Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD


  • This topic is locked This topic is locked

#16
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's try one more thing that may help you.

Click Start -> Run
Type in sfc /scannow and hit enter.

This will scan your computer for any missing or corrupt system files.


Let me know how it goes.
  • 0

Advertisements


#17
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
was the scan supposed to generate a log? It went through the complete process, but did not show anything or any log.

I noticed on the forum there were several people getting the BSOD with the I_R_Q_L error. Surely everyone is not having driver problems, or could all the viruses, spyware, malware etc. corrupted one of them? I also saw another post that mentioned it could be a virus that infected a network module. Sorry just trying to figure out... getting desperate... :tazz:

Look at swingers problem. HELP - I keep getting a BSOD!, [screenshot]

this was a code off the blue screen:
darth_ash:
afd.sys is the Kernel-mode winsock driver.

First lets try something simple, download and run WinSock fix from the following link:
http://www.majorgeek...wnload4372.html
Reboot and see if the problem persists.



If that does'nt work, lets try replacing the afd.sys with a fresh copy, follow the steps below to replace afd.sys:
In your BIOS set CD-ROM has 1st Boot Device.
Insert XP Setup CD, to boot from CD.
After the intial loading of drivers is over, on the Welcome to Setup Screen with 3 options; Press R key, to "Repair XP installtion using Recovery Console".
On the next screen you will be asked to choose your Windows installtion, choose the one that is causing the problem by typing the number beside it.
Now you will be prompted for the password of Administrator, enter it; If password is blank, just press <enter>.

Below are two ways to recover from this problem from the Recovery Console, use any one of them.
Use Method1 only if u downloaded and installed SP2.
Use Method2 if u have installed SP2 from CD and u have the CD; or if u have'nt installed SP2 at all.
Method1:
Type the following commands:
cd \WINDOWS\ServicePackFiles\i386
copy afd.sys c:\Windows\System32\drivers.
Method2:
Type the following command:
expand x:\i386\afd.sy_ c:\windows\system32\afd.sys.
(where x: the drive-letter of ur CD-ROM drive and c: is the partition where XP was installed)


is there a code off my blue screen that could help? the last code after the stop thing is OX80563DBA and also changed another time to 0X80563D35.

Thanks for listening to my rambling and for all your continued help!!!

Edited by brenda4172, 15 September 2005 - 07:34 PM.

  • 0

#18
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I would say that your problem is almost certainly hardware related. But let me take one more look at your hijackthis log so that we can rule of malware for sure.
  • 0

#19
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Here is the log:

How can I find out which driver is giving me the problem? :tazz:

I certainly do appreciate any help!!!

Logfile of HijackThis v1.99.1
Scan saved at 6:28:31 PM, on 9/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ipmights.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123938785482
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsof...cure/ocarpt.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


BTW- what is the ipmights.exe file. Because sometimes when computer is rebooting that file comes up with error about some .dll

Edited by brenda4172, 16 September 2005 - 04:34 PM.

  • 0

#20
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's see what we can find out.
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    • C:\WINDOWS\system32\ipmights.exe
  • Click on the submit button
  • Please post the results in your next reply.

  • 0

#21
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
  • 0

#22
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Can you find the file and let me know what it is dated?
  • 0

#23
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Friday August 19, 2005

which is the night when my daughter went clickety click and I was bombarded with all the enemies....... :tazz:
  • 0

#24
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Download KillBox and unzip it to your desktop.

Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"

C:\WINDOWS\system32\ipmights.exe

Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.

Your computer will reboot.


Please post a new hijackthis log and let me know how things are working on your end.
  • 0

#25
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Did that, but I don't think it got rid of it.
Also I found a file in my Program file named
Onlyware created same day as other file August 19, 2005
it has a file like a html named mdhkbdhu

the ipmights.exe and the above mdhkbdhu.exe
come up with the .dll initalization error when windows is shutting down

Here is the Hijack Log after doing the Killboxthing

Have I told you lately THANK YOU?


Logfile of HijackThis v1.99.1
Scan saved at 7:43:31 PM, on 9/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ipmights.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1123938785482
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsof...cure/ocarpt.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://photo.walmart...oad/XUpload.ocx
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...561/mcfscan.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#26
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Neither of those files are legit and I'm not familiar with Onlyware. But the more important thing to note is that you are not familiar with it. What is the exact filename?

Let's see if we can flush out anything useful.

Download mwav.exe from MicroWorld, then:

- Double-click the mwav.exe icon to run it (it'll self extract).
- When it opens, check the following:
---- Memory
---- Registry
---- Startup Folders
---- System Folders
---- Services
---- Drive
---- All local drives
---- Scan all files

- Then click on SCAN

When it completes, post back the results (copy and paste) from the 'Virus log information' pane.
  • 0

#27
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
The file is
C:\Program Files\Onlyware

The following are files in the folder:
ace.dll
atl.dll
WinGenerics.dll
mdhkbdhu.exe (this is an internet explorer file)

Here is the MicroWorld Virus log info:
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "VX2 Respondmiter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Cydoor.TOPicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Cydoor.TOPicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "BigTrafficNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "esyndicate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IMesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "P2P Networking Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "TopSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "YourSiteBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CasinoClient Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WeatherBug Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Cydoor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "HotBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IMesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IMesh Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MidAddle Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Search Assistant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "TopRebates Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "vx2 Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eUniverse/Keenvalue variant Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Delfin_Promulgate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aurora Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\DeskAdX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\HDPlugin1015.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\imgSizer.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaAccX.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\udfrinst.exe" refers to invalid object "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\udfrinst.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".DMP". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate1.6". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LiveUpdate1.7". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSNMS". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WSEM Update". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{21603898-E51D-43CE-A901-B3F5323D21B1}" refers to invalid object "C:\WINDOWS\system32\UYRFAXA.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22AEC9F9-12E9-4E8E-95D7-934EF8B19F53}" refers to invalid object "C:\WINDOWS\system32\wevcore.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2557a7a6-4f6b-4269-9985-c96f17d6bed2}" refers to invalid object "C:\WINDOWS\system32\darab.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{28F00B22-DC4E-11d3-ABEC-005004A44EEB}" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWXml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{28F00B23-DC4E-11d3-ABEC-005004A44EEB}" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWXml.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{290F048D-4C17-4BC3-8DB2-B1683C2BA510}" refers to invalid object "C:\WINDOWS\system32\WRNSTRM.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2ABB3017-53D6-4DCD-B915-81B3E679E4D1}" refers to invalid object "C:\WINDOWS\system32\hdzipt12.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B6C14C5-5B7E-47FB-BDA2-8192921C60B8}" refers to invalid object "C:\WINDOWS\system32\guard.tmp". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D2FEBE3-9079-4B53-8507-83BB0A79F83C}" refers to invalid object "C:\WINDOWS\system32\MWC71JPN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{34D6B040-022E-4EEA-803F-A2367D778ED6}" refers to invalid object "C:\WINDOWS\system32\dxutil.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39883E01-EC6E-0195-8452-64550DF12A1D}" refers to invalid object "C:\WINDOWS\system32\xeczlh.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}" refers to invalid object "C:\PROGRA~1\iMesh\Client\IMESHC~1.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{77DC2765-4C57-4969-BCF4-45F0B9388C37}" refers to invalid object "C:\WINDOWS\system32\WZDTLS16.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{81315786-F13B-445B-87F7-D6D19BFFF526}" refers to invalid object "C:\WINDOWS\system32\mjasn1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83E597EF-97ED-4848-AEB8-38B72D06E3C1}" refers to invalid object "C:\WINDOWS\system32\UHEG.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{965EEFE4-05FD-4B6D-B9D5-0FA22DF5CFEA}" refers to invalid object "C:\WINDOWS\system32\sxorprop.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{aa7bb5fd-1014-4858-b670-ea4c0b8cbc02}" refers to invalid object "C:\WINDOWS\system32\rsgkn.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}" refers to invalid object "C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E2A9AD08-2227-4FEC-8682-82F8552B73D9}" refers to invalid object "C:\WINDOWS\system32\aesldp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F22F2CFE-D2BF-44F9-B146-F3D2FC351D47}" refers to invalid object "C:\WINDOWS\system32\KRDHE.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}" refers to invalid object "c:\Program Files\Fla\fla.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{28F00B05-DC4E-11D3-ABEC-005004A44EEB}" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWConfigurator.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{28F00B1F-DC4E-11D3-ABEC-005004A44EEB}" refers to invalid object "C:\Program Files\MusicMatch\MusicMatch Jukebox\Common\HWXml.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{34A35BBB-8C19-4482-864C-290BD8DD6A5D}" refers to invalid object "C:\WINDOWS\system32\bhbrnrkn.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{357F9484-B184-4329-AB82-F11DAF2E40EA}" refers to invalid object "C:\DOCUME~1\TIFFAN~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{361130C2-2EDA-4FED-B179-D5C9719AE181}" refers to invalid object "C:\DOCUME~1\COURTN~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{3CFEF439-D44D-4001-BA0E-7A3A1F57A733}" refers to invalid object "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{43A1C50A-0683-4CAF-8066-3184184DFDB9}" refers to invalid object "C:\Program Files\PeDevice\PeDev.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{43EFA71A-AEE6-457D-87CB-F77EECF5CE85}" refers to invalid object "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{46BD3F46-6E46-43D2-A69D-FD8C05044475}" refers to invalid object "C:\WINDOWS\ttext.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4D1C4E80-A32A-416B-BCDB-33B3EF3617D3}" refers to invalid object "C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5B07F69C-D41C-4292-8876-91926FED0175}" refers to invalid object "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{5B78B3E5-DA25-4820-BB77-2BBC705B5BBB}" refers to invalid object "C:\DOCUME~1\BRENDA~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{8F73AC0F-5769-4282-8762-B396A3BFF377}" refers to invalid object "C:\WINDOWS\dsr.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}" refers to invalid object "C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B162D478-EF46-4475-B1FE-216BDEDB7FAD}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{B7E20302-C22C-4AF2-9D75-C3EB6EEE9DD8}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{D6B04F0C-E180-44F3-8FF3-C47663905EFB}" refers to invalid object "C:\DOCUME~1\COURTN~1\LOCALS~1\Temp\Word8.0\InlineMultimedia.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "C:\Program Files\Messenger\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E78BFDCB-676B-47BB-ADB4-FCB5BF1CA2DB}" refers to invalid object "C:\DOCUME~1\COURTN~1\LOCALS~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{FA13AA2E-CA9B-11D2-9780-00104B242EA3}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll". Action Taken: No Action Taken.
Entry "HKCR\AcroExch.Document.7" refers to invalid object "{B801CA65-A1FC-11D0-85AD-444553540000}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.9" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\p\shell\open\command" refers to invalid object "hyyp://www.expage.com/courtneyluvzyou %1". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\WINDOWS\fshsgs.exe tagged as "not-a-virus:AdWare.BetterInternet.r". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bk.exe tagged as "not-a-virus:AdWare.SurfSide.o". Action Taken: No Action Taken.
File C:\WINDOWS\system32\bpc_inst_1014.exe tagged as "not-a-virus:AdWare.Broadcap.d". Action Taken: No Action Taken.
File C:\WINDOWS\system32\MegasearchBarSetup.dll tagged as "not-a-virus:AdWare.F1Organizer.n". Action Taken: No Action Taken.
File C:\WINDOWS\system32\Scandium.exe infected by "Trojan-PSW.Win32.Agent.h" Virus! Action Taken: No Action Taken.
File C:\!Submit\jdh31mkl.ini tagged as "not-a-virus:AdWare.Sahat.ao". Action Taken: No Action Taken.
File C:\Documents and Settings\Brenda Brown\Local Settings\Application Data\bp12.exe tagged as "not-a-virus:AdWare.FlashEnhancer.b". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\02798567-6573-4A88-A5C7-DF75D3\ACAB9344-D142-467F-8BE1-378E02 tagged as "not-a-virus:AdWare.ToolBar.MyWay.s". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\7E4BACBE-A10B-4EF9-B168-0BA729\D5686736-C6EF-4323-A187-CF9D8C infected by "Trojan.Win32.Pakes" Virus! Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\A1B22A1A-57BE-48CD-8F36-4653B1\CEA5DA35-A823-426F-88C0-523F4A tagged as "not-a-virus:AdWare.ToolBar.ImiBar.g". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\A5EE4053-0E9A-44C1-A9AF-3C8FB3\80BD8ABF-CC79-4760-AB44-28A38E tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\A5EE4053-0E9A-44C1-A9AF-3C8FB3\A0429F97-CDB7-41BC-9730-CBB8AF tagged as "not-a-virus:AdWare.SaveNow.t". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\A5EE4053-0E9A-44C1-A9AF-3C8FB3\A67209BA-AABF-4BFA-BFDF-3B90DC tagged as "not-a-virus:AdWare.Cydoor". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\EA5E83E2-07C1-4024-AFEA-40E313\35EA0CC6-4834-413E-AC99-9A5254 tagged as "not-a-virus:AdWare.TotalVelocity.af". Action Taken: No Action Taken.
File C:\Program Files\Microsoft AntiSpyware\Quarantine\EC812187-AFAD-42FD-AFBF-51AB10\22E2A195-ACE4-42AB-9E4B-BE9A21 tagged as "not-a-virus:AdWare.ToolBar.MyWay.s". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CC038E0.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4BDA73D1.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5536143F.exe tagged as "not-a-virus:AdWare.ToolBar.Dotcom.ao". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\568A22CA.exe tagged as "not-a-virus:AdWare.ToolBar.Dotcom.ao". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\704F7733.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\72223145 infected by "Trojan.Win32.StartPage.nk" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7FD965F1.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\tvs\BPCv2.Plugins.dll tagged as "not-a-virus:AdWare.Broadcap.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP10\A0025170.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP12\A0036306.ini tagged as "not-a-virus:AdWare.Sahat.ao". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP12\A0037313.exe infected by "Trojan-Downloader.Win32.Apropo.aj" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003245.exe infected by "Trojan-Downloader.Win32.VB.hw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003246.exe infected by "Trojan-Downloader.Win32.Agent.ti" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003247.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003248.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003249.exe tagged as "not-a-virus:AdWare.AdSrve.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003250.exe tagged as "not-a-virus:AdWare.UrlSpy.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003251.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003252.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003253.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003254.exe infected by "Trojan.Win32.Agent.az" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003255.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003256.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003257.exe tagged as "not-a-virus:AdWare.AdSrve.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003258.exe tagged as "not-a-virus:AdWare.AdSrve.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003259.exe infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003260.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003261.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003262.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003263.dll infected by "Trojan-Downloader.Win32.Qoologic.ac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003264.exe infected by "Trojan-Downloader.Win32.Intexp.e" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003265.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003266.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003267.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003268.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003269.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003270.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003271.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003272.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003273.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003274.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003275.dll tagged as "not-a-virus:AdWare.ToolBar.ImiBar.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003276.exe tagged as "not-a-virus:AdWare.ToolBar.ImiBar.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003277.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003278.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003279.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003280.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003281.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003282.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003283.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003284.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003285.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003286.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003287.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003288.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003289.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003290.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003291.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003292.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003293.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003295.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003296.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003297.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003298.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003299.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003300.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003301.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003302.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003303.exe tagged as "not-a-virus:AdWare.SafeSurfing.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003304.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003305.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003306.exe infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003307.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003308.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003309.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003310.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003311.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003312.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003313.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003314.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003315.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003316.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003317.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003318.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003319.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003320.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003321.exe infected by "Trojan-Downloader.NSIS.Agent.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003322.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003323.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003324.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003325.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003326.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003327.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003328.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003329.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003330.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003331.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003332.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003333.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003334.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003335.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003336.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003337.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003338.exe infected by "Trojan-Downloader.Win32.VB.cw" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003339.exe tagged as "not-a-virus:AdWare.PurityScan.cz". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003340.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003341.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003342.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003343.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003344.dll infected by "Trojan-Downloader.Win32.Dyfuca.j" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003345.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003346.dll tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003347.dll infected by "Trojan.Win32.EliteBar.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003348.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003349.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003350.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003351.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003352.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003353.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003354.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003355.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003356.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003357.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003358.exe infected by "Trojan-Downloader.Win32.Agent.tv" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003359.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003360.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003361.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003362.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003363.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003364.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003365.exe infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003366.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003367.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003368.cpl infected by "Trojan-Downloader.Win32.Qoologic.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003369.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003370.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003371.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003372.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003373.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003375.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003376.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003377.dll infected by "Trojan-Dropper.Win32.Noname.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003378.exe infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003379.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003380.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003381.dll infected by "Trojan-Downloader.Win32.Qoologic.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003382.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003383.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003384.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003385.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003386.dll tagged as "not-a-virus:AdWare.SafeSurfing.q". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003387.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003388.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003389.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003390.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003391.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003392.dll infected by "Trojan-Downloader.Win32.Dyfuca.cn" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003393.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003394.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003395.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003396.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003397.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003398.exe infected by "Trojan-Dropper.Win32.Agent.tb" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003399.exe tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003400.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003401.exe tagged as "not-a-virus:AdWare.WinFetcher.g". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003402.exe tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003403.exe tagged as "not-a-virus:AdWare.DelphinMedia.Viewer.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003404.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003405.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003406.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003407.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003408.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003409.dll tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP2\A0003410.DLL tagged as "not-a-virus:AdWare.Look2Me.ab". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP23\A0062069.ini tagged as "not-a-virus:AdWare.Sahat.ao". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP3\A0011228.exe tagged as "not-a-virus:AdWare.AdURL.c". Action Taken: No Action Taken.
File C:\updaterInstall_108.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\fshsgs.exe tagged as "not-a-virus:AdWare.BetterInternet.r". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\bk.exe tagged as "not-a-virus:AdWare.SurfSide.o". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\bpc_inst_1014.exe tagged as "not-a-virus:AdWare.Broadcap.d". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\MegasearchBarSetup.dll tagged as "not-a-virus:AdWare.F1Organizer.n". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\Scandium.exe infected by "Trojan-PSW.Win32.Agent.h" Virus! Action Taken: No Action Taken.


Did you just need this info or do you need the log also?
  • 0

#28
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That gives us some more info.

Download the Pocket Killbox.

Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.
  • Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:

    • C:\WINDOWS\fshsgs.exe
      C:\WINDOWS\system32\bk.exe
      C:\WINDOWS\system32\bpc_inst_1014.exe
      C:\WINDOWS\system32\MegasearchBarSetup.dll
      C:\WINDOWS\system32\Scandium.exe
      C:\Documents and Settings\Brenda Brown\Local Settings\Application Data\bp12.exe
      C:\Program Files\tvs\BPCv2.Plugins.dll
      C:\Program Files\Onlyware\ace.dll
      C:\Program Files\Onlyware\atl.dll
      C:\Program Files\Onlyware\WinGenerics.dll
      C:\Program Files\Onlyware\mdhkbdhu.exe


  • Now go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.
  • Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.
Your system will reboot now.




Please download the trial version of WebRoot SpySweeper
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#29
brenda4172

brenda4172

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
8:00 PM: |··· Start of Session, Thursday, September 22, 2005 ···|
8:00 PM: Spy Sweeper started
8:00 PM: Sweep initiated using definitions version 539
8:00 PM: Starting Memory Sweep
8:04 PM: Memory Sweep Complete, Elapsed Time: 00:04:11
8:04 PM: Starting Registry Sweep
8:04 PM: Found Adware: addestroyer
8:04 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\vb and vba program settings\addestroyer\ (3 subtraces) (ID = 102749)
8:04 PM: Found Adware: altnet
8:04 PM: HKLM\software\altnet\ (8 subtraces) (ID = 103481)
8:04 PM: Found Adware: apropos
8:04 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
8:04 PM: Found Adware: begin2search
8:04 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
8:04 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
8:04 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
8:04 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
8:04 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
8:04 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
8:04 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
8:04 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
8:04 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
8:04 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
8:04 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
8:04 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
8:05 PM: Found Adware: browseraid
8:05 PM: HKCR\appid\{87690003-2714-45e7-8a1b-dc0658de778c}\ (1 subtraces) (ID = 105031)
8:05 PM: HKCR\interface\{f8d96098-e9f7-42e1-88f3-a3719d70ea8d}\ (8 subtraces) (ID = 105074)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\windows\currentversion\updt\ (1 subtraces) (ID = 105189)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\windows\currentversion\updt\ (1 subtraces) (ID = 105189)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\{2cf0b992-5eeb-4143-99c0-5297ef71f444}\ (2 subtraces) (ID = 105190)
8:05 PM: Found Adware: cydoor peer-to-peer dependency
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\kazaa\promotions\cydoor\ (420 subtraces) (ID = 124527)
8:05 PM: Found Adware: delfin
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\mvu\ (5 subtraces) (ID = 124884)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\tat\ (5 subtraces) (ID = 124894)
8:05 PM: Found Adware: deskad
8:05 PM: HKCR\deskadx.installer\ (1 subtraces) (ID = 124925)
8:05 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/deskadx.dll\ (2 subtraces) (ID = 124926)
8:05 PM: HKLM\software\classes\deskadx.installer\ (1 subtraces) (ID = 124928)
8:05 PM: Found Adware: downloadware
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\medialoads\ (12 subtraces) (ID = 125355)
8:05 PM: Found Adware: esyndicate bho
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\esyn\ (7 subtraces) (ID = 125844)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\esyn\ (7 subtraces) (ID = 125844)
8:05 PM: Found Adware: ezula ilookup
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\windows\currentversion\run\ || ezmmod (ID = 126293)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\windows\currentversion\run\ || ezwo (ID = 126294)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\web offer\ (11 subtraces) (ID = 126300)
8:05 PM: Found Adware: flashtrack
8:05 PM: HKCR\interface\{28168cce-5310-4f12-ab58-9da99a55aaeb}\ (8 subtraces) (ID = 126531)
8:05 PM: HKLM\software\classes\interface\{28168cce-5310-4f12-ab58-9da99a55aaeb}\ (8 subtraces) (ID = 126537)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\ (9 subtraces) (ID = 126538)
8:05 PM: HKLM\software\fen\ (7 subtraces) (ID = 126539)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\ (9 subtraces) (ID = 126562)
8:05 PM: Found Adware: ie driver
8:05 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
8:05 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
8:05 PM: Found Adware: ieplugin
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\intexp\ (7 subtraces) (ID = 128173)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\intexp\ (1 subtraces) (ID = 128173)
8:05 PM: Found Adware: drsnsrch.com hijack
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\main\ || search page (ID = 128207)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\searchurl\ (2 subtraces) (ID = 128212)
8:05 PM: Found Adware: instafinder
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\instafink\ (21 subtraces) (ID = 128666)
8:05 PM: Found Adware: internetoptimizer
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\avenue media\ (ID = 128887)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\policies\avenue media\ (ID = 128928)
8:05 PM: Found Adware: keenvalue/perfectnav
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\intermixmedia\ (ID = 129439)
8:05 PM: Found Adware: megasear toolbar
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\megasear toolbar\ (23 subtraces) (ID = 134923)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-c0ff-fa7fb592bf30} (ID = 134930)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-c0ff-fa7fb592bf30} (ID = 134930)
8:05 PM: Found Adware: 180search assistant/zango
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\salm\ (16 subtraces) (ID = 135792)
8:05 PM: Found Trojan Horse: trojan-downloader-pacisoft
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\psof1\ (12 subtraces) (ID = 136530)
8:05 PM: Found Adware: redzip toolbar
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
8:05 PM: Found Adware: relatedlinks bho
8:05 PM: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 subtraces) (ID = 139367)
8:05 PM: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 subtraces) (ID = 139376)
8:05 PM: Found Adware: rx toolbar
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\rx toolbar\ (8 subtraces) (ID = 140298)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {25d8bacf-3de2-4b48-ae22-d659b8d835b0} (ID = 140301)
8:05 PM: Found Adware: bho_sep
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\sep\ (9 subtraces) (ID = 141642)
8:05 PM: Found Adware: surfsidekick
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\surfsidekick2\ (3 subtraces) (ID = 143410)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\surfsidekick3\ (3 subtraces) (ID = 143412)
8:05 PM: Found Adware: virtualbouncer
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\vb and vba program settings\vbouncer\ (8 subtraces) (ID = 145564)
8:05 PM: Found Adware: abetterinternet
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\localnrd\ (35 subtraces) (ID = 145919)
8:05 PM: Found Adware: websearch toolbar
8:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
8:05 PM: Found Adware: wildmedia
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\internet explorer\main\ || updater (ID = 146721)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\microsoft\internet explorer\main\ || updater (ID = 146721)
8:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wbcm\ (3 subtraces) (ID = 146959)
8:05 PM: Found Adware: winad
8:05 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
8:05 PM: Found Adware: windows afa internet enhancement
8:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wafaie\ (1 subtraces) (ID = 147277)
8:05 PM: Found Adware: cas
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\cas\client\ (11 subtraces) (ID = 359309)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\windows\currentversion\run\ || cas client (ID = 359312)
8:05 PM: Found Adware: shopnavupdater
8:05 PM: HKCR\snb.band\ (3 subtraces) (ID = 359491)
8:05 PM: HKCR\sntb.bottomframe\ (3 subtraces) (ID = 359492)
8:05 PM: HKCR\sntb.leftframe\ (3 subtraces) (ID = 359493)
8:05 PM: HKCR\sntb.popupbrowser\ (3 subtraces) (ID = 359494)
8:05 PM: HKCR\sntb.popupwindow\ (3 subtraces) (ID = 359495)
8:05 PM: HKLM\software\classes\snb.band\ (3 subtraces) (ID = 359501)
8:05 PM: HKLM\software\classes\sntb.bottomframe\ (3 subtraces) (ID = 359502)
8:05 PM: HKLM\software\classes\sntb.leftframe\ (3 subtraces) (ID = 359503)
8:05 PM: HKLM\software\classes\sntb.popupbrowser\ (3 subtraces) (ID = 359505)
8:05 PM: HKLM\software\classes\sntb.popupwindow\ (3 subtraces) (ID = 359507)
8:05 PM: HKLM\software\classes\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359508)
8:05 PM: HKCR\typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}\ (9 subtraces) (ID = 359513)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\aurora\ (29 subtraces) (ID = 360174)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\aurora\ (27 subtraces) (ID = 360174)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\ (19 subtraces) (ID = 386817)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\ || bmk (ID = 386818)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\ (4 subtraces) (ID = 386819)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\ || geo (ID = 386820)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\ (3 subtraces) (ID = 386824)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\ || imagespath (ID = 386825)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\ || genun (ID = 386826)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\ (9 subtraces) (ID = 449649)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\ (8 subtraces) (ID = 449650)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\0\ (2 subtraces) (ID = 449652)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\0\win32\ (1 subtraces) (ID = 449653)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\flags\ (1 subtraces) (ID = 449655)
8:05 PM: HKCR\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\helpdir\ (1 subtraces) (ID = 449657)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\ (9 subtraces) (ID = 465256)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\ (8 subtraces) (ID = 465257)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\0\ (2 subtraces) (ID = 465259)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\0\win32\ (1 subtraces) (ID = 465260)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\flags\ (1 subtraces) (ID = 465262)
8:05 PM: HKLM\software\classes\typelib\{1bd49631-ae36-42f4-a37b-ca7f53146821}\1.0\helpdir\ (1 subtraces) (ID = 465264)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\ (30 subtraces) (ID = 466658)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\ || strup (ID = 466659)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\ || l_up (ID = 466669)
8:05 PM: Found Adware: drsnsrch hijacker
8:05 PM: HKCR\dsrch.band\ (3 subtraces) (ID = 509134)
8:05 PM: HKCR\dsrch.bottomframe\ (3 subtraces) (ID = 509135)
8:05 PM: HKCR\dsrch.leftframe\ (3 subtraces) (ID = 509136)
8:05 PM: HKCR\dsrch.popupbrowser\ (3 subtraces) (ID = 509137)
8:05 PM: HKCR\dsrch.popupwindow\ (3 subtraces) (ID = 509138)
8:05 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
8:05 PM: HKU\S-1-5-21-757298511-2304659736-1445258045-1006\software\dsrch\ (11 subtraces) (ID = 509156)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\dsrch\ (11 subtraces) (ID = 509156)
8:05 PM: HKLM\software\classes\dsrch.band\ (3 subtraces) (ID = 509171)
8:05 PM: HKLM\software\classes\dsrch.leftframe\ (3 subtraces) (ID = 509179)
8:05 PM: HKLM\software\classes\dsrch.popupbrowser\ (3 subtraces) (ID = 509185)
8:05 PM: HKLM\software\classes\dsrch.popupwindow\ (3 subtraces) (ID = 509191)
8:05 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
8:05 PM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
8:05 PM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
8:05 PM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
8:05 PM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
8:05 PM: Found Adware: rich editor
8:05 PM: HKCR\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 544913)
8:05 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (1 subtraces) (ID = 550562)
8:05 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (1 subtraces) (ID = 550565)
8:05 PM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\ (9 subtraces) (ID = 550573)
8:05 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
8:05 PM: HKCR\pool.lanbridge\ (3 subtraces) (ID = 608249)
8:05 PM: HKLM\software\classes\pool.lanbridge\ (3 subtraces) (ID = 609138)
8:05 PM: HKLM\software\classes\typelib\{34a35bbb-8c19-4482-864c-290bd8dd6a5d}\1.0\ (8 subtraces) (ID = 609169)
8:05 PM: HKLM\software\lanbridge\ (27 subtraces) (ID = 609177)
8:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\lanbridge\ (1 subtraces) (ID = 609194)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\ (30 subtraces) (ID = 639279)
8:05 PM: HKLM\software\classes\dsrch.bottomframe\ (3 subtraces) (ID = 646382)
8:05 PM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
8:05 PM: HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1007\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
8:05 PM: Found Adware: appliedsearch
8:05 PM: HKCR\interface\{6600d22d-083f-11d6-99de-d172e92ebc2a}\ (8 subtraces) (ID = 661011)
8:05 PM: HKCR\interface\{6600d22e-083f-11d6-99de-d172e92ebc2a}\ (8 subtraces) (ID = 661020)
8:05 PM: HKLM\software\classes\interface\{6600d22d-083f-11d6-99de-d172e92ebc2a}\ (8 subtraces) (ID = 661094)
8:05 PM: HKLM\software\classes\interface\{6600d22e-083f-11d6-99de-d172e92ebc2a}\ (8 subtraces) (ID = 661103)
8:05 PM: Found Adware: visfx
8:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (1 subtraces) (ID = 712951)
8:05 PM: Registry Sweep Complete, Elapsed Time:00:00:54
8:05 PM: Starting Cookie Sweep
8:05 PM: Found Spy Cookie: about cookie
8:05 PM: brenda brown@about[2].txt (ID = 2037)
8:05 PM: Found Spy Cookie: yieldmanager cookie
8:05 PM: brenda [email protected][2].txt (ID = 3751)
8:05 PM: Found Spy Cookie: adknowledge cookie
8:05 PM: brenda brown@adknowledge[2].txt (ID = 2072)
8:05 PM: Found Spy Cookie: adrevolver cookie
8:05 PM: brenda brown@adrevolver[2].txt (ID = 2088)
8:05 PM: brenda brown@adrevolver[3].txt (ID = 2088)
8:05 PM: Found Spy Cookie: addynamix cookie
8:05 PM: brenda [email protected][2].txt (ID = 2062)
8:05 PM: Found Spy Cookie: ask cookie
8:05 PM: brenda brown@ask[1].txt (ID = 2245)
8:05 PM: Found Spy Cookie: atwola cookie
8:05 PM: brenda brown@atwola[1].txt (ID = 2255)
8:05 PM: Found Spy Cookie: banner cookie
8:05 PM: brenda brown@banner[2].txt (ID = 2276)
8:05 PM: brenda [email protected][2].txt (ID = 2038)
8:05 PM: Found Spy Cookie: belnk cookie
8:05 PM: brenda brown@belnk[1].txt (ID = 2292)
8:05 PM: Found Spy Cookie: bluestreak cookie
8:05 PM: brenda brown@bluestreak[2].txt (ID = 2314)
8:05 PM: Found Spy Cookie: burstnet cookie
8:05 PM: brenda brown@burstnet[1].txt (ID = 2336)
8:05 PM: brenda [email protected][2].txt (ID = 2293)
8:05 PM: brenda [email protected][1].txt (ID = 2038)
8:05 PM: Found Spy Cookie: screensavers.com cookie
8:05 PM: brenda [email protected][1].txt (ID = 3298)
8:05 PM: Found Spy Cookie: paypopup cookie
8:05 PM: brenda brown@paypopup[2].txt (ID = 3119)
8:05 PM: Found Spy Cookie: realmedia cookie
8:05 PM: brenda brown@realmedia[1].txt (ID = 3235)
8:05 PM: Found Spy Cookie: starware.com cookie
8:05 PM: brenda brown@starware[2].txt (ID = 3441)
8:05 PM: Found Spy Cookie: tmpad cookie
8:05 PM: brenda brown@tmpad[1].txt (ID = 3545)
8:05 PM: Found Spy Cookie: tracking cookie
8:05 PM: brenda brown@tracking[1].txt (ID = 3571)
8:05 PM: Found Spy Cookie: trafficmp cookie
8:05 PM: brenda brown@trafficmp[1].txt (ID = 3581)
8:05 PM: Found Spy Cookie: burstbeacon cookie
8:05 PM: brenda [email protected][1].txt (ID = 2335)
8:05 PM: brenda [email protected][1].txt (ID = 2337)
8:05 PM: brenda [email protected][1].txt (ID = 3298)
8:05 PM: Found Spy Cookie: websponsors cookie
8:05 PM: courtney [email protected][2].txt (ID = 3665)
8:05 PM: courtney brown@about[2].txt (ID = 2037)
8:05 PM: courtney [email protected][1].txt (ID = 3751)
8:05 PM: courtney brown@belnk[1].txt (ID = 2292)
8:05 PM: Found Spy Cookie: com.com cookie
8:05 PM: courtney brown@com[2].txt (ID = 2445)
8:05 PM: courtney [email protected][2].txt (ID = 2293)
8:05 PM: courtney [email protected][2].txt (ID = 2038)
8:05 PM: Found Spy Cookie: spywarestormer cookie
8:05 PM: courtney brown@spywarestormer[2].txt (ID = 3417)
8:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
8:05 PM: Starting File Sweep
8:06 PM: c:\program files\appliedsearch_autoinstall (3 subtraces) (ID = -2147474739)
8:06 PM: Found Adware: elitebar
8:06 PM: c:\windows\etb (7 subtraces) (ID = -2147476235)
8:06 PM: Found Adware: winantispyware 2005
8:06 PM: c:\program files\common files\winsoftware (ID = -2147476682)
8:06 PM: f4e8be38-d514-4ea1-bc6b-c72b66 (ID = 83087)
8:06 PM: Found Adware: broadcastpc
8:06 PM: tvlistings.dll (ID = 140448)
8:06 PM: 5b359d15-ea11-44c1-8ed8-b79515 (ID = 57725)
8:06 PM: Found Trojan Horse: peper trojan
8:06 PM: yfk8.cu6 (ID = 72367)
8:06 PM: 541816c0-171e-4c93-b2d2-f3a90f (ID = 83087)
8:06 PM: dae569c6-580c-47c9-9acc-173ec9 (ID = 51856)
8:06 PM: 05f1502c-727d-4f4b-b1b9-f6694f (ID = 120693)
8:06 PM: tab_0.mht (ID = 51850)
8:07 PM: Found Adware: diamond deal casino
8:07 PM: vegasred.exe (ID = 59042)
8:07 PM: Found Adware: tvmedia
8:07 PM: 35ea0cc6-4834-413e-ac99-9a5254 (ID = 81783)
8:07 PM: 54acc826-a8ab-418a-a0eb-9efeec (ID = 120693)
8:07 PM: ea146c18-7109-49f0-9182-266cef (ID = 114990)
8:07 PM: Found Adware: bonzi buddy
8:07 PM: bbshortcut.ico (ID = 51620)
8:07 PM: cdmodem6.exe (ID = 62709)
8:07 PM: cabinet2.exe (ID = 62709)
8:08 PM: 07a987d4-5462-4088-9556-e8cdd1 (ID = 83087)
8:08 PM: ni.mht (ID = 51847)
8:08 PM: interop.shdocvw.dll (ID = 51845)
8:08 PM: wingenerics.dll (ID = 50187)
8:09 PM: c5d5ce7d-bc75-4cc6-9d89-376c89 (ID = 51856)
8:09 PM: ziplib.dll (ID = 112763)
8:09 PM: Found Adware: upspiral toolbar
8:09 PM: unist2.exe.tcf (ID = 82040)
8:09 PM: bk.exe (ID = 136396)
8:09 PM: bpcv2.plugins.dll (ID = 140447)
8:10 PM: Found Adware: clkoptimizer
8:10 PM: cmxaora.exe (ID = 146385)
8:10 PM: axinterop.shdocvw.dll (ID = 51810)
8:10 PM: sskknwrd.dll (ID = 77733)
8:10 PM: updaterinstall_108.exe (ID = 65013)
8:10 PM: tvsv2.dll (ID = 140449)
8:10 PM: cea5da35-a823-426f-88c0-523f4a (ID = 75991)
8:10 PM: gwqml.dll (ID = 146381)
8:11 PM: bar.dll (ID = 137713)
8:11 PM: medialoads.lnk (ID = 59302)
8:11 PM: lbbho.ini (ID = 73732)
8:11 PM: sskcwrd.dll (ID = 77712)
8:11 PM: satmat.ini (ID = 83499)
8:11 PM: satmat.inf (ID = 83498)
8:11 PM: 02769ed1-6c4c-4544-9035-e3bbed (ID = 85808)
8:11 PM: belt.inf (ID = 83154)
8:11 PM: biini.inf (ID = 83199)
8:11 PM: polall1r.inf (ID = 83425)
8:11 PM: sepsd.bin (ID = 75367)
8:11 PM: File Sweep Complete, Elapsed Time: 00:05:52
8:11 PM: Full Sweep has completed. Elapsed time 00:11:10
8:11 PM: Traces Found: 1465
8:13 PM: Removal process initiated
8:13 PM: Quarantining All Traces: addestroyer
8:13 PM: Quarantining All Traces: altnet
8:13 PM: Quarantining All Traces: apropos
8:13 PM: Quarantining All Traces: begin2search
8:13 PM: Quarantining All Traces: browseraid
8:14 PM: Quarantining All Traces: cydoor peer-to-peer dependency
8:14 PM: Quarantining All Traces: delfin
8:14 PM: Quarantining All Traces: deskad
8:14 PM: Quarantining All Traces: downloadware
8:14 PM: Quarantining All Traces: esyndicate bho
8:14 PM: Quarantining All Traces: ezula ilookup
8:14 PM: Quarantining All Traces: flashtrack
8:14 PM: Quarantining All Traces: ie driver
8:14 PM: Quarantining All Traces: ieplugin
8:14 PM: Quarantining All Traces: drsnsrch.com hijack
8:14 PM: Quarantining All Traces: instafinder
8:14 PM: Quarantining All Traces: internetoptimizer
8:14 PM: Quarantining All Traces: keenvalue/perfectnav
8:14 PM: Quarantining All Traces: megasear toolbar
8:14 PM: Quarantining All Traces: 180search assistant/zango
8:14 PM: Quarantining All Traces: trojan-downloader-pacisoft
8:14 PM: Quarantining All Traces: redzip toolbar
8:14 PM: Quarantining All Traces: relatedlinks bho
8:14 PM: Quarantining All Traces: rx toolbar
8:14 PM: Quarantining All Traces: bho_sep
8:14 PM: Quarantining All Traces: surfsidekick
8:14 PM: Quarantining All Traces: virtualbouncer
8:14 PM: Quarantining All Traces: abetterinternet
8:14 PM: Quarantining All Traces: websearch toolbar
8:14 PM: Quarantining All Traces: wildmedia
8:14 PM: Quarantining All Traces: winad
8:14 PM: Quarantining All Traces: windows afa internet enhancement
8:14 PM: Quarantining All Traces: cas
8:14 PM: Quarantining All Traces: shopnavupdater
8:14 PM: Quarantining All Traces: drsnsrch hijacker
8:14 PM: Quarantining All Traces: rich editor
8:14 PM: Quarantining All Traces: appliedsearch
8:14 PM: Quarantining All Traces: visfx
8:14 PM: Quarantining All Traces: about cookie
8:14 PM: Quarantining All Traces: yieldmanager cookie
8:14 PM: Quarantining All Traces: adknowledge cookie
8:14 PM: Quarantining All Traces: adrevolver cookie
8:14 PM: Quarantining All Traces: addynamix cookie
8:14 PM: Quarantining All Traces: ask cookie
8:14 PM: Quarantining All Traces: atwola cookie
8:14 PM: Quarantining All Traces: banner cookie
8:14 PM: Quarantining All Traces: belnk cookie
8:14 PM: Quarantining All Traces: bluestreak cookie
8:14 PM: Quarantining All Traces: burstnet cookie
8:14 PM: Quarantining All Traces: screensavers.com cookie
8:14 PM: Quarantining All Traces: paypopup cookie
8:14 PM: Quarantining All Traces: realmedia cookie
8:14 PM: Quarantining All Traces: starware.com cookie
8:14 PM: Quarantining All Traces: tmpad cookie
8:14 PM: Quarantining All Traces: tracking cookie
8:14 PM: Quarantining All Traces: trafficmp cookie
8:14 PM: Quarantining All Traces: burstbeacon cookie
8:14 PM: Quarantining All Traces: websponsors cookie
8:14 PM: Quarantining All Traces: com.com cookie
8:14 PM: Quarantining All Traces: spywarestormer cookie
8:14 PM: Quarantining All Traces: elitebar
8:14 PM: Quarantining All Traces: winantispyware 2005
8:14 PM: Quarantining All Traces: broadcastpc
8:14 PM: Quarantining All Traces: peper trojan
8:14 PM: Quarantining All Traces: diamond deal casino
8:14 PM: Quarantining All Traces: tvmedia
8:14 PM: Quarantining All Traces: bonzi buddy
8:14 PM: Quarantining All Traces: upspiral toolbar
8:14 PM: Quarantining All Traces: clkoptimizer
8:14 PM: Warning: Quarantine could not read registry value for HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\{120e090d-9136-4b78-8258-f0b44b4bd2ac}\. Failed to export registry value "S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\{120e090d-9136-4b78-8258-f0b44b4bd2ac}". Key/Value does not exist
8:14 PM: Warning: Failed to remove "HKEY_USERS\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\{120e090d-9136-4b78-8258-f0b44b4bd2ac}".
8:14 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\bmk\. Failed to export registry value "WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\bmk". Key/Value does not exist
8:14 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\geo\. Failed to export registry value "WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\geo". Key/Value does not exist
8:14 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\l_up\. Failed to export registry value "WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\id\l_up". Key/Value does not exist
8:14 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\genun\. Failed to export registry value "WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\genun". Key/Value does not exist
8:14 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\imagespath\. Failed to export registry value "WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\setup\path\imagespath". Key/Value does not exist
8:14 PM: Warning: Quarantine could not read registry value for HKU\WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\strup\. Failed to export registry value "WRSS_Profile_S-1-5-21-757298511-2304659736-1445258045-1008\software\ezula\strup". Key/Value does not exist
8:16 PM: Removal process completed. Elapsed time 00:02:56
********
7:59 PM: |··· Start of Session, Thursday, September 22, 2005 ···|
7:59 PM: Spy Sweeper started
8:00 PM: |··· End of Session, Thursday, September 22, 2005 ···|
  • 0

#30
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Wow! How are things working for you now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP