Bloodhound.W32.EP [CLOSED]
#16
Posted 22 August 2006 - 06:02 AM
#17
Posted 22 August 2006 - 06:44 AM
Or is there some problem with the regular mode?
Go ahead and delete Brute Force Uninstaller & alcanshorty.bfu.
-----
Please print these instructions out, or write them down, as you can't read them during the fix.
1. Please download The Avenger by Swandog46 to your Desktop.
- Click on Avenger.zip to open the file
- Extract Avenger.exe to your desktop.
Drivers to unload:
rdriv
iwm2fb89
nt68rrtc12
winpfg32
Files to delete:
C:\WINDOWS\iconu.exe
C:\WINDOWS\gryht.dll
C:\Program Files\powerscan_install.exe
C:\Program Files\SurfAccuracy
C:\WINDOWS\SYSTEM32\rdriv.sys
C:\WINDOWS\SYSTEM32\iwm2fb89.sys
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\SYSTEM32\wnsapisu.exe
C:\installerwnusnewer.exe
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\system32n9nyb.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\SYSTEM32\iwm2fb89.dll
C:\WINDOWS\sys011740985370-.exe
C:\WINDOWS\SYSTEM32\w00bd57a.dll
C:\Setup100.exe
C:\ac3_0003.exe
C:\803_104.exe
C:\WINDOWS\v1201.exe
C:\SS1001newer.exe
C:\fym9bvo.exe
C:\WINDOWS\SYSTEM32\ghynf.exe
C:\WINDOWS\SYSTEM32\n9nyb.exe
C:\WINDOWS\SYSTEM32\iqqr.exe
C:\WINDOWS\SYSTEM32\bez6n4r21.exe
C:\WINDOWS\SYSTEM32\xeymi.dll
C:\WINDOWS\SYSTEM32\winpfg32.sys
C:\WINDOWS\b.exe
C:\WINDOWS\SYSTEM32\nt68rrtc12.sys
C:\WINDOWS\SYSTEM32\cvn0.exe
C:\WINDOWS\SYSTEM32\attrib.dll
C:\WINDOWS\xload.exe
C:\WINDOWS\unt12B.pif
C:\WINDOWS\unt12B.bat
C:\WINDOWS\SYSTEM32\zqskw.exe
C:\WINDOWS\SYSTEM32\wfxqhv.exe
C:\WINDOWS\cghlpnp.exe
C:\bt.exe
C:\WINDOWS\win3208370-17409852006.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\SYSTEM32\taskmgr.dll
C:\WINDOWS\SYSTEM32\swinlqez.exe
C:\WINDOWS\SYSTEM32\swinlqag.exe
Folders to delete:
C:\Program Files\Osnmtph
C:\Program Files\PowerScan
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to the notepad file into this window
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- Restarts your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it briefly opens a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Edited by Rawe, 22 August 2006 - 06:45 AM.
#18
Posted 22 August 2006 - 07:24 AM
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vxwuocuc
*******************
Script file located at: \??\C:\Documents and Settings\lqldgbjf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver rdriv unloaded successfully.
Registry key \Registry\Machine\System\CurrentControlSet\Services\iwm2fb89 not found!
Unload of driver iwm2fb89 failed!
Could not process line:
iwm2fb89
Status: 0xc0000034
Registry key \Registry\Machine\System\CurrentControlSet\Services\nt68rrtc12 not found!
Unload of driver nt68rrtc12 failed!
Could not process line:
nt68rrtc12
Status: 0xc0000034
Registry key \Registry\Machine\System\CurrentControlSet\Services\winpfg32 not found!
Unload of driver winpfg32 failed!
Could not process line:
winpfg32
Status: 0xc0000034
File C:\WINDOWS\iconu.exe not found!
Deletion of file C:\WINDOWS\iconu.exe failed!
Could not process line:
C:\WINDOWS\iconu.exe
Status: 0xc0000034
File C:\WINDOWS\gryht.dll deleted successfully.
File C:\Program Files\powerscan_install.exe deleted successfully.
Error: C:\Program Files\SurfAccuracy is a folder, not a file!
Deletion of file C:\Program Files\SurfAccuracy failed!
Could not process line:
C:\Program Files\SurfAccuracy
Status: 0xc00000ba
File C:\WINDOWS\SYSTEM32\rdriv.sys deleted successfully.
File C:\WINDOWS\SYSTEM32\iwm2fb89.sys deleted successfully.
File C:\WINDOWS\RDFX4.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\wnsapisu.exe deleted successfully.
File C:\installerwnusnewer.exe not found!
Deletion of file C:\installerwnusnewer.exe failed!
Could not process line:
C:\installerwnusnewer.exe
Status: 0xc0000034
File C:\WINDOWS\system32ghynf.exe not found!
Deletion of file C:\WINDOWS\system32ghynf.exe failed!
Could not process line:
C:\WINDOWS\system32ghynf.exe
Status: 0xc0000034
File C:\WINDOWS\system32n9nyb.exe not found!
Deletion of file C:\WINDOWS\system32n9nyb.exe failed!
Could not process line:
C:\WINDOWS\system32n9nyb.exe
Status: 0xc0000034
File C:\WINDOWS\system32bez6n4r21.exe not found!
Deletion of file C:\WINDOWS\system32bez6n4r21.exe failed!
Could not process line:
C:\WINDOWS\system32bez6n4r21.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\iwm2fb89.dll deleted successfully.
File C:\WINDOWS\sys011740985370-.exe not found!
Deletion of file C:\WINDOWS\sys011740985370-.exe failed!
Could not process line:
C:\WINDOWS\sys011740985370-.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\w00bd57a.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\w00bd57a.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\w00bd57a.dll
Status: 0xc0000034
File C:\Setup100.exe deleted successfully.
File C:\ac3_0003.exe not found!
Deletion of file C:\ac3_0003.exe failed!
Could not process line:
C:\ac3_0003.exe
Status: 0xc0000034
File C:\803_104.exe not found!
Deletion of file C:\803_104.exe failed!
Could not process line:
C:\803_104.exe
Status: 0xc0000034
File C:\WINDOWS\v1201.exe not found!
Deletion of file C:\WINDOWS\v1201.exe failed!
Could not process line:
C:\WINDOWS\v1201.exe
Status: 0xc0000034
File C:\SS1001newer.exe not found!
Deletion of file C:\SS1001newer.exe failed!
Could not process line:
C:\SS1001newer.exe
Status: 0xc0000034
File C:\fym9bvo.exe not found!
Deletion of file C:\fym9bvo.exe failed!
Could not process line:
C:\fym9bvo.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\ghynf.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\ghynf.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\ghynf.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\n9nyb.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\n9nyb.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\n9nyb.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\iqqr.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\iqqr.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\iqqr.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\bez6n4r21.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\bez6n4r21.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\bez6n4r21.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\xeymi.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\xeymi.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\xeymi.dll
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\winpfg32.sys deleted successfully.
File C:\WINDOWS\b.exe not found!
Deletion of file C:\WINDOWS\b.exe failed!
Could not process line:
C:\WINDOWS\b.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\nt68rrtc12.sys deleted successfully.
File C:\WINDOWS\SYSTEM32\cvn0.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\cvn0.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\cvn0.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\attrib.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\attrib.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\attrib.dll
Status: 0xc0000034
File C:\WINDOWS\xload.exe not found!
Deletion of file C:\WINDOWS\xload.exe failed!
Could not process line:
C:\WINDOWS\xload.exe
Status: 0xc0000034
File C:\WINDOWS\unt12B.pif deleted successfully.
File C:\WINDOWS\unt12B.bat deleted successfully.
File C:\WINDOWS\SYSTEM32\zqskw.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\zqskw.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\zqskw.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\wfxqhv.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\wfxqhv.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\wfxqhv.exe
Status: 0xc0000034
File C:\WINDOWS\cghlpnp.exe not found!
Deletion of file C:\WINDOWS\cghlpnp.exe failed!
Could not process line:
C:\WINDOWS\cghlpnp.exe
Status: 0xc0000034
File C:\bt.exe not found!
Deletion of file C:\bt.exe failed!
Could not process line:
C:\bt.exe
Status: 0xc0000034
File C:\WINDOWS\win3208370-17409852006.exe not found!
Deletion of file C:\WINDOWS\win3208370-17409852006.exe failed!
Could not process line:
C:\WINDOWS\win3208370-17409852006.exe
Status: 0xc0000034
File C:\WINDOWS\uni_ehhhh.exe not found!
Deletion of file C:\WINDOWS\uni_ehhhh.exe failed!
Could not process line:
C:\WINDOWS\uni_ehhhh.exe
Status: 0xc0000034
File C:\WINDOWS\uninst104.exe not found!
Deletion of file C:\WINDOWS\uninst104.exe failed!
Could not process line:
C:\WINDOWS\uninst104.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\taskmgr.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\taskmgr.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\taskmgr.dll
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\swinlqez.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\swinlqez.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\swinlqez.exe
Status: 0xc0000034
File C:\WINDOWS\SYSTEM32\swinlqag.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\swinlqag.exe failed!
Could not process line:
C:\WINDOWS\SYSTEM32\swinlqag.exe
Status: 0xc0000034
Folder C:\Program Files\Osnmtph deleted successfully.
Folder C:\Program Files\PowerScan deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 08:23, on 06-08-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1111442460\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1111442460\ee\aolsoftware.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mailredirect.netscape.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ygjed.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,jbpinve.exe
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111442460\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - HKLM\..\Run: [Á²# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßÿLC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßñiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸß5æC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%å¯ßwÙC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iwm2fb89] RUNDLL32.EXE w00bd57a.dll,n 0032fb860000000300bd57a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PowerScan] C:\Program Files\PowerScan\PowerScan.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\swinlqex.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZBxdm046YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...oad/tgctlcm.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\sdktemp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
#19
Posted 22 August 2006 - 08:22 AM
Go ahead and delete Avenger. This will be a long step.
----
Please print these instructions out, or write them down, as you can't read them during the fix.
Please run a scan with HijackThis and check the following objects for removal:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ygjed.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,jbpinve.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - HKLM\..\Run: [Á²# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßÿLC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßñiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸß5æC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%å¯ßwÙC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [iwm2fb89] RUNDLL32.EXE w00bd57a.dll,n 0032fb860000000300bd57a
O4 - HKLM\..\Run: [PowerScan] C:\Program Files\PowerScan\PowerScan.exe
O4 - HKCU\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\swinlqex.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZBxdm046YYUS
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\sdktemp.exe
Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.
-----
- Open HiJackThis
- Click on the configure button on the bottom right
- Click on the tab "Misc Tools"
- Click on "Delete an NT service"
- Copy and paste this in: sdktemp
- Click "ok", then reboot
After reboot, go to Control Panel - Add/Remove Programs and uninstall this program from the list:
ViewPoint Manager
Next, please make sure you can see hidden files.
Now, navigate to and delete the following files & folders if present:
C:\WINDOWS\acedqmy.exe
C:\WINDOWS\sdktemp.exe
C:\Program Files\SurfAccuracy
C:\Program Files\Viewpoint
Empty recycle bin.
----
Once done........
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
- Double-click sspsetup1.exe to install it.
- Before installation it may ask you to check for program updates. Click YES.
Then finish installation leaving all the default options. - Once the program is installed, it will ask if you wish to reboot now choose YES.
- After reboot, open SpySweeper, by double-clicking the icon on your desktop.
- Click Options on the left side.
- Click the Sweep tab.
- Under Items to Sweep make sure the following are checked:
- Windows registry
- Memory objects
- Cookies
- Compressed Files
- System Restore Folder
- Under Other Options make sure the following are checked:
- Sweep all user accounts
- Enable Direct Disk Sweeping
- Sweep for rootkits
- Click the Sweep button on the left side.
- Click the Start Sweep button.
- When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
- It will quarantine all of the items found.
- Click View Session Log in the right corner above the box where the items are listed.
- Click Save to File and save it on your desktop.
- Exit SpySweeper.
- Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt) and let me know hows the system running NOW.
- NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
#20
Posted 22 August 2006 - 10:45 AM
#21
Posted 22 August 2006 - 11:12 AM
Here's some suggestions: http://www.anetforum...readIndex=28891
Someone said defraging would do it...
Go to Start Menu->All Programs->Accessories->System Tools->Disk Defragmenter
Click Analyze. It takes time to analyze, so be patient. When it says "you need to defrag this volume" proceed to to the next step.
Click Defragment. It also takes time to defrag, need more patience here.
You could either use Windows' own defragment software or then download PerfectDisk here (free trial) -- its better than Microsoft's one:
http://www.raxco.com.../perfectdisk2k/
Once you have defraged, run SpySweeper again and let me know how it works out. It might be an memory issue also.
#22
Posted 22 August 2006 - 11:24 AM
#23
Posted 22 August 2006 - 11:27 AM
#24
Posted 22 August 2006 - 11:32 AM
#25
Posted 22 August 2006 - 11:34 AM
#26
Posted 23 August 2006 - 06:29 AM
Edited by D.J. Juego, 23 August 2006 - 06:35 AM.
#27
Posted 23 August 2006 - 06:32 AM
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
07:07: Shield States
07:07: Spyware Definitions: 691
07:06: Spy Sweeper 5.0.5.1286 started
16:54: | End of Session, 06-08-22 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
16:51: Shield States
16:51: Spyware Definitions: 691
16:50: Spy Sweeper 5.0.5.1286 started
16:43: Spy Sweeper 5.0.5.1286 started
15:20: | End of Session, 06-08-22 |
15:19: Detected running threat: clkoptimizer
15:19: Memory Shield: Found: Memory-resident threat clkoptimizer, version 1.0.0.0
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
15:10: Shield States
15:10: Spyware Definitions: 691
15:09: Spy Sweeper 5.0.5.1286 started
14:17: | End of Session, 06-08-22 |
14:17: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
14:13: Shield States
14:13: Spyware Definitions: 691
14:13: Spy Sweeper 5.0.5.1286 started
12:12: Spy Sweeper 5.0.5.1286 started
12:07: Program Version 5.0.5.1286 Using Spyware Definitions 691
12:07: Spy Sweeper 5.0.5.1286 started
12:07: | Start of Session, 06-08-22 |
********
14:59: C:\Program Files\180Solutions\sais_gdf.dat (ID = 70571)
14:57: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0155861.exe (ID = 185254)
14:57: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0192467.exe (ID = 185254)
14:54: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259126.exe (ID = 269648)
14:53: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259626.dll (ID = 70439)
14:53: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259617.dll (ID = 293973)
14:53: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259619.dll (ID = 293975)
14:52: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259639.dll (ID = 159)
14:52: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257159.dll (ID = 90382)
14:52: Found Adware: winad
14:51: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP343\A0237154.exe (ID = 185254)
14:50: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0237065.exe (ID = 185254)
14:50: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0237121.exe (ID = 185254)
14:50: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0236067.exe (ID = 185254)
14:49: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0258954.exe (ID = 269648)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259071.exe (ID = 269648)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259203.exe (ID = 269648)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP331\A0221243.exe (ID = 185254)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259342.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259447.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP309\A0185208.exe (ID = 185254)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259216.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259166.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0153594.exe (ID = 185254)
14:47: C:\Documents and Settings\Ben\Desktop\backups\backup-20060822-095758-655.inf (ID = 74044)
14:46: c:\documents and settings\pam\local settings\temporary internet files\content.ie5\qijkl95o\sfexd001[1].htm (ID = 158779)
14:46: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259645.exe (ID = 294)
14:46: Found Adware: zenosearchassistant
14:46: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP290\A0150365.exe (ID = 185254)
14:45: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259656.dll (ID = 208226)
14:44: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0258982.exe (ID = 269648)
14:44: Found Trojan Horse: rbot
14:44: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259610.exe (ID = 296016)
14:44: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0258915.dll (ID = 268933)
14:43: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257293.vbs (ID = 231442)
14:43: Found Adware: command
14:42: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259620.dll (ID = 293976)
14:42: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\bjwxat6f\appwrap[1].exe (ID = 65721)
14:41: c:\documents and settings\bill\local settings\temp\uninstall.exe (ID = 72675)
14:41: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\qj25e76t\tsupdate2[2].ini (ID = 193498)
14:41: c:\documents and settings\pam\start menu\programs\power scan\power scan.lnk (ID = 72676)
14:40: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259612.exe (ID = 296018)
14:40: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\udgfkzox\appwrap[1].exe (ID = 65722)
14:40: Found Adware: look2me
14:40: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\ozkz2luh\stub_113_4_0_4_0[1].exe (ID = 193995)
14:40: Found Adware: targetsaver
14:40: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP351\A0262776.exe (ID = 290920)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259613.exe (ID = 296018)
14:39: c:\documents and settings\bill\local settings\temp\mndcntas.tmp (ID = 246193)
14:39: Found Adware: safesearch
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259611.exe (ID = 296016)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259672.exe (ID = 296017)
14:39: Found Adware: forethought
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257284.exe (ID = 290920)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259606.exe (ID = 64496)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257285.exe (ID = 273586)
14:39: Found Adware: zquest
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259594.exe (ID = 215896)
14:38: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259621.exe (ID = 294100)
14:38: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259622.exe (ID = 294169)
14:37: c:\documents and settings\pam\application data\starware (51 subtraces) (ID = 2147487071)
14:37: C:\WINDOWS\zAbstract (7 subtraces) (ID = 2147518024)
14:37: C:\Program Files\SurfAccuracy (12 subtraces) (ID = 2147489030)
14:37: Found Adware: ist surf accuracy
14:37: C:\Program Files\Common Files\WinSoftware (1 subtraces) (ID = 2147490614)
14:37: c:\documents and settings\pam\start menu\programs\power scan (1 subtraces) (ID = 2147486834)
14:37: C:\Program Files\180Solutions (5 subtraces) (ID = 2147486728)
14:36: Starting File Sweep
14:36: Warning: Failed to access drive A:
14:36: Cookie Sweep Complete, Elapsed Time: 00:00:19
14:36: c:\documents and settings\localservice\cookies\system@realmedia[1].txt (ID = 3235)
14:36: c:\documents and settings\localservice\cookies\system@dealtime[1].txt (ID = 2505)
14:36: Found Spy Cookie: dealtime cookie
14:36: c:\documents and settings\pam\cookies\pam@zenotecnico[2].txt (ID = 3858)
14:36: c:\documents and settings\pam\cookies\pam@zedo[1].txt (ID = 3762)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2142)
14:36: c:\documents and settings\pam\cookies\pam@xxxtoolbar[2].txt (ID = 3739)
14:36: Found Spy Cookie: xxxtoolbar cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2689)
14:36: Found Spy Cookie: franklinsurveys cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3474)
14:36: Found Spy Cookie: surveys cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3466)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3374)
14:36: Found Spy Cookie: sidefind cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3368)
14:36: Found Spy Cookie: shop@home cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3312)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3298)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2991)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3707)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2020)
14:36: c:\documents and settings\pam\cookies\pam@tribalfusion[2].txt (ID = 3589)
14:36: c:\documents and settings\pam\cookies\pam@trafficmp[1].txt (ID = 3581)
14:36: c:\documents and settings\pam\cookies\pam@tradedoubler[2].txt (ID = 3575)
14:36: Found Spy Cookie: tradedoubler cookie
14:36: c:\documents and settings\pam\cookies\pam@tracking[1].txt (ID = 3571)
14:36: Found Spy Cookie: tracking cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3358)
14:36: Found Spy Cookie: sexsearch cookie
14:36: c:\documents and settings\pam\cookies\pam@tacoda[1].txt (ID = 6444)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3667)
14:36: Found Spy Cookie: webtrendslive cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3254)
14:36: Found Spy Cookie: reliablestats cookie
14:36: c:\documents and settings\pam\cookies\pam@stats-tracking[1].txt (ID = 3453)
14:36: Found Spy Cookie: statstracking cookie
14:36: c:\documents and settings\pam\cookies\pam@statcounter[1].txt (ID = 3447)
14:36: c:\documents and settings\pam\cookies\pam@specificclick[1].txt (ID = 3399)
14:36: Found Spy Cookie: specificclick.com cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2528)
14:36: c:\documents and settings\pam\cookies\pam@sextracker[1].txt (ID = 3361)
14:36: c:\documents and settings\pam\cookies\pam@serving-sys[2].txt (ID = 3343)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3341)
14:36: c:\documents and settings\pam\cookies\pam@searchadnetwork[2].txt (ID = 3311)
14:36: Found Spy Cookie: searchadnetwork cookie
14:36: c:\documents and settings\pam\cookies\pam@rn11[2].txt (ID = 3261)
14:36: c:\documents and settings\pam\cookies\pam@rightmedia[1].txt (ID = 3259)
14:36: Found Spy Cookie: rightmedia cookie
14:36: c:\documents and settings\pam\cookies\pam@revenue[1].txt (ID = 3257)
14:36: c:\documents and settings\pam\cookies\pam@reunion[1].txt (ID = 3255)
14:36: Found Spy Cookie: reunion cookie
14:36: c:\documents and settings\pam\cookies\pam@realmedia[2].txt (ID = 3235)
14:36: c:\documents and settings\pam\cookies\pam@questionmarket[1].txt (ID = 3217)
14:36: c:\documents and settings\pam\cookies\pam@qsrch[1].txt (ID = 3215)
14:36: Found Spy Cookie: qsrch cookie
14:36: c:\documents and settings\pam\cookies\pam@qksrv[1].txt (ID = 3213)
14:36: Found Spy Cookie: qksrv cookie
14:36: c:\documents and settings\pam\cookies\pam@pro-market[2].txt (ID = 3197)
14:36: Found Spy Cookie: pro-market cookie
14:36: c:\documents and settings\pam\cookies\pam@pricegrabber[1].txt (ID = 3185)
14:36: Found Spy Cookie: pricegrabber cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3106)
14:36: c:\documents and settings\pam\cookies\pam@partypoker[1].txt (ID = 3111)
14:36: c:\documents and settings\pam\cookies\pam@overture[2].txt (ID = 3105)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2528)
14:36: Found Spy Cookie: directtrack cookie
14:36: c:\documents and settings\pam\cookies\pam@nextag[1].txt (ID = 5014)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2235)
14:36: c:\documents and settings\pam\cookies\pam@mywebsearch[2].txt (ID = 3051)
14:36: c:\documents and settings\pam\cookies\pam@metareward[1].txt (ID = 2990)
14:36: Found Spy Cookie: metareward.com cookie
14:36: c:\documents and settings\pam\cookies\pam@mediaplex[1].txt (ID = 6442)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3072)
14:36: Found Spy Cookie: netster cookie
14:36: c:\documents and settings\pam\cookies\pam@kmpads[2].txt (ID = 2909)
14:36: Found Spy Cookie: kmpads cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3288)
14:36: Found Spy Cookie: sb01 cookie
14:36: c:\documents and settings\pam\cookies\pam@ic-live[1].txt (ID = 2821)
14:36: Found Spy Cookie: ic-live cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3298)
14:36: c:\documents and settings\pam\cookies\pam@go2net[1].txt (ID = 2730)
14:36: Found Spy Cookie: go2net.com cookie
14:36: c:\documents and settings\pam\cookies\pam@fastclick[1].txt (ID = 2651)
14:36: c:\documents and settings\pam\cookies\pam@exitexchange[1].txt (ID = 2633)
14:36: c:\documents and settings\pam\cookies\pam@euniverseads[1].txt (ID = 2629)
14:36: Found Spy Cookie: euniverseads cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3269)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2293)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2472)
14:36: Found Spy Cookie: coremetrics cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3362)
14:36: Found Spy Cookie: sextracker cookie
14:36: c:\documents and settings\pam\cookies\pam@coolsavings[2].txt (ID = 2465)
14:36: Found Spy Cookie: coolsavings cookie
14:36: c:\documents and settings\pam\cookies\pam@clickbank[1].txt (ID = 2398)
14:36: Found Spy Cookie: clickbank cookie
14:36: c:\documents and settings\pam\cookies\pam@clickagents[1].txt (ID = 2394)
14:36: Found Spy Cookie: clickagents cookie
14:36: c:\documents and settings\pam\cookies\pam@centrport[2].txt (ID = 2374)
14:36: Found Spy Cookie: centrport net cookie
14:36: c:\documents and settings\pam\cookies\pam@cassava[1].txt (ID = 2362)
14:36: c:\documents and settings\pam\cookies\pam@casalemedia[1].txt (ID = 2354)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3763)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2614)
14:36: Found Spy Cookie: enhance cookie
14:36: c:\documents and settings\pam\cookies\pam@bluestreak[1].txt (ID = 2314)
14:36: c:\documents and settings\pam\cookies\pam@bizrate[2].txt (ID = 2308)
14:36: Found Spy Cookie: bizrate cookie
14:36: c:\documents and settings\pam\cookies\pam@belnk[2].txt (ID = 2292)
14:36: c:\documents and settings\pam\cookies\pam@banner[1].txt (ID = 2276)
14:36: c:\documents and settings\pam\cookies\pam@azjmp[2].txt (ID = 2270)
14:36: Found Spy Cookie: azjmp cookie
14:36: c:\documents and settings\pam\cookies\pam@atwola[2].txt (ID = 2255)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2293)
14:36: c:\documents and settings\pam\cookies\pam@atdmt[1].txt (ID = 2253)
14:36: c:\documents and settings\pam\cookies\pam@ask[1].txt (ID = 2245)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2650)
14:36: c:\documents and settings\pam\cookies\pam@aptimus[2].txt (ID = 2233)
14:36: Found Spy Cookie: aptimus cookie
14:36: c:\documents and settings\pam\cookies\pam@apmebf[1].txt (ID = 2229)
14:36: c:\documents and settings\pam\cookies\pam@advertising[1].txt (ID = 2175)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3148)
14:36: Found Spy Cookie: pointroll cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2108)
14:36: Found Spy Cookie: ads.adsag cookie
14:36: c:\documents and settings\pam\cookies\pam@adrevolver[3].txt (ID = 2088)
14:36: c:\documents and settings\pam\cookies\pam@adrevolver[1].txt (ID = 2088)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 4207)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2768)
14:36: c:\documents and settings\pam\cookies\pam@adknowledge[2].txt (ID = 2072)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3751)
14:36: c:\documents and settings\pam\cookies\pam@ad-logics[1].txt (ID = 2049)
14:36: Found Spy Cookie: ad-logics cookie
14:36: c:\documents and settings\pam\cookies\pam@about[1].txt (ID = 2037)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3665)
14:36: c:\documents and settings\pam\cookies\pam@888[2].txt (ID = 2019)
14:36: c:\documents and settings\pam\cookies\pam@888[1].txt (ID = 2019)
14:36: c:\documents and settings\pam\cookies\pam@80503492[2].txt (ID = 2013)
14:36: c:\documents and settings\pam\cookies\pam@2o7[1].txt (ID = 1957)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 1958)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3190)
14:36: Found Spy Cookie: primaryads cookie
14:36: c:\documents and settings\bill\cookies\bill@zedo[2].txt (ID = 3762)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2142)
14:36: Found Spy Cookie: adserver cookie
14:36: c:\documents and settings\bill\cookies\bill@yieldmanager[2].txt (ID = 3749)
14:36: c:\documents and settings\bill\cookies\bill@xiti[1].txt (ID = 3717)
14:36: Found Spy Cookie: xiti cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 3466)
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 3462)
14:36: Found Spy Cookie: stlyrics cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2735)
14:36: c:\documents and settings\bill\cookies\bill@tribalfusion[2].txt (ID = 3589)
14:36: Found Spy Cookie: tribalfusion cookie
14:36: c:\documents and settings\bill\cookies\bill@trafficmp[1].txt (ID = 3581)
14:36: Found Spy Cookie: trafficmp cookie
14:36: c:\documents and settings\bill\cookies\bill@statcounter[2].txt (ID = 3447)
14:36: c:\documents and settings\bill\cookies\bill@serving-sys[2].txt (ID = 3343)
14:36: Found Spy Cookie: serving-sys cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3341)
14:36: Found Spy Cookie: server.iad.liveperson cookie
14:36: c:\documents and settings\bill\cookies\bill@revenue[1].txt (ID = 3257)
14:36: Found Spy Cookie: revenue.net cookie
14:36: c:\documents and settings\bill\cookies\bill@realmedia[2].txt (ID = 3235)
14:36: c:\documents and settings\bill\cookies\bill@questionmarket[1].txt (ID = 3217)
14:36: Found Spy Cookie: questionmarket cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3106)
14:36: c:\documents and settings\bill\cookies\bill@partypoker[2].txt (ID = 3111)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 1958)
14:36: c:\documents and settings\bill\cookies\bill@overture[1].txt (ID = 3105)
14:36: c:\documents and settings\bill\cookies\bill@nextag[1].txt (ID = 5014)
14:36: c:\documents and settings\bill\cookies\bill@mediaplex[1].txt (ID = 6442)
14:36: Found Spy Cookie: mediaplex cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2652)
14:36: c:\documents and settings\bill\cookies\bill@maxserving[2].txt (ID = 2966)
14:36: Found Spy Cookie: maxserving cookie
14:36: c:\documents and settings\bill\cookies\bill@linksynergy[1].txt (ID = 2926)
14:36: Found Spy Cookie: linksynergy cookie
14:36: c:\documents and settings\bill\cookies\bill@goldenpalace[1].txt (ID = 2734)
14:36: c:\documents and settings\bill\cookies\bill@fastclick[2].txt (ID = 2651)
14:36: c:\documents and settings\bill\cookies\bill@exitexchange[1].txt (ID = 2633)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3269)
14:36: Found Spy Cookie: ru4 cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 2293)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3106)
14:36: Found Spy Cookie: overture cookie
14:36: c:\documents and settings\bill\cookies\bill@ccbill[1].txt (ID = 2369)
14:36: Found Spy Cookie: ccbill cookie
14:36: c:\documents and settings\bill\cookies\bill@cassava[1].txt (ID = 2362)
14:36: c:\documents and settings\bill\cookies\bill@casalemedia[1].txt (ID = 2354)
14:36: Found Spy Cookie: casalemedia cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 3763)
14:36: c:\documents and settings\bill\cookies\bill@bravenet[1].txt (ID = 2322)
14:36: Found Spy Cookie: bravenet cookie
14:36: c:\documents and settings\bill\cookies\bill@bluestreak[2].txt (ID = 2314)
14:36: Found Spy Cookie: bluestreak cookie
14:36: c:\documents and settings\bill\cookies\bill@belnk[1].txt (ID = 2292)
14:36: Found Spy Cookie: belnk cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 2735)
14:36: Found Spy Cookie: goldenpalace cookie
14:36: c:\documents and settings\bill\cookies\bill@atwola[1].txt (ID = 2255)
14:36: c:\documents and settings\bill\cookies\bill@atdmt[2].txt (ID = 2253)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2650)
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 2650)
14:36: Found Spy Cookie: falkag cookie
14:36: c:\documents and settings\bill\cookies\bill@alt[2].txt (ID = 2217)
14:36: Found Spy Cookie: alt cookie
14:36: c:\documents and settings\bill\cookies\bill@advertising[2].txt (ID = 2175)
14:36: c:\documents and settings\bill\cookies\bill@adultfriendfinder[2].txt (ID = 2165)
14:36: Found Spy Cookie: adultfriendfinder cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2062)
14:36: Found Spy Cookie: addynamix cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 5015)
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 4207)
14:36: Found Spy Cookie: hotbar cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2768)
14:36: c:\documents and settings\bill\cookies\bill@adknowledge[2].txt (ID = 2072)
14:36: c:\documents and settings\bill\cookies\bill@adecn[2].txt (ID = 2063)
14:36: Found Spy Cookie: adecn cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3751)
14:36: c:\documents and settings\bill\cookies\bill@888[1].txt (ID = 2019)
14:36: c:\documents and settings\bill\cookies\bill@80503492[1].txt (ID = 2013)
14:36: c:\documents and settings\bill\cookies\bill@2o7[2].txt (ID = 1957)
14:36: c:\documents and settings\ben\cookies\ben@zenotecnico[1].txt (ID = 3858)
14:36: Found Spy Cookie: zenotecnico cookie
14:36: c:\documents and settings\ben\cookies\ben@zedo[2].txt (ID = 3762)
14:36: Found Spy Cookie: zedo cookie
14:36: c:\documents and settings\ben\cookies\ben@yieldmanager[2].txt (ID = 3749)
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3332)
14:36: Found Spy Cookie: seeq cookie
14:36: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 3466)
14:36: Found Spy Cookie: stopzilla cookie
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3707)
14:36: Found Spy Cookie: www.maxifiles cookie
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2020)
14:36: c:\documents and settings\ben\cookies\ben@videodome[2].txt (ID = 3638)
14:36: Found Spy Cookie: videodome cookie
14:36: c:\documents and settings\ben\cookies\ben@tripod[1].txt (ID = 3591)
14:36: Found Spy Cookie: tripod cookie
14:36: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 2038)
14:36: c:\documents and settings\ben\cookies\ben@tacoda[1].txt (ID = 6444)
14:36: Found Spy Cookie: tacoda cookie
14:36: c:\documents and settings\ben\cookies\ben@statcounter[1].txt (ID = 3447)
14:36: Found Spy Cookie: statcounter cookie
14:36: c:\documents and settings\ben\cookies\ben@rn11[2].txt (ID = 3261)
14:36: Found Spy Cookie: rn11 cookie
14:36: c:\documents and settings\ben\cookies\ben@realmedia[1].txt (ID = 3235)
14:36: Found Spy Cookie: realmedia cookie
14:36: c:\documents and settings\ben\cookies\ben@partypoker[2].txt (ID = 3111)
14:36: Found Spy Cookie: partypoker cookie
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 1958)
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2038)
14:36: c:\documents and settings\ben\cookies\ben@nextag[1].txt (ID = 5014)
14:36: Found Spy Cookie: nextag cookie
14:36: c:\documents and settings\ben\cookies\ben@mywebsearch[1].txt (ID = 3051)
14:36: Found Spy Cookie: mywebsearch cookie
14:36: c:\documents and settings\ben\cookies\ben@monstermarketplace[1].txt (ID = 3006)
14:36: Found Spy Cookie: monstermarketplace cookie
14:36: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 2397)
14:36: Found Spy Cookie: clickandtrack cookie
14:36: c:\documents and settings\ben\cookies\ben@gamespy[1].txt (ID = 2719)
14:36: Found Spy Cookie: gamespy cookie
14:35: c:\documents and settings\ben\cookies\ben@fastclick[2].txt (ID = 2651)
14:35: Found Spy Cookie: fastclick cookie
14:35: c:\documents and settings\ben\cookies\ben@exitexchange[2].txt (ID = 2633)
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2634)
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2634)
14:35: Found Spy Cookie: exitexchange cookie
14:35: c:\documents and settings\ben\cookies\ben@cassava[1].txt (ID = 2362)
14:35: Found Spy Cookie: cassava cookie
14:35: c:\documents and settings\ben\cookies\ben@banner[1].txt (ID = 2276)
14:35: Found Spy Cookie: banner cookie
14:35: c:\documents and settings\ben\cookies\ben@atwola[2].txt (ID = 2255)
14:35: c:\documents and settings\ben\cookies\ben@atdmt[2].txt (ID = 2253)
14:35: Found Spy Cookie: atlas dmt cookie
14:35: c:\documents and settings\ben\cookies\ben@ask[2].txt (ID = 2245)
14:35: Found Spy Cookie: ask cookie
14:35: c:\documents and settings\ben\cookies\ben@apmebf[1].txt (ID = 2229)
14:35: Found Spy Cookie: apmebf cookie
14:35: c:\documents and settings\ben\cookies\ben@advertising[2].txt (ID = 2175)
14:35: Found Spy Cookie: advertising cookie
14:35: c:\documents and settings\ben\cookies\ben@adrevolver[2].txt (ID = 2088)
14:35: c:\documents and settings\ben\cookies\ben@adrevolver[1].txt (ID = 2088)
14:35: Found Spy Cookie: adrevolver cookie
14:35: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 2768)
14:35: Found Spy Cookie: hbmediapro cookie
14:35: c:\documents and settings\ben\cookies\ben@adknowledge[1].txt (ID = 2072)
14:35: Found Spy Cookie: adknowledge cookie
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3751)
14:35: Found Spy Cookie: yieldmanager cookie
14:35: c:\documents and settings\ben\cookies\ben@about[2].txt (ID = 2037)
14:35: Found Spy Cookie: about cookie
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3665)
14:35: Found Spy Cookie: websponsors cookie
14:35: c:\documents and settings\ben\cookies\ben@888[2].txt (ID = 2019)
14:35: c:\documents and settings\ben\cookies\ben@888[1].txt (ID = 2019)
14:35: Found Spy Cookie: 888 cookie
14:35: c:\documents and settings\ben\cookies\ben@80503492[1].txt (ID = 2013)
14:35: Found Spy Cookie: 80503492 cookie
14:35: c:\documents and settings\ben\cookies\ben@2o7[1].txt (ID = 1957)
14:35: Found Spy Cookie: 2o7.net cookie
14:35: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3298)
14:35: c:\documents and settings\guest\cookies\guest@infospace[2].txt (ID = 2865)
14:35: Found Spy Cookie: infospace cookie
14:35: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
14:35: Found Spy Cookie: screensavers.com cookie
14:35: c:\documents and settings\guest\cookies\guest@atwola[2].txt (ID = 2255)
14:35: Found Spy Cookie: atwola cookie
14:35: Starting Cookie Sweep
14:35: Registry Sweep Complete, Elapsed Time:00:02:16
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 1021025)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\system\sysuid\ (ID = 731748)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\ole\ || p2pnetwork (ID = 359374)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\zanu\ (ID = 147923)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\surfsidekick3\ (ID = 143412)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\starware\ (ID = 142866)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\powerscan\ (ID = 136823)
14:35: Found Adware: ist powerscan
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\salm\ (ID = 135792)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\sais\ (ID = 135790)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\180ax\ (ID = 135615)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\ist\ (ID = 129108)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\avenue media\ (ID = 128887)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 1021025)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\director\ || baseurl (ID = 980277)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\system\sysuid\ (ID = 731748)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\ole\ || p2pnetwork (ID = 359374)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\surfsidekick3\ (ID = 143412)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\180ax\ (ID = 135615)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\xbtb07618\ (ID = 134858)
14:35: Found Adware: maxifiles
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\ist\ (ID = 129108)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\hotbar\ (ID = 127565)
14:35: Found Adware: hotbar
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || start page (ID = 125239)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || search page (ID = 125238)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\system\sysuid\ (ID = 731748)
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
14:35: Found Adware: findthewebsiteyouneed hijack
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\zanu\ (ID = 147923)
14:35: Found Adware: 180search assistant/zango
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
14:35: Found Adware: starware toolbar
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 818746)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\microsoft\ole\ || p2pnetwork (ID = 359374)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
14:35: Found Trojan Horse: p2pnetwork
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\ist\ (ID = 129108)
14:35: Found Adware: ist software
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\avenue media\ (ID = 128887)
14:35: HKLM\software\classes\typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}\ (ID = 1347971)
14:35: HKLM\software\classes\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347961)
14:35: HKLM\software\classes\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347946)
14:35: HKLM\software\classes\cfg32s.search.1\ (ID = 1347940)
14:35: HKLM\software\classes\cfg32s.search\ (ID = 1347934)
14:35: HKLM\software\classes\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347932)
14:35: HKLM\software\classes\appid\cfg32s.dll\ (ID = 1347930)
14:35: HKCR\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347910)
14:35: HKCR\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347895)
14:35: HKCR\cfg32s.search.1\ (ID = 1347889)
14:35: HKCR\cfg32s.search\ (ID = 1347883)
14:35: HKCR\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347881)
14:35: HKCR\appid\cfg32s.dll\ (ID = 1347879)
14:35: HKLM\software\classes\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347529)
14:35: HKLM\software\classes\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347516)
14:35: HKLM\software\classes\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347514)
14:35: HKLM\software\classes\appid\scaggy.dll\ (ID = 1347512)
14:35: HKLM\software\classes\scaggy.insert.1\ (ID = 1347508)
14:35: HKLM\software\classes\scaggy.insert\ (ID = 1347502)
14:35: HKLM\software\zabstract\ (ID = 1347479)
14:35: HKCR\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347459)
14:35: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347446)
14:35: HKCR\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347444)
14:35: HKCR\appid\scaggy.dll\ (ID = 1347442)
14:35: HKCR\scaggy.insert.1\ (ID = 1347438)
14:35: HKCR\scaggy.insert\ (ID = 1347432)
14:34: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (ID = 1066860)
14:34: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
14:34: HKLM\software\classes\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (ID = 1055323)
14:34: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055293)
14:34: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055291)
14:34: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1\ (ID = 1055285)
14:34: HKCR\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (ID = 1055268)
14:34: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055250)
14:34: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055248)
14:34: HKCR\mirar_dummy_ats.mirar_dummy_ats1\ (ID = 1055242)
14:34: HKLM\software\classes\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (ID = 970986)
14:34: HKLM\software\classes\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (ID = 970909)
14:34: HKLM\software\classes\uwfxpcheck.uwfxpcheck\ (ID = 970714)
14:34: HKLM\software\classes\uwfxpcheck.uwfxpcheck.1\ (ID = 970710)
14:34: HKCR\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (ID = 970551)
14:34: HKCR\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (ID = 970474)
14:34: HKCR\uwfxpcheck.uwfxpcheck\ (ID = 970286)
14:34: HKCR\uwfxpcheck.uwfxpcheck.1\ (ID = 970282)
14:34: Found Adware: winantispyware 2005
14:34: HKLM\software\system\sysold\ (ID = 926808)
14:34: Found Adware: enbrowser
14:34: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\ (ID = 746549)
14:34: HKCR\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (ID = 713029)
14:34: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (ID = 141785)
14:34: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (ID = 141784)
14:34: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (ID = 141776)
14:34: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (ID = 141775)
14:34: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (ID = 141773)
14:34: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (ID = 141772)
14:34: HKLM\software\classes\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141771)
14:34: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141770)
14:34: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (ID = 141766)
14:34: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (ID = 141765)
14:34: HKCR\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141764)
14:34: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141763)
14:34: Found Adware: ist sidefind
14:34: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140575)
14:34: HKLM\software\screensavers.com\ (ID = 140569)
14:34: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140565)
14:34: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (ID = 140559)
14:34: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (ID = 140558)
14:34: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (ID = 140557)
14:34: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140556)
14:34: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140555)
14:34: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (ID = 140554)
14:34: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (ID = 140553)
14:34: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (ID = 140552)
14:34: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140551)
14:34: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140550)
14:34: Found Adware: screensavers
14:34: HKCR\typelib\{78a163d2-2358-464d-807b-0e2a078c7727}\ (ID = 140221)
14:34: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mm21.ocx (ID = 140201)
14:34: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx\ (ID = 140172)
14:34: HKLM\software\classes\interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}\ (ID = 140113)
14:34: HKLM\software\classes\interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}\ (ID = 140104)
14:34: HKCR\interface\{e832ffde-8ed2-47b7-be50-729a238040a0}\ (ID = 140065)
14:34: HKCR\interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}\ (ID = 140061)
14:34: HKCR\interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}\ (ID = 140054)
14:34: HKCR\interface\{64a5bd22-8d8a-4193-9cf8-7db5212abb17}\ (ID = 140051)
14:34: HKCR\interface\{9f61cfdf-5c79-4d35-b4da-766b28367223}\ (ID = 140046)
14:34: HKCR\interface\{3e4bcf50-865b-4ef4-a0bc-bf57229ea525}\ (ID = 140042)
14:34: Found Adware: elitemediagroup-mediamotor
14:34: HKLM\software\classes\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 136863)
14:34: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (ID = 135216)
14:34: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (ID = 135185)
14:34: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (ID = 135171)
14:34: Found Adware: moneytree
14:34: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135122)
14:34: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135121)
14:34: HKLM\software\microsoft\windows\currentversion\uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135119)
14:34: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135093)
14:34: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135092)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (ID = 135091)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (ID = 135090)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (ID = 135089)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (ID = 135088)
14:34: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135085)
14:34: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135084)
14:34: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135083)
14:34: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135082)
14:34: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135079)
14:34: HKLM\software\classes\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135078)
14:34: HKLM\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135077)
14:34: HKCR\nn_bar_dummy.nn_bardummy\ (ID = 135076)
14:34: HKCR\nn_bar_dummy.nn_bardummy.1\ (ID = 135075)
14:34: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135072)
14:34: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135071)
14:34: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135070)
14:34: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135069)
14:34: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135066)
14:34: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135065)
14:34: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135064)
14:34: HKCR\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (ID = 129193)
14:34: HKLM\software\classes\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (ID = 129107)
14:34: HKLM\software\classes\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (ID = 129085)
14:34: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (ID = 129083)
14:34: HKCR\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (ID = 129062)
14:34: Found Adware: ist istbar
14:34: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (ID = 128896)
14:34: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (ID = 128885)
14:33: HKCR\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104884)
14:33: HKLM\software\classes\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104871)
14:33: HKLM\software\classes\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}\ (ID = 104870)
14:33: HKLM\software\classes\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\ (ID = 104868)
14:33: HKLM\software\classes\appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104865)
14:33: HKCR\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}\ (ID = 104862)
14:33: HKCR\appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104855)
14:33: HKCR\typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}\ (ID = 102349)
14:33: HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ (ID = 102318)
14:33: HKCR\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 102313)
14:33: Found Adware: powerstrip
14:33: HKCR\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 102313)
14:33: Found Adware: 7search
14:33: Starting Registry Sweep
14:33: Memory Sweep Complete, Elapsed Time: 00:15:09
14:20: Detected running threat: C:\WINDOWS\SYSTEM32\ygjed.exe (ID = 268934)
14:20: Detected running threat: C:\WINDOWS\SYSTEM32\ygjed.exe (ID = 268934)
14:18: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\Software\Microsoft\Windows\CurrentVersion\Run || ekdte (ID = 0)
14:18: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\Software\Microsoft\Windows\CurrentVersion\Run || ekdte (ID = 0)
14:18: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\Software\Microsoft\Windows\CurrentVersion\Run || ekdte (ID = 0)
14:18: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || hnwrdo (ID = 0)
14:18: Detected running threat: C:\WINDOWS\SYSTEM32\iwsadq.exe (ID = 268995)
14:18: Detected running threat: C:\WINDOWS\SYSTEM32\oerbtyo.dll (ID = 268933)
14:18: Detected running threat: C:\WINDOWS\SYSTEM32\ygjed.exe (ID = 268934)
14:18: Found Adware: clkoptimizer
14:18: Starting Memory Sweep
14:18: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
14:18: Found Adware: surfsidekick
14:17: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 1193580)
14:17: Found Adware: internetoptimizer
14:17: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\inprocserver32\ (ID = 1353164)
14:17: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353158)
14:17: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353157)
14:17: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\inprocserver32\ (ID = 1353156)
14:17: Found Adware: mirar webband
14:17: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\inprocserver32\ (ID = 1353135)
14:17: Found Adware: bookedspace
14:17: Sweep initiated using definitions version 691
14:17: Spy Sweeper 5.0.5.1286 started
14:17: | Start of Session, 06-08-22 |
********
15:25: | End of Session, 06-08-22 |
15:24: Removal process completed. Elapsed time 00:01:32
15:24: Warning: Failed to del
#28
Posted 23 August 2006 - 07:41 AM
I strongly recommend running it (well, actually I recommend installing that PerfectDisk software that I mentioned, then go to offline and run it and only it with no other programs running at the same time on taskbar -- best way). Also, I'll need to check the logs from the different user accounts after we get this cleared up....
I need to see the rest of the SpySweeper log. Starting from this point your post got cut off:
15:25: | End of Session, 06-08-22 |
15:24: Removal process completed. Elapsed time 00:01:32
15:24: Warning: Failed to del
After I have checked if SpySweeper succeeded to delete what it found (if not, if it's something important, we'll do that manually), I'll want to see an fresh HijackThis log from the account that is having all these problems/we have run all these scans and manual removals.
#29
Posted 23 August 2006 - 10:34 AM
#30
Posted 23 August 2006 - 10:36 AM
Edited by Rawe, 23 August 2006 - 11:01 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users