Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bloodhound.W32.EP [CLOSED]

Started by D.J. Juego , Aug 21 2006 08:13 AM

  • This topic is locked This topic is locked

#16
D.J. Juego
Posted 22 August 2006 - 06:02 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Ummm.... Rawe, I just read the part of the post that said keep it on regular all the time. the whole time it has been on safe. what do you want me to do?
  • 0

Advertisements

#17
Rawe
Posted 22 August 2006 - 06:44 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Umm reboot back in normal mode and don't go in safe unless I ask you to? :whistling:

Or is there some problem with the regular mode?

Go ahead and delete Brute Force Uninstaller & alcanshorty.bfu.

-----

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract Avenger.exe to your desktop.
2. Copy all the text in bold contained in the quotebox below to a blank notepad file:

Drivers to unload:
rdriv
iwm2fb89
nt68rrtc12
winpfg32

Files to delete:
C:\WINDOWS\iconu.exe
C:\WINDOWS\gryht.dll
C:\Program Files\powerscan_install.exe
C:\Program Files\SurfAccuracy
C:\WINDOWS\SYSTEM32\rdriv.sys
C:\WINDOWS\SYSTEM32\iwm2fb89.sys
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\SYSTEM32\wnsapisu.exe
C:\installerwnusnewer.exe
C:\WINDOWS\system32ghynf.exe
C:\WINDOWS\system32n9nyb.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\SYSTEM32\iwm2fb89.dll
C:\WINDOWS\sys011740985370-.exe
C:\WINDOWS\SYSTEM32\w00bd57a.dll
C:\Setup100.exe
C:\ac3_0003.exe
C:\803_104.exe
C:\WINDOWS\v1201.exe
C:\SS1001newer.exe
C:\fym9bvo.exe
C:\WINDOWS\SYSTEM32\ghynf.exe
C:\WINDOWS\SYSTEM32\n9nyb.exe
C:\WINDOWS\SYSTEM32\iqqr.exe
C:\WINDOWS\SYSTEM32\bez6n4r21.exe
C:\WINDOWS\SYSTEM32\xeymi.dll
C:\WINDOWS\SYSTEM32\winpfg32.sys
C:\WINDOWS\b.exe
C:\WINDOWS\SYSTEM32\nt68rrtc12.sys
C:\WINDOWS\SYSTEM32\cvn0.exe
C:\WINDOWS\SYSTEM32\attrib.dll
C:\WINDOWS\xload.exe
C:\WINDOWS\unt12B.pif
C:\WINDOWS\unt12B.bat
C:\WINDOWS\SYSTEM32\zqskw.exe
C:\WINDOWS\SYSTEM32\wfxqhv.exe
C:\WINDOWS\cghlpnp.exe
C:\bt.exe
C:\WINDOWS\win3208370-17409852006.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\SYSTEM32\taskmgr.dll
C:\WINDOWS\SYSTEM32\swinlqez.exe
C:\WINDOWS\SYSTEM32\swinlqag.exe

Folders to delete:
C:\Program Files\Osnmtph
C:\Program Files\PowerScan


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to the notepad file into this window
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • Restarts your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it briefly opens a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste all the contents of avenger.txt into your reply along with a fresh HJT log by using AddReply. :blink:

Edited by Rawe, 22 August 2006 - 06:45 AM.

  • 0

#18
D.J. Juego
Posted 22 August 2006 - 07:24 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vxwuocuc

*******************

Script file located at: \??\C:\Documents and Settings\lqldgbjf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver rdriv unloaded successfully.


Registry key \Registry\Machine\System\CurrentControlSet\Services\iwm2fb89 not found!
Unload of driver iwm2fb89 failed!

Could not process line:
iwm2fb89
Status: 0xc0000034



Registry key \Registry\Machine\System\CurrentControlSet\Services\nt68rrtc12 not found!
Unload of driver nt68rrtc12 failed!

Could not process line:
nt68rrtc12
Status: 0xc0000034



Registry key \Registry\Machine\System\CurrentControlSet\Services\winpfg32 not found!
Unload of driver winpfg32 failed!

Could not process line:
winpfg32
Status: 0xc0000034



File C:\WINDOWS\iconu.exe not found!
Deletion of file C:\WINDOWS\iconu.exe failed!

Could not process line:
C:\WINDOWS\iconu.exe
Status: 0xc0000034

File C:\WINDOWS\gryht.dll deleted successfully.
File C:\Program Files\powerscan_install.exe deleted successfully.


Error: C:\Program Files\SurfAccuracy is a folder, not a file!
Deletion of file C:\Program Files\SurfAccuracy failed!

Could not process line:
C:\Program Files\SurfAccuracy
Status: 0xc00000ba

File C:\WINDOWS\SYSTEM32\rdriv.sys deleted successfully.
File C:\WINDOWS\SYSTEM32\iwm2fb89.sys deleted successfully.
File C:\WINDOWS\RDFX4.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\wnsapisu.exe deleted successfully.


File C:\installerwnusnewer.exe not found!
Deletion of file C:\installerwnusnewer.exe failed!

Could not process line:
C:\installerwnusnewer.exe
Status: 0xc0000034



File C:\WINDOWS\system32ghynf.exe not found!
Deletion of file C:\WINDOWS\system32ghynf.exe failed!

Could not process line:
C:\WINDOWS\system32ghynf.exe
Status: 0xc0000034



File C:\WINDOWS\system32n9nyb.exe not found!
Deletion of file C:\WINDOWS\system32n9nyb.exe failed!

Could not process line:
C:\WINDOWS\system32n9nyb.exe
Status: 0xc0000034



File C:\WINDOWS\system32bez6n4r21.exe not found!
Deletion of file C:\WINDOWS\system32bez6n4r21.exe failed!

Could not process line:
C:\WINDOWS\system32bez6n4r21.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\iwm2fb89.dll deleted successfully.


File C:\WINDOWS\sys011740985370-.exe not found!
Deletion of file C:\WINDOWS\sys011740985370-.exe failed!

Could not process line:
C:\WINDOWS\sys011740985370-.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\w00bd57a.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\w00bd57a.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\w00bd57a.dll
Status: 0xc0000034

File C:\Setup100.exe deleted successfully.


File C:\ac3_0003.exe not found!
Deletion of file C:\ac3_0003.exe failed!

Could not process line:
C:\ac3_0003.exe
Status: 0xc0000034



File C:\803_104.exe not found!
Deletion of file C:\803_104.exe failed!

Could not process line:
C:\803_104.exe
Status: 0xc0000034



File C:\WINDOWS\v1201.exe not found!
Deletion of file C:\WINDOWS\v1201.exe failed!

