Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Hjt Log "computer Runs Really Slow"


  • Please log in to reply
5 replies to this topic

#1 Langley

Langley

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 11 January 2006 - 05:34 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:09:32 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\temp\salm.exe
C:\Program Files\Wkgji\Gcaveuc.exe
C:\WINDOWS\system32\2u1b36aa.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\ocyejh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\VVSN\VVSN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AMERIC~1.0C\waol.exe
C:\PROGRA~1\AMERIC~1.0C\shellmon.exe
C:\DOCUME~1\John\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.search-exe.com/nph-search.cg...look=stmpl1&fw=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{9368D063-44BE-49B9-BD14-BB9663FD38FC} - (no file)
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: - {23CAF3BA-6247-40DB-BCD0-A674CA697876} - C:\WINDOWS\lbbho.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\Program Files\YourSiteBar\ysb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Jabqzebp] C:\Program Files\Wkgji\Gcaveuc.exe
O4 - HKLM\..\Run: [2u1b36aa] C:\WINDOWS\system32\2u1b36aa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122502430\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Control] elephant.pif
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Macromedia Flash Update] carcrash.pif
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [AY5Ql0Ah9] C:\WINDOWS\ocyejh.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [AY5Ql0Ah$vùõš/‚²‘ÆC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ocyejh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [nqtyd] C:\WINDOWS\nqtyd.exe
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\RunServices: [Microsoft Control] elephant.pif
O4 - HKLM\..\RunServices: [Macromedia Flash Update] carcrash.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0C\AOL.EXE" -b
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll
O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://reged.mshow.com/(w0lnwim5pmyvncion4.../ShowSetup5.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094433254921
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://qa.download.pw.aol.com/molbin/share...,18/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - http://webcafe.wharton.upenn.edu/eRoomSetup/client.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 20 January 2006 - 05:54 PM

DownLoad http://www.cexx.org/lspfix.htm

Add remove programs – remove newdotnet

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
===================
DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"

=========
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Langley

Langley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 30 January 2006 - 03:13 PM

