Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Winfix 2005 VX2 [RESOLVED]


  • This topic is locked This topic is locked

#16
DeadMagicBox

DeadMagicBox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
********
2:57 PM: |··· Start of Session, Thursday, August 18, 2005 ···|
2:57 PM: Spy Sweeper started
2:57 PM: Sweep initiated using definitions version 519
2:57 PM: Starting Memory Sweep
2:58 PM: Memory Sweep Complete, Elapsed Time: 00:00:46
2:58 PM: Starting Registry Sweep
2:58 PM: Found Adware: addestroyer
2:58 PM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
2:58 PM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\vb and vba program settings\addestroyer\ (3 subtraces) (ID = 102749)
2:58 PM: Found Adware: apropos
2:58 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
2:58 PM: Found Adware: begin2search
2:58 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
2:58 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
2:58 PM: Found Adware: hotsearchbar toolbar
2:58 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
2:58 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
2:58 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
2:58 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
2:58 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
2:58 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
2:58 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
2:58 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
2:58 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
2:58 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
2:58 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
2:58 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
2:58 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
2:58 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
2:58 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
2:58 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
2:58 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
2:58 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
2:58 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
2:58 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
2:58 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
2:58 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
2:58 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
2:58 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
2:58 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
2:58 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
2:58 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
2:58 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
2:58 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
2:58 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
2:58 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
2:58 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
2:58 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
2:58 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
2:58 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
2:58 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
2:58 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
2:58 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
2:58 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
2:58 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
2:58 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
2:58 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
2:58 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
2:58 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
2:58 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
2:58 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
2:58 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
2:58 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
2:58 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
2:58 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
2:58 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
2:58 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
2:58 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
2:58 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
2:58 PM: Found Adware: bookedspace
2:58 PM: HKLM\software\configuration manager\cfgmgr52\ (6 subtraces) (ID = 104873)
2:58 PM: Found Adware: cas
2:58 PM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105366)
2:58 PM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 105369)
2:58 PM: Found Adware: elitebar searchmiracle hijacker
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\ || searchurl (ID = 125775)
2:58 PM: Found Adware: ezula ilookup
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\web offer\ (10 subtraces) (ID = 126300)
2:58 PM: Found Adware: ieplugin
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\intexp\ (1 subtraces) (ID = 128173)
2:58 PM: Found Adware: drsnsrch.com hijack
2:58 PM: HKU\S-1-5-21-1606980848-261478967-682003330-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
2:58 PM: Found Adware: internetoptimizer
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\avenue media\ (ID = 128887)
2:58 PM: Found Adware: istbar
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ist\ (1 subtraces) (ID = 129108)
2:58 PM: Found Adware: maxifiles
2:58 PM: HKCR\clsid\{11a4ca8c-a8b9-49c2-a6d3-3f64c9eebae6}\ (11 subtraces) (ID = 134838)
2:58 PM: HKCR\shorty.gopher\ (5 subtraces) (ID = 134839)
2:58 PM: HKCR\shorty.gopher.1\ (3 subtraces) (ID = 134840)
2:58 PM: HKLM\software\classes\clsid\{11a4ca8c-a8b9-49c2-a6d3-3f64c9eebae6}\ (11 subtraces) (ID = 134842)
2:58 PM: HKLM\software\classes\shorty.gopher\ (5 subtraces) (ID = 134843)
2:58 PM: HKLM\software\classes\shorty.gopher.1\clsid\ (1 subtraces) (ID = 134844)
2:58 PM: HKLM\software\classes\shorty.gopher.1\ (3 subtraces) (ID = 134845)
2:58 PM: HKU\S-1-5-21-1606980848-261478967-682003330-1004\software\xbtb07618\ (1 subtraces) (ID = 134858)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\xbtb07618\ (60 subtraces) (ID = 134858)
2:58 PM: Found Adware: 180search assistant/zango
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\salm\ (15 subtraces) (ID = 135792)
2:58 PM: Found Trojan Horse: trojan-downloader-pacisoft
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\psof1\ (15 subtraces) (ID = 136530)
2:58 PM: Found Adware: powerscan
2:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826)
2:58 PM: Found Adware: privacyscan
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\privacy champion\ (1 subtraces) (ID = 136898)
2:58 PM: Found Adware: redzip toolbar
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
2:58 PM: Found Adware: bho_sidefind
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
2:58 PM: HKU\S-1-5-21-1606980848-261478967-682003330-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
2:58 PM: Found Adware: shopnav.com hijacker
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\main\ || search bar (ID = 142264)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 142268)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\main\ || search page (ID = 142269)
2:58 PM: Found Adware: surfsidekick
2:58 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
2:58 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
2:58 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\surfsidekick3\ (3 subtraces) (ID = 143412)
2:58 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
2:58 PM: Found Adware: trustyhound toolbar
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {77fbf9b8-1d37-4ff2-9ced-192d8e3aba6f} (ID = 145193)
2:58 PM: Found Adware: virtualbouncer
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\vb and vba program settings\vbouncer\ (8 subtraces) (ID = 145564)
2:58 PM: Found Adware: winad
2:58 PM: HKLM\software\media access\ (8 subtraces) (ID = 147182)
2:58 PM: Found Adware: icannnews
2:58 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
2:58 PM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
2:58 PM: HKCR\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169452)
2:58 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
2:58 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
2:58 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
2:58 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
2:58 PM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
2:58 PM: HKLM\software\classes\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169459)
2:58 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
2:58 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
2:58 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
2:58 PM: Found Adware: surf accuracy
2:58 PM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\cas\client\ (5 subtraces) (ID = 359309)
2:58 PM: Found Adware: shopnavupdater
2:58 PM: HKCR\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359486)
2:58 PM: HKCR\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359487)
2:58 PM: HKCR\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359488)
2:58 PM: HKCR\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359489)
2:58 PM: HKCR\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359490)
2:58 PM: HKCR\snb.band\ (5 subtraces) (ID = 359491)
2:58 PM: HKCR\sntb.bottomframe\ (5 subtraces) (ID = 359492)
2:58 PM: HKCR\sntb.leftframe\ (5 subtraces) (ID = 359493)
2:58 PM: HKCR\sntb.popupbrowser\ (5 subtraces) (ID = 359494)
2:58 PM: HKCR\sntb.popupwindow\ (5 subtraces) (ID = 359495)
2:58 PM: HKLM\software\classes\clsid\{00027925-0017-4faf-9539-90e4ac0b9ec5}\ (11 subtraces) (ID = 359496)
2:58 PM: HKLM\software\classes\clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}\ (11 subtraces) (ID = 359497)
2:58 PM: HKLM\software\classes\clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}\ (13 subtraces) (ID = 359498)
2:58 PM: HKLM\software\classes\clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}\ (13 subtraces) (ID = 359499)
2:58 PM: HKLM\software\classes\clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}\ (11 subtraces) (ID = 359500)
2:58 PM: HKLM\software\classes\snb.band\ (5 subtraces) (ID = 359501)
2:58 PM: HKLM\software\classes\sntb.bottomframe\ (5 subtraces) (ID = 359502)
2:58 PM: HKLM\software\classes\sntb.leftframe\ (5 subtraces) (ID = 359503)
2:58 PM: HKLM\software\classes\sntb.popupbrowser.1\ (3 subtraces) (ID = 359504)
2:58 PM: HKLM\software\classes\sntb.popupbrowser\ (5 subtraces) (ID = 359505)
2:58 PM: HKLM\software\classes\sntb.popupwindow.1\ (3 subtraces) (ID = 359506)
2:58 PM: HKLM\software\classes\sntb.popupwindow\ (5 subtraces) (ID = 359507)
2:58 PM: HKLM\software\classes\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359508)
2:58 PM: HKCR\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359513)
2:58 PM: Found Adware: abetterinternet
2:58 PM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (1 subtraces) (ID = 359588)
2:58 PM: HKLM\software\classes\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (1 subtraces) (ID = 359735)
2:58 PM: HKCR\clsid\{4aa870ac-8427-42a4-b92e-ecd956197489}\ (1 subtraces) (ID = 360170)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\aurora\ (28 subtraces) (ID = 360174)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-500\software\aurora\ (26 subtraces) (ID = 360174)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\cmapp\ (12 subtraces) (ID = 381792)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\setup\ (19 subtraces) (ID = 386817)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\setup\ || bmk (ID = 386818)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\setup\id\ (4 subtraces) (ID = 386819)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\setup\path\ (3 subtraces) (ID = 386824)
2:58 PM: Found Adware: searchco hijack
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\microsoft\internet explorer\main\ || start page (ID = 397629)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\ (30 subtraces) (ID = 466658)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\ || strup (ID = 466659)
2:58 PM: HKCR\main.mimefilter\ (5 subtraces) (ID = 498504)
2:58 PM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 498516)
2:58 PM: HKCR\main.mimefilter\ (5 subtraces) (ID = 499294)
2:58 PM: HKLM\software\classes\main.mimefilter\ (5 subtraces) (ID = 499295)
2:58 PM: Found Adware: drsnsrch hijacker
2:58 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
2:58 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\dsrch\ (11 subtraces) (ID = 509156)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-500\software\dsrch\ (4 subtraces) (ID = 509156)
2:58 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
2:58 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
2:58 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
2:58 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (ID = 513230)
2:58 PM: Found Adware: rich editor
2:58 PM: HKCR\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 544813)
2:58 PM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
2:58 PM: HKLM\software\classes\clsid\{71d1708f-973d-4600-af01-ad86688403ae}\ (11 subtraces) (ID = 550504)
2:58 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
2:58 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
2:58 PM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
2:58 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
2:58 PM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\1.0\ (8 subtraces) (ID = 609169)
2:58 PM: HKLM\software\lanbridge\ (27 subtraces) (ID = 609177)
2:58 PM: HKCR\main.mimefilter.1\ (3 subtraces) (ID = 609377)
2:58 PM: HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\ (30 subtraces) (ID = 639279)
2:58 PM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
2:58 PM: Registry Sweep Complete, Elapsed Time:00:00:06
2:58 PM: Starting Cookie Sweep
2:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:58 PM: Starting File Sweep
2:58 PM: Warning: Failed to open file "d:\pagefile.sys". Access is denied
2:59 PM: services.exe (ID = 69312)
2:59 PM: Found Trojan Horse: trojan downloader matcash
2:59 PM: mc-110-12-0000079.exe (ID = 114256)
2:59 PM: services32.exe (ID = 114260)
2:59 PM: autoit3.exe (ID = 119348)
2:59 PM: mc-110-12-0000079.exe (ID = 114256)
3:00 PM: d:\program files\surfaccuracy (1 subtraces) (ID = -2147478266)
3:00 PM: d:\program files\180searchassistant (2 subtraces) (ID = -2147480569)
3:00 PM: salm_gdf.dat (ID = 93789)
3:00 PM: d:\program files\surfsidekick 3 (ID = -2147480186)
3:00 PM: d:\program files\cmapp (7 subtraces) (ID = -2147477896)
3:01 PM: cmappmf.dll (ID = 52236)
3:01 PM: cmappclient.exe (ID = 123418)
3:01 PM: sf.txt (ID = 110126)
3:01 PM: rf.txt (ID = 110125)
3:01 PM: casclient.exe (ID = 107219)
3:01 PM: cwebpage.dll (ID = 69301)
3:01 PM: x.bmp (ID = 69314)
3:01 PM: ttext.dll (ID = 75991)
3:01 PM: Found Adware: upspiral toolbar
3:01 PM: unist2.exe (ID = 82040)
3:01 PM: Found Adware: shopathomeselect
3:01 PM: hf6oeo83.dat (ID = 121494)
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\security". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\system". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\software". The process cannot access the file because it is being used by another process
3:01 PM: Warning: Failed to open file "d:\windows\system32\config\default". The process cannot access the file because it is being used by another process
3:02 PM: Found Trojan Horse: trojan-downloader-bookedspace
3:02 PM: bsva-egihsg52.exe (ID = 95082)
3:02 PM: Found Trojan Horse: trojan-downloader-mainstreamdollars
3:02 PM: ventura-hot_246765.exe (ID = 107491)
3:02 PM: Found Trojan Horse: trojan downloader pops-stop
3:02 PM: installerv4.exe (ID = 122359)
3:02 PM: sony psp1.ico (ID = 125992)
3:02 PM: virushunter4.ico (ID = 113920)
3:02 PM: ringtone2.ico (ID = 125993)
3:02 PM: kill all spyware.ico (ID = 125994)
3:02 PM: wirelanb.dll (ID = 125490)
3:02 PM: Found Trojan Horse: trojan-downloader-traf34
3:02 PM: gsm3-0511.exe (ID = 81005)
3:02 PM: mc-110-12-0000079.exe (ID = 114247)
3:02 PM: Found Adware: windows afa internet enhancement
3:02 PM: qbuninstaller.exe (ID = 90525)
3:03 PM: d:\documents and settings\all users\application data\vbouncer (9 subtraces) (ID = -2147480097)
3:03 PM: d:\documents and settings\all users\application data\addestroyer (1 subtraces) (ID = -2147481464)
3:03 PM: Warning: Failed to open file "d:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\trey\ntuser.dat". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\trey\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\trey\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:03 PM: Warning: Failed to open file "d:\documents and settings\trey\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
3:03 PM: swsettings.xml (ID = 82816)
3:03 PM: user.xml (ID = 82817)
3:03 PM: 21.xml (ID = 82763)
3:04 PM: d:\documents and settings\gabby\start menu\programs\virtual bouncer (2 subtraces) (ID = -2147480099)
3:04 PM: virtual bouncer.lnk (ID = 82843)
3:04 PM: d:\documents and settings\gabby\start menu\programs\addestroyer (1 subtraces) (ID = -2147481465)
3:04 PM: addestroyer.lnk (ID = 49032)
3:04 PM: d:\documents and settings\gabby\start menu\programs\toptext ilookup (6 subtraces) (ID = -2147481003)
3:04 PM: toptext button show - hide.lnk (ID = 60649)
3:04 PM: sskknwrd.dll (ID = 77733)
3:04 PM: sskcwrd.dll (ID = 77712)
3:04 PM: File Sweep Complete, Elapsed Time: 00:05:48
3:04 PM: Full Sweep has completed. Elapsed time 00:06:45
3:04 PM: Traces Found: 1551
3:12 PM: Removal process initiated
3:12 PM: Quarantining All Traces: addestroyer
3:12 PM: Quarantining All Traces: apropos
3:12 PM: Quarantining All Traces: begin2search
3:12 PM: Quarantining All Traces: hotsearchbar toolbar
3:12 PM: Quarantining All Traces: bookedspace
3:12 PM: Quarantining All Traces: cas
3:12 PM: Quarantining All Traces: elitebar searchmiracle hijacker
3:12 PM: Quarantining All Traces: ezula ilookup
3:12 PM: Quarantining All Traces: ieplugin
3:12 PM: Quarantining All Traces: drsnsrch.com hijack
3:12 PM: Quarantining All Traces: internetoptimizer
3:12 PM: Quarantining All Traces: istbar
3:12 PM: Quarantining All Traces: maxifiles
3:12 PM: Quarantining All Traces: 180search assistant/zango
3:12 PM: Quarantining All Traces: trojan-downloader-pacisoft
3:12 PM: Quarantining All Traces: powerscan
3:12 PM: Quarantining All Traces: privacyscan
3:12 PM: Quarantining All Traces: redzip toolbar
3:12 PM: Quarantining All Traces: bho_sidefind
3:12 PM: Quarantining All Traces: shopnav.com hijacker
3:12 PM: Quarantining All Traces: surfsidekick
3:12 PM: Quarantining All Traces: trustyhound toolbar
3:12 PM: Quarantining All Traces: virtualbouncer
3:12 PM: Quarantining All Traces: winad
3:12 PM: Quarantining All Traces: icannnews
3:12 PM: Quarantining All Traces: surf accuracy
3:12 PM: Quarantining All Traces: shopnavupdater
3:12 PM: Quarantining All Traces: abetterinternet
3:12 PM: Quarantining All Traces: searchco hijack
3:12 PM: Quarantining All Traces: drsnsrch hijacker
3:12 PM: Quarantining All Traces: rich editor
3:12 PM: Quarantining All Traces: trojan downloader matcash
3:12 PM: Quarantining All Traces: upspiral toolbar
3:12 PM: Quarantining All Traces: shopathomeselect
3:12 PM: Quarantining All Traces: trojan-downloader-bookedspace
3:12 PM: Quarantining All Traces: trojan-downloader-mainstreamdollars
3:12 PM: Quarantining All Traces: trojan downloader pops-stop
3:12 PM: Quarantining All Traces: trojan-downloader-traf34
3:12 PM: Quarantining All Traces: windows afa internet enhancement
3:12 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\setup\bmk\. Failed to export registry value "WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\setup\bmk". Key/Value does not exist
3:12 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\strup\. Failed to export registry value "WRSS_Profile_S-1-5-21-1606980848-261478967-682003330-1007\software\ezula\strup". Key/Value does not exist
3:12 PM: Removal process completed. Elapsed time 00:00:39
********
2:56 PM: |··· Start of Session, Thursday, August 18, 2005 ···|
2:56 PM: Spy Sweeper started
2:56 PM: Your spyware definitions have been updated.
2:57 PM: |··· End of Session, Thursday, August 18, 2005 ···|
  • 0

Advertisements


#17
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Post another HiJackThis log and let me know how's the system running. :tazz:
  • 0

#18
DeadMagicBox

DeadMagicBox

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Havent seen any sign Aurora. Thanks a ton for the great job!!!

Logfile of HijackThis v1.99.1
Scan saved at 6:07:39 PM, on 8/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Documents and Settings\Trey\Desktop\fix stuff\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#19
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Great job it appears your logfile is clean :)

**Re-hide hidden files option IF you modified earlier**

Let's clear out your restore points now.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".


Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".


System Restore will now be active again. :) Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Update to Service Pack 2!

Visit;
http://www.windowsupdate.com and install ALL the critical updates available - then reboot.

- Rawe :tazz:

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html
  • 0

#20
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP