Scan saved at 9:18:13 PM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mfcuh32.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\MSNAccel.exe
C:\Documents and Settings\Alex\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {007F3E5D-5957-E86E-8681-82EE2B1C5E7F} - C:\WINDOWS\system32\addtq32.dll
O2 - BHO: Class - {18E79D78-37FF-46FB-174F-D52C8A9B4AA4} - C:\WINDOWS\addof.dll
O2 - BHO: Class - {B785CE58-BFCA-F505-DF78-61EE7CB4B1C9} - C:\WINDOWS\system32\atlvw32.dll
O2 - BHO: Class - {B8E64B1D-97B9-D9CD-4452-E3D27877AC97} - C:\WINDOWS\system32\d3wj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [mfctc32.exe] C:\WINDOWS\system32\mfctc32.exe
O4 - HKLM\..\Run: [ieda32.exe] C:\WINDOWS\ieda32.exe
O4 - HKLM\..\Run: [mfcuh32.exe] C:\WINDOWS\system32\mfcuh32.exe
O4 - HKLM\..\RunOnce: [appgn32.exe] C:\WINDOWS\appgn32.exe
O4 - HKLM\..\RunOnce: [winvx.exe] C:\WINDOWS\system32\winvx.exe
O4 - HKLM\..\RunOnce: [netso32.exe] C:\WINDOWS\system32\netso32.exe
O4 - HKLM\..\RunOnce: [atlnr.exe] C:\WINDOWS\system32\atlnr.exe
O4 - HKLM\..\RunOnce: [msse.exe] C:\WINDOWS\msse.exe
O4 - HKLM\..\RunOnce: [mfcld32.exe] C:\WINDOWS\mfcld32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03765121-F259-482F-85EA-D18E4BC28F77}: NameServer = 209.244.0.3 209.244.0.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{03765121-F259-482F-85EA-D18E4BC28F77}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\appgn32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I have gone through the steps listed in the "do this first befor posting" I even tried to use some of the orther posts to see if i can correct what is wrong with mine... but... i dont want to do more harm than good. I know some but not enough (shows you how much things change in five years... i was a computer tech...I thought...)
HELP would be GREAT!
thanks
Alex G. Olson
AboutBuster 5.0 reference file 28
Scan started on [7/25/2005] at [8:16:18 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\explorer.scf:ryuvzx
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:kymata
Removed Stream! C:\WINDOWS\KB887472.log:qwhse
Removed Stream! C:\WINDOWS\KB888113.log:xwonjy
Removed Stream! C:\WINDOWS\KB890175.log:qxgsej
Removed Stream! C:\WINDOWS\KB896422.log:tyjlaw
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:iryfa
Removed Stream! C:\WINDOWS\system.ini:bwyjq
------------------------------------------------
Removed File! : C:\Windows\qtltw.dll
Removed File! : C:\Windows\ydgrj.dll
------------------------------------------------
Scan was ABORTED at 8:17:00 PM
AboutBuster 5.0 reference file 31
Scan started on [7/26/2005] at [7:14:24 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\clock.avi:ovyxaa
------------------------------------------------
Removed File! : C:\Windows\mnify.dat
Removed File! : C:\Windows\System32\cvqpc.dll
Removed File! : C:\Windows\System32\iioxg.dat
Removed File! : C:\Windows\System32\ybevi.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:15:14 PM
I also ran Webroot Spysweeper for MSN and it found
CWS_NS3, and CoolWebSearch (CWS)
This is the log...
07:16 PM: |··· Start of Session, Tuesday, July 26, 2005 ···|
07:16 PM: Spy Sweeper for MSN 3.5.0 (Build 202) started
07:16 PM: Sweep initiated using definitions version 441
07:16 PM: Sweeping memory for threats.
07:17 PM: Memory sweep has completed. Elapsed time 00:00:24
07:17 PM: Registry sweep initiated.
07:17 PM: Found: 60 CWS_NS3 registry traces.
07:17 PM: Registry sweep completed. Elapsed time 00:00:38
07:17 PM: Full sweep on all local drives initiated.
07:17 PM: Now sweeping drive C:
07:18 PM: Found Adware: CoolWebSearch (CWS), version 1, c:\documents and settings\localservice\favorites\only sex website.url
07:18 PM: Found Adware: CoolWebSearch (CWS), version 1, c:\documents and settings\localservice\favorites\search the web.url
07:18 PM: Found Adware: CoolWebSearch (CWS), version 1, c:\documents and settings\localservice\favorites\seven days of free [bleep].url
07:18 PM: Found Cookie: Tickle Cookie, version 1, c:\documents and settings\alex\cookies\alex@tickle[2].txt
07:18 PM: Found Cookie: 2o7.net Cookie, version 1, c:\documents and settings\alex\cookies\alex@2o7[2].txt
07:32 PM: Found: 5 file traces.
07:32 PM: Full Sweep has completed. Elapsed time 00:16:08
32,670 files swept
65 item traces located
07:33 PM: Removal process initiated
07:33 PM: Quarantining: 2o7.net Cookie
07:33 PM: Cookie: c:\documents and settings\alex\cookies\alex@2o7[2].txt
07:33 PM: Quarantining: CoolWebSearch (CWS)
07:33 PM: File: c:\documents and settings\localservice\favorites\only sex website.url
07:33 PM: File: c:\documents and settings\localservice\favorites\search the web.url
07:33 PM: File: c:\documents and settings\localservice\favorites\seven days of free [bleep].url
07:33 PM: Quarantining: CWS_NS3
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hsa
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\se
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sw
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sw||displayname
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sw||uninstallstring
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\se||displayname
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\se||uninstallstring
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hsa||displayname
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hsa||uninstallstring
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\localserver32
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data||(-default-)
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data||data0
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data||data2
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\localserver32||(-default-)
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\localserver32
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data||(-default-)
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data||data0
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data||data2
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\localserver32||(-default-)
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\localserver32
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data||(-default-)
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data||data0
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data||data2
07:33 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\localserver32||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\localserver32
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data||data0
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data||data2
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\localserver32||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\localserver32
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data||data0
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data||data2
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\localserver32||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\localserver32
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data||data0
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data||data2
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\localserver32||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\localserver32
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data||(-default-)
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data||data0
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data||data2
07:33 PM: Registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\localserver32||(-default-)
07:33 PM: Quarantining: Tickle Cookie
07:33 PM: Cookie: c:\documents and settings\alex\cookies\alex@tickle[2].txt
07:33 PM: Cleaning Traces
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\localserver32
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data|| (data2)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data|| (data0)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\localserver32
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data|| (data2)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data|| (data0)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\localserver32
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data|| (data2)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data|| (data0)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\localserver32
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data|| (data2)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data|| (data0)
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\data
07:33 PM: Removing registry: HKEY_CLASSES_ROOT\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sw|| (uninstallstring)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sw|| (displayname)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\sw
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\se|| (uninstallstring)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\se|| (displayname)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\se
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hsa|| (uninstallstring)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hsa|| (displayname)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hsa
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\localserver32
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data|| (data2)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data|| (data0)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}\data
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{929f8e8d-2c15-4240-e685-fa3c645381c5}
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\localserver32
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data|| (data2)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data|| (data0)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\data
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\localserver32
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data|| (data2)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data|| (data0)
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\data
07:33 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}
07:33 PM: Removing file: c:\documents and settings\localservice\favorites\seven days of free [bleep].url
07:33 PM: Removing file: c:\documents and settings\localservice\favorites\search the web.url
07:33 PM: Removing file: c:\documents and settings\localservice\favorites\only sex website.url
07:33 PM: 09:25 PM: |··· Start of Session, Tuesday, July 26, 2005 ···|
09:25 PM: Spy Sweeper for MSN 3.5.0 (Build 202) started
09:26 PM: Processing Startup Alerts
09:26 PM: Removed Startup entry: mfcuh32.exe
09:26 PM: Removed Startup entry: atlnr.exe
09:26 PM: Removed Startup entry: msse.exe
09:26 PM: Removed Startup entry: mfcld32.exe
09:26 PM: Removed Startup entry: winoe32.exe
09:26 PM: Removed Startup entry: sdkgu.exe
09:26 PM: Processing Startup Alerts
09:26 PM: Removed Startup entry: atlnr.exe
09:26 PM: Removed Startup entry: msse.exe
09:26 PM: Removed Startup entry: mfcld32.exe
09:26 PM: Removed Startup entry: winoe32.exe
09:26 PM: Removed Startup entry: sdkgu.exe
09:26 PM: Processing Startup Alerts
09:26 PM: Removed Startup entry: atlnr.exe
09:26 PM: Removed Startup entry: msse.exe
09:26 PM: Removed Startup entry: mfcld32.exe
09:26 PM: Removed Startup entry: winoe32.exe
09:26 PM: Removed Startup entry: sdkgu.exe
09:27 PM: Processing Startup Alerts
09:27 PM: Removed Startup entry: atlnr.exe
09:27 PM: Removed Startup entry: msse.exe
09:27 PM: Removed Startup entry: mfcld32.exe
09:27 PM: Removed Startup entry: winoe32.exe
09:27 PM: Removed Startup entry: sdkgu.exe
09:27 PM: Removed Startup entry: mfcuh32.exe
09:27 PM: Removed Startup entry: mspj32.exe
09:28 PM: Updating spyware definitions
09:40 PM: Your spyware definitions have been updated.
Edited by BigAl1976, 27 July 2005 - 08:23 AM.