********
4:18 PM: | Start of Session, Sunday, January 29, 2006 |
4:18 PM: Spy Sweeper started
4:18 PM: Sweep initiated using definitions version 606
4:18 PM: Starting Memory Sweep
4:18 PM: Found Adware: ist sidefind
4:18 PM: Detected running threat: C:\Program Files\SideFind\sfbho.dll (ID = 157821)
4:18 PM: Found Adware: whenu searchbar/pricebandit
4:18 PM: Detected running threat: C:\Program Files\WhenUSearch\search.dll (ID = 127173)
4:18 PM: Found Adware: winad
4:18 PM: Detected running threat: C:\Program Files\Media Access\MediaAccess.exe (ID = 90397)
4:18 PM: Detected running threat: C:\Program Files\Media Access\MediaAccC.dll (ID = 90379)
4:18 PM: Found Adware: ist yoursitebar
4:18 PM: Detected running threat: C:\Program Files\YourSiteBar\ysb.dll (ID = 161559)
4:20 PM: Found Adware: ist surf accuracy
4:20 PM: Detected running threat: C:\Program Files\SurfAccuracy\SAcc.exe (ID = 207157)
4:20 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0)
4:21 PM: Detected running threat: C:\Program Files\Media Access\MediaAccK.exe (ID = 90411)
4:21 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Media Access (ID = 0)
4:21 PM: Found Adware: ist istbar
4:21 PM: Detected running threat: C:\WINDOWS\ocyejh.exe (ID = 64496)
4:21 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || AY5Ql0Ah9 (ID = 0)
4:21 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || AY5Ql0Ah$vùõš/‚²‘ÆC:\Program Files\ISTsvc\istsvc.exe (ID = 0)
4:21 PM: Detected running threat: C:\Program Files\ISTsvc\istsvc.exe (ID = 64665)
4:21 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || IST Service (ID = 0)
4:21 PM: Detected running threat: C:\Program Files\WhenUSearch\Search.exe (ID = 127174)
4:21 PM: Found Adware: shopathomeselect
4:21 PM: Detected running threat: C:\WINDOWS\SYSTEM32\2u1b36aa.exe (ID = 75761)
4:21 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 2u1b36aa (ID = 0)
4:21 PM: Memory Sweep Complete, Elapsed Time: 00:03:43
4:21 PM: Starting Registry Sweep
4:21 PM: Found Adware: attempted bho
4:21 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\software\ (6 subtraces) (ID = 103872)
4:21 PM: Found Adware: exact cashback/bargain buddy
4:21 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\bargain buddy\ (2 subtraces) (ID = 104023)
4:21 PM: HKCR\clsid\{c0ef89ee-eec7-4535-a041-f1ebf79560a7}\ (14 subtraces) (ID = 105370)
4:21 PM: HKLM\software\classes\clsid\{c0ef89ee-eec7-4535-a041-f1ebf79560a7}\ (14 subtraces) (ID = 105373)
4:21 PM: HKLM\software\classes\webinstaller.cexecute\ (5 subtraces) (ID = 105376)
4:21 PM: HKCR\webinstaller.cexecute\ (5 subtraces) (ID = 105385)
4:21 PM: Found Adware: clipgenie
4:21 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\clipgenie\ (2 subtraces) (ID = 105921)
4:21 PM: Found Adware: delfin
4:21 PM: HKLM\software\delfin\ (2 subtraces) (ID = 124849)
4:21 PM: HKLM\software\delfin\promulgate\ (1 subtraces) (ID = 124850)
4:21 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\delfin media viewer\ (2 subtraces) (ID = 124859)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\delfin media viewer\ (2 subtraces) (ID = 124878)
4:21 PM: Found Adware: great net downloadware
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (2 subtraces) (ID = 125363)
4:21 PM: Found Adware: internetoptimizer
4:21 PM: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885)
4:21 PM: HKLM\software\avenue media\ (156 subtraces) (ID = 128888)
4:21 PM: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896)
4:21 PM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer\ (3 subtraces) (ID = 128921)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer software installer\ (3 subtraces) (ID = 128923)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wsem update\ (2 subtraces) (ID = 128927)
4:21 PM: HKLM\software\policies\avenue media\ (ID = 128929)
4:21 PM: Found Adware: ist software
4:21 PM: HKLM\software\istsvc\ (43 subtraces) (ID = 129111)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || ist service (ID = 129146)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\istsvc\ (3 subtraces) (ID = 129183)
4:21 PM: Found Adware: keenvalue/perfectnav
4:21 PM: HKLM\software\perfectnav\ (10 subtraces) (ID = 129516)
4:21 PM: Found Adware: mindset interactive - favoriteman
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\im6um\ (2 subtraces) (ID = 135028)
4:21 PM: Found Adware: moneytree
4:21 PM: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (11 subtraces) (ID = 135171)
4:21 PM: HKCR\dyfuca_bh.bhobj.1\ (3 subtraces) (ID = 135175)
4:21 PM: HKCR\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135176)
4:21 PM: HKCR\dyfuca_bh.sinkobj.1\ (3 subtraces) (ID = 135177)
4:21 PM: HKCR\dyfuca_bh.sinkobj\ (5 subtraces) (ID = 135178)
4:21 PM: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185)
4:21 PM: HKLM\software\classes\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135194)
4:21 PM: HKLM\software\classes\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135201)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dyfuca\ (ID = 135214)
4:21 PM: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (9 subtraces) (ID = 135216)
4:21 PM: HKCR\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135217)
4:21 PM: Found Adware: 180search assistant/zango
4:21 PM: HKCR\clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}\ (23 subtraces) (ID = 135602)
4:21 PM: HKLM\software\classes\clsid\{99410cde-6f16-42ce-9d49-3807f78f0287}\ (23 subtraces) (ID = 135626)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || salm (ID = 135728)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\salm\ (3 subtraces) (ID = 135779)
4:21 PM: HKLM\software\msbb\ (9 subtraces) (ID = 135782)
4:21 PM: HKLM\software\salm\ (13 subtraces) (ID = 135793)
4:21 PM: Found Adware: networkessentials
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\recommended hotfix - 421701d\ (2 subtraces) (ID = 136174)
4:21 PM: Found Adware: ist powerscan
4:21 PM: HKLM\software\powerscan\ (1 subtraces) (ID = 136824)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || power scan (ID = 136825)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826)
4:21 PM: Found Adware: relatedlinks bho
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
4:21 PM: Found Adware: whenu savenow
4:21 PM: HKCR\wusn.1\ (1 subtraces) (ID = 140463)
4:21 PM: Found Adware: scbar
4:21 PM: HKCR\clsid\{002f4e27-b273-4fa5-adfc-1fb9ed210b37}\ (13 subtraces) (ID = 140487)
4:21 PM: HKCR\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}\ (8 subtraces) (ID = 140491)
4:21 PM: HKLM\software\classes\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}\proxystubclsid32\ (1 subtraces) (ID = 140492)
4:21 PM: HKLM\software\classes\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}\typelib\ (2 subtraces) (ID = 140493)
4:21 PM: HKLM\software\classes\interface\{83a13e87-fa20-4b6a-aae8-c1226b5e1573}\ (8 subtraces) (ID = 140494)
4:21 PM: HKLM\software\classes\clsid\{002f4e27-b273-4fa5-adfc-1fb9ed210b37}\ (13 subtraces) (ID = 140496)
4:21 PM: HKLM\software\classes\webcom.webbar\ (5 subtraces) (ID = 140500)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\batch assistant\ (2 subtraces) (ID = 140508)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\data compiler\ (2 subtraces) (ID = 140509)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\indexing function\ (2 subtraces) (ID = 140510)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sbm os\ (2 subtraces) (ID = 140511)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\search os\ (2 subtraces) (ID = 140512)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\url.ie app\ (2 subtraces) (ID = 140515)
4:21 PM: HKCR\webcom.webbar.1\ (3 subtraces) (ID = 140518)
4:21 PM: HKCR\webcom.webbar\clsid\ (1 subtraces) (ID = 140519)
4:21 PM: HKCR\webcom.webbar\curver\ (1 subtraces) (ID = 140520)
4:21 PM: Found Adware: searchexe
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bmse dbl\ (2 subtraces) (ID = 140919)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ie help\ (2 subtraces) (ID = 140920)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\iec system\ (2 subtraces) (ID = 140921)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\se assistant\ (2 subtraces) (ID = 140922)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\se help\ (2 subtraces) (ID = 140923)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\search assistant\ (2 subtraces) (ID = 140924)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\search function\ (2 subtraces) (ID = 140925)
4:21 PM: HKLM\software\search-exe\ (2 subtraces) (ID = 140926)
4:21 PM: HKCR\interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}\ (8 subtraces) (ID = 141675)
4:21 PM: HKCR\interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}\ (8 subtraces) (ID = 141677)
4:21 PM: HKLM\software\classes\interface\{4e570f74-deee-4fcf-b960-feefa4b8c6fc}\ (8 subtraces) (ID = 141683)
4:21 PM: HKLM\software\classes\interface\{4828c95f-c5db-4ab6-a945-8d8ec44b98a8}\ (8 subtraces) (ID = 141685)
4:21 PM: HKLM\software\classes\webinstaller.cexecute.1\ (3 subtraces) (ID = 141687)
4:21 PM: HKLM\software\winsock2\layered provider sample\ (ID = 141736)
4:21 PM: HKCR\webinstaller.cexecute.1\ (3 subtraces) (ID = 141739)
4:21 PM: HKCR\browserhelperobject.bahelper.1\ (3 subtraces) (ID = 141761)
4:21 PM: HKCR\browserhelperobject.bahelper\ (5 subtraces) (ID = 141762)
4:21 PM: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (15 subtraces) (ID = 141763)
4:21 PM: HKCR\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (11 subtraces) (ID = 141764)
4:21 PM: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141765)
4:21 PM: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141766)
4:21 PM: HKCR\sidefind.finder.1\ (3 subtraces) (ID = 141767)
4:21 PM: HKCR\sidefind.finder\ (5 subtraces) (ID = 141768)
4:21 PM: HKLM\software\classes\browserhelperobject.bahelper\ (5 subtraces) (ID = 141769)
4:21 PM: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (15 subtraces) (ID = 141770)
4:21 PM: HKLM\software\classes\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (11 subtraces) (ID = 141771)
4:21 PM: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141772)
4:21 PM: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141773)
4:21 PM: HKLM\software\classes\sidefind.finder\ (5 subtraces) (ID = 141774)
4:21 PM: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141775)
4:21 PM: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141776)
4:21 PM: HKLM\software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}\ (6 subtraces) (ID = 141779)
4:21 PM: HKLM\software\microsoft\sidefind\ (2 subtraces) (ID = 141780)
4:21 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141781)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sidefind\ (2 subtraces) (ID = 141782)
4:21 PM: HKLM\software\sidefind\ (18 subtraces) (ID = 141783)
4:21 PM: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141784)
4:21 PM: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141785)
4:21 PM: Found Adware: webrebates
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || webrebates0 (ID = 146298)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\untopr1150\ (3 subtraces) (ID = 146302)
4:21 PM: Found Adware: websearch toolbar
4:21 PM: HKLM\software\btiein\ (11 subtraces) (ID = 146369)
4:21 PM: HKCR\appid\loaderx.exe\ (1 subtraces) (ID = 147150)
4:21 PM: HKCR\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147151)
4:21 PM: HKCR\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147153)
4:21 PM: HKCR\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 147155)
4:21 PM: HKCR\mediaaccess.installer\ (5 subtraces) (ID = 147157)
4:21 PM: HKCR\mediaaccx.installer\ (3 subtraces) (ID = 147158)
4:21 PM: HKLM\software\classes\appid\loaderx.exe\ (1 subtraces) (ID = 147164)
4:21 PM: HKLM\software\classes\appid\{735c5a0c-f79f-47a1-8ca1-2a2e482662a8}\ (1 subtraces) (ID = 147165)
4:21 PM: HKLM\software\classes\clsid\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c}\ (14 subtraces) (ID = 147167)
4:21 PM: HKLM\software\classes\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 147169)
4:21 PM: HKLM\software\classes\mediaaccess.installer\ (5 subtraces) (ID = 147171)
4:21 PM: HKLM\software\classes\mediaaccx.installer\ (3 subtraces) (ID = 147172)
4:21 PM: HKLM\software\classes\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147176)
4:21 PM: HKLM\software\media access\ (8 subtraces) (ID = 147182)
4:21 PM: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
4:21 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || media access (ID = 147202)
4:21 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaaccx.dll (ID = 147221)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media access\ (2 subtraces) (ID = 147230)
4:21 PM: HKCR\typelib\{15696ae2-6ea4-47f4-bea6-a3d32693efc7}\ (9 subtraces) (ID = 147244)
4:21 PM: HKCR\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ (14 subtraces) (ID = 147831)
4:21 PM: HKCR\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ (8 subtraces) (ID = 147832)
4:21 PM: HKCR\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ (8 subtraces) (ID = 147835)
4:21 PM: HKLM\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ (14 subtraces) (ID = 147837)
4:21 PM: HKLM\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ (8 subtraces) (ID = 147838)
4:21 PM: HKLM\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ (8 subtraces) (ID = 147841)
4:21 PM: HKLM\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (9 subtraces) (ID = 147842)
4:21 PM: HKLM\software\classes\ysb.ysbobj.1\ (3 subtraces) (ID = 147846)
4:21 PM: HKLM\software\classes\ysb.ysbobj\ (5 subtraces) (ID = 147847)
4:21 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147852)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\yoursitebar\ (5 subtraces) (ID = 147859)
4:21 PM: HKLM\software\yoursitebar\ (21 subtraces) (ID = 147860)
4:21 PM: HKCR\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (9 subtraces) (ID = 147861)
4:21 PM: HKCR\ysb.ysbobj.1\ (3 subtraces) (ID = 147865)
4:21 PM: HKCR\ysb.ysbobj\ (5 subtraces) (ID = 147866)
4:21 PM: HKLM\software\classes\typelib\{ff0312e0-f60c-4109-94b8-0a564a58e43b}\ (9 subtraces) (ID = 147902)
4:21 PM: HKLM\software\classes\zangoinstaller.zangoinstaller.1\ (3 subtraces) (ID = 147903)
4:21 PM: HKLM\software\classes\zangoinstaller.zangoinstaller\ (5 subtraces) (ID = 147904)
4:21 PM: HKLM\software\zango\ (11 subtraces) (ID = 147920)
4:21 PM: HKCR\typelib\{ff0312e0-f60c-4109-94b8-0a564a58e43b}\ (9 subtraces) (ID = 147928)
4:21 PM: HKCR\zangoinstaller.zangoinstaller\ (5 subtraces) (ID = 147929)
4:21 PM: HKLM\software\sacc\ (11 subtraces) (ID = 203068)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfaccuracy (ID = 203069)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
4:21 PM: HKLM\software\avenue media\internet optimizer\ (155 subtraces) (ID = 394594)
4:21 PM: Found Adware: winantispyware 2005
4:21 PM: HKCR\checkproduct2.checkproduct\ (5 subtraces) (ID = 527503)
4:21 PM: HKCR\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 527509)
4:21 PM: HKCR\appid\checkproduct2.dll\ (1 subtraces) (ID = 527632)
4:21 PM: HKCR\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 527648)
4:21 PM: HKCR\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 subtraces) (ID = 527829)
4:21 PM: HKCR\interface\{4f79d1c5-24f9-4e59-8022-604d4b41d5ca}\ (8 subtraces) (ID = 527937)
4:21 PM: HKCR\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 subtraces) (ID = 528091)
4:21 PM: HKLM\software\classes\checkproduct2.checkproduct\ (5 subtraces) (ID = 528199)
4:21 PM: HKLM\software\classes\checkproduct2.checkproduct.1\ (3 subtraces) (ID = 528205)
4:21 PM: HKLM\software\classes\appid\checkproduct2.dll\ (1 subtraces) (ID = 528341)
4:21 PM: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 528357)
4:21 PM: HKLM\software\classes\clsid\{c427b3e3-28dc-4001-9590-d99b6776119b}\ (15 subtraces) (ID = 528538)
4:21 PM: HKLM\software\classes\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\ (9 subtraces) (ID = 528800)
4:21 PM: HKLM\software\classes\appid\{8c65aef6-e413-4314-815b-82717a3f1603}\ (1 subtraces) (ID = 543259)
4:21 PM: HKCR\wuse.1\ (1 subtraces) (ID = 635410)
4:21 PM: HKCR\wusn.1\ (1 subtraces) (ID = 635412)
4:21 PM: Found Adware: whenu
4:21 PM: HKCR\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\ (2 subtraces) (ID = 635414)
4:21 PM: HKCR\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\ (2 subtraces) (ID = 635414)
4:21 PM: HKCR\clsid\{ba2325ed-f9eb-4830-8fce-0bc35b16969b}\ (4 subtraces) (ID = 635417)
4:21 PM: HKLM\software\whenusearch\ (47 subtraces) (ID = 635506)
4:21 PM: HKLM\software\classes\wuse.1\ (1 subtraces) (ID = 635552)
4:21 PM: HKLM\software\classes\wuse.1\ (1 subtraces) (ID = 635552)
4:21 PM: HKLM\software\classes\wusn.1\ (1 subtraces) (ID = 635554)
4:21 PM: HKLM\software\classes\clsid\{763bd795-24ae-44d7-82d8-f9a1ee799729}\ (2 subtraces) (ID = 635556)
4:21 PM: HKLM\software\classes\clsid\{ba2325ed-f9eb-4830-8fce-0bc35b16969b}\ (4 subtraces) (ID = 635559)
4:21 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba2325ed-f9eb-4830-8fce-0bc35b16969b}\ (ID = 635564)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || whenusearch (ID = 635566)
4:21 PM: HKLM\software\microsoft\windows\currentversion\run\ || whenusearchwhse (ID = 635567)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\whenusearch\ (7 subtraces) (ID = 635593)
4:21 PM: HKLM\software\microsoft\windows\currentversion\uninstall\whenusearch\ (7 subtraces) (ID = 639133)
4:21 PM: Found Adware: browseraid
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\browser pal\ (17 subtraces) (ID = 105082)
4:21 PM: Found Adware: commonname
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\commonname\ (15 subtraces) (ID = 106881)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\downloadware\ (11 subtraces) (ID = 125353)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\medialoads\ (9 subtraces) (ID = 125355)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\avenue media\ (7 subtraces) (ID = 128887)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\180solutions\ (10 subtraces) (ID = 135617)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\salm\ (18 subtraces) (ID = 135792)
4:21 PM: Found Adware: netpal
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\destiny\ (7 subtraces) (ID = 135910)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\support software\ (1 subtraces) (ID = 136177)
4:21 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\updater\ (2 subtraces) (ID = 136178)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\zango\ (12 subtraces) (ID = 147919)
4:22 PM: Found Adware: sidesearch
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:22 PM: Found Adware: cydoor
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\cydoor\ (187 subtraces) (ID = 639126)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\downloadware\ (11 subtraces) (ID = 775210)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\microsoft\windows\currentversion\run\ || internet optimizer (ID = 818746)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\software\microsoft\windows\ || server (ID = 1025299)
4:22 PM: Found Adware: brilliant digital
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\brilliant digital entertainment\ (3 subtraces) (ID = 104954)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\browser pal\ (21 subtraces) (ID = 105082)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\commonname\ (2 subtraces) (ID = 106881)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\menuext\add a page note\ (2 subtraces) (ID = 106887)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\menuext\bookmark this page\ (2 subtraces) (ID = 106888)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\menuext\email this link\ (2 subtraces) (ID = 106889)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\menuext\search using commonname\ (2 subtraces) (ID = 106890)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\delfin\ (3 subtraces) (ID = 124848)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\downloadware\ (22 subtraces) (ID = 125353)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\medialoads\ (14 subtraces) (ID = 125355)
4:22 PM: Found Adware: ezula ilookup
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\windows\currentversion\run\ || ezmmod (ID = 126293)
4:22 PM: Found Adware: ieplugin
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\intexp\ (43 subtraces) (ID = 128173)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\avenue media\ (ID = 128887)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ist\ (1 subtraces) (ID = 129108)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\180solutions\ (ID = 135617)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\msbb\ (19 subtraces) (ID = 135781)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\salm\ (14 subtraces) (ID = 135792)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\destiny\ (11 subtraces) (ID = 135910)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\hopper\ (15 subtraces) (ID = 136157)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\support software\ (11 subtraces) (ID = 136177)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\updater\ (3 subtraces) (ID = 136178)
4:22 PM: Found Adware: pstopper
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\popup stopper\ (ID = 136977)
4:22 PM: Found Adware: search-exe hijacker
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
4:22 PM: Found Adware: searchtoolbar
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\search toolbar\ (10 subtraces) (ID = 141344)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
4:22 PM: Found Adware: trustyhoundtoolbar hijack
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\main\ || start page (ID = 145176)
4:22 PM: Found Adware: twain-tech
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\mxtarget\ (30 subtraces) (ID = 145343)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\zango\ (23 subtraces) (ID = 147919)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\setup\ (18 subtraces) (ID = 386817)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\setup\ || bmk (ID = 386818)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\setup\id\ (2 subtraces) (ID = 386819)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\setup\path\ (3 subtraces) (ID = 386824)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\setup\path\ || imagespath (ID = 386825)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\setup\path\ || genun (ID = 386826)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\ (33 subtraces) (ID = 466658)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\ || strup (ID = 466659)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\cydoor\ (25 subtraces) (ID = 639126)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\cydoor services\ (ID = 639128)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\ezula\ (33 subtraces) (ID = 639279)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\downloadware\ (22 subtraces) (ID = 775210)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1008\software\microsoft\windows\ || server (ID = 1025299)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\browser pal\ (20 subtraces) (ID = 105082)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\clipgenie\ (5 subtraces) (ID = 105919)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\traynotifier\clipgenie\ (4 subtraces) (ID = 105924)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\commonname\ (2 subtraces) (ID = 106881)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\menuext\add a page note\ (2 subtraces) (ID = 106887)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\menuext\bookmark this page\ (2 subtraces) (ID = 106888)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\menuext\email this link\ (2 subtraces) (ID = 106889)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\menuext\search using commonname\ (2 subtraces) (ID = 106890)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\downloadware\ (21 subtraces) (ID = 125353)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\medialoads\ (13 subtraces) (ID = 125355)
4:22 PM: Found Adware: exact searchbar
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {224530a0-c9cb-4aee-9c0f-54ac1b533211} (ID = 125865)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\intexp\ (2 subtraces) (ID = 128173)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\avenue media\ (ID = 128887)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\180solutions\ (14 subtraces) (ID = 135617)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\salm\ (15 subtraces) (ID = 135792)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\destiny\ (11 subtraces) (ID = 135910)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\hopper\ (1 subtraces) (ID = 136157)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\support software\ (8 subtraces) (ID = 136177)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\updater\ (2 subtraces) (ID = 136178)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\main\ || search bar (ID = 140927)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\main\ || search page (ID = 140928)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\searchurl\ (ID = 140934)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\search toolbar\ (5 subtraces) (ID = 141344)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\mxtarget\ (30 subtraces) (ID = 145343)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\zango\ (13 subtraces) (ID = 147919)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\cydoor\ (726 subtraces) (ID = 639126)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\exact\ || checkinservername (ID = 646756)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\downloadware\ (21 subtraces) (ID = 775210)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1007\software\microsoft\windows\ || server (ID = 1025299)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\browser pal\ (20 subtraces) (ID = 105082)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\commonname\ (6 subtraces) (ID = 106881)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\downloadware\ (15 subtraces) (ID = 125353)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\medialoads\ (12 subtraces) (ID = 125355)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\intexp\ (44 subtraces) (ID = 128173)
4:22 PM: Found Adware: ieplugin hijacker
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\main\ || search bar (ID = 128214)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\main\ || search page (ID = 128215)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\searchurl\ (ID = 128220)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\avenue media\ (ID = 128887)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\policies\avenue media\ (ID = 128928)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\ist\ (5 subtraces) (ID = 129108)
4:22 PM: Found Adware: limeshop
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\menuext\limeshop preferences\ (2 subtraces) (ID = 129724)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\180solutions\ (ID = 135617)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\msbb\ (17 subtraces) (ID = 135781)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\salm\ (22 subtraces) (ID = 135792)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\destiny\ (11 subtraces) (ID = 135910)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\hopper\ (13 subtraces) (ID = 136157)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\urlsearchhooks\ || _{9368d063-44be-49b9-bd14-bb9663fd38fc} (ID = 136158)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\support software\ (11 subtraces) (ID = 136177)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\updater\ (3 subtraces) (ID = 136178)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\powerscan\ (1 subtraces) (ID = 136823)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\search toolbar\ (20 subtraces) (ID = 141344)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 141777)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\mxtarget\ (31 subtraces) (ID = 145343)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\zango\ (19 subtraces) (ID = 147919)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\cydoor\ (3735 subtraces) (ID = 639126)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\downloadware\ (15 subtraces) (ID = 775210)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\internet explorer\searchurl\ || provider (ID = 826438)
4:22 PM: HKU\S-1-5-21-3841560537-3889084470-907175751-1006\software\microsoft\windows\ || server (ID = 1025299)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\medialoads\ (9 subtraces) (ID = 125355)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\avenue media\ (ID = 128887)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\microsoft\internet explorer\menuext\limeshop preferences\ (2 subtraces) (ID = 129724)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\salm\ (14 subtraces) (ID = 135792)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\support software\ (8 subtraces) (ID = 136177)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\zango\ (16 subtraces) (ID = 147919)
4:22 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
4:22 PM: HKU\S-1-5-18\software\medialoads\ (7 subtraces) (ID = 125355)
4:22 PM: Registry Sweep Complete, Elapsed Time:00:00:28
4:22 PM: Starting Cookie Sweep
4:22 PM: Found Spy Cookie: ad-flow cookie
4:22 PM: guest@ad-flow[2].txt (ID = 2047)
4:22 PM: Found Spy Cookie: specificpop cookie
4:22 PM: guest@ads.specificpop[1].txt (ID = 3402)
4:22 PM: Found Spy Cookie: valuead cookie
4:22 PM: guest@ads.valuead[1].txt (ID = 3627)
4:22 PM: Found Spy Cookie: internetfuel cookie
4:22 PM: guest@adserv.internetfuel[1].txt (ID = 2874)
4:22 PM: Found Spy Cookie: adultrevenueservice cookie
4:22 PM: guest@adultrevenueservice[1].txt (ID = 2167)
4:22 PM: Found Spy Cookie: advertising cookie
4:22 PM: guest@advertising[2].txt (ID = 2175)
4:22 PM: Found Spy Cookie: atwola cookie
4:22 PM: guest@ar.atwola[1].txt (ID = 2256)
4:22 PM: Found Spy Cookie: atlas dmt cookie
4:22 PM: guest@atdmt[2].txt (ID = 2253)
4:22 PM: guest@atwola[1].txt (ID = 2255)
4:22 PM: Found Spy Cookie: 180solutions cookie
4:22 PM: guest@bis.180solutions[2].txt (ID = 1929)
4:22 PM: Found Spy Cookie: bravenet cookie
4:22 PM: guest@bravenet[2].txt (ID = 2322)
4:22 PM: Found Spy Cookie: cydoor cookie
4:22 PM: guest@cms[1].txt (ID = 2489)
4:22 PM: Found Spy Cookie: desktop kazaa cookie
4:22 PM: guest@desktop.kazaa[2].txt (ID = 2515)
4:22 PM: Found Spy Cookie: fastclick cookie
4:22 PM: guest@fastclick[1].txt (ID = 2651)
4:22 PM: Found Spy Cookie: mediaplex cookie
4:22 PM: guest@mediaplex[2].txt (ID = 6442)
4:22 PM: Found Spy Cookie: realmedia cookie
4:22 PM: guest@realmedia[2].txt (ID = 3235)
4:22 PM: Found Spy Cookie: servedby advertising cookie
4:22 PM: guest@servedby.advertising[1].txt (ID = 3335)
4:22 PM: guest@servedfor.valuead[1].txt (ID = 3627)
4:22 PM: Found Spy Cookie: smni cookie
4:22 PM: guest@smni[2].txt (ID = 3389)
4:22 PM: Found Spy Cookie: tmpad cookie
4:22 PM: guest@tmpad[1].txt (ID = 3545)
4:22 PM: Found Spy Cookie: cashpartner cookie
4:22 PM: guest@tracking.cashpartner[1].txt (ID = 2357)
4:22 PM: Found Spy Cookie: trafficmp cookie
4:22 PM: guest@trafficmp[1].txt (ID = 3581)
4:22 PM: Found Spy Cookie: tribalfusion cookie
4:22 PM: guest@tribalfusion[2].txt (ID = 3589)
4:22 PM: Found Spy Cookie: gator cookie
4:22 PM: guest@webpdp.gator[1].txt (ID = 2723)
4:22 PM: Found Spy Cookie: commonname cookie
4:22 PM: guest@www.commonname[1].txt (ID = 2458)
4:22 PM: Found Spy Cookie: adserver cookie
4:22 PM: guest@z1.adserver[1].txt (ID = 2142)
4:22 PM: Found Spy Cookie: sandboxer cookie
4:22 PM: jc@0[1].txt (ID = 3282)
4:22 PM: jc@0[2].txt (ID = 3282)
4:22 PM: jc@0[4].txt (ID = 3282)
4:22 PM: jc@0[5].txt (ID = 3282)
4:22 PM: Found Spy Cookie: 203.199.200 cookie
4:22 PM: jc@203.199.200[1].txt (ID = 1941)
4:22 PM: Found Spy Cookie: 216.221.138 cookie
4:22 PM: jc@216.221.138[1].txt (ID = 1947)
4:22 PM: Found Spy Cookie: 247realmedia cookie
4:22 PM: jc@247realmedia[2].txt (ID = 1953)
4:22 PM: Found Spy Cookie: 276 cookie
4:22 PM: jc@276[2].txt (ID = 1955)
4:22 PM: Found Spy Cookie: 2o7.net cookie
4:22 PM: jc@2o7[2].txt (ID = 1957)
4:22 PM: Found Spy Cookie: 3 cookie
4:22 PM: jc@3[1].txt (ID = 1959)
4:22 PM: Found Spy Cookie: 7search cookie
4:22 PM: jc@7search[2].txt (ID = 2011)
4:22 PM: Found Spy Cookie: 888 cookie
4:22 PM: jc@888[1].txt (ID = 2019)
4:22 PM: Found Spy Cookie: go.com cookie
4:22 PM: jc@abc.go[2].txt (ID = 2729)
4:22 PM: jc@abcfamily.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: abetterinternet cookie
4:22 PM: jc@abetterinternet[1].txt (ID = 2035)
4:22 PM: Found Spy Cookie: about cookie
4:22 PM: jc@about[2].txt (ID = 2037)
4:22 PM: jc@ad-flow[2].txt (ID = 2047)
4:22 PM: Found Spy Cookie: ad-logics cookie
4:22 PM: jc@ad-logics[1].txt (ID = 2049)
4:22 PM: Found Spy Cookie: yieldmanager cookie
4:22 PM: jc@ad.yieldmanager[2].txt (ID = 3751)
4:22 PM: Found Spy Cookie: hbmediapro cookie
4:22 PM: jc@adopt.hbmediapro[1].txt (ID = 2768)
4:22 PM: Found Spy Cookie: adorigin cookie
4:22 PM: jc@adorigin[2].txt (ID = 2082)
4:22 PM: Found Spy Cookie: adprofile cookie
4:22 PM: jc@adprofile[2].txt (ID = 2084)
4:22 PM: Found Spy Cookie: adrevolver cookie
4:22 PM: jc@adrevolver[1].txt (ID = 2088)
4:22 PM: jc@ads.180solutions[1].txt (ID = 1934)
4:22 PM: Found Spy Cookie: addynamix cookie
4:22 PM: jc@ads.addynamix[1].txt (ID = 2062)
4:22 PM: Found Spy Cookie: ads.adsag cookie
4:22 PM: jc@ads.adsag[2].txt (ID = 2108)
4:22 PM: Found Spy Cookie: ads.businessweek cookie
4:22 PM: jc@ads.businessweek[1].txt (ID = 2113)
4:22 PM: Found Spy Cookie: gorillanation cookie
4:22 PM: jc@ads.gorillanation[1].txt (ID = 2744)
4:22 PM: Found Spy Cookie: linksponsor cookie
4:22 PM: jc@ads.linksponsor[2].txt (ID = 2925)
4:22 PM: Found Spy Cookie: pointroll cookie
4:22 PM: jc@ads.pointroll[1].txt (ID = 3148)
4:22 PM: jc@ads.specificpop[1].txt (ID = 3402)
4:22 PM: jc@adserver[2].txt (ID = 2141)
4:22 PM: jc@advertising[2].txt (ID = 2175)
4:22 PM: Found Spy Cookie: ajrotator cookie
4:22 PM: jc@ajrotator[2].txt (ID = 2211)
4:22 PM: Found Spy Cookie: alt cookie
4:22 PM: jc@alt[1].txt (ID = 2217)
4:22 PM: Found Spy Cookie: zango cookie
4:22 PM: jc@app.zango[2].txt (ID = 3761)
4:22 PM: Found Spy Cookie: ask cookie
4:22 PM: jc@ask[2].txt (ID = 2245)
4:22 PM: jc@atdmt[2].txt (ID = 2253)
4:22 PM: jc@atwola[2].txt (ID = 2255)
4:22 PM: Found Spy Cookie: bannerspace cookie
4:22 PM: jc@bannerspace[1].txt (ID = 2284)
4:22 PM: Found Spy Cookie: bilbo.counted.com cookie
4:22 PM: jc@bilbo.counted[2].txt (ID = 2306)
4:22 PM: jc@bis.180solutions[1].txt (ID = 1929)
4:22 PM: Found Spy Cookie: bluestreak cookie
4:22 PM: jc@bluestreak[1].txt (ID = 2314)
4:22 PM: Found Spy Cookie: bs.serving-sys cookie
4:22 PM: jc@bs.serving-sys[2].txt (ID = 2330)
4:22 PM: Found Spy Cookie: falkag cookie
4:22 PM: jc@c.as-us.falkag[2].txt (ID = 2650)
4:22 PM: Found Spy Cookie: enhance cookie
4:22 PM: jc@c.enhance[1].txt (ID = 2614)
4:22 PM: Found Spy Cookie: goclick cookie
4:22 PM: jc@c.goclick[1].txt (ID = 2733)
4:22 PM: Found Spy Cookie: zedo cookie
4:22 PM: jc@c5.zedo[1].txt (ID = 3763)
4:22 PM: Found Spy Cookie: callwave cookie
4:22 PM: jc@callwave[2].txt (ID = 2342)
4:22 PM: Found Spy Cookie: cardomain cookie
4:22 PM: jc@cardomain[2].txt (ID = 2350)
4:22 PM: Found Spy Cookie: casalemedia cookie
4:22 PM: jc@casalemedia[1].txt (ID = 2354)
4:22 PM: Found Spy Cookie: centralmedia cookie
4:22 PM: jc@centralmedia[1].txt (ID = 2373)
4:22 PM: Found Spy Cookie: centrport net cookie
4:22 PM: jc@centrport[1].txt (ID = 2374)
4:22 PM: Found Spy Cookie: clickagents cookie
4:22 PM: jc@clickagents[2].txt (ID = 2394)
4:22 PM: Found Spy Cookie: clickbank cookie
4:22 PM: jc@clickbank[1].txt (ID = 2398)
4:22 PM: Found Spy Cookie: cliks cookie
4:22 PM: jc@cliks[1].txt (ID = 2414)
4:22 PM: jc@cms[2].txt (ID = 2489)
4:22 PM: Found Spy Cookie: commission junction cookie
4:22 PM: jc@commission-junction[1].txt (ID = 2455)
4:22 PM: Found Spy Cookie: hitslink cookie
4:22 PM: jc@counter.hitslink[2].txt (ID = 2790)
4:22 PM: Found Spy Cookie: sextracker cookie
4:22 PM: jc@counter1.sextracker[1].txt (ID = 3362)
4:22 PM: jc@counter16.sextracker[1].txt (ID = 3362)
4:22 PM: jc@counter6.sextracker[1].txt (ID = 3362)
4:22 PM: jc@counter9.sextracker[1].txt (ID = 3362)
4:22 PM: Found Spy Cookie: 360i cookie
4:22 PM: jc@ct.360i[2].txt (ID = 1962)
4:22 PM: Found Spy Cookie: clickzs cookie
4:22 PM: jc@cz6.clickzs[2].txt (ID = 2413)
4:22 PM: Found Spy Cookie: coremetrics cookie
4:22 PM: jc@data.coremetrics[1].txt (ID = 2472)
4:22 PM: Found Spy Cookie: dealtime cookie
4:22 PM: jc@dealtime[2].txt (ID = 2505)
4:22 PM: jc@desktop.kazaa[1].txt (ID = 2515)
4:22 PM: jc@disney.go[1].txt (ID = 2729)
4:22 PM: jc@disney.store.go[1].txt (ID = 2729)
4:22 PM: jc@disneyvideos.disney.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: domainsponsor cookie
4:22 PM: jc@domainsponsor[2].txt (ID = 2533)
4:22 PM: Found Spy Cookie: ru4 cookie
4:22 PM: jc@edge.ru4[2].txt (ID = 3269)
4:22 PM: jc@espn.go[2].txt (ID = 2729)
4:22 PM: Found Spy Cookie: adbureau cookie
4:22 PM: jc@etype.adbureau[1].txt (ID = 2060)
4:22 PM: Found Spy Cookie: exitexchange cookie
4:22 PM: jc@exitexchange[2].txt (ID = 2633)
4:22 PM: Found Spy Cookie: exitfuel cookie
4:22 PM: jc@exitfuel[2].txt (ID = 2635)
4:22 PM: jc@familyfun.go[1].txt (ID = 2729)
4:22 PM: jc@fastclick[1].txt (ID = 2651)
4:22 PM: Found Spy Cookie: findwhat cookie
4:22 PM: jc@findwhat[1].txt (ID = 2674)
4:22 PM: Found Spy Cookie: fortunecity cookie
4:22 PM: jc@fortunecity[2].txt (ID = 2686)
4:22 PM: Found Spy Cookie: wegcash cookie
4:22 PM: jc@free.wegcash[2].txt (ID = 3682)
4:22 PM: jc@gator[2].txt (ID = 2722)
4:22 PM: Found Spy Cookie: go2net.com cookie
4:22 PM: jc@go2net[1].txt (ID = 2730)
4:22 PM: Found Spy Cookie: gotoast cookie
4:22 PM: jc@gotoast[1].txt (ID = 2751)
4:22 PM: jc@go[2].txt (ID = 2728)
4:22 PM: Found Spy Cookie: humanclick cookie
4:22 PM: jc@hc2.humanclick[2].txt (ID = 2810)
4:22 PM: jc@historymedren.about[1].txt (ID = 2038)
4:22 PM: Found Spy Cookie: hotmatch cookie
4:22 PM: jc@hotmatch[1].txt (ID = 3854)
4:22 PM: Found Spy Cookie: ic-live cookie
4:22 PM: jc@ic-live[1].txt (ID = 2821)
4:22 PM: Found Spy Cookie: incredifind cookie
4:22 PM: jc@incredifind[2].txt (ID = 2849)
4:22 PM: jc@infinity.zango[2].txt (ID = 3761)
4:22 PM: jc@installs.180solutions[1].txt (ID = 1934)
4:22 PM: jc@internetfuel[2].txt (ID = 2873)
4:22 PM: Found Spy Cookie: kount cookie
4:22 PM: jc@kount[1].txt (ID = 2911)
4:22 PM: Found Spy Cookie: linksynergy cookie
4:22 PM: jc@linksynergy[1].txt (ID = 2926)
4:22 PM: jc@lp.zango[1].txt (ID = 3761)
4:22 PM: Found Spy Cookie: maxserving cookie
4:22 PM: jc@maxserving[2].txt (ID = 2966)
4:22 PM: Found Spy Cookie: ugo cookie
4:22 PM: jc@mediamgr.ugo[2].txt (ID = 3609)
4:22 PM: jc@mediaplex[2].txt (ID = 6442)
4:22 PM: Found Spy Cookie: popupsponsor cookie
4:22 PM: jc@mediatrack.popupsponsor[2].txt (ID = 3162)
4:22 PM: Found Spy Cookie: revenue.net cookie
4:22 PM: jc@mediatrack.revenue[2].txt (ID = 3258)
4:22 PM: Found Spy Cookie: metareward.com cookie
4:22 PM: jc@metareward[1].txt (ID = 2990)
4:22 PM: Found Spy Cookie: mp3downloading cookie
4:22 PM: jc@mp3downloading[1].txt (ID = 3016)
4:22 PM: jc@msn.espn.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: netster cookie
4:22 PM: jc@netster[1].txt (ID = 3071)
4:22 PM: jc@nike.ask[1].txt (ID = 2246)
4:22 PM: Found Spy Cookie: netratingsselect cookie
4:22 PM: jc@nnselect[2].txt (ID = 3065)
4:22 PM: Found Spy Cookie: offeroptimizer cookie
4:22 PM: jc@offeroptimizer[2].txt (ID = 3087)
4:22 PM: Found Spy Cookie: okcounter.com cookie
4:22 PM: jc@okcounter[1].txt (ID = 3093)
4:22 PM: Found Spy Cookie: overture cookie
4:22 PM: jc@overture[2].txt (ID = 3105)
4:22 PM: Found Spy Cookie: partypoker cookie
4:22 PM: jc@partypoker[1].txt (ID = 3111)
4:22 PM: Found Spy Cookie: peel network cookie
4:22 PM: jc@peel[2].txt (ID = 3127)
4:22 PM: jc@perf.overture[1].txt (ID = 3106)
4:22 PM: Found Spy Cookie: pokerroom cookie
4:22 PM: jc@pokerroom[2].txt (ID = 3149)
4:22 PM: jc@popupsponsor[2].txt (ID = 3161)
4:22 PM: Found Spy Cookie: pro-market cookie
4:22 PM: jc@pro-market[2].txt (ID = 3197)
4:22 PM: jc@proxy.espn.go[1].txt (ID = 2729)
4:22 PM: jc@psc.disney.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: qksrv cookie
4:22 PM: jc@qksrv[1].txt (ID = 3213)
4:22 PM: Found Spy Cookie: questionmarket cookie
4:22 PM: jc@questionmarket[1].txt (ID = 3217)
4:22 PM: jc@realmedia[1].txt (ID = 3235)
4:22 PM: jc@register.go[1].txt (ID = 2729)
4:22 PM: jc@revenue[2].txt (ID = 3257)
4:22 PM: Found Spy Cookie: rightmedia cookie
4:22 PM: jc@rightmedia[1].txt (ID = 3259)
4:22 PM: Found Spy Cookie: rn11 cookie
4:22 PM: jc@rn11[2].txt (ID = 3261)
4:22 PM: Found Spy Cookie: rp cookie
4:22 PM: jc@rp[2].txt (ID = 3267)
4:22 PM: jc@search.disney.go[1].txt (ID = 2729)
4:22 PM: jc@servedby.advertising[2].txt (ID = 3335)
4:22 PM: Found Spy Cookie: servedby valuead cookie
4:22 PM: jc@servedby.valuead[1].txt (ID = 3339)
4:22 PM: Found Spy Cookie: server.iad.liveperson cookie
4:22 PM: jc@server.iad.liveperson[2].txt (ID = 3341)
4:22 PM: Found Spy Cookie: serving-sys cookie
4:22 PM: jc@serving-sys[2].txt (ID = 3343)
4:22 PM: jc@sextracker[2].txt (ID = 3361)
4:22 PM: Found Spy Cookie: pcstats.com cookie
4:22 PM: jc@signup.pcstats[1].txt (ID = 3126)
4:22 PM: jc@smni[1].txt (ID = 3389)
4:22 PM: jc@specificpop[1].txt (ID = 3401)
4:22 PM: Found Spy Cookie: spinbox cookie
4:22 PM: jc@spinbox[2].txt (ID = 3405)
4:22 PM: jc@sports.espn.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: spylog cookie
4:22 PM: jc@spylog[1].txt (ID = 3415)
4:22 PM: Found Spy Cookie: st.sageanalyst cookie
4:22 PM: jc@st.sageanalyst[1].txt (ID = 3436)
4:22 PM: jc@stat.dealtime[1].txt (ID = 2506)
4:22 PM: Found Spy Cookie: stats.klsoft.com cookie
4:22 PM: jc@stats.klsoft[1].txt (ID = 3451)
4:22 PM: Found Spy Cookie: reliablestats cookie
4:22 PM: jc@stats1.reliablestats[2].txt (ID = 3254)
4:22 PM: Found Spy Cookie: webtrendslive cookie
4:22 PM: jc@statse.webtrendslive[1].txt (ID = 3667)
4:22 PM: Found Spy Cookie: targetnet cookie
4:22 PM: jc@targetnet[1].txt (ID = 3489)
4:22 PM: jc@test.coremetrics[1].txt (ID = 2472)
4:22 PM: Found Spy Cookie: tickle cookie
4:22 PM: jc@tickle[1].txt (ID = 3529)
4:22 PM: jc@tmpad[1].txt (ID = 3545)
4:22 PM: Found Spy Cookie: toprebates.com cookie
4:22 PM: jc@toprebates[2].txt (ID = 3561)
4:22 PM: Found Spy Cookie: thunderdownloads cookie
4:22 PM: jc@tracking.thunderdownloads[2].txt (ID = 3527)
4:22 PM: jc@trafficmp[1].txt (ID = 3581)
4:22 PM: jc@tribalfusion[2].txt (ID = 3589)
4:22 PM: Found Spy Cookie: tripod cookie
4:22 PM: jc@tripod[1].txt (ID = 3591)
4:22 PM: Found Spy Cookie: realtracker cookie
4:22 PM: jc@web4.realtracker[1].txt (ID = 3242)
4:22 PM: Found Spy Cookie: webpower cookie
4:22 PM: jc@webpower[2].txt (ID = 3660)
4:22 PM: Found Spy Cookie: adminder cookie
4:22 PM: jc@www.adminder[1].txt (ID = 2079)
4:22 PM: Found Spy Cookie: burstbeacon cookie
4:22 PM: jc@www.burstbeacon[1].txt (ID = 2335)
4:22 PM: jc@www.commonname[1].txt (ID = 2458)
4:22 PM: jc@www.disney.go[2].txt (ID = 2729)
4:22 PM: Found Spy Cookie: eroticy cookie
4:22 PM: jc@www.eroticy[1].txt (ID = 2624)
4:22 PM: Found Spy Cookie: eyeblaster cookie
4:22 PM: jc@www.eyeblaster-bs[1].txt (ID = 2642)
4:22 PM: jc@www.incredifind[1].txt (ID = 2850)
4:22 PM: jc@www.mp3downloading[2].txt (ID = 3017)
4:22 PM: Found Spy Cookie: myaffiliateprogram.com cookie
4:22 PM: jc@www.myaffiliateprogram[2].txt (ID = 3032)
4

#4 Langley

Langley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 30 January 2006 - 03:18 PM

4:22 PM: Found Spy Cookie: nextag cookie
4:22 PM: jc@www.nextag[1].txt (ID = 5015)
4:22 PM: Found Spy Cookie: redzip cookie
4:22 PM: jc@www.redzip[1].txt (ID = 3250)
4:22 PM: Found Spy Cookie: shop@home cookie
4:22 PM: jc@www.shopathomeselect[2].txt (ID = 3368)
4:22 PM: Found Spy Cookie: upspiral cookie
4:22 PM: jc@www.upspiral[1].txt (ID = 3615)
4:22 PM: Found Spy Cookie: web-stat cookie
4:22 PM: jc@www.web-stat[1].txt (ID = 3649)
4:22 PM: Found Spy Cookie: xzoomy cookie
4:22 PM: jc@www.xzoomy[1].txt (ID = 3742)
4:22 PM: Found Spy Cookie: paypopup cookie
4:22 PM: jc@www1.paypopup[1].txt (ID = 3120)
4:22 PM: jc@www7.paypopup[1].txt (ID = 3120)
4:22 PM: Found Spy Cookie: xiti cookie
4:22 PM: jc@xiti[2].txt (ID = 3717)
4:22 PM: Found Spy Cookie: xuppa cookie
4:22 PM: jc@xuppa[1].txt (ID = 3729)
4:22 PM: Found Spy Cookie: yadro cookie
4:22 PM: jc@yadro[2].txt (ID = 3743)
4:22 PM: jc@z1.adserver[1].txt (ID = 2142)
4:22 PM: jc@zango[1].txt (ID = 3760)
4:22 PM: jc@zedo[1].txt (ID = 3762)
4:22 PM: marisa@0[2].txt (ID = 3282)
4:22 PM: marisa@2o7[1].txt (ID = 1957)
4:22 PM: Found Spy Cookie: l2m.net cookie
4:22 PM: marisa@54317703a.l2m[2].txt (ID = 2914)
4:22 PM: marisa@7search[2].txt (ID = 2011)
4:22 PM: marisa@a.as-us.falkag[2].txt (ID = 2650)
4:22 PM: marisa@abetterinternet[2].txt (ID = 2035)
4:22 PM: marisa@about[1].txt (ID = 2037)
4:22 PM: marisa@ad-flow[1].txt (ID = 2047)
4:22 PM: marisa@ad-logics[1].txt (ID = 2049)
4:22 PM: Found Spy Cookie: ad-rotator cookie
4:22 PM: marisa@ad-rotator[2].txt (ID = 2051)
4:22 PM: marisa@adnetintads.valuead[1].txt (ID = 3627)
4:22 PM: marisa@adrevolver[1].txt (ID = 2088)
4:22 PM: marisa@ads.180solutions[1].txt (ID = 1934)
4:22 PM: marisa@ads.adsag[1].txt (ID = 2108)
4:22 PM: marisa@ads.specificpop[1].txt (ID = 3402)
4:22 PM: marisa@advertising[2].txt (ID = 2175)
4:22 PM: Found Spy Cookie: adviva cookie
4:22 PM: marisa@adviva[1].txt (ID = 2177)
4:22 PM: marisa@ajrotator[1].txt (ID = 2211)
4:22 PM: marisa@ajrotator[3].txt (ID = 2211)
4:22 PM: Found Spy Cookie: apmebf cookie
4:22 PM: marisa@apmebf[2].txt (ID = 2229)
4:22 PM: marisa@as-us.falkag[2].txt (ID = 2650)
4:22 PM: marisa@ask[2].txt (ID = 2245)
4:22 PM: marisa@atdmt[2].txt (ID = 2253)
4:22 PM: marisa@atwola[2].txt (ID = 2255)
4:22 PM: marisa@bannerspace[2].txt (ID = 2284)
4:22 PM: marisa@bis.180solutions[2].txt (ID = 1929)
4:22 PM: marisa@bluestreak[2].txt (ID = 2314)
4:22 PM: marisa@bs.serving-sys[1].txt (ID = 2330)
4:22 PM: marisa@centrport[1].txt (ID = 2374)
4:22 PM: marisa@clickagents[2].txt (ID = 2394)
4:22 PM: marisa@clickbank[1].txt (ID = 2398)
4:22 PM: marisa@cliks[1].txt (ID = 2414)
4:22 PM: Found Spy Cookie: coolwebsearch cookie
4:22 PM: marisa@coolwebsearch[1].txt (ID = 2469)
4:22 PM: marisa@data.coremetrics[2].txt (ID = 2472)
4:22 PM: Found Spy Cookie: dbbsrv cookie
4:22 PM: marisa@dbbsrv[1].txt (ID = 2499)
4:22 PM: marisa@dealtime[1].txt (ID = 2505)
4:22 PM: marisa@desktop.kazaa[1].txt (ID = 2515)
4:22 PM: marisa@disney.go[2].txt (ID = 2729)
4:22 PM: marisa@disney.store.go[1].txt (ID = 2729)
4:22 PM: marisa@edge.ru4[2].txt (ID = 3269)
4:22 PM: marisa@etype.adbureau[1].txt (ID = 2060)
4:22 PM: Found Spy Cookie: euniverseads cookie
4:22 PM: marisa@euniverseads[2].txt (ID = 2629)
4:22 PM: marisa@exitfuel[1].txt (ID = 2635)
4:22 PM: marisa@familyfun.go[1].txt (ID = 2729)
4:22 PM: marisa@fastclick[2].txt (ID = 2651)
4:22 PM: marisa@fastclick[3].txt (ID = 2651)
4:22 PM: marisa@findwhat[2].txt (ID = 2674)
4:22 PM: marisa@fortunecity[1].txt (ID = 2686)
4:22 PM: marisa@gator[2].txt (ID = 2722)
4:22 PM: marisa@gorillanation[2].txt (ID = 2746)
4:22 PM: marisa@gotoast[1].txt (ID = 2751)
4:22 PM: marisa@go[2].txt (ID = 2728)
4:22 PM: marisa@hc2.humanclick[2].txt (ID = 2810)
4:22 PM: marisa@internetfuel[1].txt (ID = 2873)
4:22 PM: marisa@l2m[1].txt (ID = 2913)
4:22 PM: marisa@linksynergy[1].txt (ID = 2926)
4:22 PM: marisa@maxserving[2].txt (ID = 2966)
4:22 PM: marisa@mediamgr.ugo[1].txt (ID = 3609)
4:22 PM: marisa@mediaplex[1].txt (ID = 6442)
4:22 PM: Found Spy Cookie: netshelter.adtrix cookie
4:22 PM: marisa@netshelter.adtrix[1].txt (ID = 3069)
4:22 PM: marisa@nextag[2].txt (ID = 5014)
4:22 PM: marisa@offeroptimizer[1].txt (ID = 3087)
4:22 PM: marisa@overture[1].txt (ID = 3105)
4:22 PM: marisa@peel[1].txt (ID = 3127)
4:22 PM: marisa@pointroll[1].txt (ID = 3147)
4:22 PM: marisa@pokerroom[1].txt (ID = 3149)
4:22 PM: Found Spy Cookie: pricegrabber cookie
4:22 PM: marisa@pricegrabber[2].txt (ID = 3185)
4:22 PM: marisa@psc.disney.go[1].txt (ID = 2729)
4:22 PM: marisa@qksrv[2].txt (ID = 3213)
4:22 PM: marisa@questionmarket[1].txt (ID = 3217)
4:22 PM: marisa@realmedia[2].txt (ID = 3235)
4:22 PM: marisa@register.go[1].txt (ID = 2729)
4:22 PM: marisa@rightmedia[2].txt (ID = 3259)
4:22 PM: marisa@rn11[1].txt (ID = 3261)
4:22 PM: marisa@rp[1].txt (ID = 3267)
4:22 PM: marisa@ru4[1].txt (ID = 3270)
4:22 PM: Found Spy Cookie: adscpm cookie
4:22 PM: marisa@servedby.adscpm[1].txt (ID = 2137)
4:22 PM: marisa@servedby.advertising[2].txt (ID = 3335)
4:22 PM: marisa@server.iad.liveperson[1].txt (ID = 3341)
4:22 PM: marisa@smni[1].txt (ID = 3389)
4:22 PM: marisa@stat.dealtime[1].txt (ID = 2506)
4:22 PM: Found Spy Cookie: onestat.com cookie
4:22 PM: marisa@stat.onestat[1].txt (ID = 3098)
4:22 PM: Found Spy Cookie: statcounter cookie
4:22 PM: marisa@statcounter[1].txt (ID = 3447)
4:22 PM: marisa@statse.webtrendslive[1].txt (ID = 3667)
4:22 PM: marisa@targetnet[1].txt (ID = 3489)
4:22 PM: marisa@tmpad[2].txt (ID = 3545)
4:22 PM: marisa@trafficmp[2].txt (ID = 3581)
4:22 PM: marisa@tripod[2].txt (ID = 3591)
4:22 PM: marisa@web4.realtracker[1].txt (ID = 3242)
4:22 PM: marisa@webpower[1].txt (ID = 3660)
4:22 PM: marisa@www.180solutions[1].txt (ID = 1934)
4:22 PM: Found Spy Cookie: casinoonnet cookie
4:22 PM: marisa@www.casinoonnet[2].txt (ID = 2359)
4:22 PM: marisa@www.cheatworld.com.15480.fb.dbbsrv[1].txt (ID = 2500)
4:22 PM: marisa@www.commission-junction[1].txt (ID = 2456)
4:22 PM: marisa@www.disney.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: expage cookie
4:22 PM: marisa@www.expage[2].txt (ID = 2638)
4:22 PM: marisa@www.eyeblaster-bs[1].txt (ID = 2642)
4:22 PM: Found Spy Cookie: myfunstart cookie
4:22 PM: marisa@www.myfunstart[1].txt (ID = 3040)
4:22 PM: marisa@www.nextag[2].txt (ID = 5015)
4:22 PM: marisa@www.qksrv[1].txt (ID = 3214)
4:22 PM: marisa@www.shopathomeselect[2].txt (ID = 3368)
4:22 PM: marisa@www1.paypopup[2].txt (ID = 3120)
4:22 PM: Found Spy Cookie: x10 cookie
4:22 PM: marisa@x10[2].txt (ID = 3711)
4:22 PM: marisa@z1.adserver[1].txt (ID = 2142)
4:22 PM: marisa@zedo[1].txt (ID = 3762)
4:22 PM: john@247realmedia[1].txt (ID = 1953)
4:22 PM: john@2o7[1].txt (ID = 1957)
4:22 PM: john@a.shopathomeselect[2].txt (ID = 3368)
4:22 PM: Found Spy Cookie: websponsors cookie
4:22 PM: john@a.websponsors[1].txt (ID = 3665)
4:22 PM: john@about[1].txt (ID = 2037)
4:22 PM: john@ad-rotator[2].txt (ID = 2051)
4:22 PM: john@ad.yieldmanager[2].txt (ID = 3751)
4:22 PM: Found Spy Cookie: adknowledge cookie
4:22 PM: john@adknowledge[2].txt (ID = 2072)
4:22 PM: Found Spy Cookie: adlegend cookie
4:22 PM: john@adlegend[1].txt (ID = 2074)
4:22 PM: john@adopt.hbmediapro[2].txt (ID = 2768)
4:22 PM: Found Spy Cookie: hotbar cookie
4:22 PM: john@adopt.hotbar[2].txt (ID = 4207)
4:22 PM: Found Spy Cookie: specificclick.com cookie
4:22 PM: john@adopt.specificclick[2].txt (ID = 3400)
4:22 PM: john@ads.addynamix[2].txt (ID = 2062)
4:22 PM: john@ads.pointroll[1].txt (ID = 3148)
4:22 PM: john@adserver[1].txt (ID = 2141)
4:22 PM: Found Spy Cookie: adultfriendfinder cookie
4:22 PM: john@adultfriendfinder[1].txt (ID = 2165)
4:22 PM: john@advertising[1].txt (ID = 2175)
4:22 PM: john@alt[2].txt (ID = 2217)
4:22 PM: john@apmebf[2].txt (ID = 2229)
4:22 PM: john@as-us.falkag[2].txt (ID = 2650)
4:22 PM: john@as1.falkag[2].txt (ID = 2650)
4:22 PM: john@ask[2].txt (ID = 2245)
4:22 PM: john@atdmt[1].txt (ID = 2253)
4:22 PM: Found Spy Cookie: belnk cookie
4:22 PM: john@ath.belnk[1].txt (ID = 2293)
4:22 PM: john@atwola[2].txt (ID = 2255)
4:22 PM: Found Spy Cookie: azjmp cookie
4:22 PM: john@azjmp[1].txt (ID = 2270)
4:22 PM: john@belnk[2].txt (ID = 2292)
4:22 PM: Found Spy Cookie: bizrate cookie
4:22 PM: john@bizrate[2].txt (ID = 2308)
4:22 PM: john@bluestreak[1].txt (ID = 2314)
4:22 PM: john@bravenet[2].txt (ID = 2322)
4:22 PM: john@bs.serving-sys[1].txt (ID = 2330)
4:22 PM: Found Spy Cookie: burstnet cookie
4:22 PM: john@burstnet[2].txt (ID = 2336)
4:22 PM: john@c.enhance[1].txt (ID = 2614)
4:22 PM: john@c.goclick[2].txt (ID = 2733)
4:22 PM: Found Spy Cookie: carsbelowinvoice cookie
4:22 PM: john@carsbelowinvoice[2].txt (ID = 2352)
4:22 PM: john@casalemedia[1].txt (ID = 2354)
4:22 PM: john@centrport[2].txt (ID = 2374)
4:22 PM: john@clickbank[1].txt (ID = 2398)
4:22 PM: john@cnn.122.2o7[1].txt (ID = 1958)
4:22 PM: john@commission-junction[1].txt (ID = 2455)
4:22 PM: john@counter.hitslink[2].txt (ID = 2790)
4:22 PM: john@ct.360i[2].txt (ID = 1962)
4:22 PM: john@data.coremetrics[1].txt (ID = 2472)
4:22 PM: john@data2.perf.overture[1].txt (ID = 3106)
4:22 PM: Found Spy Cookie: did-it cookie
4:22 PM: john@did-it[2].txt (ID = 2523)
4:22 PM: john@disney.go[1].txt (ID = 2729)
4:22 PM: john@dist.belnk[1].txt (ID = 2293)
4:22 PM: john@edge.ru4[2].txt (ID = 3269)
4:22 PM: john@exitexchange[2].txt (ID = 2633)
4:22 PM: john@fastclick[2].txt (ID = 2651)
4:22 PM: john@go[1].txt (ID = 2728)
4:22 PM: Found Spy Cookie: screensavers.com cookie
4:22 PM: john@i.screensavers[2].txt (ID = 3298)
4:22 PM: john@ic-live[1].txt (ID = 2821)
4:22 PM: john@linksynergy[2].txt (ID = 2926)
4:22 PM: john@lp.zango[1].txt (ID = 3761)
4:22 PM: john@maxserving[2].txt (ID = 2966)
4:22 PM: john@media.fastclick[1].txt (ID = 2652)
4:22 PM: john@mediaplex[1].txt (ID = 6442)
4:22 PM: john@metareward[1].txt (ID = 2990)
4:22 PM: john@msnportal.112.2o7[1].txt (ID = 1958)
4:22 PM: Found Spy Cookie: mywebsearch cookie
4:22 PM: john@mywebsearch[2].txt (ID = 3051)
4:22 PM: john@nextag[2].txt (ID = 5014)
4:22 PM: john@offeroptimizer[2].txt (ID = 3087)
4:22 PM: john@overture[2].txt (ID = 3105)
4:22 PM: Found Spy Cookie: touchclarity cookie
4:22 PM: john@partypoker.touchclarity[1].txt (ID = 3567)
4:22 PM: john@partypoker[2].txt (ID = 3111)
4:22 PM: Found Spy Cookie: passion cookie
4:22 PM: john@passion[2].txt (ID = 3113)
4:22 PM: john@paypopup[2].txt (ID = 3119)
4:22 PM: john@perf.overture[1].txt (ID = 3106)
4:22 PM: john@pricegrabber[2].txt (ID = 3185)
4:22 PM: john@pro-market[2].txt (ID = 3197)
4:22 PM: john@psc.disney.go[1].txt (ID = 2729)
4:22 PM: john@qksrv[1].txt (ID = 3213)
4:22 PM: john@questionmarket[1].txt (ID = 3217)
4:22 PM: Found Spy Cookie: directtrack cookie
4:22 PM: john@rapidresponse.directtrack[2].txt (ID = 2528)
4:22 PM: john@rbsinteractive.122.2o7[1].txt (ID = 1958)
4:22 PM: Found Spy Cookie: rc cookie
4:22 PM: john@rc[1].txt (ID = 3231)
4:22 PM: john@realmedia[1].txt (ID = 3235)
4:22 PM: john@rn11[2].txt (ID = 3261)
4:22 PM: Found Spy Cookie: searchadnetwork cookie
4:22 PM: john@searchadnetwork[1].txt (ID = 3311)
4:22 PM: john@searchadnetwork[3].txt (ID = 3311)
4:22 PM: john@server.iad.liveperson[1].txt (ID = 3341)
4:22 PM: john@server3.web-stat[1].txt (ID = 3649)
4:22 PM: john@serving-sys[2].txt (ID = 3343)
4:22 PM: Found Spy Cookie: servlet cookie
4:22 PM: john@servlet[2].txt (ID = 3345)
4:22 PM: john@shopathomeselect[2].txt (ID = 3367)
4:22 PM: john@sonymediasoftware.122.2o7[1].txt (ID = 1958)
4:22 PM: john@specificclick[1].txt (ID = 3399)
4:22 PM: Found Spy Cookie: starware.com cookie
4:22 PM: john@starware[2].txt (ID = 3441)
4:22 PM: john@statcounter[2].txt (ID = 3447)
4:22 PM: john@stats1.reliablestats[2].txt (ID = 3254)
4:22 PM: john@statse.webtrendslive[2].txt (ID = 3667)
4:22 PM: Found Spy Cookie: tacoda cookie
4:22 PM: john@tacoda[1].txt (ID = 6444)
4:22 PM: john@targetnet[2].txt (ID = 3489)
4:22 PM: john@test.coremetrics[1].txt (ID = 2472)
4:22 PM: john@toprebates[2].txt (ID = 3561)
4:22 PM: Found Spy Cookie: sexsearch cookie
4:22 PM: john@tour.splash.sexsearch[1].txt (ID = 3358)
4:22 PM: Found Spy Cookie: tradedoubler cookie
4:22 PM: john@tradedoubler[1].txt (ID = 3575)
4:22 PM: john@trafficmp[1].txt (ID = 3581)
4:22 PM: john@trafficmp[3].txt (ID = 3581)
4:22 PM: Found Spy Cookie: trb.com cookie
4:22 PM: john@trb[1].txt (ID = 3587)
4:22 PM: john@tribalfusion[1].txt (ID = 3589)
4:22 PM: john@web-stat[2].txt (ID = 3648)
4:22 PM: john@webpower[1].txt (ID = 3660)
4:22 PM: john@www.burstnet[1].txt (ID = 2337)
4:22 PM: john@www.disney.go[1].txt (ID = 2729)
4:22 PM: Found Spy Cookie: eadexchange cookie
4:22 PM: john@www.eadexchange[1].txt (ID = 2556)
4:22 PM: john@www.myaffiliateprogram[1].txt (ID = 3032)
4:22 PM: john@www.screensavers[2].txt (ID = 3298)
4:22 PM: john@www.searchadnetwork[1].txt (ID = 3312)
4:22 PM: john@www.shopathomeselect[1].txt (ID = 3368)
4:22 PM: Found Spy Cookie: sidefind cookie
4:22 PM: john@www.sidefind[2].txt (ID = 3374)
4:22 PM: Found Spy Cookie: xmatch cookie
4:22 PM: john@xmatch[2].txt (ID = 3719)
4:22 PM: john@yadro[2].txt (ID = 3743)
4:22 PM: john@yieldmanager[2].txt (ID = 3749)
4:22 PM: john@z1.adserver[2].txt (ID = 2142)
4:22 PM: john@zango[1].txt (ID = 3760)
4:22 PM: john@zedo[2].txt (ID = 3762)
4:22 PM: mary@2o7[2].txt (ID = 1957)
4:22 PM: mary@888[1].txt (ID = 2019)
4:22 PM: Found Spy Cookie: abcsearch cookie
4:22 PM: mary@abcsearch[1].txt (ID = 2033)
4:22 PM: mary@ad.yieldmanager[1].txt (ID = 3751)
4:22 PM: mary@adopt.hbmediapro[2].txt (ID = 2768)
4:22 PM: mary@adopt.specificclick[2].txt (ID = 3400)
4:22 PM: mary@ads.pointroll[2].txt (ID = 3148)
4:22 PM: mary@apmebf[2].txt (ID = 2229)
4:22 PM: mary@as-us.falkag[1].txt (ID = 2650)
4:22 PM: mary@ask[1].txt (ID = 2245)
4:22 PM: mary@atwola[1].txt (ID = 2255)
4:22 PM: mary@azjmp[2].txt (ID = 2270)
4:22 PM: mary@bizrate[2].txt (ID = 2308)
4:22 PM: mary@bluestreak[2].txt (ID = 2314)
4:22 PM: mary@burstnet[2].txt (ID = 2336)
4:22 PM: mary@casalemedia[2].txt (ID = 2354)
4:22 PM: mary@centrport[1].txt (ID = 2374)
4:22 PM: mary@ct.360i[1].txt (ID = 1962)
4:22 PM: mary@dealtime[1].txt (ID = 2505)
4:22 PM: mary@did-it[2].txt (ID = 2523)
4:22 PM: mary@edge.ru4[2].txt (ID = 3269)
4:22 PM: mary@fastclick[1].txt (ID = 2651)
4:22 PM: mary@games.zango[1].txt (ID = 3761)
4:22 PM: mary@gator[1].txt (ID = 2722)
4:22 PM: mary@ic-live[1].txt (ID = 2821)
4:22 PM: mary@metareward[2].txt (ID = 2990)
4:22 PM: mary@nextag[1].txt (ID = 5014)
4:22 PM: mary@overture[2].txt (ID = 3105)
4:22 PM: mary@perf.overture[1].txt (ID = 3106)
4:22 PM: mary@pro-market[2].txt (ID = 3197)
4:22 PM: mary@qksrv[2].txt (ID = 3213)
4:22 PM: Found Spy Cookie: qsrch cookie
4:22 PM: mary@qsrch[1].txt (ID = 3215)
4:22 PM: mary@questionmarket[1].txt (ID = 3217)
4:22 PM: mary@rc[1].txt (ID = 3231)
4:22 PM: mary@realmedia[2].txt (ID = 3235)
4:22 PM: mary@rn11[2].txt (ID = 3261)
4:22 PM: mary@sel.as-us.falkag[1].txt (ID = 2650)
4:22 PM: mary@server.iad.liveperson[1].txt (ID = 3341)
4:22 PM: mary@serving-sys[2].txt (ID = 3343)
4:22 PM: mary@shared.zango[1].txt (ID = 3761)
4:22 PM: mary@specificclick[1].txt (ID = 3399)
4:22 PM: mary@stat.dealtime[1].txt (ID = 2506)
4:22 PM: mary@statcounter[1].txt (ID = 3447)
4:22 PM: mary@tacoda[2].txt (ID = 6444)
4:22 PM: mary@toprebates[2].txt (ID = 3561)
4:22 PM: mary@trafficmp[2].txt (ID = 3581)
4:22 PM: mary@www.myaffiliateprogram[1].txt (ID = 3032)
4:22 PM: mary@www.shopathomeselect[2].txt (ID = 3368)
4:22 PM: mary@z1.adserver[1].txt (ID = 2142)
4:22 PM: mary@zedo[2].txt (ID = 3762)
4:22 PM: Cookie Sweep Complete, Elapsed Time: 00:00:29
4:22 PM: Starting File Sweep
4:23 PM: c:\program files\internet optimizer (7 subtraces) (ID = -2147480830)
4:23 PM: c:\documents and settings\jc\start menu\programs\toptext ilookup (6 subtraces) (ID = -2147481003)
4:23 PM: c:\program files\web_rebates (82 subtraces) (ID = -2147480050)
4:23 PM: c:\windows\system32\sahimages (12 subtraces) (ID = -2147480329)
4:23 PM: c:\program files\media access (4 subtraces) (ID = -2147480020)
4:23 PM: Found Adware: clearsearch
4:23 PM: c:\documents and settings\guest\local settings\temp\clrsch (ID = -2147481250)
4:23 PM: c:\program files\whenusearch (167 subtraces) (ID = -2147480375)
4:23 PM: c:\documents and settings\john\start menu\programs\whenusearch (1 subtraces) (ID = -2147480382)
4:23 PM: c:\program files\common files\whenu (1 subtraces) (ID = -2147480379)
4:23 PM: c:\documents and settings\marisa\application data\browser pal (2 subtraces) (ID = -2147481311)
4:23 PM: c:\documents and settings\john\application data\browser pal (2 subtraces) (ID = -2147481311)
4:23 PM: c:\program files\browser pal (ID = -2147481304)
4:23 PM: c:\documents and settings\jc\application data\browser pal (2 subtraces) (ID = -2147481311)
4:23 PM: c:\documents and settings\jc\start menu\programs\browser pal (1 subtraces) (ID = -2147481309)
4:23 PM: c:\documents and settings\all users\start menu\programs\browser pal (2 subtraces) (ID = -2147481306)
4:23 PM: Found Adware: flashtrack
4:23 PM: c:\program files\flt (2 subtraces) (ID = -2147480973)
4:23 PM: c:\documents and settings\jc\local settings\temp\clrsch (2 subtraces) (ID = -2147481250)
4:23 PM: c:\program files\winfixer 2005 (1 subtraces) (ID = -2147476702)
4:23 PM: c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
4:23 PM: c:\documents and settings\jc\local settings\temp\bdecache (11 subtraces) (ID = -2147481342)
4:23 PM: Found Adware: gain - common components
4:23 PM: c:\documents and settings\mary\local settings\temp\fsg_tmp (2 subtraces) (ID = -2147480935)
4:23 PM: c:\documents and settings\marisa\local settings\temp\clrsch (2 subtraces) (ID = -2147481250)
4:23 PM: c:\program files\zango (7 subtraces) (ID = -2147479981)
4:23 PM: c:\program files\se (6 subtraces) (ID = -2147480358)
4:23 PM: c:\program files\search toolbar (1 subtraces) (ID = -2147480348)
4:23 PM: c:\program files\common files\btlink (ID = -2147480047)
4:23 PM: c:\documents and settings\marisa\local settings\temp\fsg_tmp (2 subtraces) (ID = -2147480935)
4:23 PM: c:\program files\downloadware (1 subtraces) (ID = -2147481082)
4:23 PM: Found Trojan Horse: 2nd-thought
4:23 PM: c:\program files\common files\slmss (1 subtraces) (ID = -2147481537)
4:23 PM: c:\documents and settings\guest\application data\browser pal (1 subtraces) (ID = -2147481311)
4:23 PM: c:\windows\system32\fleok (2 subtraces) (ID = -2147480556)
4:23 PM: c:\program files\sidefind\update (1 subtraces) (ID = -2147474314)
4:23 PM: c:\documents and settings\john\start menu\programs\power scan (1 subtraces) (ID = -2147480462)
4:23 PM: c:\program files\power scan (2 subtraces) (ID = -2147480461)
4:23 PM: c:\program files\common files\cmeii (28 subtraces) (ID = -2147480946)
4:23 PM: c:\documents and settings\all users\start menu\programs\gain publishing (2 subtraces) (ID = -2147480950)
4:23 PM: c:\program files\common files\gmt (1903 subtraces) (ID = -2147480945)
4:23 PM: c:\documents and settings\all users\start menu\programs\delfin media viewer (3 subtraces) (ID = -2147481130)
4:23 PM: c:\program files\delfin (ID = -2147481128)
4:23 PM: Found Adware: bullguard popup ad
4:23 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
4:23 PM: c:\program files\support software (2 subtraces) (ID = -2147480532)
4:23 PM: c:\program files\medialoads (234 subtraces) (ID = -2147481081)
4:23 PM: c:\program files\sidefind (5 subtraces) (ID = -2147480325)
4:23 PM: c:\program files\istsvc (1 subtraces) (ID = -2147480800)
4:23 PM: c:\program files\surfaccuracy (4 subtraces) (ID = -2147478266)
4:23 PM: c:\program files\yoursitebar (5 subtraces) (ID = -2147479984)
4:23 PM: c:\program files\scbar (4 subtraces) (ID = -2147480369)
4:23 PM: c:\program files\recommended hotfix - 421701d (1 subtraces) (ID = -2147480533)
4:23 PM: Found Adware: directrevenue-abetterinternet
4:23 PM: belt.cab (ID = 83152)
4:24 PM: Found Adware: ezsearchbar
4:24 PM: sentry.exe (ID = 64284)
4:24 PM: uninst.exe (ID = 125362)
4:24 PM: polmx3.cab (ID = 81857)
4:24 PM: desktop toolbar (ID = 63344)
4:25 PM: scroller.swf (ID = 53090)
4:26 PM: celebpreview.wmv (ID = 53030)
4:26 PM: extpreview.wmv (ID = 53042)
4:26 PM: toptextilookup.htm (ID = 60652)
4:26 PM: newresults.html (ID = 161460)
4:26 PM: notyet.html (ID = 129805)
4:26 PM: randreco.exe (ID = 83451)
4:26 PM: preinsmt.exe (ID = 81863)
4:26 PM: a0146057.exe (ID = 70475)
4:27 PM: mxtarget.dll (ID = 81841)
4:27 PM: t230r9e2.exe (ID = 75603)
4:27 PM: grvpreview.wmv (ID = 53061)
4:28 PM: Found Adware: altnet
4:28 PM: asmfiles.cab (ID = 49805)
4:29 PM: bi.dll (ID = 83176)
4:29 PM: disp1150.exe (ID = 112613)
4:29 PM: splash.html (ID = 129770)
4:29 PM: casinopreview.wmv (ID = 53029)
4:29 PM: gator.log (ID = 61386)
4:29 PM: bi9.inf (ID = 83186)
4:29 PM: polmx3.exe (ID = 81858)
4:30 PM: Found Adware: cydoor peer-to-peer dependency
4:30 PM: cd_clint.dll (ID = 57300)
4:30 PM: preinsmt.exe (ID = 81863)
4:30 PM: polmx3.exe (ID = 81858)
4:30 PM: bi9.inf (ID = 83186)
4:30 PM: uninstall.exe (ID = 72675)
4:30 PM: mxtarget.cab (ID = 81833)
4:31 PM: polmx3.cab (ID = 81857)
4:31 PM: v.dat (ID = 75970)
4:32 PM: f1_2b_categories.html (ID = 53045)
4:32 PM: player.html (ID = 53078)
4:32 PM: playerslices.htm (ID = 53080)
4:32 PM: u7zj0ssx.exe (ID = 221040)
4:32 PM: polmx3.cab (ID = 81857)
4:33 PM: notify.exe (ID = 53077)
4:33 PM: wupdt.exe (ID = 63397)
4:34 PM: a0157149.exe (ID = 188685)
4:34 PM: vg.dat (ID = 57301)
4:34 PM: saccu.exe (ID = 180136)
4:35 PM: Found Adware: wild media - statblaster
4:35 PM: bi.ini (ID = 77091)
4:35 PM: polmx2.exe (ID = 81899)
4:36 PM: loading.html (ID = 129799)
4:36 PM: randreco.exe (ID = 83451)
4:36 PM: bikpreview.wmv (ID = 53028)
4:37 PM: gatorstubsetup.exe (ID = 61412)
4:37 PM: message.html (ID = 129801)
4:37 PM: bi.cab (ID = 83169)
4:37 PM: sidefind.exe (ID = 154905)
4:37 PM: webrebates[1].exe (ID = 83956)
4:38 PM: guninstaller.exe (ID = 61468)
4:39 PM: egieengine.dll (ID = 61343)
4:39 PM: salm.exe (ID = 70618)
4:40 PM: randreco.exe (ID = 83451)
4:40 PM: install.exe (ID = 71033)
4:40 PM: __unin__.exe (ID = 49795)
4:40 PM: downloader_mind_silent.exe (ID = 123021)
4:41 PM: Found Trojan Horse: trojan-downloader-curgsi
4:41 PM: jkill.exe (ID = 80310)
4:42 PM: Found Adware: ignkeys
4:42 PM: rsp001.dll.dat (ID = 63475)
4:42 PM: clrschp012.dll (ID = 52564)
4:42 PM: Found Adware: virtualbouncer
4:42 PM: bo2806040128.exe (ID = 82783)
4:42 PM: dwcg2.exe (ID = 59299)
4:42 PM: wupdt.exe (ID = 63400)
4:42 PM: setup_incred_7.exe (ID = 116392)
4:43 PM: fillin.wav (ID = 61352)
4:44 PM: main.html (ID = 53069)
4:44 PM: lycos sidesearch.lnk (ID = 76058)
4:44 PM: zango.lnk (ID = 91109)
4:44 PM: power scan.lnk (ID = 72676)
4:44 PM: df_kmd.sys (ID = 134888)
4:44 PM: Found Adware: euniverse
4:44 PM: cards.ico (ID = 60207)
4:44 PM: salm_gdf.dat (ID = 93789)
4:44 PM: lycos sidesearch.lnk (ID = 76058)
4:44 PM: info.txt (ID = 90430)
4:44 PM: ocyejh.exe (ID = 64496)
4:44 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || AY5Ql0Ah9 (ID = 0)
4:44 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || AY5Ql0Ah$vùõš/‚²‘ÆC:\Program Files\ISTsvc\istsvc.exe (ID = 0)
4:44 PM: istsvc.exe (ID = 64665)
4:44 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || IST Service (ID = 0)
4:44 PM: medialoads.lnk (ID = 59302)
4:44 PM: about gain publishing.lnk (ID = 61270)
4:44 PM: zango.lnk (ID = 91109)
4:44 PM: zango.lnk (ID = 91109)
4:44 PM: mediaacck.exe (ID = 90411)
4:44 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Media Access (ID = 0)
4:44 PM: npzango.dll (ID = 126045)
4:44 PM: zango.lnk (ID = 91109)
4:44 PM: clipgenie.lnk (ID = 53040)
4:44 PM: zango.lnk (ID = 91109)
4:44 PM: zango.lnk (ID = 91109)
4:44 PM: powerscan.exe (ID = 72678)
4:44 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Power Scan (ID = 0)
4:45 PM: zango.lnk (ID = 91109)
4:45 PM: mediaaccess.exe (ID = 90397)
4:45 PM: salmhook.dll (ID = 70439)
4:45 PM: install.exe (ID = 64033)
4:45 PM: nem220.dll (ID = 64043)
4:45 PM: optimize.exe (ID = 64074)
4:45 PM: hv264o7a.dll (ID = 75611)
4:45 PM: mediaaccc.dll (ID = 90379)
4:45 PM: nqtyd.exe (ID = 70547)
4:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || nqtyd (ID = 0)
4:45 PM: webrebates0.exe (ID = 112614)
4:45 PM: 7j6l3mst.exe (ID = 75722)
4:45 PM: ysb.dll (ID = 161559)
4:45 PM: sacc.exe (ID = 207157)
4:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0)
4:45 PM: zango.exe (ID = 91106)
4:45 PM: sfbho.dll (ID = 157821)
4:45 PM: salm.exe (ID = 70431)
4:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || salm (ID = 0)
4:45 PM: HKU\WRSS_Profile_S-1-5-21-3841560537-3889084470-907175751-501\Software\Microsoft\Windows\CurrentVersion\Run || salm (ID = 0)
4:45 PM: sidefind.exe (ID = 154905)
4:45 PM: zangohook.dll (ID = 70439)
4:45 PM: 2u1b36aa.exe (ID = 75761)
4:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 2u1b36aa (ID = 0)
4:45 PM: wsem303.dll (ID = 64134)
4:45 PM: install.exe (ID = 64033)
4:45 PM: sidefind.dll (ID = 157822)
4:46 PM: mediaaccx.dll (ID = 90412)
4:46 PM: app.dat (ID = 74955)
4:46 PM: webrebates2.exe (ID = 112617)
4:46 PM: gatorres.dll (ID = 61405)
4:46 PM: edow.exe (ID = 84873)
4:46 PM: webrebates1.exe (ID = 112615)
4:46 PM: edowpack.exe (ID = 84876)
4:46 PM: djtopr1150.exe (ID = 83907)
4:46 PM: rogue.exe (ID = 83492)
4:47 PM: bulldownload.exe (ID = 52017)
4:47 PM: vvsninst.exe (ID = 74460)
4:47 PM: bi9.cab (ID = 83184)
4:47 PM: whse.exe (ID = 127175)
4:47 PM: search.exe (ID = 127174)
4:47 PM: search.dll (ID = 127173)
4:47 PM: se.exe (ID = 74960)
4:47 PM: webrebates2.dll (ID = 112616)
4:47 PM: zango.log (ID = 144928)
4:47 PM: scbar.exe (ID = 74694)
4:47 PM: Found Adware: webdir
4:47 PM: pxwma.dll (ID = 95143)
4:47 PM: salmau.dat (ID = 93788)
4:48 PM: winfixer2005scannersetup.exe (ID = 134858)
4:48 PM: ncasepackage.exe (ID = 70582)
4:48 PM: xvid-1[1].0.3-setup.exe (ID = 95144)
4:48 PM: setup.exe (ID = 134857)
4:49 PM: name_gender.ini (ID = 60351)
4:49 PM: msbb.exe (ID = 70556)
4:49 PM: ss2.dll (ID = 71046)
4:49 PM: biini.cab (ID = 83198)
4:49 PM: bi.ini (ID = 81893)
4:49 PM: extract.exe (ID = 63350)
4:49 PM: The Spy Communication shield has blocked access to: akapp.whenu.com
4:49 PM: The Spy Communication shield has blocked access to: akapp.whenu.com
4:49 PM: The Spy Communication shield has blocked access to: akapp.whenu.com
4:49 PM: The Spy Communication shield has blocked access to: akapp.whenu.com
4:51 PM: gmt.exe.manifest (ID = 61434)
4:51 PM: appmgrgui.zip (ID = 61281)
4:51 PM: msbb.exe_tobedeleted (ID = 91106)
4:51 PM: dw.exe_tobedeleted (ID = 59297)
4:51 PM: bm.dat (ID = 74957)
4:51 PM: psuninstall.exe (ID = 123023)
4:51 PM: hfixcfg (ID = 61483)
4:51 PM: se.dll (ID = 74958)
4:51 PM: biprep.exe (ID = 83207)
4:51 PM: msvprep.exe (ID = 125015)
4:51 PM: polmx2.exe (ID = 81899)
4:51 PM: giocl.dll (ID = 61431)
4:51 PM: polmx3.exe (ID = 81858)
4:51 PM: bi_reco.exe (ID = 83359)
4:51 PM: belt.exe (ID = 83525)
4:51 PM: cmeiiapi.dll (ID = 61293)
4:51 PM: gioclclient.dll (ID = 61432)
4:51 PM: gmtproxy.dll (ID = 61439)
4:51 PM: gdwldeng.dll (ID = 61425)
4:51 PM: egieprocess.dll (ID = 61344)
4:52 PM: bundle.exe (ID = 75686)
4:52 PM: bi.dll (ID = 83172)
4:52 PM: gappmgr.dll (ID = 61377)
4:52 PM: eggcengine.dll (ID = 61340)
4:52 PM: msview.dll (ID = 83386)
4:52 PM: egnsengine.dll (ID = 61346)
4:52 PM: wupdt.exe (ID = 63397)
4:52 PM: wupdt.exe (ID = 63397)
4:52 PM: bpcfg.xml (ID = 51903)
4:53 PM: biini.inf (ID = 83199)
4:53 PM: biini.inf (ID = 83199)
4:53 PM: belt.inf (ID = 83154)
4:53 PM: belt.ini (ID = 83156)
4:53 PM: content.js (ID = 53041)
4:53 PM: channelstyles.css (ID = 53037)
4:53 PM: channels.js (ID = 53036)
4:53 PM: guistyles.css (ID = 53037)
4:53 PM: launch.html (ID = 53068)
4:53 PM: f1_1.html (ID = 53043)
4:53 PM: f1_2a.html (ID = 53044)
4:53 PM: f1_3.html (ID = 53046)
4:53 PM: f2.html (ID = 53047)
4:53 PM: f3_1.html (ID = 53048)
4:53 PM: f3_2a_player.html (ID = 53049)
4:53 PM: f3_2b.html (ID = 53050)
4:53 PM: f3_3.html (ID = 53051)
4:53 PM: f3_4a_files.html (ID = 53052)
4:53 PM: f3_4b.html (ID = 53053)
4:53 PM: f3_5.html (ID = 53054)
4:53 PM: playerstyles.css (ID = 53037)
4:53 PM: Found Adware: riviera gold casino
4:53 PM: riviera gold casino.url (ID = 73847)
4:53 PM: riviera gold casino.url (ID = 73847)
4:53 PM: riviera gold casino.url (ID = 73847)
4:54 PM: riviera gold casino.url (ID = 73847)
4:54 PM: ub.dat (ID = 50877)
4:54 PM: toptext button show - hide.lnk (ID = 60649)
4:54 PM: riviera gold casino.url (ID = 73847)
4:54 PM: cmediagnostics.log (ID = 61291)
4:54 PM: belt.inf (ID = 83154)
4:54 PM: zangoinstaller.inf (ID = 91121)
4:54 PM: polmx2.inf (ID = 83430)
4:54 PM: polmx2.inf (ID = 83430)
4:54 PM: polmx2.inf (ID = 83430)
4:54 PM: addr_var.ini (ID = 60329)
4:54 PM: city_var.ini (ID = 60333)
4:54 PM: bi.inf (ID = 83180)
4:54 PM: mindset1006.sah (ID = 75828)
4:54 PM: polmx3.inf (ID = 81859)
4:54 PM: name_var.ini (ID = 60352)
4:54 PM: bundle.inf (ID = 61287)
4:54 PM: sentry.inf (ID = 60358)
4:54 PM: phone_var.ini (ID = 60353)
4:54 PM: birth_var.ini (ID = 60332)
4:54 PM: states.ini (ID = 60360)
4:54 PM: zip_var.ini (ID = 60362)
4:54 PM: sentry.inf (ID = 60358)
4:54 PM: my keywords.lnk (ID = 60599)
4:54 PM: my preferences.lnk (ID = 60601)
4:54 PM: polmx3.inf (ID = 81859)
4:54 PM: mxtarget.inf (ID = 81843)
4:54 PM: polmx3.inf (ID = 81859)
4:54 PM: ui.cfg (ID = 161463)
4:54 PM: q0tasjbqbgaaaleq-tobgnpj.gdt2 (ID = 61574)
4:54 PM: gain publishing web site.url (ID = 61372)
4:54 PM: mepcme.dat (ID = 61517)
4:54 PM: gatorsupportinfo.txt (ID = 61414)
4:54 PM: lbbho.ini (ID = 73732)
4:54 PM: bundle.inf (ID = 61287)
4:54 PM: Warning: Unhandled Archive Type
4:54 PM: Warning: Invalid Stream
4:54 PM: Warning: Unhandled Archive Type
5:07 PM: Warning: Unhandled Archive Type
5:07 PM: Warning: Invalid Stream
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: power scan.lnk (ID = 72678)
5:08 PM: toolbar.lnk (ID = 127175)
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: whenusearch desktop toolbar.lnk (ID = 127175)
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: zango.lnk (ID = 91106)
5:08 PM: File Sweep Complete, Elapsed Time: 00:45:45
5:08 PM: Full Sweep has completed. Elapsed time 00:50:31
5:08 PM: Traces Found: 10667
5:23 PM: Removal process initiated
5:24 PM: Quarantining All Traces: 180search assistant/zango
5:25 PM: 180search assistant/zango is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: zango.lnk is in use. It will be removed on reboot.
5:25 PM: Quarantining All Traces: 2nd-thought
5:25 PM: Quarantining All Traces: clearsearch
5:25 PM: Quarantining All Traces: directrevenue-abetterinternet
5:25 PM: Quarantining All Traces: ist istbar
5:25 PM: ist istbar is in use. It will be removed on reboot.
5:25 PM: ocyejh.exe is in use. It will be removed on reboot.
5:25 PM: istsvc.exe is in use. It will be removed on reboot.
5:25 PM: Quarantining All Traces: websearch toolbar
5:25 PM: Quarantining All Traces: commonname
5:25 PM: Quarantining All Traces: delfin
5:25 PM: Quarantining All Traces: internetoptimizer
5:25 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\software\avenue media\internet optimizer\": Insufficient system resources exist to complete the requested service
5:25 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\software\avenue media\": Insufficient system resources exist to complete the requested service
5:25 PM: Failed to quarantine internetoptimizer
5:25 PM: c:\program files\internet optimizer is in use. It will be removed on reboot.
5:25 PM: Failed to quarantine HKLM: software\avenue media\
5:25 PM: Failed to quarantine HKLM: software\avenue media\internet optimizer\
5:25 PM: Quarantining All Traces: mindset interactive - favoriteman
5:25 PM: Quarantining All Traces: scbar
5:25 PM: Quarantining All Traces: searchexe
5:25 PM: Quarantining All Traces: sidesearch
5:25 PM: Quarantining All Traces: trojan-downloader-curgsi
5:25 PM: Quarantining All Traces: winad
5:25 PM: winad is in use. It will be removed on reboot.
5:25 PM: mediaacck.exe is in use. It will be removed on reboot.
5:25 PM: mediaaccess.exe is in use. It will be removed on reboot.
5:25 PM: mediaaccc.dll is in use. It will be removed on reboot.
5:25 PM: Quarantining All Traces: altnet
5:25 PM: Quarantining All Traces: attempted bho
5:25 PM: Quarantining All Traces: brilliant digital
5:26 PM: Quarantining All Traces: browseraid
5:26 PM: Quarantining All Traces: bullguard popup ad
5:26 PM: Quarantining All Traces: clipgenie
5:27 PM: Quarantining All Traces: cydoor
5:27 PM: Quarantining All Traces: euniverse
5:27 PM: Quarantining All Traces: exact cashback/bargain buddy
5:27 PM: Quarantining All Traces: exact searchbar
5:27 PM: Quarantining All Traces: ezsearchbar
5:27 PM: Quarantining All Traces: ezula ilookup
5:27 PM: Quarantining All Traces: flashtrack
5:27 PM: Quarantining All Traces: great net downloadware
5:27 PM: Quarantining All Traces: ieplugin hijacker
5:27 PM: Quarantining All Traces: ieplugin
5:27 PM: Quarantining All Traces: ignkeys
5:27 PM: Quarantining All Traces: ist powerscan
5:27 PM: ist powerscan is in use. It will be removed on reboot.
5:27 PM: power scan.lnk is in use. It will be removed on reboot.
5:27 PM: Quarantining All Traces: ist sidefind
5:27 PM: ist sidefind is in use. It will be removed on reboot.
5:27 PM: c:\program files\sidefind is in use. It will be removed on reboot.
5:27 PM: sfbho.dll is in use. It will be removed on reboot.
5:27 PM: C:\Program Files\SideFind\sfbho.dll is in use. It will be removed on reboot.
5:27 PM: Quarantining All Traces: ist software
5:27 PM: Quarantining All Traces: ist surf accuracy
5:27 PM: ist surf accuracy is in use. It will be removed on reboot.
5:27 PM: sacc.exe is in use. It will be removed on reboot.
5:27 PM: Quarantining All Traces: ist yoursitebar
5:27 PM: ist yoursitebar is in use. It will be removed on reboot.
5:27 PM: ysb.dll is in use. It will be removed on reboot.
5:27 PM: Quarantining All Traces: keenvalue/perfectnav
5:27 PM: Quarantining All Traces: limeshop
5:27 PM: Quarantining All Traces: moneytree
5:27 PM: Quarantining All Traces: netpal
5:27 PM: Quarantining All Traces: networkessentials
5:27 PM: Quarantining All Traces: pstopper
5:27 PM: Quarantining All Traces: relatedlinks bho
5:27 PM: Quarantining All Traces: riviera gold casino
5:27 PM: Quarantining All Traces: search-exe hijacker
5:27 PM: Quarantining All Traces: searchtoolbar
5:27 PM: Quarantining All Traces: shopathomeselect
5:27 PM: shopathomeselect is in use. It will be removed on reboot.
5:27 PM: 2u1b36aa.exe is in use. It will be removed on reboot.
5:27 PM: Quarantining All Traces: trustyhoundtoolbar hijack
5:27 PM: Quarantining All Traces: twain-tech
5:27 PM: Quarantining All Traces: virtualbouncer
5:27 PM: Quarantining All Traces: webdir
5:28 PM: Quarantining All Traces: webrebates
5:28 PM: Quarantining All Traces: wild media - statblaster
5:28 PM: Quarantining All Traces: 180solutions cookie
5:28 PM: Quarantining All Traces: 203.199.200 cookie
5:28 PM: Quarantining All Traces: 216.221.138 cookie
5:28 PM: Quarantining All Traces: 247realmedia cookie
5:28 PM: Quarantining All Traces: 276 cookie
5:28 PM: Quarantining All Traces: 2o7.net cookie
5:28 PM: Quarantining All Traces: 3 cookie
5:28 PM: Quarantining All Traces: 360i cookie
5:28 PM: Quarantining All Traces: 7search cookie
5:28 PM: Quarantining All Traces: 888 cookie
5:28 PM: Quarantining All Traces: abcsearch cookie
5:28 PM: Quarantining All Traces: abetterinternet cookie
5:28 PM: Quarantining All Traces: about cookie
5:28 PM: Quarantining All Traces: adbureau cookie
5:28 PM: Quarantining All Traces: addynamix cookie
5:28 PM: Quarantining All Traces: ad-flow cookie
5:28 PM: Quarantining All Traces: adknowledge cookie
5:28 PM: Quarantining All Traces: adlegend cookie
5:28 PM: Quarantining All Traces: ad-logics cookie
5:28 PM: Quarantining All Traces: adminder cookie
5:28 PM: Quarantining All Traces: adorigin cookie
5:28 PM: Quarantining All Traces: adprofile cookie
5:28 PM: Quarantining All Traces: adrevolver cookie
5:28 PM: Quarantining All Traces: ad-rotator cookie
5:28 PM: Quarantining All Traces: ads.adsag cookie
5:28 PM: Quarantining All Traces: ads.businessweek cookie
5:28 PM: Quarantining All Traces: adscpm cookie
5:28 PM: Quarantining All Traces: adserver cookie
5:28 PM: Quarantining All Traces: adultfriendfinder cookie
5:28 PM: Quarantining All Traces: adultrevenueservice cookie
5:28 PM: Quarantining All Traces: advertising cookie
5:28 PM: Quarantining All Traces: adviva cookie
5:28 PM: Quarantining All Traces: ajrotator cookie
5:28 PM: Quarantining All Traces: alt cookie
5:28 PM: Quarantining All Traces: apmebf cookie
5:28 PM: Quarantining All Traces: ask cookie
5:28 PM: Quarantining All Traces: atlas dmt cookie
5:28 PM: Quarantining All Traces: atwola cookie
5:28 PM: Quarantining All Traces: azjmp cookie
5:28 PM: Quarantining All Traces: bannerspace cookie
5:28 PM: Quarantining All Traces: belnk cookie
5:28 PM: Quarantining All Traces: bilbo.counted.com cookie
5:28 PM: Quarantining All Traces: bizrate cookie
5:28 PM: Quarantining All Traces: bluestreak cookie
5:28 PM: Quarantining All Traces: bravenet cookie
5:28 PM: Quarantining All Traces: bs.serving-sys cookie
5:28 PM: Quarantining All Traces: burstbeacon cookie
5:28 PM: Quarantining All Traces: burstnet cookie
5:28 PM: Quarantining All Traces: callwave cookie
5:28 PM: Quarantining All Traces: cardomain cookie
5:28 PM: Quarantining All Traces: carsbelowinvoice cookie
5:28 PM: Quarantining All Traces: casalemedia cookie
5:28 PM: Quarantining All Traces: cashpartner cookie
5:28 PM: Quarantining All Traces: casinoonnet cookie
5:28 PM: Quarantining All Traces: centralmedia cookie
5:28 PM: Quarantining All Traces: centrport net cookie
5:28 PM: Quarantining All Traces: clickagents cookie
5:28 PM: Quarantining All Traces: clickbank cookie
5:28 PM: Quarantining All Traces: clickzs cookie
5:28 PM: Quarantining All Traces: cliks cookie
5:28 PM: Quarantining All Traces: commission junction cookie
5:28 PM: Quarantining All Traces: commonname cookie
5:28 PM: Quarantining All Traces: coolwebsearch cookie
5:28 PM: Quarantining All Traces: coremetrics cookie
5:28 PM: Quarantining All Traces: cydoor cookie
5:28 PM: Quarantining All Traces: dbbsrv cookie
5:28 PM: Quarantining All Traces: dealtime cookie
5:28 PM: Quarantining All Traces: desktop kazaa cookie
5:28 PM: Quarantining All Traces: did-it cookie
5:28 PM: Quarantining All Traces: directtrack cookie
5:28 PM: Quarantining All Traces: domainsponsor cookie
5:28 PM: Quarantining All Traces: eadexchange cookie
5:28 PM: Quarantining All Traces: enhance cookie
5:28 PM: Quarantining All Traces: eroticy cookie
5:28 PM: Quarantining All Traces: euniverseads cookie
5:28 PM: Quarantining All Traces: exitexchange cookie
5:28 PM: Quarantining All Traces: exitfuel cookie
5:28 PM: Quarantining All Traces: expage cookie
5:28 PM: Quarantining All Traces: eyeblaster cookie
5:28 PM: Quarantining All Traces: falkag cookie
5:28 PM: Quarantining All Traces: fastclick cookie
5:28 PM: Quarantining All Traces: findwhat cookie
5:28 PM: Quarantining All Traces: fortunecity cookie
5:28 PM: Quarantining All Traces: gain - common components
5:29 PM: Quarantining All Traces: gator cookie
5:29 PM: Quarantining All Traces: go.com cookie
5:29 PM: Quarantining All Traces: go2net.com cookie
5:29 PM: Quarantining All Traces: goclick cookie
5:29 PM: Quarantining All Traces: gorillanation cookie
5:29 PM: Quarantining All Traces: gotoast cookie
5:29 PM: Quarantining All Traces: hbmediapro cookie
5:29 PM: Quarantining All Traces: hitslink cookie
5:29 PM: Quarantining All Traces: hotbar cookie
5:29 PM: Quarantining All Traces: hotmatch cookie
5:29 PM: Quarantining All Traces: humanclick cookie
5:29 PM: Quarantining All Traces: ic-live cookie
5:29 PM: Quarantining All Traces: incredifind cookie
5:29 PM: Quarantining All Traces: internetfuel cookie
5:29 PM: Quarantining All Traces: kount cookie
5:29 PM: Quarantining All Traces: l2m.net cookie
5:29 PM: Quarantining All Traces: linksponsor cookie
5:29 PM: Quarantining All Traces: linksynergy cookie
5:29 PM: Quarantining All Traces: maxserving cookie
5:29 PM: Quarantining All Traces: mediaplex cookie
5:29 PM: Quarantining All Traces: metareward.com cookie
5:29 PM: Quarantining All Traces: mp3downloading cookie
5:29 PM: Quarantining All Traces: myaffiliateprogram.com cookie
5:29 PM: Quarantining All Traces: myfunstart cookie
5:29 PM: Quarantining All Traces: mywebsearch cookie
5:29 PM: Quarantining All Traces: netratingsselect cookie
5:29 PM: Quarantining All Traces: netshelter.adtrix cookie
5:29 PM: Quarantining All Traces: netster cookie
5:29 PM: Quarantining All Traces: nextag cookie
5:29 PM: Quarantining All Traces: offeroptimizer cookie
5:29 PM: Quarantining All Traces: okcounter.com cookie
5:29 PM: Quarantining All Traces: onestat.com cookie
5:29 PM: Quarantining All Traces: overture cookie
5:29 PM: Quarantining All Traces: partypoker cookie
5:29 PM: Quarantining All Traces: passion cookie
5:29 PM: Quarantining All Traces: paypopup cookie
5:29 PM: Quarantining All Traces: pcstats.com cookie
5:29 PM: Quarantining All Traces: peel network cookie
5:29 PM: Quarantining All Traces: pointroll cookie
5:29 PM: Quarantining All Traces: pokerroom cookie
5:29 PM: Quarantining All Traces: popupsponsor cookie
5:29 PM: Quarantining All Traces: pricegrabber cookie
5:29 PM: Quarantining All Traces: pro-market cookie
5:29 PM: Quarantining All Traces: qksrv cookie
5:29 PM: Quarantining All Traces: qsrch cookie
5:29 PM: Quarantining All Traces: questionmarket cookie
5:29 PM: Quarantining All Traces: rc cookie
5:29 PM: Quarantining All Traces: realmedia cookie
5:29 PM: Quarantining All Traces: realtracker cookie
5:29 PM: Quarantining All Traces: redzip cookie
5:29 PM: Quarantining All Traces: reliablestats cookie
5:29 PM: Quarantining All Traces: revenue.net cookie
5:29 PM: Quarantining All Traces: rightmedia cookie
5:29 PM: Quarantining All Traces: rn11 cookie
5:29 PM: Quarantining All Traces: rp cookie
5:29 PM: Quarantining All Traces: ru4 cookie
5:29 PM: Quarantining All Traces: sandboxer cookie
5:29 PM: Quarantining All Traces: screensavers.com cookie
5:29 PM: Quarantining All Traces: searchadnetwork cookie
5:29 PM: Quarantining All Traces: servedby advertising cookie
5:29 PM: Quarantining All Traces: servedby valuead cookie
5:29 PM: Quarantining All Traces: server.iad.liveperson cookie
5:29 PM: Quarantining All Traces: serving-sys cookie
5:29 PM: Quarantining All Traces: servlet cookie
5:29 PM: Quarantining All Traces: sexsearch cookie
5:29 PM: Quarantining All Traces: sextracker cookie
5:29 PM: Quarantining All Traces: shop@home cookie
5:29 PM: Quarantining All Traces: sidefind cookie
5:29 PM: Quarantining All Traces: smni cookie
5:29 PM: Quarantining All Traces: specificclick.com cookie
5:29 PM: Quarantining All Traces: specificpop cookie
5:29 PM: Quarantining All Traces: spinbox cookie
5:29 PM: Quarantining All Traces: spylog cookie
5:29 PM: Quarantining All Traces: st.sageanalyst cookie
5:29 PM: Quarantining All Traces: starware.com cookie
5:29 PM: Quarantining All Traces: statcounter cookie
5:29 PM: Quarantining All Traces: stats.klsoft.com cookie
5:29 PM: Quarantining All Traces: tacoda cookie
5:29 PM: Quarantining All Traces: targetnet cookie
5:29 PM: Quarantining All Traces: thunderdownloads cookie
5:29 PM: Quarantining All Traces: tickle cookie
5:29 PM: Quarantining All Traces: tmpad cookie
5:29 PM: Quarantining All Traces: toprebates.com cookie
5:29 PM: Quarantining All Traces: touchclarity cookie
5:29 PM: Quarantining All Traces: tradedoubler cookie
5:29 PM: Quarantining All Traces: trafficmp cookie
5:29 PM: Quarantining All Traces: trb.com cookie
5:29 PM: Quarantining All Traces: tribalfusion cookie
5:29 PM: Quarantining All Traces: tripod cookie
5:29 PM: Quarantining All Traces: ugo cookie
5:29 PM: Quarantining All Traces: upspiral cookie
5:29 PM: Quarantining All Traces: valuead cookie
5:29 PM: Quarantining All Traces: webpower cookie
5:29 PM: Quarantining All Traces: websponsors cookie
5:29 PM: Quarantining All Traces: web-stat cookie
5:29 PM: Quarantining All Traces: webtrendslive cookie
5:29 PM: Quarantining All Traces: wegcash cookie
5:29 PM: Quarantining All Traces: whenu savenow
5:29 PM: Quarantining All Traces: whenu searchbar/pricebandit
5:29 PM: whenu searchbar/pricebandit is in use. It will be removed on reboot.
5:29 PM: c:\program files\whenusearch is in use. It will be removed on reboot.
5:29 PM: search.exe is in use. It will be removed on reboot.
5:29 PM: search.dll is in use. It will be removed on reboot.
5:29 PM: C:\Program Files\WhenUSearch\search.dll is in use. It will be removed on reboot.
5:29 PM: C:\Program Files\WhenUSearch\Search.exe is in use. It will be removed on reboot.
5:29 PM: Quarantining All Traces: whenu
5:29 PM: whenu is in use. It will be removed on reboot.
5:29 PM: ui.cfg is in use. It will be removed on reboot.
5:29 PM: Quarantining All Traces: winantispyware 2005
5:30 PM: Quarantining All Traces: x10 cookie
5:30 PM: Quarantining All Traces: xiti cookie
5:30 PM: Quarantining All Traces: xmatch cookie
5:30 PM: Quarantining All Traces: xuppa cookie
5:30 PM: Quarantining All Traces: xzoomy cookie
5:30 PM: Quarantining All Traces: yadro cookie
5:30 PM: Quarantining All Traces: yieldmanager cookie
5:30 PM: Quarantining All Traces: zango cookie
5:30 PM: Quarantining All Traces: zedo cookie
5:32 PM: Removal process completed. Elapsed time 00:08:16
********
4:15 PM: | Start of Session, Sunday, January 29, 2006 |
4:15 PM: Spy Sweeper started
4:17 PM: Your spyware definitions have been updated.
4:18 PM: | End of Session, Sunday, January 29, 2006 |

#5 Langley

Langley
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 30 January 2006 - 03:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:09:46 PM, on 1/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Wkgji\Gcaveuc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: - {23CAF3BA-6247-40DB-BCD0-A674CA697876} - C:\WINDOWS\lbbho.dll
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Jabqzebp] C:\Program Files\Wkgji\Gcaveuc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122502430\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Control] elephant.pif
O4 - HKLM\..\Run: [Macromedia Flash Update] carcrash.pif
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Control] elephant.pif
O4 - HKLM\..\RunServices: [Macromedia Flash Update] carcrash.pif
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E5} (ShowSetupObj5 Class) - http://reged.mshow.com/(w0lnwim5pmyvncion4.../ShowSetup5.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094433254921
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://qa.download.pw.aol.com/molbin/share...,18/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.15.44/ttinst.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - http://webcafe.wharton.upenn.edu/eRoomSetup/client.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 30 January 2006 - 03:32 PM

DownLoad http://www.cexx.org/lspfix.htm

Add remove programs – remove newdotnet – Viewpoint (All occurrences)

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
===============
DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"
========================


Fix these with HJT – mark them, close IE, click fix checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: - {23CAF3BA-6247-40DB-BCD0-A674CA697876} - C:\WINDOWS\lbbho.dll

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_14.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Jabqzebp] C:\Program Files\Wkgji\Gcaveuc.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u

O4 - HKLM\..\Run: [Microsoft Control] elephant.pif

O4 - HKLM\..\Run: [Macromedia Flash Update] carcrash.pif

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup –s

O4 - HKLM\..\RunServices: [Microsoft Control] elephant.pif

O4 - HKLM\..\RunServices: [Macromedia Flash Update] carcrash.pif

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Viewpoint
C:\Program Files\newdotnet
C:\WINDOWS\lbbho.dll
C:\Program Files\Wkgji

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users