Could not process line:
C:\WINDOWS\v1201.exe
Status: 0xc0000034



File C:\SS1001newer.exe not found!
Deletion of file C:\SS1001newer.exe failed!

Could not process line:
C:\SS1001newer.exe
Status: 0xc0000034



File C:\fym9bvo.exe not found!
Deletion of file C:\fym9bvo.exe failed!

Could not process line:
C:\fym9bvo.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\ghynf.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\ghynf.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\ghynf.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\n9nyb.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\n9nyb.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\n9nyb.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\iqqr.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\iqqr.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\iqqr.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\bez6n4r21.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\bez6n4r21.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\bez6n4r21.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\xeymi.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\xeymi.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\xeymi.dll
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\winpfg32.sys deleted successfully.


File C:\WINDOWS\b.exe not found!
Deletion of file C:\WINDOWS\b.exe failed!

Could not process line:
C:\WINDOWS\b.exe
Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\nt68rrtc12.sys deleted successfully.


File C:\WINDOWS\SYSTEM32\cvn0.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\cvn0.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\cvn0.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\attrib.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\attrib.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\attrib.dll
Status: 0xc0000034



File C:\WINDOWS\xload.exe not found!
Deletion of file C:\WINDOWS\xload.exe failed!

Could not process line:
C:\WINDOWS\xload.exe
Status: 0xc0000034

File C:\WINDOWS\unt12B.pif deleted successfully.
File C:\WINDOWS\unt12B.bat deleted successfully.


File C:\WINDOWS\SYSTEM32\zqskw.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\zqskw.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\zqskw.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\wfxqhv.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\wfxqhv.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\wfxqhv.exe
Status: 0xc0000034



File C:\WINDOWS\cghlpnp.exe not found!
Deletion of file C:\WINDOWS\cghlpnp.exe failed!

Could not process line:
C:\WINDOWS\cghlpnp.exe
Status: 0xc0000034



File C:\bt.exe not found!
Deletion of file C:\bt.exe failed!

Could not process line:
C:\bt.exe
Status: 0xc0000034



File C:\WINDOWS\win3208370-17409852006.exe not found!
Deletion of file C:\WINDOWS\win3208370-17409852006.exe failed!

Could not process line:
C:\WINDOWS\win3208370-17409852006.exe
Status: 0xc0000034



File C:\WINDOWS\uni_ehhhh.exe not found!
Deletion of file C:\WINDOWS\uni_ehhhh.exe failed!

Could not process line:
C:\WINDOWS\uni_ehhhh.exe
Status: 0xc0000034



File C:\WINDOWS\uninst104.exe not found!
Deletion of file C:\WINDOWS\uninst104.exe failed!

Could not process line:
C:\WINDOWS\uninst104.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\taskmgr.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\taskmgr.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\taskmgr.dll
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\swinlqez.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\swinlqez.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\swinlqez.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\swinlqag.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\swinlqag.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\swinlqag.exe
Status: 0xc0000034

Folder C:\Program Files\Osnmtph deleted successfully.
Folder C:\Program Files\PowerScan deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 08:23, on 06-08-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1111442460\ee\AOLSoftware.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\common files\aol\1111442460\ee\aolsoftware.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mailredirect.netscape.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ygjed.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,jbpinve.exe
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1111442460\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - HKLM\..\Run: [Á²#  K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßÿLC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßñiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸß5æC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%å¯ßwÙC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [iwm2fb89] RUNDLL32.EXE w00bd57a.dll,n 0032fb860000000300bd57a
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [PowerScan] C:\Program Files\PowerScan\PowerScan.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\swinlqex.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZBxdm046YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfi...oad/tgctlcm.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\sdktemp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#19
Rawe
Posted 22 August 2006 - 08:22 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Looking MUCH better :blink:

Go ahead and delete Avenger. This will be a long step.

----

Please print these instructions out, or write them down, as you can't read them during the fix.

Please run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalo...asp?si=20063&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalo...asp?si=20063&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ygjed.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,jbpinve.exe
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - HKLM\..\Run: [Á²# K"h'þ9Óœ÷3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßÿLC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸßñiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%åŸß5æC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [CoV{$vùõˆ/–²%å¯ßwÙC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\acedqmy.exe
O4 - HKLM\..\Run: [iwm2fb89] RUNDLL32.EXE w00bd57a.dll,n 0032fb860000000300bd57a
O4 - HKLM\..\Run: [PowerScan] C:\Program Files\PowerScan\PowerScan.exe
O4 - HKCU\..\Run: [Kiuybg] C:\Program Files\Osnmtph\Atyoqf.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\swinlqex.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZBxdm046YYUS
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nu.../FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-mo.../cabs/alien.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - (no file)
O23 - Service: sdktemp - Unknown owner - C:\WINDOWS\sdktemp.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

-----
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete an NT service"
  • Copy and paste this in: sdktemp
  • Click "ok", then reboot
----

After reboot, go to Control Panel - Add/Remove Programs and uninstall this program from the list:

ViewPoint Manager

Next, please make sure you can see hidden files.

Now, navigate to and delete the following files & folders if present:

C:\WINDOWS\acedqmy.exe
C:\WINDOWS\sdktemp.exe
C:\Program Files\SurfAccuracy
C:\Program Files\Viewpoint

Empty recycle bin.

----

Once done........

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt) and let me know hows the system running NOW. :whistling:
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

  • 0

#20
D.J. Juego
Posted 22 August 2006 - 10:45 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
i did everything up to spy sweeper, when it was scaning my screen went blue and said dumping physical memory. wat should i do?
  • 0

#21
Rawe
Posted 22 August 2006 - 11:12 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
I'm not quite sure. Googled it and got some results.

Here's some suggestions: http://www.anetforum...readIndex=28891

Someone said defraging would do it...

Go to Start Menu->All Programs->Accessories->System Tools->Disk Defragmenter
Click Analyze. It takes time to analyze, so be patient. When it says "you need to defrag this volume" proceed to to the next step.
Click Defragment. It also takes time to defrag, need more patience here.

You could either use Windows' own defragment software or then download PerfectDisk here (free trial) -- its better than Microsoft's one:

http://www.raxco.com.../perfectdisk2k/

Once you have defraged, run SpySweeper again and let me know how it works out. It might be an memory issue also.
  • 0

#22
D.J. Juego
Posted 22 August 2006 - 11:24 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Also, When i tried runnin spy sweeper it said it was damage reinstall it. i did and it still said that.
  • 0

#23
Rawe
Posted 22 August 2006 - 11:27 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Does it say a reason why it's damaged? Missing files? Or does it just say it's damaged?
  • 0

#24
D.J. Juego
Posted 22 August 2006 - 11:32 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
just says damaged reinstall, but then i opened it again and it didnt say it was damaged
  • 0

#25
Rawe
Posted 22 August 2006 - 11:34 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Alright so it doesn't say its damaged..... Try running that defragmenter and then run SpySweeper again, let me know how it works out :whistling:
  • 0

Advertisements

#26
D.J. Juego
Posted 23 August 2006 - 06:29 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
ok here is wat i did. i did spy sweep, but intsead of selecting all the things to scan in i scaned my computer like this; Window regiserty found 42 things, restarted it after it was done, memory objects-found nothing, cookies and system restore fold-found 129 things, didnt have to restart, then compressed files and they found 164 things. so all that was done. but then i shut down my computer last night and went to bed. i just got up and try to log under my name on the computer, but it froze and took a long time to load. i restarted my computer. (oh yeah, this whole thing was done on my brithers name on the computer, do i have to send logs from mine and my moms computer names?) anyways i logged on to my brothers name after the computer rebooted. and i am here right now. internet explorer doesnt find a connection and and says and cant open a search page. but there are no pop ups. also my internet connection is Verizon FiOS and right now it is feeling like dial-up. so, wat should i do? do u want another HiJack This log?

Edited by D.J. Juego, 23 August 2006 - 06:35 AM.

  • 0

#27
D.J. Juego
Posted 23 August 2006 - 06:32 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
and here is the spy sweeper log. i ran the different items to sweep sepretly, besides cookies and system restore. thise i ran together. everything else though was ran sepretly.




Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
07:07: Shield States
07:07: Spyware Definitions: 691
07:06: Spy Sweeper 5.0.5.1286 started
16:54: | End of Session, 06-08-22 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
16:51: Shield States
16:51: Spyware Definitions: 691
16:50: Spy Sweeper 5.0.5.1286 started
16:43: Spy Sweeper 5.0.5.1286 started
15:20: | End of Session, 06-08-22 |
15:19: Detected running threat: clkoptimizer
15:19: Memory Shield: Found: Memory-resident threat clkoptimizer, version 1.0.0.0
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
15:10: Shield States
15:10: Spyware Definitions: 691
15:09: Spy Sweeper 5.0.5.1286 started
14:17: | End of Session, 06-08-22 |
14:17: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
14:13: Shield States
14:13: Spyware Definitions: 691
14:13: Spy Sweeper 5.0.5.1286 started
12:12: Spy Sweeper 5.0.5.1286 started
12:07: Program Version 5.0.5.1286 Using Spyware Definitions 691
12:07: Spy Sweeper 5.0.5.1286 started
12:07: | Start of Session, 06-08-22 |
********
14:59: C:\Program Files\180Solutions\sais_gdf.dat (ID = 70571)
14:57: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP295\A0155861.exe (ID = 185254)
14:57: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0192467.exe (ID = 185254)
14:54: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259126.exe (ID = 269648)
14:53: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259626.dll (ID = 70439)
14:53: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259617.dll (ID = 293973)
14:53: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259619.dll (ID = 293975)
14:52: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259639.dll (ID = 159)
14:52: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257159.dll (ID = 90382)
14:52: Found Adware: winad
14:51: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP343\A0237154.exe (ID = 185254)
14:50: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0237065.exe (ID = 185254)
14:50: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0237121.exe (ID = 185254)
14:50: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP342\A0236067.exe (ID = 185254)
14:49: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0258954.exe (ID = 269648)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259071.exe (ID = 269648)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259203.exe (ID = 269648)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP331\A0221243.exe (ID = 185254)
14:48: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259342.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259447.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP309\A0185208.exe (ID = 185254)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259216.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259166.exe (ID = 269648)
14:47: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP294\A0153594.exe (ID = 185254)
14:47: C:\Documents and Settings\Ben\Desktop\backups\backup-20060822-095758-655.inf (ID = 74044)
14:46: c:\documents and settings\pam\local settings\temporary internet files\content.ie5\qijkl95o\sfexd001[1].htm (ID = 158779)
14:46: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259645.exe (ID = 294)
14:46: Found Adware: zenosearchassistant
14:46: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP290\A0150365.exe (ID = 185254)
14:45: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259656.dll (ID = 208226)
14:44: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0258982.exe (ID = 269648)
14:44: Found Trojan Horse: rbot
14:44: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259610.exe (ID = 296016)
14:44: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0258915.dll (ID = 268933)
14:43: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257293.vbs (ID = 231442)
14:43: Found Adware: command
14:42: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259620.dll (ID = 293976)
14:42: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\bjwxat6f\appwrap[1].exe (ID = 65721)
14:41: c:\documents and settings\bill\local settings\temp\uninstall.exe (ID = 72675)
14:41: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\qj25e76t\tsupdate2[2].ini (ID = 193498)
14:41: c:\documents and settings\pam\start menu\programs\power scan\power scan.lnk (ID = 72676)
14:40: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259612.exe (ID = 296018)
14:40: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\udgfkzox\appwrap[1].exe (ID = 65722)
14:40: Found Adware: look2me
14:40: c:\documents and settings\bill\local settings\temporary internet files\content.ie5\ozkz2luh\stub_113_4_0_4_0[1].exe (ID = 193995)
14:40: Found Adware: targetsaver
14:40: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP351\A0262776.exe (ID = 290920)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259613.exe (ID = 296018)
14:39: c:\documents and settings\bill\local settings\temp\mndcntas.tmp (ID = 246193)
14:39: Found Adware: safesearch
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259611.exe (ID = 296016)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259672.exe (ID = 296017)
14:39: Found Adware: forethought
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257284.exe (ID = 290920)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259606.exe (ID = 64496)
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0257285.exe (ID = 273586)
14:39: Found Adware: zquest
14:39: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259594.exe (ID = 215896)
14:38: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259621.exe (ID = 294100)
14:38: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP350\A0259622.exe (ID = 294169)
14:37: c:\documents and settings\pam\application data\starware (51 subtraces) (ID = 2147487071)
14:37: C:\WINDOWS\zAbstract (7 subtraces) (ID = 2147518024)
14:37: C:\Program Files\SurfAccuracy (12 subtraces) (ID = 2147489030)
14:37: Found Adware: ist surf accuracy
14:37: C:\Program Files\Common Files\WinSoftware (1 subtraces) (ID = 2147490614)
14:37: c:\documents and settings\pam\start menu\programs\power scan (1 subtraces) (ID = 2147486834)
14:37: C:\Program Files\180Solutions (5 subtraces) (ID = 2147486728)
14:36: Starting File Sweep
14:36: Warning: Failed to access drive A:
14:36: Cookie Sweep Complete, Elapsed Time: 00:00:19
14:36: c:\documents and settings\localservice\cookies\system@realmedia[1].txt (ID = 3235)
14:36: c:\documents and settings\localservice\cookies\system@dealtime[1].txt (ID = 2505)
14:36: Found Spy Cookie: dealtime cookie
14:36: c:\documents and settings\pam\cookies\pam@zenotecnico[2].txt (ID = 3858)
14:36: c:\documents and settings\pam\cookies\pam@zedo[1].txt (ID = 3762)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2142)
14:36: c:\documents and settings\pam\cookies\pam@xxxtoolbar[2].txt (ID = 3739)
14:36: Found Spy Cookie: xxxtoolbar cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2689)
14:36: Found Spy Cookie: franklinsurveys cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3474)
14:36: Found Spy Cookie: surveys cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3466)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3374)
14:36: Found Spy Cookie: sidefind cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3368)
14:36: Found Spy Cookie: shop@home cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3312)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3298)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2991)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3707)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2020)
14:36: c:\documents and settings\pam\cookies\pam@tribalfusion[2].txt (ID = 3589)
14:36: c:\documents and settings\pam\cookies\pam@trafficmp[1].txt (ID = 3581)
14:36: c:\documents and settings\pam\cookies\pam@tradedoubler[2].txt (ID = 3575)
14:36: Found Spy Cookie: tradedoubler cookie
14:36: c:\documents and settings\pam\cookies\pam@tracking[1].txt (ID = 3571)
14:36: Found Spy Cookie: tracking cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3358)
14:36: Found Spy Cookie: sexsearch cookie
14:36: c:\documents and settings\pam\cookies\pam@tacoda[1].txt (ID = 6444)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3667)
14:36: Found Spy Cookie: webtrendslive cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3254)
14:36: Found Spy Cookie: reliablestats cookie
14:36: c:\documents and settings\pam\cookies\pam@stats-tracking[1].txt (ID = 3453)
14:36: Found Spy Cookie: statstracking cookie
14:36: c:\documents and settings\pam\cookies\pam@statcounter[1].txt (ID = 3447)
14:36: c:\documents and settings\pam\cookies\pam@specificclick[1].txt (ID = 3399)
14:36: Found Spy Cookie: specificclick.com cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2528)
14:36: c:\documents and settings\pam\cookies\pam@sextracker[1].txt (ID = 3361)
14:36: c:\documents and settings\pam\cookies\pam@serving-sys[2].txt (ID = 3343)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3341)
14:36: c:\documents and settings\pam\cookies\pam@searchadnetwork[2].txt (ID = 3311)
14:36: Found Spy Cookie: searchadnetwork cookie
14:36: c:\documents and settings\pam\cookies\pam@rn11[2].txt (ID = 3261)
14:36: c:\documents and settings\pam\cookies\pam@rightmedia[1].txt (ID = 3259)
14:36: Found Spy Cookie: rightmedia cookie
14:36: c:\documents and settings\pam\cookies\pam@revenue[1].txt (ID = 3257)
14:36: c:\documents and settings\pam\cookies\pam@reunion[1].txt (ID = 3255)
14:36: Found Spy Cookie: reunion cookie
14:36: c:\documents and settings\pam\cookies\pam@realmedia[2].txt (ID = 3235)
14:36: c:\documents and settings\pam\cookies\pam@questionmarket[1].txt (ID = 3217)
14:36: c:\documents and settings\pam\cookies\pam@qsrch[1].txt (ID = 3215)
14:36: Found Spy Cookie: qsrch cookie
14:36: c:\documents and settings\pam\cookies\pam@qksrv[1].txt (ID = 3213)
14:36: Found Spy Cookie: qksrv cookie
14:36: c:\documents and settings\pam\cookies\pam@pro-market[2].txt (ID = 3197)
14:36: Found Spy Cookie: pro-market cookie
14:36: c:\documents and settings\pam\cookies\pam@pricegrabber[1].txt (ID = 3185)
14:36: Found Spy Cookie: pricegrabber cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3106)
14:36: c:\documents and settings\pam\cookies\pam@partypoker[1].txt (ID = 3111)
14:36: c:\documents and settings\pam\cookies\pam@overture[2].txt (ID = 3105)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2528)
14:36: Found Spy Cookie: directtrack cookie
14:36: c:\documents and settings\pam\cookies\pam@nextag[1].txt (ID = 5014)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2235)
14:36: c:\documents and settings\pam\cookies\pam@mywebsearch[2].txt (ID = 3051)
14:36: c:\documents and settings\pam\cookies\pam@metareward[1].txt (ID = 2990)
14:36: Found Spy Cookie: metareward.com cookie
14:36: c:\documents and settings\pam\cookies\pam@mediaplex[1].txt (ID = 6442)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3072)
14:36: Found Spy Cookie: netster cookie
14:36: c:\documents and settings\pam\cookies\pam@kmpads[2].txt (ID = 2909)
14:36: Found Spy Cookie: kmpads cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3288)
14:36: Found Spy Cookie: sb01 cookie
14:36: c:\documents and settings\pam\cookies\pam@ic-live[1].txt (ID = 2821)
14:36: Found Spy Cookie: ic-live cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3298)
14:36: c:\documents and settings\pam\cookies\pam@go2net[1].txt (ID = 2730)
14:36: Found Spy Cookie: go2net.com cookie
14:36: c:\documents and settings\pam\cookies\pam@fastclick[1].txt (ID = 2651)
14:36: c:\documents and settings\pam\cookies\pam@exitexchange[1].txt (ID = 2633)
14:36: c:\documents and settings\pam\cookies\pam@euniverseads[1].txt (ID = 2629)
14:36: Found Spy Cookie: euniverseads cookie
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3269)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2293)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2472)
14:36: Found Spy Cookie: coremetrics cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3362)
14:36: Found Spy Cookie: sextracker cookie
14:36: c:\documents and settings\pam\cookies\pam@coolsavings[2].txt (ID = 2465)
14:36: Found Spy Cookie: coolsavings cookie
14:36: c:\documents and settings\pam\cookies\pam@clickbank[1].txt (ID = 2398)
14:36: Found Spy Cookie: clickbank cookie
14:36: c:\documents and settings\pam\cookies\pam@clickagents[1].txt (ID = 2394)
14:36: Found Spy Cookie: clickagents cookie
14:36: c:\documents and settings\pam\cookies\pam@centrport[2].txt (ID = 2374)
14:36: Found Spy Cookie: centrport net cookie
14:36: c:\documents and settings\pam\cookies\pam@cassava[1].txt (ID = 2362)
14:36: c:\documents and settings\pam\cookies\pam@casalemedia[1].txt (ID = 2354)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3763)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2614)
14:36: Found Spy Cookie: enhance cookie
14:36: c:\documents and settings\pam\cookies\pam@bluestreak[1].txt (ID = 2314)
14:36: c:\documents and settings\pam\cookies\pam@bizrate[2].txt (ID = 2308)
14:36: Found Spy Cookie: bizrate cookie
14:36: c:\documents and settings\pam\cookies\pam@belnk[2].txt (ID = 2292)
14:36: c:\documents and settings\pam\cookies\pam@banner[1].txt (ID = 2276)
14:36: c:\documents and settings\pam\cookies\pam@azjmp[2].txt (ID = 2270)
14:36: Found Spy Cookie: azjmp cookie
14:36: c:\documents and settings\pam\cookies\pam@atwola[2].txt (ID = 2255)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2293)
14:36: c:\documents and settings\pam\cookies\pam@atdmt[1].txt (ID = 2253)
14:36: c:\documents and settings\pam\cookies\pam@ask[1].txt (ID = 2245)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 2650)
14:36: c:\documents and settings\pam\cookies\pam@aptimus[2].txt (ID = 2233)
14:36: Found Spy Cookie: aptimus cookie
14:36: c:\documents and settings\pam\cookies\pam@apmebf[1].txt (ID = 2229)
14:36: c:\documents and settings\pam\cookies\pam@advertising[1].txt (ID = 2175)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3148)
14:36: Found Spy Cookie: pointroll cookie
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2108)
14:36: Found Spy Cookie: ads.adsag cookie
14:36: c:\documents and settings\pam\cookies\pam@adrevolver[3].txt (ID = 2088)
14:36: c:\documents and settings\pam\cookies\pam@adrevolver[1].txt (ID = 2088)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 4207)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 2768)
14:36: c:\documents and settings\pam\cookies\pam@adknowledge[2].txt (ID = 2072)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3751)
14:36: c:\documents and settings\pam\cookies\pam@ad-logics[1].txt (ID = 2049)
14:36: Found Spy Cookie: ad-logics cookie
14:36: c:\documents and settings\pam\cookies\pam@about[1].txt (ID = 2037)
14:36: c:\documents and settings\pam\cookies\[email protected][1].txt (ID = 3665)
14:36: c:\documents and settings\pam\cookies\pam@888[2].txt (ID = 2019)
14:36: c:\documents and settings\pam\cookies\pam@888[1].txt (ID = 2019)
14:36: c:\documents and settings\pam\cookies\pam@80503492[2].txt (ID = 2013)
14:36: c:\documents and settings\pam\cookies\pam@2o7[1].txt (ID = 1957)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 1958)
14:36: c:\documents and settings\pam\cookies\[email protected][2].txt (ID = 3190)
14:36: Found Spy Cookie: primaryads cookie
14:36: c:\documents and settings\bill\cookies\bill@zedo[2].txt (ID = 3762)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2142)
14:36: Found Spy Cookie: adserver cookie
14:36: c:\documents and settings\bill\cookies\bill@yieldmanager[2].txt (ID = 3749)
14:36: c:\documents and settings\bill\cookies\bill@xiti[1].txt (ID = 3717)
14:36: Found Spy Cookie: xiti cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 3466)
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 3462)
14:36: Found Spy Cookie: stlyrics cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2735)
14:36: c:\documents and settings\bill\cookies\bill@tribalfusion[2].txt (ID = 3589)
14:36: Found Spy Cookie: tribalfusion cookie
14:36: c:\documents and settings\bill\cookies\bill@trafficmp[1].txt (ID = 3581)
14:36: Found Spy Cookie: trafficmp cookie
14:36: c:\documents and settings\bill\cookies\bill@statcounter[2].txt (ID = 3447)
14:36: c:\documents and settings\bill\cookies\bill@serving-sys[2].txt (ID = 3343)
14:36: Found Spy Cookie: serving-sys cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3341)
14:36: Found Spy Cookie: server.iad.liveperson cookie
14:36: c:\documents and settings\bill\cookies\bill@revenue[1].txt (ID = 3257)
14:36: Found Spy Cookie: revenue.net cookie
14:36: c:\documents and settings\bill\cookies\bill@realmedia[2].txt (ID = 3235)
14:36: c:\documents and settings\bill\cookies\bill@questionmarket[1].txt (ID = 3217)
14:36: Found Spy Cookie: questionmarket cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3106)
14:36: c:\documents and settings\bill\cookies\bill@partypoker[2].txt (ID = 3111)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 1958)
14:36: c:\documents and settings\bill\cookies\bill@overture[1].txt (ID = 3105)
14:36: c:\documents and settings\bill\cookies\bill@nextag[1].txt (ID = 5014)
14:36: c:\documents and settings\bill\cookies\bill@mediaplex[1].txt (ID = 6442)
14:36: Found Spy Cookie: mediaplex cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2652)
14:36: c:\documents and settings\bill\cookies\bill@maxserving[2].txt (ID = 2966)
14:36: Found Spy Cookie: maxserving cookie
14:36: c:\documents and settings\bill\cookies\bill@linksynergy[1].txt (ID = 2926)
14:36: Found Spy Cookie: linksynergy cookie
14:36: c:\documents and settings\bill\cookies\bill@goldenpalace[1].txt (ID = 2734)
14:36: c:\documents and settings\bill\cookies\bill@fastclick[2].txt (ID = 2651)
14:36: c:\documents and settings\bill\cookies\bill@exitexchange[1].txt (ID = 2633)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3269)
14:36: Found Spy Cookie: ru4 cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 2293)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3106)
14:36: Found Spy Cookie: overture cookie
14:36: c:\documents and settings\bill\cookies\bill@ccbill[1].txt (ID = 2369)
14:36: Found Spy Cookie: ccbill cookie
14:36: c:\documents and settings\bill\cookies\bill@cassava[1].txt (ID = 2362)
14:36: c:\documents and settings\bill\cookies\bill@casalemedia[1].txt (ID = 2354)
14:36: Found Spy Cookie: casalemedia cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 3763)
14:36: c:\documents and settings\bill\cookies\bill@bravenet[1].txt (ID = 2322)
14:36: Found Spy Cookie: bravenet cookie
14:36: c:\documents and settings\bill\cookies\bill@bluestreak[2].txt (ID = 2314)
14:36: Found Spy Cookie: bluestreak cookie
14:36: c:\documents and settings\bill\cookies\bill@belnk[1].txt (ID = 2292)
14:36: Found Spy Cookie: belnk cookie
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 2735)
14:36: Found Spy Cookie: goldenpalace cookie
14:36: c:\documents and settings\bill\cookies\bill@atwola[1].txt (ID = 2255)
14:36: c:\documents and settings\bill\cookies\bill@atdmt[2].txt (ID = 2253)
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2650)
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 2650)
14:36: Found Spy Cookie: falkag cookie
14:36: c:\documents and settings\bill\cookies\bill@alt[2].txt (ID = 2217)
14:36: Found Spy Cookie: alt cookie
14:36: c:\documents and settings\bill\cookies\bill@advertising[2].txt (ID = 2175)
14:36: c:\documents and settings\bill\cookies\bill@adultfriendfinder[2].txt (ID = 2165)
14:36: Found Spy Cookie: adultfriendfinder cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2062)
14:36: Found Spy Cookie: addynamix cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 5015)
14:36: c:\documents and settings\bill\cookies\[email protected][2].txt (ID = 4207)
14:36: Found Spy Cookie: hotbar cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 2768)
14:36: c:\documents and settings\bill\cookies\bill@adknowledge[2].txt (ID = 2072)
14:36: c:\documents and settings\bill\cookies\bill@adecn[2].txt (ID = 2063)
14:36: Found Spy Cookie: adecn cookie
14:36: c:\documents and settings\bill\cookies\[email protected][1].txt (ID = 3751)
