville...
Senior Member
True Car Nut
Joined: Oct 2005
Posts: 7,030
Likes: 2
From: Central Florida
Originally Posted by sonoma_zr2
Originally Posted by lash
Originally Posted by sonoma_zr2
Originally Posted by lash
OK, what is "ms"? :?
You'll have to excuse my ignorance. I've always run antivirus software, but just recently started using adaware. Then I noticed that there was still soomething running in the backround and did the spyware check. So I also need the help.
Not trying to hijack, Lakeville...
Senior Member
True Car Nut
Joined: Jan 2005
Posts: 3,882
Likes: 2
From: Montevideo, MN MWBF '05, '06, '07 WCBF '06 '07 survivor
Originally Posted by bandit
wow, i would just reinstall windows, to make shure everything is gone...
Senior Member
Certified Car Nut
Joined: Jul 2003
Posts: 15,408
Likes: 1
From: Robbinsdale, MN
Originally Posted by lash
Originally Posted by sonoma_zr2
Originally Posted by lash
OK, what is "ms"? :?
You'll have to excuse my ignorance. I've always run antivirus software, but just recently started using adaware. Then I noticed that there was still soomething running in the backround and did the spyware check. So I also need the help.
Not trying to hijack, Lakeville...
Some anti-virus programs have a little anti-spyware built into them, but they aren't intended to remove all spyware. And an Anti-Spyware program will NOT remove viruses. Use the right tool for the job, dammit!! [/rant]
Thread Starter
Senior Member
True Car Nut
Joined: Sep 2004
Posts: 9,130
Likes: 0
From: Farmington, Minnesota =MWBF '05 SURVIVOR= =CEBF '06 SURVIVOR= =August '06 COTM=
Spybot got rid of a lot of **** I had, but I still have one process that'* running and I can't stop it, even when going into the startup blocker of Spybot and disabliing that registry key.