Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems with unwanted Toolbar/WareOut [CLOSED]


  • This topic is locked This topic is locked

#1
zebtheprofessor

zebtheprofessor

    New Member

  • Member
  • Pip
  • 9 posts
I uninstalled WareOut but I still have an unwanted toolbar that has a "remove toolbar" funciton but only sends me to websites selling spyware stoppers. Other buttons include Gambling, Internet, Pharmacy, Finance, Insurance, and Adult.

Below is my HijackThis log, help would be appreciated.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 5:25:13 PM, on 7/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Zeb\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.palomar.edu/kksm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\woljy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Configuration Loader] soundconf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NopeZ] ABCXYZ.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunServices: [Configuration Loader] soundconf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam....iveCamEvent.dll
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ED31376-5FBD-4129-BC41-5BE2DD4BC1CC}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{92D385A6-EE13-4FD9-922B-4E9D52AD37D3}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{2ED31376-5FBD-4129-BC41-5BE2DD4BC1CC}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CS3\Services\Tcpip\..\{2ED31376-5FBD-4129-BC41-5BE2DD4BC1CC}: NameServer = 69.50.188.180,85.255.112.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

Edited by zebtheprofessor, 10 July 2005 - 07:54 PM.

  • 0

Advertisements


#2
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!

If you still need help with your system, please post a new HiJackThis log into this topic. :tazz:
  • 0

#3
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
i got the toolbar off, but now i'm having problems with being taken to a pharmacy page and every once in a while a warning window pops up asking if i want to scan my system (pressing yes would take me to a stopzilla site, i havent clicked on it but i know it)

here is the new HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 12:06:56 PM, on 7/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Zeb\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.palomar.edu/kksm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Configuration Loader] soundconf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NopeZ] ABCXYZ.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunServices: [Configuration Loader] soundconf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam....iveCamEvent.dll
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
  • 0

#4
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
please download RKFiles from here:
http://skads.org/special/rkfiles.zip
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
Restart your computer and continually tap F8 until a menu appears. use your up arrow key to highlight Safe Mode then hit enter.

Once in Safe Mode, please run RKFiles.bat It may take a while. When it is finished a window should appear with a log.

Restart your computer in normal mode, and please post the contents of the logfile, which should be at c:\log.txt
  • 0

#5
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
C:\Documents and Settings\Zeb\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\msexnpfi.exe: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\RMAgentOutput.dll: UPX!
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye
  • 0

#6
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
* Please download the Killbox by Option^Explicit.

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\RMAgentOutput.dll
C:\WINDOWS\system32\msexnpfi.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, please run RKFiles again to make sure those files are gone.
  • 0

#7
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
C:\Documents and Settings\Zeb\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye


looks like they are, thanks! :tazz:
  • 0

#8
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok great!

We've still got some work to do as I see you have an IRC worm.

Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis. Place a check next to the following items and click FIX CHECKED:

O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

O4 - HKLM\..\Run: [Configuration Loader] soundconf.exe
O4 - HKLM\..\Run: [NopeZ] ABCXYZ.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunServices: [Configuration Loader] soundconf.exe

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www.wildtange...javx86_3805.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v5.cab


Close HiJackThis.

Delete the following in bold:

C:\WINDOWS\System32\P2P Networking <-Whole Folder
Go to Start > Search and look for this file: ABCXYZ.exe delete if found.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\WINDOWS\System32\soundconf.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. If your computer does not restart automatically, please restart it manually.

After your computer reboots, please run this online virus scan:
ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log.
  • 0

#9
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Tried to run the ActiveScan but it would freeze up the computer halfway through and then crash it. Tried for the past two days and it always seems to stop and crash.

Here is the new HiJackThis log

Logfile of HijackThis v1.99.1
Scan saved at 6:16:37 PM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Zeb\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.palomar.edu/kksm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam....iveCamEvent.dll
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/c...tallerProj1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectk...flowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
  • 0

#10
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Let's try cleaning out your temporary Internet files and try running ActiveScan one more time. If it freezes again, just let me know and we'll try another online scan. If it works please save the log and post it here for me :tazz:

Download and install CleanUp!

Set it up as follows:
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program

Then try ActiveScan again - uncheck "e-mail" when you're given the option by ActiveScan, that might help as well.
  • 0

Advertisements


#11
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Did the CleanUp! and tried to do the scan again, it froze and crashed the computer three times.
  • 0

#12
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Let's try this one - it's not an online scan, but it's a good program:

Please download ewido security suite
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")

Please post the entire contents of the text file into your next reply.
  • 0

#13
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
page does not work, it says "Cannot find server" and "The page cannot be displayed"
  • 0

#14
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ugh, the Ewido server is down (again). Let's try this one:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click "Yes".
  • Once the definitions are installed, click "Sweep Now" on the left side.
  • Click the "Start" button.
  • When it's done scanning, click the "Next" button.
  • Make sure everything has a check next to it, then click the "Next" button.
  • It will remove all of the items found.
  • Click "Session Log" in the upper right corner, copy everything in that window.
  • Click the Summary tab and click "Finish".
  • Paste the contents of the session log you copied into your next reply.

  • 0

#15
zebtheprofessor

zebtheprofessor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
the spy sweeper did a complete sweep and didnt freeze :tazz:

here is the log...

********
10:36 PM: |··· Start of Session, Wednesday, July 13, 2005 ···|
10:36 PM: Spy Sweeper started
10:36 PM: Sweep initiated using definitions version 504
10:36 PM: Starting Memory Sweep
10:40 PM: Memory Sweep Complete, Elapsed Time: 00:04:05
10:40 PM: Starting Registry Sweep
10:40 PM: Found Adware: altnet
10:40 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 4269813)
10:40 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 4269814)
10:40 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 4269853)
10:40 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 4269854)
10:40 PM: Found Adware: cydoor
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1005\software\cydoor\ (583 subtraces) (ID = 4291077)
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1006\software\cydoor\ (314 subtraces) (ID = 4291077)
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1005\software\cydoor services\ (12 subtraces) (ID = 4291078)
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1006\software\cydoor services\ (28 subtraces) (ID = 4291078)
10:40 PM: Found Adware: dapsol dialer
10:40 PM: HKU\S-1-5-21-583907252-1229272821-725345543-1003\software\microsoft\internet explorer\main\ || conc (ID = 4291217)
10:40 PM: Found Adware: hotbar
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1005\software\hotbar\ (113 subtraces) (ID = 4294116)
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1006\software\hotbar\ (92 subtraces) (ID = 4294116)
10:40 PM: HKU\S-1-5-21-583907252-1229272821-725345543-1003\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 4294136)
10:40 PM: Found Adware: keenvalue/perfectnav
10:40 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 4296167)
10:40 PM: Found Adware: 180search assistant
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1005\software\180solutions\ (10 subtraces) (ID = 4302342)
10:40 PM: HKU\WRSS_Profile_S-1-5-21-583907252-1229272821-725345543-1006\software\180solutions\ (9 subtraces) (ID = 4302342)
10:40 PM: Found Adware: quicklink search toolbar
10:40 PM: HKU\S-1-5-21-583907252-1229272821-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 4306061)
10:40 PM: Found Adware: searchtoolbar
10:40 PM: HKU\S-1-5-21-583907252-1229272821-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 4308260)
10:40 PM: HKU\S-1-5-21-583907252-1229272821-725345543-1003\software\searchtoolbar\ (5 subtraces) (ID = 4308268)
10:40 PM: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 4308271)
10:40 PM: Registry Sweep Complete, Elapsed Time:00:00:31
10:40 PM: Starting Cookie Sweep
10:40 PM: Found Cookie: 2o7.net cookie
10:40 PM: zeb@112.2o7[2].txt (ID = 176615)
10:40 PM: zeb@2o7[1].txt (ID = 176614)
10:40 PM: Found Cookie: 64.62.232 cookie
10:40 PM: zeb@64.62.232[2].txt (ID = 176644)
10:40 PM: Found Cookie: 66.246.209 cookie
10:40 PM: zeb@66.246.209[1].txt (ID = 176654)
10:40 PM: Found Cookie: 80503492 cookie
10:40 PM: zeb@80503492[1].txt (ID = 176670)
10:40 PM: Found Cookie: 888 cookie
10:40 PM: zeb@888[1].txt (ID = 176676)
10:40 PM: zeb@888[2].txt (ID = 176676)
10:40 PM: Found Cookie: websponsors cookie
10:40 PM: zeb@a.websponsors[2].txt (ID = 178343)
10:40 PM: Found Cookie: go.com cookie
10:40 PM: zeb@abc.go[2].txt (ID = 177397)
10:40 PM: Found Cookie: about cookie
10:40 PM: zeb@about[1].txt (ID = 176694)
10:40 PM: Found Cookie: yieldmanager cookie
10:40 PM: zeb@ad.yieldmanager[1].txt (ID = 178431)
10:40 PM: Found Cookie: adknowledge cookie
10:40 PM: zeb@adknowledge[2].txt (ID = 176729)
10:40 PM: Found Cookie: adlegend cookie
10:40 PM: zeb@adlegend[1].txt (ID = 176731)
10:41 PM: Found Cookie: hbmediapro cookie
10:41 PM: zeb@adopt.hbmediapro[2].txt (ID = 177436)
10:41 PM: Found Cookie: hotbar cookie
10:41 PM: zeb@adopt.hotbar[2].txt (ID = 177466)
10:41 PM: Found Cookie: specificclick.com cookie
10:41 PM: zeb@adopt.specificclick[2].txt (ID = 178074)
10:41 PM: Found Cookie: adrevolver cookie
10:41 PM: zeb@adrevolver[1].txt (ID = 176749)
10:41 PM: zeb@adrevolver[2].txt (ID = 176749)
10:41 PM: Found Cookie: addynamix cookie
10:41 PM: zeb@ads.addynamix[1].txt (ID = 176719)
10:41 PM: Found Cookie: belointeractive cookie
10:41 PM: zeb@ads.belointeractive[2].txt (ID = 176958)
10:41 PM: Found Cookie: pointroll cookie
10:41 PM: zeb@ads.pointroll[1].txt (ID = 177820)
10:41 PM: Found Cookie: ads.stileproject cookie
10:41 PM: zeb@ads.stileproject[2].txt (ID = 176788)
10:41 PM: Found Cookie: advertising cookie
10:41 PM: zeb@advertising[1].txt (ID = 176836)
10:41 PM: zeb@animatedtv.about[1].txt (ID = 176695)
10:41 PM: Found Cookie: associated new media cookie
10:41 PM: zeb@anm.co[2].txt (ID = 176912)
10:41 PM: Found Cookie: apmebf cookie
10:41 PM: zeb@apmebf[2].txt (ID = 176890)
10:41 PM: Found Cookie: askmen cookie
10:41 PM: zeb@askmen[1].txt (ID = 176908)
10:41 PM: Found Cookie: ask cookie
10:41 PM: zeb@ask[1].txt (ID = 176906)
10:41 PM: Found Cookie: atlas dmt cookie
10:41 PM: zeb@atdmt[1].txt (ID = 176916)
10:41 PM: Found Cookie: belnk cookie
10:41 PM: zeb@ath.belnk[1].txt (ID = 176956)
10:41 PM: Found Cookie: atwola cookie
10:41 PM: zeb@atwola[2].txt (ID = 176918)
10:41 PM: Found Cookie: banners cookie
10:41 PM: zeb@banners[2].txt (ID = 176945)
10:41 PM: Found Cookie: banner cookie
10:41 PM: zeb@banner[1].txt (ID = 176939)
10:41 PM: zeb@belnk[1].txt (ID = 176955)
10:41 PM: zeb@belointeractive[2].txt (ID = 176957)
10:41 PM: Found Cookie: bluestreak cookie
10:41 PM: zeb@bluestreak[1].txt (ID = 176977)
10:41 PM: Found Cookie: burstnet cookie
10:41 PM: zeb@burstnet[2].txt (ID = 176999)
10:41 PM: Found Cookie: freestats.net cookie
10:41 PM: zeb@busorama.freestats[1].txt (ID = 177373)
10:41 PM: Found Cookie: enhance cookie
10:41 PM: zeb@c.enhance[1].txt (ID = 177282)
10:41 PM: Found Cookie: barelylegal cookie
10:41 PM: zeb@c.fsx[1].txt (ID = 176949)
10:41 PM: Found Cookie: goclick cookie
10:41 PM: zeb@c.goclick[2].txt (ID = 177401)
10:41 PM: Found Cookie: gostats cookie
10:41 PM: zeb@c2.gostats[2].txt (ID = 177416)
10:41 PM: Found Cookie: casalemedia cookie
10:41 PM: zeb@casalemedia[2].txt (ID = 177017)
10:41 PM: Found Cookie: cassava cookie
10:41 PM: zeb@cassava[1].txt (ID = 177025)
10:41 PM: Found Cookie: bridgetrack cookie
10:41 PM: zeb@citi.bridgetrack[2].txt (ID = 176990)
10:41 PM: Found Cookie: com.com cookie
10:41 PM: zeb@com[2].txt (ID = 177108)
10:41 PM: zeb@coxhsi.112.2o7[1].txt (ID = 176615)
10:41 PM: Found Cookie: clickzs cookie
10:41 PM: zeb@cz3.clickzs[2].txt (ID = 177076)
10:41 PM: zeb@cz5.clickzs[2].txt (ID = 177076)
10:41 PM: zeb@cz7.clickzs[2].txt (ID = 177076)
10:41 PM: zeb@cz9.clickzs[2].txt (ID = 177076)
10:41 PM: zeb@disney.go[1].txt (ID = 177397)
10:41 PM: zeb@dist.belnk[1].txt (ID = 176956)
10:41 PM: Found Cookie: doubleclick cookie
10:41 PM: zeb@doubleclick[1].txt (ID = 177200)
10:41 PM: Found Cookie: ru4 cookie
10:41 PM: zeb@edge.ru4[2].txt (ID = 177943)
10:41 PM: Found Cookie: hitbox cookie
10:41 PM: zeb@ehg-darksideprod.hitbox[1].txt (ID = 177452)
10:41 PM: zeb@ehg-uniontrib.hitbox[2].txt (ID = 177452)
10:41 PM: Found Cookie: exitexchange cookie
10:41 PM: zeb@exitexchange[1].txt (ID = 177301)
10:41 PM: Found Cookie: experclick cookie
10:41 PM: zeb@experclick[1].txt (ID = 177307)
10:41 PM: Found Cookie: fastclick cookie
10:41 PM: zeb@fastclick[1].txt (ID = 177319)
10:41 PM: Found Cookie: fe.lea.lycos.com cookie
10:41 PM: zeb@fe.lea.lycos[1].txt (ID = 177328)
10:41 PM: zeb@go[1].txt (ID = 177396)
10:41 PM: zeb@hitbox[2].txt (ID = 177451)
10:41 PM: Found Cookie: clickandtrack cookie
10:41 PM: zeb@hits.clickandtrack[1].txt (ID = 177060)
10:41 PM: Found Cookie: hypertracker.com cookie
10:41 PM: zeb@hypertracker[2].txt (ID = 177487)
10:41 PM: Found Cookie: screensavers.com cookie
10:41 PM: zeb@i.screensavers[2].txt (ID = 177972)
10:41 PM: Found Cookie: maxserving cookie
10:41 PM: zeb@maxserving[2].txt (ID = 177638)
10:41 PM: Found Cookie: mediaplex cookie
10:41 PM: zeb@mediaplex[1].txt (ID = 177644)
10:41 PM: Found Cookie: moviemonster cookie
10:41 PM: zeb@moviemonster[2].txt (ID = 177682)
10:41 PM: Found Cookie: mygeek cookie
10:41 PM: zeb@mygeek[1].txt (ID = 177715)
10:41 PM: Found Cookie: nuker cookie
10:41 PM: zeb@nuker[2].txt (ID = 177759)
10:41 PM: Found Cookie: offeroptimizer cookie
10:41 PM: zeb@offeroptimizer[2].txt (ID = 177761)
10:41 PM: Found Cookie: overture cookie
10:41 PM: zeb@overture[2].txt (ID = 177779)
10:41 PM: zeb@parentingteens.about[1].txt (ID = 176695)
10:41 PM: Found Cookie: partypoker cookie
10:41 PM: zeb@partypoker[1].txt (ID = 177785)
10:41 PM: Found Cookie: paycounter cookie
10:41 PM: zeb@paycounter[1].txt (ID = 177789)
10:41 PM: Found Cookie: paypopup cookie
10:41 PM: zeb@paypopup[2].txt (ID = 177791)
10:41 PM: zeb@perf.overture[1].txt (ID = 177780)
10:41 PM: Found Cookie: pro-market cookie
10:41 PM: zeb@pro-market[2].txt (ID = 177869)
10:41 PM: Found Cookie: pub cookie
10:41 PM: zeb@pub[1].txt (ID = 177877)
10:41 PM: Found Cookie: questionmarket cookie
10:41 PM: zeb@questionmarket[1].txt (ID = 177889)
10:41 PM: Found Cookie: realmedia cookie
10:41 PM: zeb@realmedia[2].txt (ID = 177907)
10:41 PM: Found Cookie: reunion cookie
10:41 PM: zeb@reunion[1].txt (ID = 177929)
10:41 PM: Found Cookie: rn11 cookie
10:41 PM: zeb@rn11[2].txt (ID = 177935)
10:41 PM: Found Cookie: adjuggler cookie
10:41 PM: zeb@rotator.adjuggler[2].txt (ID = 176728)
10:41 PM: zeb@rsi.abc.go[1].txt (ID = 177397)
10:41 PM: zeb@sandiego.about[1].txt (ID = 176695)
10:41 PM: Found Cookie: seeq cookie
10:41 PM: zeb@seeq[1].txt (ID = 178005)
10:41 PM: Found Cookie: servedby advertising cookie
10:41 PM: zeb@servedby.advertising[2].txt (ID = 178009)
10:41 PM: Found Cookie: server.iad.liveperson cookie
10:41 PM: zeb@server.iad.liveperson[2].txt (ID = 178015)
10:41 PM: Found Cookie: serving-sys cookie
10:41 PM: zeb@serving-sys[2].txt (ID = 178017)
10:41 PM: Found Cookie: sex cookie
10:41 PM: zeb@sex[1].txt (ID = 178021)
10:41 PM: Found Cookie: directtrack cookie
10:41 PM: zeb@sideshow.directtrack[1].txt (ID = 177189)
10:41 PM: Found Cookie: socalcoeds.com cookie
10:41 PM: zeb@socalcoeds[1].txt (ID = 178067)
10:41 PM: Found Cookie: starware.com cookie
10:41 PM: zeb@starware[2].txt (ID = 178115)
10:41 PM: Found Cookie: webtrendslive cookie
10:41 PM: zeb@statse.webtrendslive[2].txt (ID = 178347)
10:41 PM: Found Cookie: stlyrics cookie
10:41 PM: zeb@stlyrics[1].txt (ID = 178135)
10:41 PM: Found Cookie: tickle cookie
10:41 PM: zeb@tickle[2].txt (ID = 178205)
10:41 PM: Found Cookie: tradedoubler cookie
10:41 PM: zeb@tradedoubler[1].txt (ID = 178251)
10:41 PM: Found Cookie: trafficmp cookie
10:41 PM: zeb@trafficmp[1].txt (ID = 178259)
10:41 PM: Found Cookie: tribalfusion cookie
10:41 PM: zeb@tribalfusion[2].txt (ID = 178267)
10:41 PM: Found Cookie: tripod cookie
10:41 PM: zeb@tripod[1].txt (ID = 178269)
10:41 PM: Found Cookie: valueclick cookie
10:41 PM: zeb@valueclick[2].txt (ID = 178306)
10:41 PM: Found Cookie: weborama cookie
10:41 PM: zeb@weborama[1].txt (ID = 178336)
10:41 PM: Found Cookie: webpower cookie
10:41 PM: zeb@webpower[1].txt (ID = 178338)
10:41 PM: Found Cookie: adminder cookie
10:41 PM: zeb@www.adminder[1].txt (ID = 176736)
10:41 PM: Found Cookie: burstbeacon cookie
10:41 PM: zeb@www.burstbeacon[2].txt (ID = 176998)
10:41 PM: Found Cookie: eadexchange cookie
10:41 PM: zeb@www.eadexchange[2].txt (ID = 177221)
10:41 PM: Found Cookie: myaffiliateprogram.com cookie
10:41 PM: zeb@www.myaffiliateprogram[1].txt (ID = 177706)
10:41 PM: zeb@www.screensavers[1].txt (ID = 177972)
10:41 PM: zeb@www.seeq[1].txt (ID = 178006)
10:41 PM: zeb@www.stlyrics[1].txt (ID = 178136)
10:41 PM: Found Cookie: stopzilla cookie
10:41 PM: zeb@www.stopzilla[2].txt (ID = 178140)
10:41 PM: zeb@www48.seeq[1].txt (ID = 178006)
10:41 PM: zeb@yieldmanager[1].txt (ID = 178429)
10:41 PM: Found Cookie: zedo cookie
10:41 PM: zeb@zedo[1].txt (ID = 178442)
10:41 PM: yvette@2o7[1].txt (ID = 176614)
10:41 PM: yvette@888[1].txt (ID = 176676)
10:41 PM: yvette@888[2].txt (ID = 176676)
10:41 PM: yvette@ad.yieldmanager[1].txt (ID = 178431)
10:41 PM: yvette@adknowledge[1].txt (ID = 176729)
10:41 PM: yvette@ads.addynamix[1].txt (ID = 176719)
10:41 PM: yvette@ads.pointroll[1].txt (ID = 177820)
10:41 PM: yvette@apmebf[2].txt (ID = 176890)
10:41 PM: Found Cookie: falkag cookie
10:41 PM: yvette@as-us.falkag[2].txt (ID = 177318)
10:41 PM: yvette@ask[1].txt (ID = 176906)
10:41 PM: yvette@atdmt[2].txt (ID = 176916)
10:41 PM: yvette@atwola[1].txt (ID = 176918)
10:41 PM: Found Cookie: bilbo.counted.com cookie
10:41 PM: yvette@bilbo.counted[1].txt (ID = 176969)
10:41 PM: yvette@burstnet[1].txt (ID = 176999)
10:41 PM: yvette@casalemedia[1].txt (ID = 177017)
10:41 PM: yvette@cassava[1].txt (ID = 177025)
10:41 PM: yvette@doubleclick[1].txt (ID = 177200)
10:41 PM: yvette@ehg-attworldnet.hitbox[1].txt (ID = 177452)
10:41 PM: yvette@ehg-cafepress.hitbox[1].txt (ID = 177452)
10:41 PM: yvette@fastclick[2].txt (ID = 177319)
10:41 PM: yvette@hitbox[2].txt (ID = 177451)
10:41 PM: yvette@hypertracker[2].txt (ID = 177487)
10:41 PM: yvette@mediaplex[1].txt (ID = 177644)
10:41 PM: Found Cookie: monstermarketplace cookie
10:41 PM: yvette@monstermarketplace[1].txt (ID = 177678)
10:41 PM: yvette@paypopup[1].txt (ID = 177791)
10:41 PM: yvette@perf.overture[1].txt (ID = 177780)
10:41 PM: Found Cookie: qksrv cookie
10:41 PM: yvette@qksrv[2].txt (ID = 177885)
10:41 PM: yvette@questionmarket[1].txt (ID = 177889)
10:41 PM: yvette@serving-sys[2].txt (ID = 178017)
10:41 PM: yvette@starware[2].txt (ID = 178115)
10:41 PM: Found Cookie: statcounter cookie
10:41 PM: yvette@statcounter[1].txt (ID = 178121)
10:41 PM: yvette@statse.webtrendslive[2].txt (ID = 178347)
10:41 PM: yvette@trafficmp[2].txt (ID = 178259)
10:41 PM: Found Cookie: realtracker cookie
10:41 PM: yvette@web4.realtracker[1].txt (ID = 177914)
10:41 PM: yvette@www.burstbeacon[2].txt (ID = 176998)
10:41 PM: yvette@www.screensavers[1].txt (ID = 177972)
10:41 PM: Found Cookie: tshirthell cookie
10:41 PM: yvette@www.tshirthell[1].txt (ID = 178274)
10:41 PM: yvette@zedo[2].txt (ID = 178442)
10:41 PM: nora@2o7[1].txt (ID = 176614)
10:41 PM: nora@ad.reunion[1].txt (ID = 177930)
10:41 PM: nora@ad.yieldmanager[2].txt (ID = 178431)
10:41 PM: nora@adknowledge[1].txt (ID = 176729)
10:41 PM: nora@adrevolver[1].txt (ID = 176749)
10:41 PM: nora@adrevolver[3].txt (ID = 176749)
10:41 PM: nora@ads.addynamix[2].txt (ID = 176719)
10:41 PM: Found Cookie: euniverseads cookie
10:41 PM: nora@ads.euniverseads[1].txt (ID = 177298)
10:41 PM: nora@ads.pointroll[2].txt (ID = 177820)
10:41 PM: Found Cookie: adserver cookie
10:41 PM: nora@adserver[1].txt (ID = 176802)
10:41 PM: Found Cookie: adultfriendfinder cookie
10:41 PM: nora@adultfriendfinder[2].txt (ID = 176826)
10:41 PM: nora@advertising[2].txt (ID = 176836)
10:41 PM: nora@apmebf[1].txt (ID = 176890)
10:41 PM: nora@ask[1].txt (ID = 176906)
10:41 PM: nora@atdmt[2].txt (ID = 176916)
10:41 PM: nora@ath.belnk[2].txt (ID = 176956)
10:41 PM: nora@atwola[1].txt (ID = 176918)
10:41 PM: nora@banner[2].txt (ID = 176939)
10:41 PM: nora@belnk[1].txt (ID = 176955)
10:41 PM: Found Cookie: bfast cookie
10:41 PM: nora@bfast[2].txt (ID = 176963)
10:41 PM: nora@bluestreak[2].txt (ID = 176977)
10:41 PM: Found Cookie: bs.serving-sys cookie
10:41 PM: nora@bs.serving-sys[2].txt (ID = 176993)
10:41 PM: nora@casalemedia[2].txt (ID = 177017)
10:41 PM: Found Cookie: centrport net cookie
10:41 PM: nora@centrport[1].txt (ID = 177037)
10:41 PM: Found Cookie: hitslink cookie
10:41 PM: nora@counter.hitslink[2].txt (ID = 177458)
10:41 PM: nora@coxhsi.112.2o7[2].txt (ID = 176615)
10:41 PM: nora@dist.belnk[2].txt (ID = 176956)
10:41 PM: nora@doubleclick[1].txt (ID = 177200)
10:41 PM: nora@edge.ru4[2].txt (ID = 177943)
10:41 PM: nora@ehg-coxcommunications.hitbox[1].txt (ID = 177452)
10:41 PM: nora@ehg-foxsports.hitbox[1].txt (ID = 177452)
10:41 PM: nora@euniverseads[2].txt (ID = 177297)
10:41 PM: nora@fastclick[2].txt (ID = 177319)
10:41 PM: nora@hitbox[2].txt (ID = 177451)
10:41 PM: nora@maxserving[2].txt (ID = 177638)
10:41 PM: nora@mediaplex[1].txt (ID = 177644)
10:41 PM: nora@overture[2].txt (ID = 177779)
10:41 PM: nora@questionmarket[1].txt (ID = 177889)
10:41 PM: nora@rccl.bridgetrack[2].txt (ID = 176990)
10:41 PM: nora@realmedia[2].txt (ID = 177907)
10:41 PM: nora@reunion[1].txt (ID = 177929)
10:41 PM: Found Cookie: rightmedia cookie
10:41 PM: nora@rightmedia[2].txt (ID = 177933)
10:41 PM: nora@servedby.advertising[2].txt (ID = 178009)
10:41 PM: nora@serving-sys[2].txt (ID = 178017)
10:41 PM: Found Cookie: sirsearch cookie
10:41 PM: nora@sirsearch[1].txt (ID = 178053)
10:41 PM: nora@tickle[1].txt (ID = 178205)
10:41 PM: nora@tradedoubler[1].txt (ID = 178251)
10:41 PM: nora@trafficmp[2].txt (ID = 178259)
10:41 PM: nora@tripod[1].txt (ID = 178269)
10:41 PM: Found Cookie: coremetrics cookie
10:41 PM: nora@twci.coremetrics[1].txt (ID = 177133)
10:41 PM: nora@valueclick[2].txt (ID = 178306)
10:41 PM: nora@z1.adserver[1].txt (ID = 176803)
10:41 PM: nora@zedo[1].txt (ID = 178442)
10:41 PM: Cookie Sweep Complete, Elapsed Time: 00:00:17
10:41 PM: Starting File Sweep
10:41 PM: c:\documents and settings\nora\application data\hotbar (277 subtraces) (ID = 4008462)
10:41 PM: Found Adware: commonname
10:41 PM: c:\windows\temp\adware (1 subtraces) (ID = 3999084)
10:41 PM: c:\documents and settings\yvette\application data\hotbar (667 subtraces) (ID = 4008462)
10:42 PM: progress.res (ID = 4008439)
10:43 PM: progress.res (ID = 4008439)
10:43 PM: progress.res (ID = 4008439)
10:47 PM: progress.res (ID = 4008439)
10:47 PM: backup-20050710-191206-378.dll (ID = 4022941)
10:51 PM: Warning: Failed to read file "c:\program files\common files\system\msadc\msadds.dll". Incorrect function
10:51 PM: Warning: Failed to read file "c:\documents and settings\yvette\application data\sun\java\deployment\cache\javapi\v1.0\jar\videoclipstream10.zip-5a72b272-7b377d29.zip". Incorrect function
10:51 PM: Warning: Failed to read file "c:\documents and settings\nora\application data\hotbar\v3.0\hostol\static\1\css_objects.css". Incorrect function
10:51 PM: Warning: Failed to read file "c:\documents and settings\all users\application data\kodak\easysharesetup\ksu\program files\kodak\kodak software updater\7288971\program\readme\updater_readme_1033.htm". Incorrect function
10:51 PM: Warning: Failed to read file "c:\program files\kodak\kodak easyshare software\bin\data\vpahtmm\page1.html". Incorrect function
10:52 PM: Found Adware: neededware
10:52 PM: setup[1].exe (ID = 4017665)
10:53 PM: progress.res (ID = 4008439)
10:58 PM: progress.res (ID = 4008439)
10:59 PM: Found Adware: bullguard popup ad
10:59 PM: bulldownload.exe (ID = 3997009)
11:01 PM: Found Trojan Horse: trojan-secdrop
11:01 PM: rdsndin.exe (ID = 4029763)
11:03 PM: Warning: Failed to read file "c:\documents and settings\zeb\my documents\my music\new folder\ines cudna 03\dcp0069.jpg". The request could not be performed because of an I/O device error
11:03 PM: woljy.dll (ID = 4022941)
11:03 PM: hotbar.inf (ID = 4008413)
11:04 PM: progress.xip (ID = 4008440)
11:04 PM: hotbar_promo.xip (ID = 4008422)
11:04 PM: progress.xip (ID = 4008440)
11:04 PM: hotbar_promo.xip (ID = 4008422)
11:04 PM: progress.xip (ID = 4008440)
11:04 PM: hotbar_promo.xip (ID = 4008422)
11:05 PM: File Sweep Complete, Elapsed Time: 00:23:54
11:05 PM: Full Sweep has completed. Elapsed time 00:29:00
11:05 PM: Traces Found: 2366
11:07 PM: Removal process initiated
11:07 PM: Quarantining All Traces: altnet
11:07 PM: Quarantining All Traces: cydoor
11:07 PM: Quarantining All Traces: dapsol dialer
11:07 PM: Quarantining All Traces: hotbar
11:07 PM: Quarantining All Traces: keenvalue/perfectnav
11:08 PM: Quarantining All Traces: 180search assistant
11:08 PM: Quarantining All Traces: quicklink search toolbar
11:08 PM: Quarantining All Traces: searchtoolbar
11:08 PM: Quarantining All Traces: 2o7.net cookie
11:08 PM: Quarantining All Traces: 64.62.232 cookie
11:08 PM: Quarantining All Traces: 66.246.209 cookie
11:08 PM: Quarantining All Traces: 80503492 cookie
11:08 PM: Quarantining All Traces: 888 cookie
11:08 PM: Quarantining All Traces: websponsors cookie
11:08 PM: Quarantining All Traces: go.com cookie
11:08 PM: Quarantining All Traces: about cookie
11:08 PM: Quarantining All Traces: yieldmanager cookie
11:08 PM: Quarantining All Traces: adknowledge cookie
11:08 PM: Quarantining All Traces: adlegend cookie
11:08 PM: Quarantining All Traces: hbmediapro cookie
11:08 PM: Quarantining All Traces: hotbar cookie
11:08 PM: Quarantining All Traces: specificclick.com cookie
11:08 PM: Quarantining All Traces: adrevolver cookie
11:08 PM: Quarantining All Traces: addynamix cookie
11:08 PM: Quarantining All Traces: belointeractive cookie
11:08 PM: Quarantining All Traces: pointroll cookie
11:08 PM: Quarantining All Traces: ads.stileproject cookie
11:08 PM: Quarantining All Traces: advertising cookie
11:08 PM: Quarantining All Traces: associated new media cookie
11:08 PM: Quarantining All Traces: apmebf cookie
11:08 PM: Quarantining All Traces: askmen cookie
11:08 PM: Quarantining All Traces: ask cookie
11:08 PM: Quarantining All Traces: atlas dmt cookie
11:08 PM: Quarantining All Traces: belnk cookie
11:08 PM: Quarantining All Traces: atwola cookie
11:08 PM: Quarantining All Traces: banners cookie
11:08 PM: Quarantining All Traces: banner cookie
11:08 PM: Quarantining All Traces: bluestreak cookie
11:08 PM: Quarantining All Traces: burstnet cookie
11:08 PM: Quarantining All Traces: freestats.net cookie
11:08 PM: Quarantining All Traces: enhance cookie
11:08 PM: Quarantining All Traces: barelylegal cookie
11:08 PM: Quarantining All Traces: goclick cookie
11:08 PM: Quarantining All Traces: gostats cookie
11:08 PM: Quarantining All Traces: casalemedia cookie
11:08 PM: Quarantining All Traces: cassava cookie
11:08 PM: Quarantining All Traces: bridgetrack cookie
11:08 PM: Quarantining All Traces: com.com cookie
11:08 PM: Quarantining All Traces: clickzs cookie
11:08 PM: Quarantining All Traces: doubleclick cookie
11:08 PM: Quarantining All Traces: ru4 cookie
11:08 PM: Quarantining All Traces: hitbox cookie
11:08 PM: Quarantining All Traces: exitexchange cookie
11:08 PM: Quarantining All Traces: experclick cookie
11:08 PM: Quarantining All Traces: fastclick cookie
11:08 PM: Quarantining All Traces: fe.lea.lycos.com cookie
11:08 PM: Quarantining All Traces: clickandtrack cookie
11:08 PM: Quarantining All Traces: hypertracker.com cookie
11:08 PM: Quarantining All Traces: screensavers.com cookie
11:08 PM: Quarantining All Traces: maxserving cookie
11:08 PM: Quarantining All Traces: mediaplex cookie
11:08 PM: Quarantining All Traces: moviemonster cookie
11:08 PM: Quarantining All Traces: mygeek cookie
11:08 PM: Quarantining All Traces: nuker cookie
11:08 PM: Quarantining All Traces: offeroptimizer cookie
11:08 PM: Quarantining All Traces: overture cookie
11:08 PM: Quarantining All Traces: partypoker cookie
11:08 PM: Quarantining All Traces: paycounter cookie
11:08 PM: Quarantining All Traces: paypopup cookie
11:08 PM: Quarantining All Traces: pro-market cookie
11:08 PM: Quarantining All Traces: pub cookie
11:08 PM: Quarantining All Traces: questionmarket cookie
11:08 PM: Quarantining All Traces: realmedia cookie
11:08 PM: Quarantining All Traces: reunion cookie
11:08 PM: Quarantining All Traces: rn11 cookie
11:08 PM: Quarantining All Traces: adjuggler cookie
11:08 PM: Quarantining All Traces: seeq cookie
11:08 PM: Quarantining All Traces: servedby advertising cookie
11:08 PM: Quarantining All Traces: server.iad.liveperson cookie
11:08 PM: Quarantining All Traces: serving-sys cookie
11:08 PM: Quarantining All Traces: sex cookie
11:08 PM: Quarantining All Traces: directtrack cookie
11:08 PM: Quarantining All Traces: socalcoeds.com cookie
11:08 PM: Quarantining All Traces: starware.com cookie
11:08 PM: Quarantining All Traces: webtrendslive cookie
11:08 PM: Quarantining All Traces: stlyrics cookie
11:08 PM: Quarantining All Traces: tickle cookie
11:08 PM: Quarantining All Traces: tradedoubler cookie
11:08 PM: Quarantining All Traces: trafficmp cookie
11:08 PM: Quarantining All Traces: tribalfusion cookie
11:08 PM: Quarantining All Traces: tripod cookie
11:08 PM: Quarantining All Traces: valueclick cookie
11:08 PM: Quarantining All Traces: weborama cookie
11:08 PM: Quarantining All Traces: webpower cookie
11:08 PM: Quarantining All Traces: adminder cookie
11:08 PM: Quarantining All Traces: burstbeacon cookie
11:08 PM: Quarantining All Traces: eadexchange cookie
11:08 PM: Quarantining All Traces: myaffiliateprogram.com cookie
11:08 PM: Quarantining All Traces: stopzilla cookie
11:08 PM: Quarantining All Traces: zedo cookie
11:08 PM: Quarantining All Traces: falkag cookie
11:08 PM: Quarantining All Traces: bilbo.counted.com cookie
11:08 PM: Quarantining All Traces: monstermarketplace cookie
11:08 PM: Quarantining All Traces: qksrv cookie
11:08 PM: Quarantining All Traces: statcounter cookie
11:08 PM: Quarantining All Traces: realtracker cookie
11:08 PM: Quarantining All Traces: tshirthell cookie
11:08 PM: Quarantining All Traces: euniverseads cookie
11:08 PM: Quarantining All Traces: adserver cookie
11:08 PM: Quarantining All Traces: adultfriendfinder cookie
11:08 PM: Quarantining All Traces: bfast cookie
11:08 PM: Quarantining All Traces: bs.serving-sys cookie
11:08 PM: Quarantining All Traces: centrport net cookie
11:08 PM: Quarantining All Traces: hitslink cookie
11:08 PM: Quarantining All Traces: rightmedia cookie
11:08 PM: Quarantining All Traces: sirsearch cookie
11:08 PM: Quarantining All Traces: coremetrics cookie
11:08 PM: Quarantining All Traces: commonname
11:08 PM: Quarantining All Traces: neededware
11:08 PM: Quarantining All Traces: bullguard popup ad
11:08 PM: Quarantining All Traces: trojan-secdrop
11:08 PM: Removal process completed. Elapsed time 00:01:14
********
10:34 PM: |··· Start of Session, Wednesday, July 13, 2005 ···|
10:34 PM: Spy Sweeper started
10:35 PM: Warning: Unable to write hosts file. Could not open hosts file with (Read/Write) permissions: Cannot create file "C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS". The system cannot find the path specified
10:36 PM: |··· End of Session, Wednesday, July 13, 2005 ···|
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP