6:03 PM: |··· Start of Session, Wednesday, September 07, 2005 ···|
6:03 PM: Spy Sweeper started
6:03 PM: Sweep initiated using definitions version 530
6:03 PM: Starting Memory Sweep
6:04 PM: Found Adware: topsearch
6:04 PM: Detected running threat: C:\Program Files\Kazaa\TopSearch.dll (ID = 79735)
6:06 PM: Memory Sweep Complete, Elapsed Time: 00:02:28
6:06 PM: Starting Registry Sweep
6:06 PM: Found Adware: altnet
6:06 PM: HKCR\adm.adm.1\ (3 subtraces) (ID = 103441)
6:06 PM: HKCR\adm.adm\ (5 subtraces) (ID = 103442)
6:06 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
6:06 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
6:06 PM: HKCR\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103453)
6:06 PM: HKCR\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103454)
6:06 PM: HKCR\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103461)
6:06 PM: HKCR\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103466)
6:06 PM: HKCR\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103476)
6:06 PM: HKCR\signingmodule.signingmodule\ (5 subtraces) (ID = 103478)
6:06 PM: HKLM\software\altnet\ (1 subtraces) (ID = 103481)
6:06 PM: HKLM\software\classes\adm.adm.1\ (3 subtraces) (ID = 103482)
6:06 PM: HKLM\software\classes\adm.adm\ (5 subtraces) (ID = 103483)
6:06 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
6:06 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
6:06 PM: HKLM\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103490)
6:06 PM: HKLM\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103491)
6:06 PM: HKLM\software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103493)
6:06 PM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
6:06 PM: HKLM\software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103495)
6:06 PM: HKLM\software\classes\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103496)
6:06 PM: HKLM\software\classes\signingmodule.signingmodule\ (5 subtraces) (ID = 103497)
6:06 PM: HKLM\software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}\ (9 subtraces) (ID = 103503)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\altnetdm\ (2 subtraces) (ID = 103531)
6:06 PM: Found Adware: blazefind
6:06 PM: HKCR\bridgex.installer\ (3 subtraces) (ID = 104438)
6:06 PM: HKLM\software\classes\bridgex.installer\ (3 subtraces) (ID = 104471)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wind updates\ (2 subtraces) (ID = 104554)
6:06 PM: HKLM\software\windupdates\ (6 subtraces) (ID = 104559)
6:06 PM: Found Adware: clientman
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
6:06 PM: Found Adware: coolwebsearch (cws)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
6:06 PM: Found Adware: cydoor peer-to-peer dependency
6:06 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\kazaa\promotions\cydoor\ (512 subtraces) (ID = 124527)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\kazaa\promotions\cydoor\ (3317 subtraces) (ID = 124527)
6:06 PM: Found Adware: gain-supported software
6:06 PM: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126731)
6:06 PM: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126751)
6:06 PM: Found Adware: keenvalue/perfectnav
6:06 PM: HKLM\software\perfectnav\ (10 subtraces) (ID = 129516)
6:06 PM: HKLM\software\updmgr\ (11 subtraces) (ID = 129521)
6:06 PM: Found Adware: 180search assistant/zango
6:06 PM: HKLM\software\180solutions\ (ID = 135618)
6:06 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\msbb\ (19 subtraces) (ID = 135781)
6:06 PM: HKLM\software\msbb\ (11 subtraces) (ID = 135782)
6:06 PM: Found Adware: s-redirect hijack
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\ || searchurl (ID = 139257)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search page (ID = 139261)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search page (ID = 139261)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search page (ID = 139261)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
6:06 PM: HKU\S-1-5-20\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKU\S-1-5-19\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
6:06 PM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
6:06 PM: HKLM\software\classes\topsearch.tslink\ (5 subtraces) (ID = 143926)
6:06 PM: HKLM\software\classes\topsearch.tslink.1\ (3 subtraces) (ID = 143927)
6:06 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
6:06 PM: HKCR\topsearch.tslink\ (5 subtraces) (ID = 143929)
6:06 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
6:06 PM: Found Adware: twain-tech
6:06 PM: HKLM\software\twaintec\ (1 subtraces) (ID = 145344)
6:06 PM: Found Adware: webrebates
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
6:06 PM: Found Adware: winad
6:06 PM: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150)
6:06 PM: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151)
6:06 PM: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147153)
6:06 PM: HKCR\mediaaccess.installer\ (5 subtraces) (ID = 147157)
6:06 PM: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164)
6:06 PM: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165)
6:06 PM: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147167)
6:06 PM: HKLM\software\classes\mediaaccess.installer\ (5 subtraces) (ID = 147171)
6:06 PM: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176)
6:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media access\ (2 subtraces) (ID = 147230)
6:06 PM: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244)
6:06 PM: HKLM\software\gator.com\ (27 subtraces) (ID = 528933)
6:06 PM: Found Adware: cydoor
6:06 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\cydoor\ (2401 subtraces) (ID = 639126)
6:06 PM: Found Adware: psguard
6:06 PM: HKLM\software\classes\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704077)
6:06 PM: HKCR\clsid\{15dc7116-e58e-4395-a45a-a1c99b17c030}\ (6 subtraces) (ID = 704636)
6:06 PM: HKCR\clsid\{e0aa0493-c410-4cbd-b1db-1723374fa8e0}\ (5 subtraces) (ID = 704833)
6:06 PM: HKCR\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704839)
6:06 PM: Registry Sweep Complete, Elapsed Time:00:00:16
6:06 PM: Starting Cookie Sweep
6:06 PM: Found Spy Cookie: 2o7.net cookie
6:06 PM: jaime@2o7[1].txt (ID = 1957)
6:06 PM: Found Spy Cookie: go.com cookie
6:06 PM:
[email protected][1].txt (ID = 2729)
6:06 PM: Found Spy Cookie: yieldmanager cookie
6:06 PM:
[email protected][1].txt (ID = 3751)
6:06 PM: Found Spy Cookie: addynamix cookie
6:06 PM:
[email protected][1].txt (ID = 2062)
6:06 PM: Found Spy Cookie: pointroll cookie
6:06 PM:
[email protected][2].txt (ID = 3148)
6:06 PM: Found Spy Cookie: atwola cookie
6:06 PM: jaime@atwola[2].txt (ID = 2255)
6:06 PM: Found Spy Cookie: belnk cookie
6:06 PM: jaime@belnk[1].txt (ID = 2292)
6:06 PM: Found Spy Cookie: burstnet cookie
6:06 PM: jaime@burstnet[2].txt (ID = 2336)
6:06 PM:
[email protected][2].txt (ID = 1958)
6:06 PM: Found Spy Cookie: centrport net cookie
6:06 PM: jaime@centrport[2].txt (ID = 2374)
6:06 PM: Found Spy Cookie: clickbank cookie
6:06 PM: jaime@clickbank[1].txt (ID = 2398)
6:06 PM:
[email protected][1].txt (ID = 1958)
6:06 PM:
[email protected][2].txt (ID = 2293)
6:06 PM: Found Spy Cookie: ru4 cookie
6:06 PM:
[email protected][1].txt (ID = 3269)
6:06 PM:
[email protected][2].txt (ID = 2729)
6:06 PM: Found Spy Cookie: fastclick cookie
6:06 PM: jaime@fastclick[2].txt (ID = 2651)
6:06 PM: jaime@go[1].txt (ID = 2728)
6:06 PM: Found Spy Cookie: ic-live cookie
6:06 PM: jaime@ic-live[1].txt (ID = 2821)
6:06 PM: Found Spy Cookie: touchclarity cookie
6:06 PM:
[email protected][1].txt (ID = 3567)
6:06 PM: Found Spy Cookie: partypoker cookie
6:06 PM: jaime@partypoker[2].txt (ID = 3111)
6:06 PM: Found Spy Cookie: overture cookie
6:06 PM:
[email protected][1].txt (ID = 3106)
6:06 PM: Found Spy Cookie: questionmarket cookie
6:06 PM: jaime@questionmarket[2].txt (ID = 3217)
6:06 PM:
[email protected][1].txt (ID = 2729)
6:06 PM:
[email protected][1].txt (ID = 2729)
6:06 PM: Found Spy Cookie: tribalfusion cookie
6:06 PM: jaime@tribalfusion[2].txt (ID = 3589)
6:06 PM: Found Spy Cookie: adserver cookie
6:06 PM:
[email protected][2].txt (ID = 2142)
6:06 PM: Found Spy Cookie: zedo cookie
6:06 PM: jaime@zedo[2].txt (ID = 3762)
6:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
6:06 PM: Starting File Sweep
6:06 PM: c:\documents and settings\jaime\start menu\programs\altnet (1 subtraces) (ID = -2147481443)
6:06 PM: c:\program files\altnet\my altnet shares (ID = -2147481439)
6:06 PM: c:\program files\altnet (1 subtraces) (ID = -2147481441)
6:06 PM: c:\program files\media access (4 subtraces) (ID = -2147480020)
6:06 PM: c:\program files\perfectnav (2 subtraces) (ID = -2147480782)
6:06 PM: bridgex.dll (ID = 51443)
6:06 PM: key2.txt (ID = 51468)
6:06 PM: oleext.dll_tobedeleted (ID = 138650)
6:06 PM: info.txt (ID = 90430)
6:06 PM: Found Adware: virtualmaid toolbar
6:06 PM: popuper.exe_tobedeleted (ID = 140477)
6:06 PM: Found Adware: java byteverify
6:06 PM: blackbox.class-75633b70-2034e5a4.class (ID = 64815)
6:07 PM: Warning: Failed to read file "c:\recycler\\dc2.exe". System Error. Code: 2.
The system cannot find the file specified
6:07 PM: Found Trojan Horse: downloader-thph
6:07 PM: telnet.exe (ID = 59169)
6:07 PM: Warning: Failed to read file "c:\recycler\\dc1.exe". System Error. Code: 2.
The system cannot find the file specified
6:07 PM: unstsa2.exe (ID = 51496)
6:07 PM: Found Trojan Horse: trojan-downloader-perf
6:07 PM: idr_load12.exe (ID = 80851)
6:07 PM: Found Adware: exact cashback/bargain buddy
6:07 PM: apuc.dll (ID = 50531)
6:07 PM: topsearch.dll (ID = 79735)
6:07 PM: Found Adware: exact software
6:07 PM: exul.exe (ID = 50614)
6:08 PM: verifierbug.class-314e5702-200e98b2.class (ID = 64831)
6:08 PM: peer points manager.lnk (ID = 49852)
6:08 PM: topsearch.dll (ID = 79735)
6:09 PM: Found Adware: desktop hijacker
6:09 PM: ! secure yourself.url (ID = 57875)
6:09 PM: cd_clint.dll_tobedeleted (ID = 57306)
6:09 PM: Found Trojan Horse: downloader-id5e
6:09 PM: nts-hh64pe.exe (ID = 59147)
6:09 PM: 32ms.exe (ID = 59147)
6:09 PM: perfcl.exe (ID = 80852)
6:09 PM: wuactl2.exe (ID = 80855)
6:09 PM: mediaaccc.dll (ID = 90379)
6:09 PM: Found Adware: exact navisearch
6:09 PM: mscb.dll (ID = 70399)
6:09 PM: msbe.dll (ID = 70396)
6:09 PM: Found Adware: ist istbar
6:09 PM: wininit.ini (ID = 64726)
6:09 PM: dummy.class-56bf106c-30c8cdee.class (ID = 64821)
6:09 PM: gain publishing web site.url (ID = 61372)
6:09 PM: bridgex.inf (ID = 51445)
6:09 PM: File Sweep Complete, Elapsed Time: 00:02:51
6:09 PM: Full Sweep has completed. Elapsed time 00:05:40
6:09 PM: Traces Found: 6792
6:10 PM: Removal process initiated
6:10 PM: Quarantining All Traces: topsearch
6:10 PM: Quarantining All Traces: altnet
6:10 PM: Quarantining All Traces: blazefind
6:10 PM: Quarantining All Traces: clientman
6:10 PM: Quarantining All Traces: coolwebsearch (cws)
6:10 PM: Quarantining All Traces: cydoor peer-to-peer dependency
6:10 PM: Quarantining All Traces: gain-supported software
6:10 PM: Quarantining All Traces: keenvalue/perfectnav
6:10 PM: Quarantining All Traces: 180search assistant/zango
6:10 PM: Quarantining All Traces: s-redirect hijack
6:10 PM: Quarantining All Traces: twain-tech
6:10 PM: Quarantining All Traces: webrebates
6:10 PM: Quarantining All Traces: winad
6:10 PM: Quarantining All Traces: cydoor
6:10 PM: Quarantining All Traces: psguard
6:10 PM: Quarantining All Traces: 2o7.net cookie
6:10 PM: Quarantining All Traces: go.com cookie
6:10 PM: Quarantining All Traces: yieldmanager cookie
6:10 PM: Quarantining All Traces: addynamix cookie
6:10 PM: Quarantining All Traces: pointroll cookie
6:10 PM: Quarantining All Traces: atwola cookie
6:10 PM: Quarantining All Traces: belnk cookie
6:10 PM: Quarantining All Traces: burstnet cookie
6:10 PM: Quarantining All Traces: centrport net cookie
6:10 PM: Quarantining All Traces: clickbank cookie
6:10 PM: Quarantining All Traces: ru4 cookie
6:10 PM: Quarantining All Traces: fastclick cookie
6:10 PM: Quarantining All Traces: ic-live cookie
6:10 PM: Quarantining All Traces: touchclarity cookie
6:10 PM: Quarantining All Traces: partypoker cookie
6:10 PM: Quarantining All Traces: overture cookie
6:10 PM: Quarantining All Traces: questionmarket cookie
6:10 PM: Quarantining All Traces: tribalfusion cookie
6:10 PM: Quarantining All Traces: adserver cookie
6:10 PM: Quarantining All Traces: zedo cookie
6:10 PM: Quarantining All Traces: virtualmaid toolbar
6:10 PM: Quarantining All Traces: java byteverify
6:10 PM: Quarantining All Traces: downloader-thph
6:10 PM: Quarantining All Traces: trojan-downloader-perf
6:10 PM: Quarantining All Traces: exact cashback/bargain buddy
6:10 PM: Quarantining All Traces: exact software
6:10 PM: Quarantining All Traces: desktop hijacker
6:10 PM: Quarantining All Traces: downloader-id5e
6:10 PM: Quarantining All Traces: exact navisearch
6:10 PM: Quarantining All Traces: ist istbar
6:11 PM: Removal process completed. Elapsed time 00:01:17
********
5:55 PM: |··· Start of Session, Wednesday, September 07, 2005 ···|
5:55 PM: Spy Sweeper started
5:55 PM: Sweep initiated using definitions version 530
5:55 PM: Starting Memory Sweep
5:56 PM: Found Adware: topsearch
5:56 PM: Detected running threat: C:\Program Files\Kazaa\TopSearch.dll (ID = 79735)
5:58 PM: Memory Sweep Complete, Elapsed Time: 00:02:18
5:58 PM: Starting Registry Sweep
5:58 PM: Found Adware: altnet
5:58 PM: HKCR\adm.adm.1\ (3 subtraces) (ID = 103441)
5:58 PM: HKCR\adm.adm\ (5 subtraces) (ID = 103442)
5:58 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
5:58 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
5:58 PM: HKCR\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103453)
5:58 PM: HKCR\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103454)
5:58 PM: HKCR\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103461)
5:58 PM: HKCR\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103466)
5:58 PM: HKCR\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103476)
5:58 PM: HKCR\signingmodule.signingmodule\ (5 subtraces) (ID = 103478)
5:58 PM: HKLM\software\altnet\ (1 subtraces) (ID = 103481)
5:58 PM: HKLM\software\classes\adm.adm.1\ (3 subtraces) (ID = 103482)
5:58 PM: HKLM\software\classes\adm.adm\ (5 subtraces) (ID = 103483)
5:58 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
5:58 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
5:58 PM: HKLM\software\classes\appid\{8b0fef15-54dc-49f5-8377-8172de975f75}\ (1 subtraces) (ID = 103490)
5:58 PM: HKLM\software\classes\appid\{99a8e2b2-3405-4c0d-9110-131c14caaf62}\ (1 subtraces) (ID = 103491)
5:58 PM: HKLM\software\classes\clsid\{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}\ (11 subtraces) (ID = 103493)
5:58 PM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 103494)
5:58 PM: HKLM\software\classes\clsid\{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}\ (24 subtraces) (ID = 103495)
5:58 PM: HKLM\software\classes\signingmodule.signingmodule.1\ (3 subtraces) (ID = 103496)
5:58 PM: HKLM\software\classes\signingmodule.signingmodule\ (5 subtraces) (ID = 103497)
5:58 PM: HKLM\software\classes\typelib\{5830698f-7fc0-40cd-a453-9a0cafdf3a64}\ (9 subtraces) (ID = 103503)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\altnetdm\ (2 subtraces) (ID = 103531)
5:58 PM: Found Adware: blazefind
5:58 PM: HKCR\bridgex.installer\ (3 subtraces) (ID = 104438)
5:58 PM: HKLM\software\classes\bridgex.installer\ (3 subtraces) (ID = 104471)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wind updates\ (2 subtraces) (ID = 104554)
5:58 PM: HKLM\software\windupdates\ (6 subtraces) (ID = 104559)
5:58 PM: Found Adware: clientman
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
5:58 PM: Found Adware: coolwebsearch (cws)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\windows\currentversion\run\ || svc (ID = 105915)
5:58 PM: Found Adware: cydoor peer-to-peer dependency
5:58 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\kazaa\promotions\cydoor\ (511 subtraces) (ID = 124527)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\kazaa\promotions\cydoor\ (3317 subtraces) (ID = 124527)
5:58 PM: Found Adware: gain-supported software
5:58 PM: HKCR\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126731)
5:58 PM: HKLM\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}\ (4 subtraces) (ID = 126751)
5:58 PM: Found Adware: keenvalue/perfectnav
5:58 PM: HKLM\software\perfectnav\ (10 subtraces) (ID = 129516)
5:58 PM: HKLM\software\updmgr\ (11 subtraces) (ID = 129521)
5:58 PM: Found Adware: 180search assistant/zango
5:58 PM: HKLM\software\180solutions\ (ID = 135618)
5:58 PM: HKU\S-1-5-21-269332668-2345337513-512522657-1007\software\msbb\ (19 subtraces) (ID = 135781)
5:58 PM: HKLM\software\msbb\ (11 subtraces) (ID = 135782)
5:58 PM: Found Adware: s-redirect hijack
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\ || searchurl (ID = 139257)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search bar (ID = 139260)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\main\ || search page (ID = 139261)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\main\ || search page (ID = 139261)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\main\ || search page (ID = 139261)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 139265)
5:58 PM: HKU\S-1-5-20\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKU\S-1-5-19\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\searchurl\ || searchurl (ID = 139267)
5:58 PM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (23 subtraces) (ID = 143925)
5:58 PM: HKLM\software\classes\topsearch.tslink\ (5 subtraces) (ID = 143926)
5:58 PM: HKLM\software\classes\topsearch.tslink.1\ (3 subtraces) (ID = 143927)
5:58 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
5:58 PM: HKCR\topsearch.tslink\ (5 subtraces) (ID = 143929)
5:58 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
5:58 PM: Found Adware: twain-tech
5:58 PM: HKLM\software\twaintec\ (1 subtraces) (ID = 145344)
5:58 PM: Found Adware: webrebates
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
5:58 PM: Found Adware: winad
5:58 PM: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150)
5:58 PM: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151)
5:58 PM: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147153)
5:58 PM: HKCR\mediaaccess.installer\ (5 subtraces) (ID = 147157)
5:58 PM: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164)
5:58 PM: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165)
5:58 PM: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147167)
5:58 PM: HKLM\software\classes\mediaaccess.installer\ (5 subtraces) (ID = 147171)
5:58 PM: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176)
5:58 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media access\ (2 subtraces) (ID = 147230)
5:58 PM: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244)
5:58 PM: HKLM\software\gator.com\ (27 subtraces) (ID = 528933)
5:58 PM: Found Adware: cydoor
5:58 PM: HKU\WRSS_Profile_S-1-5-21-269332668-2345337513-512522657-1008\software\cydoor\ (2401 subtraces) (ID = 639126)
5:58 PM: Found Adware: psguard
5:58 PM: HKLM\software\classes\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704077)
5:58 PM: HKCR\clsid\{15dc7116-e58e-4395-a45a-a1c99b17c030}\ (6 subtraces) (ID = 704636)
5:58 PM: HKCR\clsid\{e0aa0493-c410-4cbd-b1db-1723374fa8e0}\ (5 subtraces) (ID = 704833)
5:58 PM: HKCR\clsid\{e5d78bd8-3874-4aa0-9d45-cfb79382c484}\ (15 subtraces) (ID = 704839)
5:58 PM: Registry Sweep Complete, Elapsed Time:00:00:15
5:58 PM: Starting Cookie Sweep
5:58 PM: Found Spy Cookie: 2o7.net cookie
5:58 PM: jaime@2o7[1].txt (ID = 1957)
5:58 PM: Found Spy Cookie: go.com cookie
5:58 PM:
[email protected][1].txt (ID = 2729)
5:58 PM: Found Spy Cookie: yieldmanager cookie
5:58 PM:
[email protected][2].txt (ID = 3751)
5:58 PM: Found Spy Cookie: addynamix cookie
5:58 PM:
[email protected][1].txt (ID = 2062)
5:58 PM: Found Spy Cookie: pointroll cookie
5:58 PM:
[email protected][2].txt (ID = 3148)
5:58 PM: Found Spy Cookie: atwola cookie
5:58 PM: jaime@atwola[2].txt (ID = 2255)
5:58 PM: Found Spy Cookie: belnk cookie
5:58 PM: jaime@belnk[1].txt (ID = 2292)
5:58 PM: Found Spy Cookie: burstnet cookie
5:58 PM: jaime@burstnet[2].txt (ID = 2336)
5:58 PM:
[email protected][2].txt (ID = 1958)
5:58 PM: Found Spy Cookie: centrport net cookie
5:58 PM: jaime@centrport[2].txt (ID = 2374)
5:58 PM: Found Spy Cookie: clickbank cookie
5:58 PM: jaime@clickbank[1].txt (ID = 2398)
5:58 PM:
[email protected][1].txt (ID = 1958)
5:58 PM:
[email protected][2].txt (ID = 2293)
5:58 PM: Found Spy Cookie: ru4 cookie
5:58 PM:
[email protected][1].txt (ID = 3269)
5:58 PM:
[email protected][2].txt (ID = 2729)
5:58 PM: Found Spy Cookie: fastclick cookie
5:58 PM: jaime@fastclick[2].txt (ID = 2651)
5:58 PM: jaime@go[1].txt (ID = 2728)
5:58 PM: Found Spy Cookie: ic-live cookie
5:58 PM: jaime@ic-live[1].txt (ID = 2821)
5:58 PM: Found Spy Cookie: touchclarity cookie
5:58 PM:
[email protected][1].txt (ID = 3567)
5:58 PM: Found Spy Cookie: partypoker cookie
5:58 PM: jaime@partypoker[2].txt (ID = 3111)
5:58 PM: Found Spy Cookie: overture cookie
5:58 PM:
[email protected][1].txt (ID = 3106)
5:58 PM: Found Spy Cookie: questionmarket cookie
5:58 PM: jaime@questionmarket[2].txt (ID = 3217)
5:58 PM:
[email protected][1].txt (ID = 2729)
5:58 PM:
[email protected][1].txt (ID = 2729)
5:58 PM: Found Spy Cookie: tribalfusion cookie
5:58 PM: jaime@tribalfusion[2].txt (ID = 3589)
5:58 PM: Found Spy Cookie: adserver cookie
5:58 PM:
[email protected][2].txt (ID = 2142)
5:58 PM: Found Spy Cookie: zedo cookie
5:58 PM: jaime@zedo[2].txt (ID = 3762)
5:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:58 PM: Starting File Sweep
5:58 PM: c:\documents and settings\jaime\start menu\programs\altnet (1 subtraces) (ID = -2147481443)
5:58 PM: c:\program files\altnet\my altnet shares (ID = -2147481439)
5:58 PM: c:\program files\altnet (1 subtraces) (ID = -2147481441)
5:58 PM: c:\program files\media access (4 subtraces) (ID = -2147480020)
5:58 PM: c:\program files\perfectnav (2 subtraces) (ID = -2147480782)
5:58 PM: bridgex.dll (ID = 51443)
5:58 PM: key2.txt (ID = 51468)
5:58 PM: oleext.dll_tobedeleted (ID = 138650)
5:58 PM: info.txt (ID = 90430)
5:58 PM: Found Adware: virtualmaid toolbar
5:58 PM: popuper.exe_tobedeleted (ID = 140477)
5:58 PM: Found Adware: java byteverify
5:58 PM: blackbox.class-75633b70-2034e5a4.class (ID = 64815)
5:59 PM: Warning: Failed to read file "c:\recycler\\dc2.exe". System Error. Code: 2.
The system cannot find the file specified
5:59 PM: Found Trojan Horse: downloader-thph
5:59 PM: telnet.exe (ID = 59169)
5:59 PM: Warning: Failed to read file "c:\recycler\\dc1.exe". System Error. Code: 2.
The system cannot find the file specified
5:59 PM: unstsa2.exe (ID = 51496)
5:59 PM: Found Trojan Horse: trojan-downloader-perf
5:59 PM: idr_load12.exe (ID = 80851)
5:59 PM: Found Adware: exact cashback/bargain buddy
5:59 PM: apuc.dll (ID = 50531)
6:00 PM: topsearch.dll (ID = 79735)
6:00 PM: Found Adware: exact software
6:00 PM: exul.exe (ID = 50614)
6:00 PM: verifierbug.class-314e5702-200e98b2.class (ID = 64831)
6:01 PM: peer points manager.lnk (ID = 49852)
6:01 PM: topsearch.dll (ID = 79735)
6:01 PM: Found Adware: desktop hijacker
6:01 PM: ! secure yourself.url (ID = 57875)
6:01 PM: cd_clint.dll_tobedeleted (ID = 57306)
6:01 PM: Found Trojan Horse: downloader-id5e
6:01 PM: nts-hh64pe.exe (ID = 59147)
6:01 PM: 32ms.exe (ID = 59147)
6:01 PM: perfcl.exe (ID = 80852)
6:01 PM: wuactl2.exe (ID = 80855)
6:01 PM: mediaaccc.dll (ID = 90379)
6:01 PM: Found Adware: exact navisearch
6:01 PM: mscb.dll (ID = 70399)
6:01 PM: msbe.dll (ID = 70396)
6:01 PM: Found Adware: ist istbar
6:01 PM: wininit.ini (ID = 64726)
6:01 PM: dummy.class-56bf106c-30c8cdee.class (ID = 64821)
6:01 PM: gain publishing web site.url (ID = 61372)
6:01 PM: bridgex.inf (ID = 51445)
6:01 PM: File Sweep Complete, Elapsed Time: 00:03:01
6:01 PM: Full Sweep has completed. Elapsed time 00:05:42
6:01 PM: Traces Found: 6791
********
5:55 PM: |··· Start of Session, Wednesday, September 07, 2005 ···|
5:55 PM: Spy Sweeper started
5:55 PM: |··· End of Session, Wednesday, September 07, 2005 ···|