14:36: c:\documents and settings\bill\cookies\bill@888[1].txt (ID = 2019)
14:36: c:\documents and settings\bill\cookies\bill@80503492[1].txt (ID = 2013)
14:36: c:\documents and settings\bill\cookies\bill@2o7[2].txt (ID = 1957)
14:36: c:\documents and settings\ben\cookies\ben@zenotecnico[1].txt (ID = 3858)
14:36: Found Spy Cookie: zenotecnico cookie
14:36: c:\documents and settings\ben\cookies\ben@zedo[2].txt (ID = 3762)
14:36: Found Spy Cookie: zedo cookie
14:36: c:\documents and settings\ben\cookies\ben@yieldmanager[2].txt (ID = 3749)
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3332)
14:36: Found Spy Cookie: seeq cookie
14:36: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 3466)
14:36: Found Spy Cookie: stopzilla cookie
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3707)
14:36: Found Spy Cookie: www.maxifiles cookie
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2020)
14:36: c:\documents and settings\ben\cookies\ben@videodome[2].txt (ID = 3638)
14:36: Found Spy Cookie: videodome cookie
14:36: c:\documents and settings\ben\cookies\ben@tripod[1].txt (ID = 3591)
14:36: Found Spy Cookie: tripod cookie
14:36: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 2038)
14:36: c:\documents and settings\ben\cookies\ben@tacoda[1].txt (ID = 6444)
14:36: Found Spy Cookie: tacoda cookie
14:36: c:\documents and settings\ben\cookies\ben@statcounter[1].txt (ID = 3447)
14:36: Found Spy Cookie: statcounter cookie
14:36: c:\documents and settings\ben\cookies\ben@rn11[2].txt (ID = 3261)
14:36: Found Spy Cookie: rn11 cookie
14:36: c:\documents and settings\ben\cookies\ben@realmedia[1].txt (ID = 3235)
14:36: Found Spy Cookie: realmedia cookie
14:36: c:\documents and settings\ben\cookies\ben@partypoker[2].txt (ID = 3111)
14:36: Found Spy Cookie: partypoker cookie
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 1958)
14:36: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2038)
14:36: c:\documents and settings\ben\cookies\ben@nextag[1].txt (ID = 5014)
14:36: Found Spy Cookie: nextag cookie
14:36: c:\documents and settings\ben\cookies\ben@mywebsearch[1].txt (ID = 3051)
14:36: Found Spy Cookie: mywebsearch cookie
14:36: c:\documents and settings\ben\cookies\ben@monstermarketplace[1].txt (ID = 3006)
14:36: Found Spy Cookie: monstermarketplace cookie
14:36: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 2397)
14:36: Found Spy Cookie: clickandtrack cookie
14:36: c:\documents and settings\ben\cookies\ben@gamespy[1].txt (ID = 2719)
14:36: Found Spy Cookie: gamespy cookie
14:35: c:\documents and settings\ben\cookies\ben@fastclick[2].txt (ID = 2651)
14:35: Found Spy Cookie: fastclick cookie
14:35: c:\documents and settings\ben\cookies\ben@exitexchange[2].txt (ID = 2633)
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2634)
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 2634)
14:35: Found Spy Cookie: exitexchange cookie
14:35: c:\documents and settings\ben\cookies\ben@cassava[1].txt (ID = 2362)
14:35: Found Spy Cookie: cassava cookie
14:35: c:\documents and settings\ben\cookies\ben@banner[1].txt (ID = 2276)
14:35: Found Spy Cookie: banner cookie
14:35: c:\documents and settings\ben\cookies\ben@atwola[2].txt (ID = 2255)
14:35: c:\documents and settings\ben\cookies\ben@atdmt[2].txt (ID = 2253)
14:35: Found Spy Cookie: atlas dmt cookie
14:35: c:\documents and settings\ben\cookies\ben@ask[2].txt (ID = 2245)
14:35: Found Spy Cookie: ask cookie
14:35: c:\documents and settings\ben\cookies\ben@apmebf[1].txt (ID = 2229)
14:35: Found Spy Cookie: apmebf cookie
14:35: c:\documents and settings\ben\cookies\ben@advertising[2].txt (ID = 2175)
14:35: Found Spy Cookie: advertising cookie
14:35: c:\documents and settings\ben\cookies\ben@adrevolver[2].txt (ID = 2088)
14:35: c:\documents and settings\ben\cookies\ben@adrevolver[1].txt (ID = 2088)
14:35: Found Spy Cookie: adrevolver cookie
14:35: c:\documents and settings\ben\cookies\[email protected][2].txt (ID = 2768)
14:35: Found Spy Cookie: hbmediapro cookie
14:35: c:\documents and settings\ben\cookies\ben@adknowledge[1].txt (ID = 2072)
14:35: Found Spy Cookie: adknowledge cookie
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3751)
14:35: Found Spy Cookie: yieldmanager cookie
14:35: c:\documents and settings\ben\cookies\ben@about[2].txt (ID = 2037)
14:35: Found Spy Cookie: about cookie
14:35: c:\documents and settings\ben\cookies\[email protected][1].txt (ID = 3665)
14:35: Found Spy Cookie: websponsors cookie
14:35: c:\documents and settings\ben\cookies\ben@888[2].txt (ID = 2019)
14:35: c:\documents and settings\ben\cookies\ben@888[1].txt (ID = 2019)
14:35: Found Spy Cookie: 888 cookie
14:35: c:\documents and settings\ben\cookies\ben@80503492[1].txt (ID = 2013)
14:35: Found Spy Cookie: 80503492 cookie
14:35: c:\documents and settings\ben\cookies\ben@2o7[1].txt (ID = 1957)
14:35: Found Spy Cookie: 2o7.net cookie
14:35: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3298)
14:35: c:\documents and settings\guest\cookies\guest@infospace[2].txt (ID = 2865)
14:35: Found Spy Cookie: infospace cookie
14:35: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
14:35: Found Spy Cookie: screensavers.com cookie
14:35: c:\documents and settings\guest\cookies\guest@atwola[2].txt (ID = 2255)
14:35: Found Spy Cookie: atwola cookie
14:35: Starting Cookie Sweep
14:35: Registry Sweep Complete, Elapsed Time:00:02:16
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 1021025)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\S-1-5-18\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\system\sysuid\ (ID = 731748)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\ole\ || p2pnetwork (ID = 359374)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\zanu\ (ID = 147923)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\surfsidekick3\ (ID = 143412)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\starware\ (ID = 142866)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\powerscan\ (ID = 136823)
14:35: Found Adware: ist powerscan
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\salm\ (ID = 135792)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\sais\ (ID = 135790)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\180ax\ (ID = 135615)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\ist\ (ID = 129108)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\avenue media\ (ID = 128887)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 1021025)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\director\ || baseurl (ID = 980277)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\system\sysuid\ (ID = 731748)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\ole\ || p2pnetwork (ID = 359374)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\surfsidekick3\ (ID = 143412)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\180ax\ (ID = 135615)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\xbtb07618\ (ID = 134858)
14:35: Found Adware: maxifiles
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\ist\ (ID = 129108)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\hotbar\ (ID = 127565)
14:35: Found Adware: hotbar
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || start page (ID = 125239)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || search page (ID = 125238)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\system\sysuid\ (ID = 731748)
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
14:35: Found Adware: findthewebsiteyouneed hijack
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\zanu\ (ID = 147923)
14:35: Found Adware: 180search assistant/zango
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
14:35: Found Adware: starware toolbar
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
14:35: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141777)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 818746)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\microsoft\ole\ || p2pnetwork (ID = 359374)
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\system\currentcontrolset\control\lsa\ || p2pnetwork (ID = 359373)
14:35: Found Trojan Horse: p2pnetwork
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\ist\ (ID = 129108)
14:35: Found Adware: ist software
14:35: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\avenue media\ (ID = 128887)
14:35: HKLM\software\classes\typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}\ (ID = 1347971)
14:35: HKLM\software\classes\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347961)
14:35: HKLM\software\classes\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347946)
14:35: HKLM\software\classes\cfg32s.search.1\ (ID = 1347940)
14:35: HKLM\software\classes\cfg32s.search\ (ID = 1347934)
14:35: HKLM\software\classes\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347932)
14:35: HKLM\software\classes\appid\cfg32s.dll\ (ID = 1347930)
14:35: HKCR\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347910)
14:35: HKCR\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347895)
14:35: HKCR\cfg32s.search.1\ (ID = 1347889)
14:35: HKCR\cfg32s.search\ (ID = 1347883)
14:35: HKCR\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347881)
14:35: HKCR\appid\cfg32s.dll\ (ID = 1347879)
14:35: HKLM\software\classes\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347529)
14:35: HKLM\software\classes\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347516)
14:35: HKLM\software\classes\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347514)
14:35: HKLM\software\classes\appid\scaggy.dll\ (ID = 1347512)
14:35: HKLM\software\classes\scaggy.insert.1\ (ID = 1347508)
14:35: HKLM\software\classes\scaggy.insert\ (ID = 1347502)
14:35: HKLM\software\zabstract\ (ID = 1347479)
14:35: HKCR\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347459)
14:35: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347446)
14:35: HKCR\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347444)
14:35: HKCR\appid\scaggy.dll\ (ID = 1347442)
14:35: HKCR\scaggy.insert.1\ (ID = 1347438)
14:35: HKCR\scaggy.insert\ (ID = 1347432)
14:34: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (ID = 1066860)
14:34: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
14:34: HKLM\software\classes\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (ID = 1055323)
14:34: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055293)
14:34: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055291)
14:34: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1\ (ID = 1055285)
14:34: HKCR\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (ID = 1055268)
14:34: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (ID = 1055250)
14:34: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (ID = 1055248)
14:34: HKCR\mirar_dummy_ats.mirar_dummy_ats1\ (ID = 1055242)
14:34: HKLM\software\classes\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (ID = 970986)
14:34: HKLM\software\classes\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (ID = 970909)
14:34: HKLM\software\classes\uwfxpcheck.uwfxpcheck\ (ID = 970714)
14:34: HKLM\software\classes\uwfxpcheck.uwfxpcheck.1\ (ID = 970710)
14:34: HKCR\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (ID = 970551)
14:34: HKCR\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (ID = 970474)
14:34: HKCR\uwfxpcheck.uwfxpcheck\ (ID = 970286)
14:34: HKCR\uwfxpcheck.uwfxpcheck.1\ (ID = 970282)
14:34: Found Adware: winantispyware 2005
14:34: HKLM\software\system\sysold\ (ID = 926808)
14:34: Found Adware: enbrowser
14:34: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\ (ID = 746549)
14:34: HKCR\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (ID = 713029)
14:34: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (ID = 141785)
14:34: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (ID = 141784)
14:34: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (ID = 141776)
14:34: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (ID = 141775)
14:34: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (ID = 141773)
14:34: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (ID = 141772)
14:34: HKLM\software\classes\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141771)
14:34: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141770)
14:34: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (ID = 141766)
14:34: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (ID = 141765)
14:34: HKCR\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141764)
14:34: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (ID = 141763)
14:34: Found Adware: ist sidefind
14:34: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140575)
14:34: HKLM\software\screensavers.com\ (ID = 140569)
14:34: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140565)
14:34: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (ID = 140559)
14:34: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (ID = 140558)
14:34: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (ID = 140557)
14:34: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140556)
14:34: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140555)
14:34: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (ID = 140554)
14:34: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (ID = 140553)
14:34: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (ID = 140552)
14:34: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140551)
14:34: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140550)
14:34: Found Adware: screensavers
14:34: HKCR\typelib\{78a163d2-2358-464d-807b-0e2a078c7727}\ (ID = 140221)
14:34: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mm21.ocx (ID = 140201)
14:34: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm21.ocx\ (ID = 140172)
14:34: HKLM\software\classes\interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}\ (ID = 140113)
14:34: HKLM\software\classes\interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}\ (ID = 140104)
14:34: HKCR\interface\{e832ffde-8ed2-47b7-be50-729a238040a0}\ (ID = 140065)
14:34: HKCR\interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}\ (ID = 140061)
14:34: HKCR\interface\{674a6bd5-317a-49cf-9647-1e085e660ce0}\ (ID = 140054)
14:34: HKCR\interface\{64a5bd22-8d8a-4193-9cf8-7db5212abb17}\ (ID = 140051)
14:34: HKCR\interface\{9f61cfdf-5c79-4d35-b4da-766b28367223}\ (ID = 140046)
14:34: HKCR\interface\{3e4bcf50-865b-4ef4-a0bc-bf57229ea525}\ (ID = 140042)
14:34: Found Adware: elitemediagroup-mediamotor
14:34: HKLM\software\classes\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 136863)
14:34: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (ID = 135216)
14:34: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (ID = 135185)
14:34: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (ID = 135171)
14:34: Found Adware: moneytree
14:34: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135122)
14:34: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135121)
14:34: HKLM\software\microsoft\windows\currentversion\uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135119)
14:34: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135093)
14:34: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135092)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (ID = 135091)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (ID = 135090)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (ID = 135089)
14:34: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (ID = 135088)
14:34: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135085)
14:34: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135084)
14:34: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135083)
14:34: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135082)
14:34: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135079)
14:34: HKLM\software\classes\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135078)
14:34: HKLM\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135077)
14:34: HKCR\nn_bar_dummy.nn_bardummy\ (ID = 135076)
14:34: HKCR\nn_bar_dummy.nn_bardummy.1\ (ID = 135075)
14:34: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135072)
14:34: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135071)
14:34: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135070)
14:34: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135069)
14:34: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135066)
14:34: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135065)
14:34: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135064)
14:34: HKCR\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (ID = 129193)
14:34: HKLM\software\classes\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}\ (ID = 129107)
14:34: HKLM\software\classes\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (ID = 129085)
14:34: HKLM\software\classes\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}\ (ID = 129083)
14:34: HKCR\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}\ (ID = 129062)
14:34: Found Adware: ist istbar
14:34: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (ID = 128896)
14:34: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (ID = 128885)
14:33: HKCR\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104884)
14:33: HKLM\software\classes\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104871)
14:33: HKLM\software\classes\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}\ (ID = 104870)
14:33: HKLM\software\classes\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\ (ID = 104868)
14:33: HKLM\software\classes\appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104865)
14:33: HKCR\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}\ (ID = 104862)
14:33: HKCR\appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104855)
14:33: HKCR\typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}\ (ID = 102349)
14:33: HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ (ID = 102318)
14:33: HKCR\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 102313)
14:33: Found Adware: powerstrip
14:33: HKCR\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 102313)
14:33: Found Adware: 7search
14:33: Starting Registry Sweep
14:33: Memory Sweep Complete, Elapsed Time: 00:15:09
14:20: Detected running threat: C:\WINDOWS\SYSTEM32\ygjed.exe (ID = 268934)
14:20: Detected running threat: C:\WINDOWS\SYSTEM32\ygjed.exe (ID = 268934)
14:18: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\Software\Microsoft\Windows\CurrentVersion\Run || ekdte (ID = 0)
14:18: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1008\Software\Microsoft\Windows\CurrentVersion\Run || ekdte (ID = 0)
14:18: HKU\S-1-5-21-2903779921-2727959649-1724784859-1009\Software\Microsoft\Windows\CurrentVersion\Run || ekdte (ID = 0)
14:18: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || hnwrdo (ID = 0)
14:18: Detected running threat: C:\WINDOWS\SYSTEM32\iwsadq.exe (ID = 268995)
14:18: Detected running threat: C:\WINDOWS\SYSTEM32\oerbtyo.dll (ID = 268933)
14:18: Detected running threat: C:\WINDOWS\SYSTEM32\ygjed.exe (ID = 268934)
14:18: Found Adware: clkoptimizer
14:18: Starting Memory Sweep
14:18: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
14:18: Found Adware: surfsidekick
14:17: HKU\WRSS_Profile_S-1-5-21-2903779921-2727959649-1724784859-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 1193580)
14:17: Found Adware: internetoptimizer
14:17: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\inprocserver32\ (ID = 1353164)
14:17: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353158)
14:17: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353157)
14:17: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\inprocserver32\ (ID = 1353156)
14:17: Found Adware: mirar webband
14:17: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\inprocserver32\ (ID = 1353135)
14:17: Found Adware: bookedspace
14:17: Sweep initiated using definitions version 691
14:17: Spy Sweeper 5.0.5.1286 started
14:17: | Start of Session, 06-08-22 |
********
15:25: | End of Session, 06-08-22 |
15:24: Removal process completed. Elapsed time 00:01:32
15:24: Warning: Failed to del
  • 0

#28
Rawe
Posted 23 August 2006 - 07:41 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Out of interest.... Did you decide to run that defragmenter at-all? It would certainly fasten up your computer if your local drive needs it. :whistling:

I strongly recommend running it (well, actually I recommend installing that PerfectDisk software that I mentioned, then go to offline and run it and only it with no other programs running at the same time on taskbar -- best way). Also, I'll need to check the logs from the different user accounts after we get this cleared up....

I need to see the rest of the SpySweeper log. Starting from this point your post got cut off:

15:25: | End of Session, 06-08-22 |
15:24: Removal process completed. Elapsed time 00:01:32
15:24: Warning: Failed to del

After I have checked if SpySweeper succeeded to delete what it found (if not, if it's something important, we'll do that manually), I'll want to see an fresh HijackThis log from the account that is having all these problems/we have run all these scans and manual removals. :blink:
  • 0

#29
D.J. Juego
Posted 23 August 2006 - 10:34 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I did use the microsoft difrag thing yesterday. but i will download and try the other one. and for the report thing all i did was select all, copy and paste but ill try that again.
  • 0

#30
D.J. Juego
Posted 23 August 2006 - 10:36 AM

D.J. Juego

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
To avoid confusion duplicate log removed

Edited by Rawe, 23 August 2006 - 11:01 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP