Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hijackthis log: Startnow hax - shoot to kill. [CLOSED]

Started by Slowfuse , Aug 30 2005 01:17 AM

This topic is locked

#46
ukbiker

Posted 02 September 2005 - 10:10 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi Slowfuse

could you please log onto the admin account and do the same again please with the two logs?

UKBiker

#47
Slowfuse

Posted 02 September 2005 - 10:25 PM

Member

Topic Starter
Member
44 posts

i dunno how to do that, it just automatically goes into the frankie and tara one.

unless im in safe mode, would that be ok?

#48
ukbiker

Posted 02 September 2005 - 10:27 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi slowfuse

you switch users from the control panel

UKBiker

#49
ukbiker

Posted 02 September 2005 - 10:36 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Slowfuse, you still there?

UKBiker

#50
Slowfuse

Posted 02 September 2005 - 10:37 PM

Member

Topic Starter
Member
44 posts

here ya go:

Logfile of HijackThis v1.99.1
Scan saved at 4:31:52 p.m., on 3/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acer.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Orcon Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Orcon Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

and the uninstall:::

3ivx D4 4.5.1 (remove only)
acer
Ad-Aware SE Personal
Adobe Photoshop 7.0.1
Adobe Reader 6.0.1
Antares Autotune DX v4.15
ATI Display Driver
AVG Free Edition
Band-in-a-Box Demo
DVD X Player Pro 1.6
Emagic Logic Audio Platinum 5.5.1
FlashGet(JetCar)
Guitar FX BOX 2.6
Guitar Pro 4 Demo
HijackThis 1.99.1
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_05
Joint Operations: Typhoon Rising
Macromedia Shockwave Player
Magix Sequoia v7.22
Matroska Pack (remove only)
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
MSN Messenger 7.0
Native Instruments Guitar Rig v1.1
Orcon Accelerator
Panda ActiveScan
Quake II
QuickTime
Realtek AC'97 Audio
Reason 3.0
River Past Audio Converter
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Sound Blaster Audigy 2 ZS
Startnow Navigation Helper (v1.0.1.1)
Sweet MIDI Arpeggiator 32 (remove only)
The Sims 2
The Sims Deluxe Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Video Edit Magic 2.2
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMPG Video Convert 5.6
WinRAR archiver
WinZip
Wuschel's ASIO4ALL
Xfire (remove only)
XoftSpy

:tazz:

#51
ukbiker

Posted 02 September 2005 - 10:42 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi slowfuse :tazz:

thats a relief, nothing nasty hiding in the other account.

Ok

next step

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, reboot into safe mode, then open spysweeper and click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

If it wont run in safe mode, run it in Normal mode.

UKBiker

#52
Slowfuse

Posted 02 September 2005 - 10:45 PM

Member

Topic Starter
Member
44 posts

ok onto it now,

just wondering for future reference, i ve got a adaware and xsoftspy, which are pretty good...but should i always be scanning in safe mode?

i dont even know what safe mode is.

#53
Slowfuse

Posted 02 September 2005 - 10:46 PM

Member

Topic Starter
Member
44 posts

cos im on this ridiculous dial up at the moment it will take a while, ill be back in a few hours man.

Edited by Slowfuse, 02 September 2005 - 10:47 PM.

#54
ukbiker

Posted 02 September 2005 - 10:47 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi Slowfuse

no probs, ill pick it up tomorrow, its almost 6 am here and i am done in.

UKBiker

#55
Slowfuse

Posted 03 September 2005 - 05:53 PM

Member

Topic Starter
Member
44 posts

here it is man, jesus it found tonnes of spyware, tonnes and tonnes. Cant beleive i dida scan with 2 other programs the day before this and they didnt pick up on it....

********
7:52 p.m.: |··· Start of Session, Saturday, 3 September 2005 ···|
7:52 p.m.: Spy Sweeper started
7:52 p.m.: Sweep initiated using definitions version 526
7:52 p.m.: Starting Memory Sweep
7:53 p.m.: Memory Sweep Complete, Elapsed Time: 00:01:06
7:53 p.m.: Starting Registry Sweep
7:53 p.m.: Found Adware: begin2search
7:53 p.m.: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
7:53 p.m.: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
7:53 p.m.: Found Adware: hotsearchbar toolbar
7:53 p.m.: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
7:53 p.m.: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
7:53 p.m.: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
7:53 p.m.: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
7:53 p.m.: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
7:53 p.m.: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
7:53 p.m.: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
7:53 p.m.: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
7:53 p.m.: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
7:53 p.m.: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
7:53 p.m.: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
7:53 p.m.: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
7:53 p.m.: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
7:53 p.m.: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
7:53 p.m.: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
7:53 p.m.: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
7:53 p.m.: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
7:53 p.m.: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
7:53 p.m.: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
7:53 p.m.: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
7:53 p.m.: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
7:53 p.m.: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
7:53 p.m.: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
7:53 p.m.: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
7:53 p.m.: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
7:53 p.m.: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
7:53 p.m.: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
7:53 p.m.: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
7:53 p.m.: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
7:53 p.m.: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
7:53 p.m.: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
7:53 p.m.: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
7:53 p.m.: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
7:53 p.m.: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
7:53 p.m.: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
7:53 p.m.: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
7:53 p.m.: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
7:53 p.m.: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
7:53 p.m.: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
7:53 p.m.: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
7:53 p.m.: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
7:53 p.m.: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
7:53 p.m.: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
7:53 p.m.: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
7:53 p.m.: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
7:53 p.m.: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
7:53 p.m.: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
7:53 p.m.: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
7:53 p.m.: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
7:53 p.m.: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
7:53 p.m.: Found Adware: dluca
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\sp2ctr\ (3 subtraces) (ID = 125224)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\vinfo\ (ID = 125225)
7:53 p.m.: Found Trojan Horse: fastvideoplayer
7:53 p.m.: HKCR\clsid\{b5dd9a64-5c4b-4a48-be56-97c1a8f85708}\ (21 subtraces) (ID = 126414)
7:53 p.m.: HKCR\fastvideoplayer.fastvideoplayerctrl.1\ (4 subtraces) (ID = 126415)
7:53 p.m.: HKCR\fastvideoplayer.fastvideoplayerctrl\ (5 subtraces) (ID = 126416)
7:53 p.m.: HKCR\interface\{9ff86c1b-7e6f-4a7f-932a-244fe7296dae}\ (8 subtraces) (ID = 126419)
7:53 p.m.: HKCR\interface\{ee7e970d-3d17-4645-8660-d7f40b917092}\ (8 subtraces) (ID = 126420)
7:53 p.m.: HKLM\software\classes\clsid\{b5dd9a64-5c4b-4a48-be56-97c1a8f85708}\ (21 subtraces) (ID = 126421)
7:53 p.m.: HKLM\software\classes\fastvideoplayer.fastvideoplayerctrl.1\ (4 subtraces) (ID = 126422)
7:53 p.m.: HKLM\software\classes\fastvideoplayer.fastvideoplayerctrl\ (5 subtraces) (ID = 126423)
7:53 p.m.: HKLM\software\classes\interface\{9ff86c1b-7e6f-4a7f-932a-244fe7296dae}\ (8 subtraces) (ID = 126426)
7:53 p.m.: HKLM\software\classes\interface\{ee7e970d-3d17-4645-8660-d7f40b917092}\ (8 subtraces) (ID = 126427)
7:53 p.m.: HKLM\software\classes\typelib\{022850cb-74fd-486d-8b1c-573ecfd599ad}\ (9 subtraces) (ID = 126428)
7:53 p.m.: HKCR\typelib\{022850cb-74fd-486d-8b1c-573ecfd599ad}\ (9 subtraces) (ID = 126429)
7:53 p.m.: Found Adware: instant access
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\ia.dll (ID = 128825)
7:53 p.m.: Found Adware: multidial
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\muldist.ocx (ID = 135371)
7:53 p.m.: Found Adware: ist sidefind
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
7:53 p.m.: Found Adware: startnow
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\installer\features\b5890ede256d37548ae908c32b952774\ (2 subtraces) (ID = 142595)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\installer\products\b5890ede256d37548ae908c32b952774\ (17 subtraces) (ID = 142596)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\common files\hyperbar\ (ID = 142609)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\ (ID = 142610)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\navigation helper\ (ID = 142611)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\hyperbar\hyperbarss3.dll (ID = 142615)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\uninstall\{ede0985b-d652-4573-a89e-803cb2597247}\ (24 subtraces) (ID = 142617)
7:53 p.m.: Found Adware: startnow startnow hijack
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\internet explorer\search\ || local page (ID = 142622)
7:53 p.m.: Found Adware: websearch toolbar
7:53 p.m.: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (7 subtraces) (ID = 146518)
7:53 p.m.: Found Adware: winad
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || .owner (ID = 147196)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} (ID = 147197)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
7:53 p.m.: Found Adware: abetterinternet
7:53 p.m.: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
7:53 p.m.: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
7:53 p.m.: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
7:53 p.m.: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
7:53 p.m.: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
7:53 p.m.: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\aurorahandler\ (19 subtraces) (ID = 360172)
7:53 p.m.: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
7:53 p.m.: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\aurorahandler\ (19 subtraces) (ID = 480802)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
7:53 p.m.: Found Adware: rich editor
7:53 p.m.: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
7:53 p.m.: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
7:53 p.m.: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
7:53 p.m.: HKCR\pool.lanbridge\ (5 subtraces) (ID = 608249)
7:53 p.m.: HKLM\software\classes\pool.lanbridge\ (5 subtraces) (ID = 609138)
7:53 p.m.: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\1.0\ (8 subtraces) (ID = 609169)
7:53 p.m.: HKLM\software\lanbridge\ (34 subtraces) (ID = 609177)
7:53 p.m.: Found Adware: safesurf
7:53 p.m.: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
7:53 p.m.: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
7:53 p.m.: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
7:53 p.m.: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
7:53 p.m.: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
7:53 p.m.: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
7:53 p.m.: HKLM\software\picshow\ (30 subtraces) (ID = 730989)
7:53 p.m.: Registry Sweep Complete, Elapsed Time:00:00:15
7:53 p.m.: Starting Cookie Sweep
7:53 p.m.: Found Spy Cookie: ask cookie
7:53 p.m.: frankie and tara@ask[1].txt (ID = 2245)
7:53 p.m.: Found Spy Cookie: hotmatch cookie
7:53 p.m.: frankie and tara@hotmatch[1].txt (ID = 3854)
7:53 p.m.: Found Spy Cookie: com.com cookie
7:53 p.m.: frankie and tara@com[2].txt (ID = 2445)
7:53 p.m.: Found Spy Cookie: 3 cookie
7:53 p.m.: frankie and tara@3[3].txt (ID = 1959)
7:53 p.m.: Found Spy Cookie: kount cookie
7:53 p.m.: frankie and tara@kount[1].txt (ID = 2911)
7:53 p.m.: Found Spy Cookie: ugo cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3609)
7:53 p.m.: Found Spy Cookie: gostats cookie
7:53 p.m.: frankie and tara@gostats[2].txt (ID = 2747)
7:53 p.m.: Found Spy Cookie: 5 cookie
7:53 p.m.: frankie and tara@5[3].txt (ID = 1979)
7:53 p.m.: Found Spy Cookie: localnrd cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2933)
7:53 p.m.: Found Spy Cookie: a cookie
7:53 p.m.: frankie and tara@a[1].txt (ID = 2027)
7:53 p.m.: Found Spy Cookie: desktop kazaa cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2515)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and tara@3[1].txt (ID = 1959)
7:53 p.m.: Found Spy Cookie: cd freaks cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2371)
7:53 p.m.: Found Spy Cookie: alt cookie
7:53 p.m.: frankie and tara@alt[2].txt (ID = 2217)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: hotbar cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 4207)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: dealtime cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2506)
7:53 p.m.: Found Spy Cookie: offeroptimizer cookie
7:53 p.m.: frankie and tara@offeroptimizer[2].txt (ID = 3087)
7:53 p.m.: Found Spy Cookie: fe.lea.lycos.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2660)
7:53 p.m.: frankie and tara@cdfreaks[2].txt (ID = 2370)
7:53 p.m.: Found Spy Cookie: toprebates.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3562)
7:53 p.m.: frankie and [email protected][2].txt (ID = 1960)
7:53 p.m.: Found Spy Cookie: about cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: go.com cookie
7:53 p.m.: frankie and tara@go[2].txt (ID = 2728)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: wegcash cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3682)
7:53 p.m.: Found Spy Cookie: eroticy cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2624)
7:53 p.m.: Found Spy Cookie: burstbeacon cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2335)
7:53 p.m.: Found Spy Cookie: belnk cookie
7:53 p.m.: frankie and tara@belnk[2].txt (ID = 2292)
7:53 p.m.: Found Spy Cookie: destinationxxx cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2520)
7:53 p.m.: Found Spy Cookie: zone-media cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: zango cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3761)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2293)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2660)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2729)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: clickzs cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2413)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: frankie and tara@go[3].txt (ID = 2728)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: pricegrabber cookie
7:53 p.m.: frankie and tara@pricegrabber[1].txt (ID = 3185)
7:53 p.m.: Found Spy Cookie: howstuffworks cookie
7:53 p.m.: frankie and tara@howstuffworks[2].txt (ID = 2805)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: xiti cookie
7:53 p.m.: frankie and tara@xiti[2].txt (ID = 3717)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: gamespy cookie
7:53 p.m.: frankie and tara@gamespy[2].txt (ID = 2719)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: hyperbanner cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2816)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2748)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2748)
7:53 p.m.: Found Spy Cookie: go2net.com cookie
7:53 p.m.: frankie and tara@go2net[1].txt (ID = 2730)
7:53 p.m.: Found Spy Cookie: myaffiliateprogram.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3032)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: Found Spy Cookie: hypertracker.com cookie
7:53 p.m.: frankie and tara@hypertracker[2].txt (ID = 2817)
7:53 p.m.: Found Spy Cookie: hbmediapro cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2768)
7:53 p.m.: Found Spy Cookie: cc214142 cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2367)
7:53 p.m.: Found Spy Cookie: 216.221.138 cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 1947)
7:53 p.m.: Found Spy Cookie: upspiral cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3615)
7:53 p.m.: Found Spy Cookie: 64.62.232 cookie
7:53 p.m.: frankie and [email protected][3].txt (ID = 1987)
7:53 p.m.: frankie and [email protected][2].txt (ID = 1987)
7:53 p.m.: Found Spy Cookie: tickle cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3530)
7:53 p.m.: frankie and tara@upspiral[1].txt (ID = 3614)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2806)
7:53 p.m.: Found Spy Cookie: webpower cookie
7:53 p.m.: frankie and tara@webpower[2].txt (ID = 3660)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: did-it cookie
7:53 p.m.: frankie and tara@did-it[2].txt (ID = 2523)
7:53 p.m.: Found Spy Cookie: www.mature-post cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3703)
7:53 p.m.: Found Spy Cookie: moviemonster cookie
7:53 p.m.: frankie and tara@moviemonster[1].txt (ID = 3010)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and tara@about[2].txt (ID = 2037)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: rightmedia cookie
7:53 p.m.: frankie and tara@rightmedia[1].txt (ID = 3259)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2806)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and tara@a[4].txt (ID = 2027)
7:53 p.m.: Found Spy Cookie: linkexchange cookie
7:53 p.m.: frankie and tara@linkexchange[1].txt (ID = 2920)
7:53 p.m.: frankie and tara@go[1].txt (ID = 2728)
7:53 p.m.: Found Spy Cookie: stlyrics cookie
7:53 p.m.: frankie and tara@stlyrics[1].txt (ID = 3461)
7:53 p.m.: frankie and [email protected][2].txt (ID = 3682)
7:53 p.m.: Found Spy Cookie: ccbill cookie
7:53 p.m.: frankie and tara@ccbill[1].txt (ID = 2369)
7:53 p.m.: Found Spy Cookie: barelylegal cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2286)
7:53 p.m.: Found Spy Cookie: toplist cookie
7:53 p.m.: frankie and tara@toplist[1].txt (ID = 3557)
7:53 p.m.: Found Spy Cookie: joetec.net cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2890)
7:53 p.m.: Found Spy Cookie: teensearchbar cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3508)
7:53 p.m.: Found Spy Cookie: 888 cookie
7:53 p.m.: frankie and tara@888[2].txt (ID = 2019)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2729)
7:53 p.m.: Found Spy Cookie: 2o7.net cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 1958)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2806)
7:53 p.m.: Found Spy Cookie: naughtyplayer cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3058)
7:53 p.m.: Found Spy Cookie: fastclick cookie
7:53 p.m.: frankie and tara@fastclick[1].txt (ID = 2651)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: freemoviesanddownloads cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2701)
7:53 p.m.: Found Spy Cookie: ads.businessweek cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2113)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: promaxtraffic cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3200)
7:53 p.m.: Found Spy Cookie: atwola cookie
7:53 p.m.: frankie and tara@atwola[2].txt (ID = 2255)
7:53 p.m.: Found Spy Cookie: yadro cookie
7:53 p.m.: frankie and tara@yadro[1].txt (ID = 3743)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: mywebsearch cookie
7:53 p.m.: frankie and tara@mywebsearch[2].txt (ID = 3051)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and tara@toplist[2].txt (ID = 3557)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: specificclick.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3400)
7:53 p.m.: frankie and [email protected][1].txt (ID = 1987)
7:53 p.m.: Found Spy Cookie: starware.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3442)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2729)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: screensavers.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3298)
7:53 p.m.: Found Spy Cookie: bpath cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2321)
7:53 p.m.: frankie and tara@starware[2].txt (ID = 3441)
7:53 p.m.: Found Spy Cookie: adknowledge cookie
7:53 p.m.: frankie and tara@adknowledge[1].txt (ID = 2072)
7:53 p.m.: Found Spy Cookie: rn11 cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3262)
7:53 p.m.: Found Spy Cookie: adultfriendfinder cookie
7:53 p.m.: frankie and tara@adultfriendfinder[1].txt (ID = 2165)
7:53 p.m.: frankie and tara@3[5].txt (ID = 1959)
7:53 p.m.: Found Spy Cookie: adserver cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2142)
7:53 p.m.: Found Spy Cookie: reliablestats cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3254)
7:53 p.m.: Found Spy Cookie: burstnet cookie
7:53 p.m.: frankie and tara@burstnet[1].txt (ID = 2336)
7:53 p.m.: Found Spy Cookie: wind-find.com cookie
7:53 p.m.: frankie and tara@wind-find[2].txt (ID = 3691)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: planet cookie
7:53 p.m.: frankie and tara@planet[2].txt (ID = 3143)
7:53 p.m.: Found Spy Cookie: banner cookie
7:53 p.m.: frankie and tara@banner[1].txt (ID = 2276)
7:53 p.m.: frankie and tara@hypertracker[1].txt (ID = 2817)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: tribalfusion cookie
7:53 p.m.: frankie and tara@tribalfusion[1].txt (ID = 3589)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3298)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: realmedia cookie
7:53 p.m.: frankie and tara@realmedia[1].txt (ID = 3235)
7:53 p.m.: Found Spy Cookie: abcsearch cookie
7:53 p.m.: frankie and tara@abcsearch[1].txt (ID = 2033)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 3200)
7:53 p.m.: frankie and tara@belnk[1].txt (ID = 2292)
7:53 p.m.: Found Spy Cookie: belointeractive cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2295)
7:53 p.m.: Found Spy Cookie: rednova cookie
7:53 p.m.: frankie and tara@rednova[1].txt (ID = 3245)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2038)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: Found Spy Cookie: atlas dmt cookie
7:54 p.m.: frankie and tara@atdmt[2].txt (ID = 2253)
7:54 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:54 p.m.: frankie and [email protected][3].txt (ID = 2293)
7:54 p.m.: Found Spy Cookie: yieldmanager cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3751)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@toplist[3].txt (ID = 3557)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:54 p.m.: frankie and [email protected][2].txt (ID = 3442)
7:54 p.m.: frankie and tara@a[2].txt (ID = 2027)
7:54 p.m.: frankie and tara@banner[3].txt (ID = 2276)
7:54 p.m.: frankie and tara@888[3].txt (ID = 2019)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@belointeractive[1].txt (ID = 2294)
7:54 p.m.: frankie and tara@3[6].txt (ID = 1959)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2506)
7:54 p.m.: frankie and tara@dealtime[1].txt (ID = 2505)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3298)
7:54 p.m.: Found Spy Cookie: sextracker cookie
7:54 p.m.: frankie and tara@sextracker[1].txt (ID = 3361)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2295)
7:54 p.m.: frankie and tara@gamespy[1].txt (ID = 2719)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: Found Spy Cookie: addynamix cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2062)
7:54 p.m.: Found Spy Cookie: experclick cookie
7:54 p.m.: frankie and tara@experclick[1].txt (ID = 2639)
7:54 p.m.: Found Spy Cookie: advertising cookie
7:54 p.m.: frankie and tara@advertising[1].txt (ID = 2175)
7:54 p.m.: frankie and [email protected][5].txt (ID = 1987)
7:54 p.m.: Found Spy Cookie: casalemedia cookie
7:54 p.m.: frankie and tara@casalemedia[1].txt (ID = 2354)
7:54 p.m.: Found Spy Cookie: zedo cookie
7:54 p.m.: frankie and tara@zedo[2].txt (ID = 3762)
7:54 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:54 p.m.: frankie and [email protected][7].txt (ID = 1987)
7:54 p.m.: frankie and tara@atwola[3].txt (ID = 2255)
7:54 p.m.: frankie and [email protected][9].txt (ID = 1987)
7:54 p.m.: Found Spy Cookie: enhance cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2614)
7:54 p.m.: Found Spy Cookie: videodome cookie
7:54 p.m.: frankie and tara@videodome[1].txt (ID = 3638)
7:54 p.m.: frankie and [email protected][6].txt (ID = 1987)
7:54 p.m.: frankie and [email protected][2].txt (ID = 3462)
7:54 p.m.: Found Spy Cookie: starpulse cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3440)
7:54 p.m.: frankie and [email protected][3].txt (ID = 2660)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@ask[3].txt (ID = 2245)
7:54 p.m.: Found Spy Cookie: danni cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2494)
7:54 p.m.: frankie and tara@danni[2].txt (ID = 2493)
7:54 p.m.: Found Spy Cookie: sandboxer cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3281)
7:54 p.m.: Found Spy Cookie: servedby advertising cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3335)
7:54 p.m.: frankie and [email protected][2].txt (ID = 2768)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3362)
7:54 p.m.: frankie and tara@stlyrics[3].txt (ID = 3461)
7:54 p.m.: frankie and [email protected][3].txt (ID = 2335)
7:54 p.m.: frankie and tara@tickle[2].txt (ID = 3529)
7:54 p.m.: Found Spy Cookie: btgrab cookie
7:54 p.m.: frankie and [email protected][2].txt (ID = 2333)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: Found Spy Cookie: hitboss.com cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2782)
7:54 p.m.: frankie and tara@ccbill[2].txt (ID = 2369)
7:54 p.m.: frankie and [email protected][4].txt (ID = 1987)
7:54 p.m.: Found Spy Cookie: 66.246.209 cookie
7:54 p.m.: frankie and [email protected][2].txt (ID = 1997)
7:54 p.m.: frankie and tara@did-it[1].txt (ID = 2523)
7:54 p.m.: Found Spy Cookie: mrskin cookie
7:54 p.m.: frankie and tara@mrskin[1].txt (ID = 3020)
7:54 p.m.: Found Spy Cookie: kinghost cookie
7:54 p.m.: frankie and tara@kinghost[1].txt (ID = 2903)
7:54 p.m.: Found Spy Cookie: outster cookie
7:54 p.m.: frankie and tara@outster[2].txt (ID = 3103)
7:54 p.m.: Found Spy Cookie: azjmp cookie
7:54 p.m.: frankie and tara@azjmp[1].txt (ID = 2270)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3021)
7:54 p.m.: Found Spy Cookie: apmebf cookie
7:54 p.m.: frankie and tara@apmebf[2].txt (ID = 2229)
7:54 p.m.: Found Spy Cookie: clickads cookie
7:54 p.m.: frankie and [email protected][2].txt (ID = 4643)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@about[3].txt (ID = 2037)
7:54 p.m.: Found Spy Cookie: accoona cookie
7:54 p.m.: frankie and tara@accoona[2].txt (ID = 2041)
7:54 p.m.: frankie and [email protected][3].txt (ID = 3682)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3761)
7:54 p.m.: frankie and tara@hotmatch[2].txt (ID = 3854)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3400)
7:54 p.m.: Found Spy Cookie: adjuggler cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2071)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3682)
7:54 p.m.: Found Spy Cookie: maxserving cookie
7:54 p.m.: frankie and tara@maxserving[1].txt (ID = 2966)
7:54 p.m.: frankie and tara@alt[1].txt (ID = 2217)
7:54 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:09
7:54 p.m.: Starting File Sweep
7:54 p.m.: Warning: Failed to open file "c:\pagefile.sys". Access is denied
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
7:57 p.m.: Found Adware: bullguard popup ad
7:57 p.m.: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
7:57 p.m.: bulldownload.exe (ID = 52017)
7:57 p.m.: wirelanb.dll (ID = 125490)
7:57 p.m.: netlanm.dll (ID = 138227)
7:57 p.m.: Found Trojan Horse: trojan downloader pops-stop
7:57 p.m.: installerv4.exe (ID = 122359)
7:57 p.m.: installerv5.exe (ID = 138283)
7:57 p.m.: thin-94-1-x-x.exe (ID = 83542)
7:57 p.m.: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
7:57 p.m.: bingo_big3123.ico (ID = 51022)
7:57 p.m.: fastvideoplayer.inf (ID = 60913)
7:58 p.m.: fastvideoplayer.inf (ID = 60913)
7:58 p.m.: Found Adware: shopathomeselect
7:58 p.m.: setup4002b.ini (ID = 75934)
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\ntuser.dat". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:01 p.m.: Found Adware: 180search assistant/zango
8:01 p.m.: 180sainstallernu.exe (ID = 125069)
8:01 p.m.: res1a.tmp (ID = 125071)
8:01 p.m.: installer4_thin.exe (ID = 122354)
8:01 p.m.: labpengs.tmp (ID = 125489)
8:01 p.m.: Found Adware: ipinsight
8:01 p.m.: conscorr.inf (ID = 64277)
8:01 p.m.: temp.frde29 (ID = 84889)
8:01 p.m.: temp.fr696a (ID = 84894)
8:01 p.m.: temp.fr7988 (ID = 84923)
8:01 p.m.: temp.fr1b85 (ID = 86338)
8:01 p.m.: cdt1004.sah (ID = 75717)
8:01 p.m.: res133.tmp (ID = 93785)
8:01 p.m.: thin-94-1-x-x.exe (ID = 83542)
8:01 p.m.: installerv5_thin.exe (ID = 140473)
8:01 p.m.: sntaudio.tmp (ID = 138228)
8:01 p.m.: conflict.cab (ID = 84685)
8:01 p.m.: xlmurin.wzg (ID = 91703)
8:02 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:02 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:02 p.m.: cursors.xml (ID = 84688)
8:02 p.m.: greenmovie2313asaadsasfad112341231adsfa1[1].ico (ID = 51033)
8:02 p.m.: bingo_big3123[1].ico (ID = 51022)
8:08 p.m.: backup-20050902-145455-172.dll (ID = 125444)
8:08 p.m.: Found Trojan Horse: trojan-downloader-mainstreamdollars
8:08 p.m.: backup-20050902-145456-896.dll (ID = 80729)
8:08 p.m.: Found Adware: azsearch toolbar
8:08 p.m.: backup-20050902-145457-289.inf (ID = 50328)
8:14 p.m.: File Sweep Complete, Elapsed Time: 00:20:22
8:14 p.m.: Full Sweep has completed. Elapsed time 00:21:59
8:14 p.m.: Traces Found: 1186
********
7:49 p.m.: |··· Start of Session, Saturday, 3 September 2005 ···|
7:49 p.m.: Spy Sweeper started
7:49 p.m.: Sweep initiated using definitions version 526
7:49 p.m.: Starting Memory Sweep
7:49 p.m.: Sweep Canceled
7:49 p.m.: Memory Sweep Complete, Elapsed Time: 00:00:26
7:49 p.m.: Traces Found: 0
7:52 p.m.: Program Version 4.0.4 (Build 430) Using Spyware Definitions 526
7:52 p.m.: |··· End of Session, Saturday, 3 September 2005 ···|
********
7:48 p.m.: |··· Start of Session, Saturday, 3 September 2005 ···|
7:48 p.m.: Spy Sweeper started
7:49 p.m.: |··· End of Session, Saturday, 3 September 2005 ···|

no text wrap :tazz:

#56
ukbiker

Posted 03 September 2005 - 06:14 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi slowfuse

Great result :tazz:

Did you carry out these steps in the sweep?

When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.

If not, scan again in safe mode and make sure they are deleted. If you already did that, repeat the scan in your admin account (just to be sure)

UKBiker

PS, thats what you get from surfing [bleep]

#57
Slowfuse

Posted 04 September 2005 - 12:08 AM

Member

Topic Starter
Member
44 posts

haha yea, i got what i deserved.

but i reckon most of the real bad stuff was from other people not knowing what theyre doing.

yea i did those things, deleted it all...i used to use spy sweeper years ago, but heard ad-aware was better...im learning now its best to use about 5 at once :tazz:

#58
ukbiker

Posted 05 September 2005 - 03:46 PM

Rest in Peace, ukbiker

Retired Staff
2,014 posts

Hi there slowfuse.

Can you please post me a new HJT log and also a fresh Spysweeper scanlog?

UKBiker

#59
Slowfuse

Posted 05 September 2005 - 11:30 PM

Member

Topic Starter
Member
44 posts

hey man, ive noticed a change in my computer it seems to be doing alot better now, thanks :tazz:

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 5:28:42 p.m., on 6/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Orcon Accelerator\PropelAC.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Orcon Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Orcon Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Orcon Accelerator\pac-addwl.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Orcon Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Orcon Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab31267.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec..../ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E470F3F-D584-4058-BC45-1343C4AE7E6F}: NameServer = 210.55.12.1 210.55.12.2
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#60
Slowfuse

Posted 06 September 2005 - 12:07 AM

Member

Topic Starter
Member
44 posts

********
5:34 p.m.: |··· Start of Session, Tuesday, 6 September 2005 ···|
5:34 p.m.: Spy Sweeper started
5:34 p.m.: Sweep initiated using definitions version 526
5:34 p.m.: Starting Memory Sweep
5:35 p.m.: Memory Sweep Complete, Elapsed Time: 00:01:05
5:35 p.m.: Starting Registry Sweep
5:35 p.m.: Registry Sweep Complete, Elapsed Time:00:00:12
5:35 p.m.: Starting Cookie Sweep
5:35 p.m.: Found Spy Cookie: statcounter cookie
5:35 p.m.: frankie and tara@statcounter[1].txt (ID = 3447)
5:35 p.m.: Found Spy Cookie: advertising cookie
5:35 p.m.: frankie and tara@advertising[1].txt (ID = 2175)
5:35 p.m.: Found Spy Cookie: yieldmanager cookie
5:35 p.m.: frankie and [email protected][1].txt (ID = 3751)
5:35 p.m.: Found Spy Cookie: sextracker cookie
5:35 p.m.: frankie and tara@sextracker[2].txt (ID = 3361)
5:35 p.m.: frankie and [email protected][1].txt (ID = 3362)
5:35 p.m.: Found Spy Cookie: servedby advertising cookie
5:35 p.m.: frankie and [email protected][2].txt (ID = 3335)
5:35 p.m.: Found Spy Cookie: casalemedia cookie
5:35 p.m.: frankie and tara@casalemedia[1].txt (ID = 2354)
5:35 p.m.: Found Spy Cookie: fastclick cookie
5:35 p.m.: frankie and tara@fastclick[2].txt (ID = 2651)
5:35 p.m.: frankie and [email protected][1].txt (ID = 2355)
5:35 p.m.: Found Spy Cookie: maxserving cookie
5:35 p.m.: frankie and tara@maxserving[1].txt (ID = 2966)
5:35 p.m.: Found Spy Cookie: tribalfusion cookie
5:35 p.m.: frankie and tara@tribalfusion[1].txt (ID = 3589)
5:35 p.m.: Found Spy Cookie: starware.com cookie
5:35 p.m.: frankie and tara@starware[2].txt (ID = 3441)
5:35 p.m.: Found Spy Cookie: screensavers.com cookie
5:35 p.m.: frankie and [email protected][2].txt (ID = 3298)
5:35 p.m.: frankie and [email protected][1].txt (ID = 3298)
5:35 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:35 p.m.: Starting File Sweep
5:35 p.m.: Warning: Failed to open file "c:\pagefile.sys". Access is denied
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
5:37 p.m.: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
5:42 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
5:42 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
5:42 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:42 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:42 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\ntuser.dat". The process cannot access the file because it is being used by another process
5:42 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\ntuser.dat.log". The process cannot access the file because it is being used by another process
5:44 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:44 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:57 p.m.: File Sweep Complete, Elapsed Time: 00:21:48
5:57 p.m.: Full Sweep has completed. Elapsed time 00:23:14
5:57 p.m.: Traces Found: 14
********
5:30 p.m.: |··· Start of Session, Tuesday, 6 September 2005 ···|
5:30 p.m.: Spy Sweeper started
5:30 p.m.: Sweep initiated using definitions version 526
5:30 p.m.: Starting Memory Sweep
5:30 p.m.: Sweep Canceled
5:30 p.m.: Memory Sweep Complete, Elapsed Time: 00:00:21
5:30 p.m.: Traces Found: 0
5:34 p.m.: Program Version 4.0.4 (Build 430) Using Spyware Definitions 526
5:34 p.m.: |··· End of Session, Tuesday, 6 September 2005 ···|
********
7:52 p.m.: |··· Start of Session, Saturday, 3 September 2005 ···|
7:52 p.m.: Spy Sweeper started
7:52 p.m.: Sweep initiated using definitions version 526
7:52 p.m.: Starting Memory Sweep
7:53 p.m.: Memory Sweep Complete, Elapsed Time: 00:01:06
7:53 p.m.: Starting Registry Sweep
7:53 p.m.: Found Adware: begin2search
7:53 p.m.: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
7:53 p.m.: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
7:53 p.m.: Found Adware: hotsearchbar toolbar
7:53 p.m.: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
7:53 p.m.: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
7:53 p.m.: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
7:53 p.m.: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
7:53 p.m.: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
7:53 p.m.: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
7:53 p.m.: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
7:53 p.m.: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
7:53 p.m.: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
7:53 p.m.: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
7:53 p.m.: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
7:53 p.m.: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
7:53 p.m.: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
7:53 p.m.: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
7:53 p.m.: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
7:53 p.m.: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
7:53 p.m.: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
7:53 p.m.: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
7:53 p.m.: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
7:53 p.m.: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
7:53 p.m.: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
7:53 p.m.: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
7:53 p.m.: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
7:53 p.m.: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
7:53 p.m.: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
7:53 p.m.: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
7:53 p.m.: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
7:53 p.m.: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
7:53 p.m.: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
7:53 p.m.: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
7:53 p.m.: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
7:53 p.m.: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
7:53 p.m.: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
7:53 p.m.: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
7:53 p.m.: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
7:53 p.m.: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
7:53 p.m.: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
7:53 p.m.: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
7:53 p.m.: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
7:53 p.m.: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
7:53 p.m.: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
7:53 p.m.: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
7:53 p.m.: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
7:53 p.m.: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
7:53 p.m.: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
7:53 p.m.: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
7:53 p.m.: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
7:53 p.m.: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
7:53 p.m.: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
7:53 p.m.: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
7:53 p.m.: Found Adware: dluca
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\sp2ctr\ (3 subtraces) (ID = 125224)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\vinfo\ (ID = 125225)
7:53 p.m.: Found Trojan Horse: fastvideoplayer
7:53 p.m.: HKCR\clsid\{b5dd9a64-5c4b-4a48-be56-97c1a8f85708}\ (21 subtraces) (ID = 126414)
7:53 p.m.: HKCR\fastvideoplayer.fastvideoplayerctrl.1\ (4 subtraces) (ID = 126415)
7:53 p.m.: HKCR\fastvideoplayer.fastvideoplayerctrl\ (5 subtraces) (ID = 126416)
7:53 p.m.: HKCR\interface\{9ff86c1b-7e6f-4a7f-932a-244fe7296dae}\ (8 subtraces) (ID = 126419)
7:53 p.m.: HKCR\interface\{ee7e970d-3d17-4645-8660-d7f40b917092}\ (8 subtraces) (ID = 126420)
7:53 p.m.: HKLM\software\classes\clsid\{b5dd9a64-5c4b-4a48-be56-97c1a8f85708}\ (21 subtraces) (ID = 126421)
7:53 p.m.: HKLM\software\classes\fastvideoplayer.fastvideoplayerctrl.1\ (4 subtraces) (ID = 126422)
7:53 p.m.: HKLM\software\classes\fastvideoplayer.fastvideoplayerctrl\ (5 subtraces) (ID = 126423)
7:53 p.m.: HKLM\software\classes\interface\{9ff86c1b-7e6f-4a7f-932a-244fe7296dae}\ (8 subtraces) (ID = 126426)
7:53 p.m.: HKLM\software\classes\interface\{ee7e970d-3d17-4645-8660-d7f40b917092}\ (8 subtraces) (ID = 126427)
7:53 p.m.: HKLM\software\classes\typelib\{022850cb-74fd-486d-8b1c-573ecfd599ad}\ (9 subtraces) (ID = 126428)
7:53 p.m.: HKCR\typelib\{022850cb-74fd-486d-8b1c-573ecfd599ad}\ (9 subtraces) (ID = 126429)
7:53 p.m.: Found Adware: instant access
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\ia.dll (ID = 128825)
7:53 p.m.: Found Adware: multidial
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\muldist.ocx (ID = 135371)
7:53 p.m.: Found Adware: ist sidefind
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
7:53 p.m.: Found Adware: startnow
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\installer\features\b5890ede256d37548ae908c32b952774\ (2 subtraces) (ID = 142595)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\installer\products\b5890ede256d37548ae908c32b952774\ (17 subtraces) (ID = 142596)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\common files\hyperbar\ (ID = 142609)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\ (ID = 142610)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\installer\folders\ || c:\program files\startnow\navigation helper\ (ID = 142611)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\hyperbar\hyperbarss3.dll (ID = 142615)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\uninstall\{ede0985b-d652-4573-a89e-803cb2597247}\ (24 subtraces) (ID = 142617)
7:53 p.m.: Found Adware: startnow startnow hijack
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\microsoft\internet explorer\search\ || local page (ID = 142622)
7:53 p.m.: Found Adware: websearch toolbar
7:53 p.m.: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (7 subtraces) (ID = 146518)
7:53 p.m.: Found Adware: winad
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || .owner (ID = 147196)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadtoolsx.dll\ || {15ad4789-cdb4-47e1-a9da-992ee8e6bad6} (ID = 147197)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
7:53 p.m.: Found Adware: abetterinternet
7:53 p.m.: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
7:53 p.m.: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
7:53 p.m.: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
7:53 p.m.: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
7:53 p.m.: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
7:53 p.m.: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\aurorahandler\ (19 subtraces) (ID = 360172)
7:53 p.m.: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
7:53 p.m.: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\aurorahandler\ (19 subtraces) (ID = 480802)
7:53 p.m.: HKU\S-1-5-21-71231581-2952008640-666046586-1006\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
7:53 p.m.: Found Adware: rich editor
7:53 p.m.: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
7:53 p.m.: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
7:53 p.m.: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
7:53 p.m.: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
7:53 p.m.: HKCR\pool.lanbridge\ (5 subtraces) (ID = 608249)
7:53 p.m.: HKLM\software\classes\pool.lanbridge\ (5 subtraces) (ID = 609138)
7:53 p.m.: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\1.0\ (8 subtraces) (ID = 609169)
7:53 p.m.: HKLM\software\lanbridge\ (34 subtraces) (ID = 609177)
7:53 p.m.: Found Adware: safesurf
7:53 p.m.: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
7:53 p.m.: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
7:53 p.m.: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
7:53 p.m.: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
7:53 p.m.: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
7:53 p.m.: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
7:53 p.m.: HKLM\software\picshow\ (30 subtraces) (ID = 730989)
7:53 p.m.: Registry Sweep Complete, Elapsed Time:00:00:15
7:53 p.m.: Starting Cookie Sweep
7:53 p.m.: Found Spy Cookie: ask cookie
7:53 p.m.: frankie and tara@ask[1].txt (ID = 2245)
7:53 p.m.: Found Spy Cookie: hotmatch cookie
7:53 p.m.: frankie and tara@hotmatch[1].txt (ID = 3854)
7:53 p.m.: Found Spy Cookie: com.com cookie
7:53 p.m.: frankie and tara@com[2].txt (ID = 2445)
7:53 p.m.: Found Spy Cookie: 3 cookie
7:53 p.m.: frankie and tara@3[3].txt (ID = 1959)
7:53 p.m.: Found Spy Cookie: kount cookie
7:53 p.m.: frankie and tara@kount[1].txt (ID = 2911)
7:53 p.m.: Found Spy Cookie: ugo cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3609)
7:53 p.m.: Found Spy Cookie: gostats cookie
7:53 p.m.: frankie and tara@gostats[2].txt (ID = 2747)
7:53 p.m.: Found Spy Cookie: 5 cookie
7:53 p.m.: frankie and tara@5[3].txt (ID = 1979)
7:53 p.m.: Found Spy Cookie: localnrd cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2933)
7:53 p.m.: Found Spy Cookie: a cookie
7:53 p.m.: frankie and tara@a[1].txt (ID = 2027)
7:53 p.m.: Found Spy Cookie: desktop kazaa cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2515)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and tara@3[1].txt (ID = 1959)
7:53 p.m.: Found Spy Cookie: cd freaks cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2371)
7:53 p.m.: Found Spy Cookie: alt cookie
7:53 p.m.: frankie and tara@alt[2].txt (ID = 2217)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: hotbar cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 4207)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: dealtime cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2506)
7:53 p.m.: Found Spy Cookie: offeroptimizer cookie
7:53 p.m.: frankie and tara@offeroptimizer[2].txt (ID = 3087)
7:53 p.m.: Found Spy Cookie: fe.lea.lycos.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2660)
7:53 p.m.: frankie and tara@cdfreaks[2].txt (ID = 2370)
7:53 p.m.: Found Spy Cookie: toprebates.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3562)
7:53 p.m.: frankie and [email protected][2].txt (ID = 1960)
7:53 p.m.: Found Spy Cookie: about cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: go.com cookie
7:53 p.m.: frankie and tara@go[2].txt (ID = 2728)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: wegcash cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3682)
7:53 p.m.: Found Spy Cookie: eroticy cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2624)
7:53 p.m.: Found Spy Cookie: burstbeacon cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2335)
7:53 p.m.: Found Spy Cookie: belnk cookie
7:53 p.m.: frankie and tara@belnk[2].txt (ID = 2292)
7:53 p.m.: Found Spy Cookie: destinationxxx cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2520)
7:53 p.m.: Found Spy Cookie: zone-media cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: zango cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3761)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2293)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2660)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2729)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: clickzs cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2413)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: frankie and tara@go[3].txt (ID = 2728)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: pricegrabber cookie
7:53 p.m.: frankie and tara@pricegrabber[1].txt (ID = 3185)
7:53 p.m.: Found Spy Cookie: howstuffworks cookie
7:53 p.m.: frankie and tara@howstuffworks[2].txt (ID = 2805)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: xiti cookie
7:53 p.m.: frankie and tara@xiti[2].txt (ID = 3717)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: gamespy cookie
7:53 p.m.: frankie and tara@gamespy[2].txt (ID = 2719)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: hyperbanner cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2816)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2748)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2748)
7:53 p.m.: Found Spy Cookie: go2net.com cookie
7:53 p.m.: frankie and tara@go2net[1].txt (ID = 2730)
7:53 p.m.: Found Spy Cookie: myaffiliateprogram.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3032)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: Found Spy Cookie: hypertracker.com cookie
7:53 p.m.: frankie and tara@hypertracker[2].txt (ID = 2817)
7:53 p.m.: Found Spy Cookie: hbmediapro cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2768)
7:53 p.m.: Found Spy Cookie: cc214142 cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2367)
7:53 p.m.: Found Spy Cookie: 216.221.138 cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 1947)
7:53 p.m.: Found Spy Cookie: upspiral cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3615)
7:53 p.m.: Found Spy Cookie: 64.62.232 cookie
7:53 p.m.: frankie and [email protected][3].txt (ID = 1987)
7:53 p.m.: frankie and [email protected][2].txt (ID = 1987)
7:53 p.m.: Found Spy Cookie: tickle cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3530)
7:53 p.m.: frankie and tara@upspiral[1].txt (ID = 3614)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2806)
7:53 p.m.: Found Spy Cookie: webpower cookie
7:53 p.m.: frankie and tara@webpower[2].txt (ID = 3660)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: did-it cookie
7:53 p.m.: frankie and tara@did-it[2].txt (ID = 2523)
7:53 p.m.: Found Spy Cookie: www.mature-post cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3703)
7:53 p.m.: Found Spy Cookie: moviemonster cookie
7:53 p.m.: frankie and tara@moviemonster[1].txt (ID = 3010)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and tara@about[2].txt (ID = 2037)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: rightmedia cookie
7:53 p.m.: frankie and tara@rightmedia[1].txt (ID = 3259)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3765)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2806)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2038)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and tara@a[4].txt (ID = 2027)
7:53 p.m.: Found Spy Cookie: linkexchange cookie
7:53 p.m.: frankie and tara@linkexchange[1].txt (ID = 2920)
7:53 p.m.: frankie and tara@go[1].txt (ID = 2728)
7:53 p.m.: Found Spy Cookie: stlyrics cookie
7:53 p.m.: frankie and tara@stlyrics[1].txt (ID = 3461)
7:53 p.m.: frankie and [email protected][2].txt (ID = 3682)
7:53 p.m.: Found Spy Cookie: ccbill cookie
7:53 p.m.: frankie and tara@ccbill[1].txt (ID = 2369)
7:53 p.m.: Found Spy Cookie: barelylegal cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2286)
7:53 p.m.: Found Spy Cookie: toplist cookie
7:53 p.m.: frankie and tara@toplist[1].txt (ID = 3557)
7:53 p.m.: Found Spy Cookie: joetec.net cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2890)
7:53 p.m.: Found Spy Cookie: teensearchbar cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3508)
7:53 p.m.: Found Spy Cookie: 888 cookie
7:53 p.m.: frankie and tara@888[2].txt (ID = 2019)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2729)
7:53 p.m.: Found Spy Cookie: 2o7.net cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 1958)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2806)
7:53 p.m.: Found Spy Cookie: naughtyplayer cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3058)
7:53 p.m.: Found Spy Cookie: fastclick cookie
7:53 p.m.: frankie and tara@fastclick[1].txt (ID = 2651)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:53 p.m.: Found Spy Cookie: freemoviesanddownloads cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 2701)
7:53 p.m.: Found Spy Cookie: ads.businessweek cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2113)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: promaxtraffic cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3200)
7:53 p.m.: Found Spy Cookie: atwola cookie
7:53 p.m.: frankie and tara@atwola[2].txt (ID = 2255)
7:53 p.m.: Found Spy Cookie: yadro cookie
7:53 p.m.: frankie and tara@yadro[1].txt (ID = 3743)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: mywebsearch cookie
7:53 p.m.: frankie and tara@mywebsearch[2].txt (ID = 3051)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and tara@toplist[2].txt (ID = 3557)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: specificclick.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3400)
7:53 p.m.: frankie and [email protected][1].txt (ID = 1987)
7:53 p.m.: Found Spy Cookie: starware.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3442)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2729)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: screensavers.com cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3298)
7:53 p.m.: Found Spy Cookie: bpath cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2321)
7:53 p.m.: frankie and tara@starware[2].txt (ID = 3441)
7:53 p.m.: Found Spy Cookie: adknowledge cookie
7:53 p.m.: frankie and tara@adknowledge[1].txt (ID = 2072)
7:53 p.m.: Found Spy Cookie: rn11 cookie
7:53 p.m.: frankie and [email protected][2].txt (ID = 3262)
7:53 p.m.: Found Spy Cookie: adultfriendfinder cookie
7:53 p.m.: frankie and tara@adultfriendfinder[1].txt (ID = 2165)
7:53 p.m.: frankie and tara@3[5].txt (ID = 1959)
7:53 p.m.: Found Spy Cookie: adserver cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2142)
7:53 p.m.: Found Spy Cookie: reliablestats cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 3254)
7:53 p.m.: Found Spy Cookie: burstnet cookie
7:53 p.m.: frankie and tara@burstnet[1].txt (ID = 2336)
7:53 p.m.: Found Spy Cookie: wind-find.com cookie
7:53 p.m.: frankie and tara@wind-find[2].txt (ID = 3691)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2413)
7:53 p.m.: Found Spy Cookie: planet cookie
7:53 p.m.: frankie and tara@planet[2].txt (ID = 3143)
7:53 p.m.: Found Spy Cookie: banner cookie
7:53 p.m.: frankie and tara@banner[1].txt (ID = 2276)
7:53 p.m.: frankie and tara@hypertracker[1].txt (ID = 2817)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: tribalfusion cookie
7:53 p.m.: frankie and tara@tribalfusion[1].txt (ID = 3589)
7:53 p.m.: frankie and [email protected][1].txt (ID = 3298)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: Found Spy Cookie: realmedia cookie
7:53 p.m.: frankie and tara@realmedia[1].txt (ID = 3235)
7:53 p.m.: Found Spy Cookie: abcsearch cookie
7:53 p.m.: frankie and tara@abcsearch[1].txt (ID = 2033)
7:53 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:53 p.m.: frankie and [email protected][2].txt (ID = 3200)
7:53 p.m.: frankie and tara@belnk[1].txt (ID = 2292)
7:53 p.m.: Found Spy Cookie: belointeractive cookie
7:53 p.m.: frankie and [email protected][1].txt (ID = 2295)
7:53 p.m.: Found Spy Cookie: rednova cookie
7:53 p.m.: frankie and tara@rednova[1].txt (ID = 3245)
7:53 p.m.: frankie and [email protected][2].txt (ID = 2038)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: Found Spy Cookie: atlas dmt cookie
7:54 p.m.: frankie and tara@atdmt[2].txt (ID = 2253)
7:54 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:54 p.m.: frankie and [email protected][3].txt (ID = 2293)
7:54 p.m.: Found Spy Cookie: yieldmanager cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3751)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@toplist[3].txt (ID = 3557)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2038)
7:54 p.m.: frankie and [email protected][2].txt (ID = 3442)
7:54 p.m.: frankie and tara@a[2].txt (ID = 2027)
7:54 p.m.: frankie and tara@banner[3].txt (ID = 2276)
7:54 p.m.: frankie and tara@888[3].txt (ID = 2019)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@belointeractive[1].txt (ID = 2294)
7:54 p.m.: frankie and tara@3[6].txt (ID = 1959)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2506)
7:54 p.m.: frankie and tara@dealtime[1].txt (ID = 2505)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3298)
7:54 p.m.: Found Spy Cookie: sextracker cookie
7:54 p.m.: frankie and tara@sextracker[1].txt (ID = 3361)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2295)
7:54 p.m.: frankie and tara@gamespy[1].txt (ID = 2719)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: Found Spy Cookie: addynamix cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2062)
7:54 p.m.: Found Spy Cookie: experclick cookie
7:54 p.m.: frankie and tara@experclick[1].txt (ID = 2639)
7:54 p.m.: Found Spy Cookie: advertising cookie
7:54 p.m.: frankie and tara@advertising[1].txt (ID = 2175)
7:54 p.m.: frankie and [email protected][5].txt (ID = 1987)
7:54 p.m.: Found Spy Cookie: casalemedia cookie
7:54 p.m.: frankie and tara@casalemedia[1].txt (ID = 2354)
7:54 p.m.: Found Spy Cookie: zedo cookie
7:54 p.m.: frankie and tara@zedo[2].txt (ID = 3762)
7:54 p.m.: frankie and [email protected][2].txt (ID = 2446)
7:54 p.m.: frankie and [email protected][7].txt (ID = 1987)
7:54 p.m.: frankie and tara@atwola[3].txt (ID = 2255)
7:54 p.m.: frankie and [email protected][9].txt (ID = 1987)
7:54 p.m.: Found Spy Cookie: enhance cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2614)
7:54 p.m.: Found Spy Cookie: videodome cookie
7:54 p.m.: frankie and tara@videodome[1].txt (ID = 3638)
7:54 p.m.: frankie and [email protected][6].txt (ID = 1987)
7:54 p.m.: frankie and [email protected][2].txt (ID = 3462)
7:54 p.m.: Found Spy Cookie: starpulse cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3440)
7:54 p.m.: frankie and [email protected][3].txt (ID = 2660)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@ask[3].txt (ID = 2245)
7:54 p.m.: Found Spy Cookie: danni cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2494)
7:54 p.m.: frankie and tara@danni[2].txt (ID = 2493)
7:54 p.m.: Found Spy Cookie: sandboxer cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3281)
7:54 p.m.: Found Spy Cookie: servedby advertising cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 3335)
7:54 p.m.: frankie and [email protected][2].txt (ID = 2768)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3362)
7:54 p.m.: frankie and tara@stlyrics[3].txt (ID = 3461)
7:54 p.m.: frankie and [email protected][3].txt (ID = 2335)
7:54 p.m.: frankie and tara@tickle[2].txt (ID = 3529)
7:54 p.m.: Found Spy Cookie: btgrab cookie
7:54 p.m.: frankie and [email protected][2].txt (ID = 2333)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: Found Spy Cookie: hitboss.com cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2782)
7:54 p.m.: frankie and tara@ccbill[2].txt (ID = 2369)
7:54 p.m.: frankie and [email protected][4].txt (ID = 1987)
7:54 p.m.: Found Spy Cookie: 66.246.209 cookie
7:54 p.m.: frankie and [email protected][2].txt (ID = 1997)
7:54 p.m.: frankie and tara@did-it[1].txt (ID = 2523)
7:54 p.m.: Found Spy Cookie: mrskin cookie
7:54 p.m.: frankie and tara@mrskin[1].txt (ID = 3020)
7:54 p.m.: Found Spy Cookie: kinghost cookie
7:54 p.m.: frankie and tara@kinghost[1].txt (ID = 2903)
7:54 p.m.: Found Spy Cookie: outster cookie
7:54 p.m.: frankie and tara@outster[2].txt (ID = 3103)
7:54 p.m.: Found Spy Cookie: azjmp cookie
7:54 p.m.: frankie and tara@azjmp[1].txt (ID = 2270)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3021)
7:54 p.m.: Found Spy Cookie: apmebf cookie
7:54 p.m.: frankie and tara@apmebf[2].txt (ID = 2229)
7:54 p.m.: Found Spy Cookie: clickads cookie
7:54 p.m.: frankie and [email protected][2].txt (ID = 4643)
7:54 p.m.: frankie and [email protected][1].txt (ID = 2446)
7:54 p.m.: frankie and tara@about[3].txt (ID = 2037)
7:54 p.m.: Found Spy Cookie: accoona cookie
7:54 p.m.: frankie and tara@accoona[2].txt (ID = 2041)
7:54 p.m.: frankie and [email protected][3].txt (ID = 3682)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3761)
7:54 p.m.: frankie and tara@hotmatch[2].txt (ID = 3854)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3400)
7:54 p.m.: Found Spy Cookie: adjuggler cookie
7:54 p.m.: frankie and [email protected][1].txt (ID = 2071)
7:54 p.m.: frankie and [email protected][1].txt (ID = 3682)
7:54 p.m.: Found Spy Cookie: maxserving cookie
7:54 p.m.: frankie and tara@maxserving[1].txt (ID = 2966)
7:54 p.m.: frankie and tara@alt[1].txt (ID = 2217)
7:54 p.m.: Cookie Sweep Complete, Elapsed Time: 00:00:09
7:54 p.m.: Starting File Sweep
7:54 p.m.: Warning: Failed to open file "c:\pagefile.sys". Access is denied
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
7:56 p.m.: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
7:57 p.m.: Found Adware: bullguard popup ad
7:57 p.m.: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
7:57 p.m.: bulldownload.exe (ID = 52017)
7:57 p.m.: wirelanb.dll (ID = 125490)
7:57 p.m.: netlanm.dll (ID = 138227)
7:57 p.m.: Found Trojan Horse: trojan downloader pops-stop
7:57 p.m.: installerv4.exe (ID = 122359)
7:57 p.m.: installerv5.exe (ID = 138283)
7:57 p.m.: thin-94-1-x-x.exe (ID = 83542)
7:57 p.m.: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
7:57 p.m.: bingo_big3123.ico (ID = 51022)
7:57 p.m.: fastvideoplayer.inf (ID = 60913)
7:58 p.m.: fastvideoplayer.inf (ID = 60913)
7:58 p.m.: Found Adware: shopathomeselect
7:58 p.m.: setup4002b.ini (ID = 75934)
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\ntuser.dat". The process cannot access the file because it is being used by another process
8:00 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:01 p.m.: Found Adware: 180search assistant/zango
8:01 p.m.: 180sainstallernu.exe (ID = 125069)
8:01 p.m.: res1a.tmp (ID = 125071)
8:01 p.m.: installer4_thin.exe (ID = 122354)
8:01 p.m.: labpengs.tmp (ID = 125489)
8:01 p.m.: Found Adware: ipinsight
8:01 p.m.: conscorr.inf (ID = 64277)
8:01 p.m.: temp.frde29 (ID = 84889)
8:01 p.m.: temp.fr696a (ID = 84894)
8:01 p.m.: temp.fr7988 (ID = 84923)
8:01 p.m.: temp.fr1b85 (ID = 86338)
8:01 p.m.: cdt1004.sah (ID = 75717)
8:01 p.m.: res133.tmp (ID = 93785)
8:01 p.m.: thin-94-1-x-x.exe (ID = 83542)
8:01 p.m.: installerv5_thin.exe (ID = 140473)
8:01 p.m.: sntaudio.tmp (ID = 138228)
8:01 p.m.: conflict.cab (ID = 84685)
8:01 p.m.: xlmurin.wzg (ID = 91703)
8:02 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:02 p.m.: Warning: Failed to open file "c:\documents and settings\frankie and tara\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:02 p.m.: cursors.xml (ID = 84688)
8:02 p.m.: greenmovie2313asaadsasfad112341231adsfa1[1].ico (ID = 51033)
8:02 p.m.: bingo_big3123[1].ico (ID = 51022)
8:08 p.m.: backup-20050902-145455-172.dll (ID = 125444)
8:08 p.m.: Found Trojan Horse: trojan-downloader-mainstreamdollars
8:08 p.m.: backup-20050902-145456-896.dll (ID = 80729)
8:08 p.m.: Found Adware: azsearch toolbar
8:08 p.m.: backup-20050902-145457-289.inf (ID = 50328)
8:14 p.m.: File Sweep Complete, Elapsed Time: 00:20:22
8:14 p.m.: Full Sweep has completed. Elapsed time 00:21:59
8:14 p.m.: Traces Found: 1186
8:23 p.m.: Removal process initiated
8:23 p.m.: Quarantining All Traces: begin2search
8:24 p.m.: Quarantining All Traces: hotsearchbar toolbar
8:24 p.m.: Quarantining All Traces: dluca
8:24 p.m.: Quarantining All Traces: fastvideoplayer
8:25 p.m.: Quarantining All Traces: instant access
8:25 p.m.: Quarantining All Traces: multidial
8:25 p.m.: Quarantining All Traces: ist sidefind
8:25 p.m.: Quarantining All Traces: startnow
8:25 p.m.: Quarantining All Traces: startnow startnow hijack
8:25 p.m.: Quarantining All Traces: websearch toolbar
8:25 p.m.: Quarantining All Traces: winad
8:25 p.m.: Quarantining All Traces: abetterinternet
8:26 p.m.: Quarantining All Traces: rich editor
8:26 p.m.: Quarantining All Traces: safesurf
8:26 p.m.: Quarantining All Traces: ask cookie
8:26 p.m.: Quarantining All Traces: hotmatch cookie
8:26 p.m.: Quarantining All Traces: com.com cookie
8:27 p.m.: Quarantining All Traces: 3 cookie
8:27 p.m.: Quarantining All Traces: kount cookie
8:27 p.m.: Quarantining All Traces: ugo cookie
8:27 p.m.: Quarantining All Traces: gostats cookie
8:27 p.m.: Quarantining All Traces: 5 cookie
8:28 p.m.: Quarantining All Traces: localnrd cookie
8:28 p.m.: Quarantining All Traces: a cookie
8:28 p.m.: Quarantining All Traces: desktop kazaa cookie
8:28 p.m.: Quarantining All Traces: cd freaks cookie
8:28 p.m.: Quarantining All Traces: alt cookie
8:28 p.m.: Quarantining All Traces: hotbar cookie
8:28 p.m.: Quarantining All Traces: dealtime cookie
8:28 p.m.: Quarantining All Traces: offeroptimizer cookie
8:28 p.m.: Quarantining All Traces: fe.lea.lycos.com cookie
8:28 p.m.: Quarantining All Traces: toprebates.com cookie
8:28 p.m.: Quarantining All Traces: about cookie
8:29 p.m.: Quarantining All Traces: go.com cookie
8:29 p.m.: Quarantining All Traces: wegcash cookie
8:29 p.m.: Quarantining All Traces: eroticy cookie
8:29 p.m.: Quarantining All Traces: burstbeacon cookie
8:29 p.m.: Quarantining All Traces: belnk cookie
8:29 p.m.: Quarantining All Traces: destinationxxx cookie
8:29 p.m.: Quarantining All Traces: zone-media cookie
8:29 p.m.: Quarantining All Traces: zango cookie
8:29 p.m.: Quarantining All Traces: clickzs cookie
8:30 p.m.: Quarantining All Traces: pricegrabber cookie
8:30 p.m.: Quarantining All Traces: howstuffworks cookie
8:30 p.m.: Quarantining All Traces: xiti cookie
8:30 p.m.: Quarantining All Traces: gamespy cookie
8:30 p.m.: Quarantining All Traces: hyperbanner cookie
8:30 p.m.: Quarantining All Traces: go2net.com cookie
8:30 p.m.: Quarantining All Traces: myaffiliateprogram.com cookie
8:30 p.m.: Quarantining All Traces: hypertracker.com cookie
8:30 p.m.: Quarantining All Traces: hbmediapro cookie
8:30 p.m.: Quarantining All Traces: cc214142 cookie
8:30 p.m.: Quarantining All Traces: 216.221.138 cookie
8:30 p.m.: Quarantining All Traces: upspiral cookie
8:30 p.m.: Quarantining All Traces: 64.62.232 cookie
8:30 p.m.: Quarantining All Traces: tickle cookie
8:30 p.m.: Quarantining All Traces: webpower cookie
8:31 p.m.: Quarantining All Traces: did-it cookie
8:31 p.m.: Quarantining All Traces: www.mature-post cookie
8:31 p.m.: Quarantining All Traces: moviemonster cookie
8:31 p.m.: Quarantining All Traces: rightmedia cookie
8:31 p.m.: Quarantining All Traces: linkexchange cookie
8:31 p.m.: Quarantining All Traces: stlyrics cookie
8:31 p.m.: Quarantining All Traces: ccbill cookie
8:31 p.m.: Quarantining All Traces: barelylegal cookie
8:31 p.m.: Quarantining All Traces: toplist cookie
8:31 p.m.: Quarantining All Traces: joetec.net cookie
8:31 p.m.: Quarantining All Traces: teensearchbar cookie
8:31 p.m.: Quarantining All Traces: 888 cookie
8:31 p.m.: Quarantining All Traces: 2o7.net cookie
8:31 p.m.: Quarantining All Traces: naughtyplayer cookie
8:31 p.m.: Quarantining All Traces: fastclick cookie
8:31 p.m.: Quarantining All Traces: freemoviesanddownloads cookie
8:31 p.m.: Quarantining All Traces: ads.businessweek cookie
8:31 p.m.: Quarantining All Traces: promaxtraffic cookie
8:32 p.m.: Quarantining All Traces: atwola cookie
8:32 p.m.: Quarantining All Traces: yadro cookie
8:32 p.m.: Quarantining All Traces: mywebsearch cookie
8:32 p.m.: Quarantining All Traces: specificclick.com cookie
8:32 p.m.: Quarantining All Traces: starware.com cookie
8:32 p.m.: Quarantining All Traces: screensavers.com cookie
8:32 p.m.: Quarantining All Traces: bpath cookie
8:32 p.m.: Quarantining All Traces: adknowledge cookie
8:32 p.m.: Quarantining All Traces: rn11 cookie
8:32 p.m.: Quarantining All Traces: adultfriendfinder cookie
8:32 p.m.: Quarantining All Traces: adserver cookie
8:32 p.m.: Quarantining All Traces: reliablestats cookie
8:32 p.m.: Quarantining All Traces: burstnet cookie
8:32 p.m.: Quarantining All Traces: wind-find.com cookie
8:32 p.m.: Quarantining All Traces: planet cookie
8:32 p.m.: Quarantining All Traces: banner cookie
8:32 p.m.: Quarantining All Traces: tribalfusion cookie
8:32 p.m.: Quarantining All Traces: realmedia cookie
8:32 p.m.: Quarantining All Traces: abcsearch cookie
8:32 p.m.: Quarantining All Traces: belointeractive cookie
8:33 p.m.: Quarantining All Traces: rednova cookie
8:33 p.m.: Quarantining All Traces: atlas dmt cookie
8:33 p.m.: Quarantining All Traces: yieldmanager cookie
8:33 p.m.: Quarantining All Traces: sextracker cookie
8:33 p.m.: Quarantining All Traces: addynamix cookie
8:33 p.m.: Quarantining All Traces: experclick cookie
8:33 p.m.: Quarantining All Traces: advertising cookie
8:33 p.m.: Quarantining All Traces: casalemedia cookie
8:33 p.m.: Quarantining All Traces: zedo cookie
8:33 p.m.: Quarantining All Traces: enhance cookie
8:33 p.m.: Quarantining All Traces: videodome cookie
8:33 p.m.: Quarantining All Traces: starpulse cookie
8:33 p.m.: Quarantining All Traces: danni cookie
8:33 p.m.: Quarantining All Traces: sandboxer cookie
8:33 p.m.: Quarantining All Traces: servedby advertising cookie
8:33 p.m.: Quarantining All Traces: btgrab cookie
8:33 p.m.: Quarantining All Traces: hitboss.com cookie
8:33 p.m.: Quarantining All Traces: 66.246.209 cookie
8:33 p.m.: Quarantining All Traces: mrskin cookie
8:33 p.m.: Quarantining All Traces: kinghost cookie
8:34 p.m.: Quarantining All Traces: outster cookie
8:34 p.m.: Quarantining All Traces: azjmp cookie
8:34 p.m.: Quarantining All Traces: apmebf cookie
8:34 p.m.: Quarantining All Traces: clickads cookie
8:34 p.m.: Quarantining All Traces: accoona cookie
8:34 p.m.: Quarantining All Traces: adjuggler cookie
8:34 p.m.: Quarantining All Traces: maxserving cookie
8:34 p.m.: Quarantining All Traces: bullguard popup ad
8:34 p.m.: Quarantining All Traces: trojan downloader pops-stop
8:34 p.m.: Quarantining All Traces: shopathomeselect
8:34 p.m.: Quarantining All Traces: 180search assistant/zango
8:34 p.m.: Quarantining All Traces: ipinsight
8:34 p.m.: Quarantining All Traces: trojan-downloader-mainstreamdollars
8:34 p.m.: Quarantining All Traces: azsearch toolbar
8:43 p.m.: Removal process completed. Elapsed time 00:20:04
********
7:49 p.m.: |··· Start of Session, Saturday, 3 September 2005 ···|
7:49 p.m.: Spy Sweeper started
7:49 p.m.: Sweep initiated using definitions version 526
7:49 p.m.: Starting Memory Sweep
7:49 p.m.: Sweep Canceled
7:49 p.m.: Memory Sweep Complete, Elapsed Time: 00:00:26
7:49 p.m.: Traces Found: 0
7:52 p.m.: Program Version 4.0.4 (Build 430) Using Spyware Definitions 526
7:52 p.m.: |··· End of Session, Saturday, 3 September 2005 ···|
********
7:48 p.m.: |··· Start of Session, Saturday, 3 September 2005 ···|
7:48 p.m.: Spy Sweeper started
7:49 p.m.: |··· End of Session, Saturday, 3 September 2005 ···|

thanks man.