Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Believe I Have A Homesearch Issue Computer Is Very Very Slow


  • Please log in to reply
5 replies to this topic

#1 Malbec1970

Malbec1970

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 02 February 2006 - 10:11 PM

Attached is a copy of my log. I appreciate your help with determining which files to delete.
Malbec1970

Logfile of HijackThis v1.99.1
Scan saved at 10:04:42 PM, on 2/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\atlnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\D-Link AirPlus\WLANMON.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\WINDOWS\mfcbg.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\One-VA VPN Client\cvpnd.exe
C:\Program Files\Gradient\DCE\bin\dce_service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gradient\DCE\bin\dce_update.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\C. White\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dxjzs.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {14270854-4CF0-6A54-913B-18AFF6D56803} - C:\WINDOWS\ipan32.dll
O2 - BHO: Class - {1E89B7E4-116B-E570-EF01-82F82929A7FD} - C:\WINDOWS\netfe32.dll
O2 - BHO: Class - {1F3C3714-CA96-D3D9-77F0-375ADE521DFA} - C:\WINDOWS\system32\sysft32.dll
O2 - BHO: Class - {1F69CF17-3EAB-08BE-CCFD-9FA5E95AD64E} - C:\WINDOWS\system32\ierd.dll
O2 - BHO: Class - {2BEB5930-7738-6D7C-0175-118F5147FE64} - C:\WINDOWS\crxq.dll
O2 - BHO: Class - {483B85DB-02AA-2855-E2A4-EF02FD55CE65} - C:\WINDOWS\adddd32.dll
O2 - BHO: Class - {4A8C9786-D77A-4624-0ADF-C59062041C88} - C:\WINDOWS\system32\ipix32.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Class - {66E0BB58-5F1A-3C89-6233-F802B7FF6A3B} - C:\WINDOWS\apiox.dll
O2 - BHO: Class - {6BD90C2C-3431-483D-5094-D4D3F010E705} - C:\WINDOWS\system32\d3zi.dll
O2 - BHO: Class - {722E5D99-3739-E117-AA77-5AF0213C5DD6} - C:\WINDOWS\system32\crfd.dll
O2 - BHO: Class - {75F5430C-E345-B100-0404-9A0E1421E0A7} - C:\WINDOWS\ntox32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {7E44E0B2-B513-3E88-F759-F9CD02FD285D} - C:\WINDOWS\mswh32.dll
O2 - BHO: Class - {9330FA17-207B-8C8A-8A1A-7D04ECCE10CC} - C:\WINDOWS\system32\ieft32.dll
O2 - BHO: Class - {93BFB8F2-03A3-99FE-9334-80CF27AC5B53} - C:\WINDOWS\addux32.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {BDCDCF86-0104-CBA7-ED84-5A0E99292AC5} - C:\WINDOWS\ipqw.dll
O2 - BHO: Class - {DD267839-0DE2-86A4-CE58-D6A6A0E7D917} - C:\WINDOWS\system32\sdkqo32.dll
O2 - BHO: Class - {E0C6D820-8362-D0D4-A3D2-7D77A7FCA0D9} - C:\WINDOWS\crcw.dll
O2 - BHO: Class - {E9D3F449-2A68-9E5B-A74C-6838A73086D0} - C:\WINDOWS\addsv.dll
O2 - BHO: Class - {FCDEB34A-1990-EB7A-10FE-C6D6D4B0064B} - C:\WINDOWS\d3ep.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atlnt.exe] C:\WINDOWS\atlnt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: D-Link AirPlus DWL-650+ Utility.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: One-VA VPN Client.lnk = C:\Program Files\One-VA VPN Client\vpngui.exe
O4 - Global Startup: RealSecure® Desktop Protector.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - https://ssl.projectinvision.com/Invision/cabs/mcsimenu.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} (ComponentOne FlexGrid 7.1 (OLEDB)) - https://ssl.projectinvision.com/Invision/cabs/Vsflex7.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\mfcbg.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\One-VA VPN Client\cvpnd.exe
O23 - Service: PC-DCE32 for Windows NT (Gradient DCE) - Entegrity Solutions Corporation - C:\Program Files\Gradient\DCE\bin\dce_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 06 February 2006 - 02:48 PM

DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"
=========================
http://forums.techguy.org/attachment.php?attachmentid=45240
Double-click the cwsserviceremove.reg file you downloaded at the beginning.
Answer Yes when prompted to add the contents to the registry.
=================
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Malbec1970

Malbec1970
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 06 February 2006 - 09:42 PM

Here's the log from the Webroot Spy Sweeper session. I'm still experiencing random pop-ups for searches on similar words the window is labeled UP-Search, as well as a Windows Security Center warning every 5 minutes....is there anything else I can do?
********
8:37 PM: | Start of Session, Monday, February 06, 2006 |
8:37 PM: Spy Sweeper started
8:37 PM: Sweep initiated using definitions version 611
8:37 PM: Starting Memory Sweep
8:38 PM: The Spy Communication shield has blocked access to: www.trackhits.cc
8:38 PM: The Spy Communication shield has blocked access to: www.trackhits.cc
8:39 PM: Found Adware: cws_ns3
8:39 PM: Detected running threat: C:\WINDOWS\javacv.exe (ID = 8)
8:39 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || javacv.exe (ID = 0)
8:39 PM: Detected running threat: C:\WINDOWS\mfcbg.exe (ID = 8)
8:41 PM: Memory Sweep Complete, Elapsed Time: 00:04:20
8:41 PM: Starting Registry Sweep
8:42 PM: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 117744)
8:42 PM: HKCR\clsid\{2cb60d9d-ba37-058c-7ea3-a52155f01235}\ (2 subtraces) (ID = 117754)
8:42 PM: HKCR\clsid\{5af0b5af-80e5-5f00-7457-4ff9847707d9}\ (2 subtraces) (ID = 117875)
8:42 PM: HKCR\clsid\{6a493714-8012-621e-a09e-cd80ff52fb1f}\ (2 subtraces) (ID = 117921)
8:42 PM: HKCR\clsid\{62b52b4d-547b-bfc7-9850-79709fdecf27}\ (2 subtraces) (ID = 118222)
8:42 PM: HKCR\clsid\{7658c68e-7ed4-8476-ac96-729091012307}\ (2 subtraces) (ID = 118530)
8:42 PM: HKCR\clsid\{77845652-d4fe-d2ad-12fa-f27b477d9b31}\ (2 subtraces) (ID = 118722)
8:42 PM: HKCR\clsid\{af6bcc5c-38b1-5871-226c-ac6482380057}\ (2 subtraces) (ID = 118830)
8:42 PM: HKCR\clsid\{af197e67-53b8-6c01-4733-3e7c25ba3a3b}\ (2 subtraces) (ID = 118833)
8:42 PM: HKCR\clsid\{bca18f7d-4cab-d300-286e-432722ffb0fb}\ (2 subtraces) (ID = 118913)
8:42 PM: HKCR\clsid\{cc6a9dff-521f-7dd3-e624-b30c0b9ff83a}\ (2 subtraces) (ID = 119047)
8:42 PM: HKCR\clsid\{cd01143e-9b70-cb99-c455-87936a69efa2}\ (2 subtraces) (ID = 119057)
8:42 PM: HKCR\clsid\{d063e7a9-f6b2-80f8-44b2-f8210fdedf67}\ (2 subtraces) (ID = 119085)
8:42 PM: HKCR\clsid\{e24280f1-5872-dd80-6349-14510dfcb851}\ (2 subtraces) (ID = 119267)
8:42 PM: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (2 subtraces) (ID = 119620)
8:42 PM: HKLM\software\classes\clsid\{2cb60d9d-ba37-058c-7ea3-a52155f01235}\ (2 subtraces) (ID = 119630)
8:42 PM: HKLM\software\classes\clsid\{5af0b5af-80e5-5f00-7457-4ff9847707d9}\ (2 subtraces) (ID = 119748)
8:42 PM: HKLM\software\classes\clsid\{6a493714-8012-621e-a09e-cd80ff52fb1f}\ (2 subtraces) (ID = 119795)
8:42 PM: HKLM\software\classes\clsid\{62b52b4d-547b-bfc7-9850-79709fdecf27}\ (2 subtraces) (ID = 120079)
8:42 PM: HKLM\software\classes\clsid\{7658c68e-7ed4-8476-ac96-729091012307}\ (2 subtraces) (ID = 120377)
8:42 PM: HKLM\software\classes\clsid\{77845652-d4fe-d2ad-12fa-f27b477d9b31}\ (2 subtraces) (ID = 120564)
8:42 PM: HKLM\software\classes\clsid\{af6bcc5c-38b1-5871-226c-ac6482380057}\ (2 subtraces) (ID = 120669)
8:42 PM: HKLM\software\classes\clsid\{af197e67-53b8-6c01-4733-3e7c25ba3a3b}\ (2 subtraces) (ID = 120672)
8:42 PM: HKLM\software\classes\clsid\{bca18f7d-4cab-d300-286e-432722ffb0fb}\ (2 subtraces) (ID = 120750)
8:42 PM: HKLM\software\classes\clsid\{cc6a9dff-521f-7dd3-e624-b30c0b9ff83a}\ (2 subtraces) (ID = 120884)
8:42 PM: HKLM\software\classes\clsid\{cd01143e-9b70-cb99-c455-87936a69efa2}\ (2 subtraces) (ID = 120894)
8:42 PM: HKLM\software\classes\clsid\{d063e7a9-f6b2-80f8-44b2-f8210fdedf67}\ (2 subtraces) (ID = 120921)
8:42 PM: HKLM\software\classes\clsid\{e24280f1-5872-dd80-6349-14510dfcb851}\ (2 subtraces) (ID = 121099)
8:42 PM: Found Adware: cws_ns3 hijacker
8:42 PM: HKLM\software\microsoft\internet explorer\main\ || default_search_url (ID = 123394)
8:42 PM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 123395)
8:42 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 123396)
8:42 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 123399)
8:42 PM: Found Adware: cws_tiny0
8:42 PM: HKCR\clsid\{821c8bb3-c516-bee5-c6a4-ecf0d92bf426}\ (2 subtraces) (ID = 123924)
8:42 PM: HKCR\clsid\{f2903213-c2d0-b852-f56d-8b10d6c8c121}\ (2 subtraces) (ID = 124037)
8:42 PM: HKLM\software\classes\clsid\{821c8bb3-c516-bee5-c6a4-ecf0d92bf426}\ (2 subtraces) (ID = 124154)
8:42 PM: HKLM\software\classes\clsid\{f2903213-c2d0-b852-f56d-8b10d6c8c121}\ (2 subtraces) (ID = 124264)
8:42 PM: Found Adware: daily toolbar
8:42 PM: HKLM\software\dailytoolbar\ (10 subtraces) (ID = 124601)
8:42 PM: Found Adware: instant access
8:42 PM: HKLM\software\classes\typelib\{964d03a3-ba70-4b82-9376-b7583d917215}\ (9 subtraces) (ID = 128781)
8:42 PM: HKCR\typelib\{964d03a3-ba70-4b82-9376-b7583d917215}\ (9 subtraces) (ID = 128849)
8:42 PM: Found Adware: locators toolbar
8:42 PM: HKCR\clsid\{e720b458-b65a-438c-9ff3-b1df65d7db3f}\ (10 subtraces) (ID = 129786)
8:42 PM: HKLM\software\classes\clsid\{e720b458-b65a-438c-9ff3-b1df65d7db3f}\ (10 subtraces) (ID = 129795)
8:42 PM: HKU\S-1-5-21-367136867-3514865771-2897293267-1007\software\microsoft\internet explorer\main\ || search bar (ID = 123390)
8:42 PM: HKU\S-1-5-21-367136867-3514865771-2897293267-1007\software\microsoft\internet explorer\main\ || search page (ID = 123391)
8:42 PM: HKU\S-1-5-21-367136867-3514865771-2897293267-1007\software\microsoft\internet explorer\search\ || searchassistant (ID = 123398)
8:42 PM: Registry Sweep Complete, Elapsed Time:00:00:41
8:42 PM: Starting Cookie Sweep
8:42 PM: Found Spy Cookie: 2o7.net cookie
8:42 PM: c. white@2o7[1].txt (ID = 1957)
8:42 PM: Found Spy Cookie: pointroll cookie
8:42 PM: c. white@ads.pointroll[2].txt (ID = 3148)
8:42 PM: Found Spy Cookie: adtech cookie
8:42 PM: c. white@adtech[2].txt (ID = 2155)
8:42 PM: Found Spy Cookie: apmebf cookie
8:42 PM: c. white@apmebf[2].txt (ID = 2229)
8:42 PM: Found Spy Cookie: atwola cookie
8:42 PM: c. white@atwola[1].txt (ID = 2255)
8:42 PM: Found Spy Cookie: overture cookie
8:42 PM: c. white@data4.perf.overture[1].txt (ID = 3106)
8:42 PM: c. white@microsoftwga.112.2o7[2].txt (ID = 1958)
8:42 PM: c. white@perf.overture[1].txt (ID = 3106)
8:42 PM: Found Spy Cookie: qksrv cookie
8:42 PM: c. white@qksrv[2].txt (ID = 3213)
8:42 PM: Found Spy Cookie: questionmarket cookie
8:42 PM: c. white@questionmarket[1].txt (ID = 3217)
8:42 PM: Found Spy Cookie: statcounter cookie
8:42 PM: c. white@statcounter[1].txt (ID = 3447)
8:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
8:42 PM: Starting File Sweep
8:42 PM: Found Adware: winhound
8:42 PM: c:\documents and settings\c. white\application data\winhound.com (11 subtraces) (ID = -2147462035)
8:42 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc68b5de0-c255-407e-8bfc-1a7257ca9dab.tmp". The process cannot access the file because it is being used by another process
8:42 PM: d3ii.exe (ID = 200)
8:42 PM: addog.exe (ID = 200)
8:42 PM: applo32.exe (ID = 200)
8:42 PM: sdkuc32.exe (ID = 200)
8:42 PM: appfd32.exe (ID = 200)
8:42 PM: atlng.exe (ID = 200)
8:42 PM: ierj.exe (ID = 200)
8:43 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs442d1b90-7839-4a67-9641-2b337bd3fe8a.tmp". The process cannot access the file because it is being used by another process
8:43 PM: a0020659.ini:wnbisw (ID = 204)
8:43 PM: addcp32.exe (ID = 200)
8:43 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs06617f53-665b-4b76-9d01-c460fe121e19.tmp". The process cannot access the file because it is being used by another process
8:43 PM: addjz.exe (ID = 200)
8:43 PM: addlx32.exe (ID = 200)
8:43 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd00f9b50-82a3-44f6-8447-11eb4043e98c.tmp". The process cannot access the file because it is being used by another process
8:43 PM: sdkxb32.exe (ID = 200)
8:43 PM: a0020547.ini:muijwn (ID = 204)
8:43 PM: crpf.exe (ID = 200)
8:43 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf63e6491-29c1-48a9-9078-d014cc9ca051.tmp". The process cannot access the file because it is being used by another process
8:43 PM: addlz32.exe (ID = 200)
8:43 PM: Found Adware: pesttrap fakealert
8:43 PM: ntnc.exe (ID = 238425)
8:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd01425f4-dc8d-4356-bed9-32fa77802621.tmp". The process cannot access the file because it is being used by another process
8:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs30b8c269-ddbe-4644-821f-ef7d069d18de.tmp". The process cannot access the file because it is being used by another process
8:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7475fee7-a831-453a-b99f-15b4fe54ac85.tmp". The process cannot access the file because it is being used by another process
8:44 PM: d3lu32.exe (ID = 200)
8:44 PM: a0020548.ini:fvboqx (ID = 200)
8:44 PM: atlce32.exe (ID = 200)
8:44 PM: a0020738.ini:pomwuh (ID = 200)
8:44 PM: a0020549.ini:wrwmkr (ID = 204)
8:44 PM: Found Adware: coolwebsearch (cws)
8:44 PM: qlmcz.dll (ID = 216849)
8:44 PM: netsa.exe (ID = 200)
8:44 PM: a0020679.ini:ofctwr (ID = 216849)
8:44 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{63048c30-6a18-46bb-8219-53bbf6132dd5}.bin". The process cannot access the file because it is being used by another process
8:44 PM: a0020737.ini:wnbisw (ID = 204)
8:44 PM: sdklu.exe (ID = 200)
8:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38d86b11-d783-484b-b715-b3db6fb699d9.tmp". The process cannot access the file because it is being used by another process
8:44 PM: javabd32.exe (ID = 200)
8:44 PM: Found Adware: security iguard
8:44 PM: chmhelp.chm (ID = 75238)
8:44 PM: addtp.exe (ID = 200)
8:44 PM: a0020739.ini:muijwn (ID = 204)
8:44 PM: a0020601.ini:wnbisw (ID = 204)
8:44 PM: a0020540.exe:wraiyt (ID = 216849)
8:44 PM: a0020772.ini:wnbisw (ID = 204)
8:44 PM: a0020602.ini:pomwuh (ID = 200)
8:44 PM: netez.exe (ID = 200)
8:44 PM: crei.exe (ID = 200)
8:45 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs06a20f11-4a30-450e-ad80-a34283c3fb09.tmp". The process cannot access the file because it is being used by another process
8:45 PM: d3tb.exe (ID = 200)
8:45 PM: a0020828.exe:wraiyt (ID = 216849)
8:45 PM: a0020741.ini:wrwmkr (ID = 204)
8:45 PM: d3wr.exe (ID = 200)
8:45 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs388b0d0b-e650-4117-a931-b5398b572a4a.tmp". The process cannot access the file because it is being used by another process
8:45 PM: a0020524.exe:wraiyt (ID = 216849)
8:45 PM: a0020524.exe:qhmudw (ID = 204)
8:45 PM: a0020861.ini:ofctwr (ID = 216849)
8:45 PM: javaee.exe (ID = 200)
8:45 PM: a0020896.exe (ID = 200)
8:46 PM: a0020740.ini:fvboqx (ID = 200)
8:46 PM: appsc.exe (ID = 200)
8:46 PM: apilw.exe (ID = 200)
8:46 PM: a0020603.ini:muijwn (ID = 204)
8:46 PM: jbtmt.dll (ID = 216849)
8:46 PM: a0020874.exe:wraiyt (ID = 216849)
8:46 PM: apijm.exe (ID = 200)
8:46 PM: a0020881.ini:ofctwr (ID = 216849)
8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs05068c70-b647-4693-8666-d65186da053c.tmp". The process cannot access the file because it is being used by another process
8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44cacaec-60eb-4ead-a379-68f97e34fc3a.tmp". The process cannot access the file because it is being used by another process
8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc935ade0-0564-4085-8743-df438c74f547.tmp". The process cannot access the file because it is being used by another process
8:46 PM: javaum.exe (ID = 200)
8:46 PM: a0020605.ini:wrwmkr (ID = 204)
8:46 PM: a0020997.dll (ID = 216849)
8:46 PM: ipvq.exe (ID = 200)
8:46 PM: msya32.exe (ID = 200)
8:46 PM: netit32.exe (ID = 200)
8:46 PM: ntch32.exe (ID = 200)
8:46 PM: wintm.exe (ID = 200)
8:46 PM: winaq32.exe (ID = 200)
8:46 PM: apixt32.exe (ID = 200)
8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0b65c889-8a8e-42e2-93c9-3a93eda3bdb7.tmp". The process cannot access the file because it is being used by another process
8:46 PM: yumxd.dll (ID = 216849)
8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4feb37c1-cd82-4bdf-a0c8-a160b35638a7.tmp". The process cannot access the file because it is being used by another process
8:47 PM: a0020632.exe:wraiyt (ID = 216849)
8:47 PM: a0020558.exe:wraiyt (ID = 216849)
8:47 PM: ipjd32.exe (ID = 200)
8:47 PM: a0020577.ini:ofctwr (ID = 216849)
8:48 PM: atlxs32.exe (ID = 200)
8:48 PM: mslr.exe (ID = 200)
8:48 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs21c9ab19-bcdc-4032-95f6-92126e26593d.tmp". The process cannot access the file because it is being used by another process
8:48 PM: tmlpcert2005 (ID = 63918)
8:48 PM: netdp.exe (ID = 200)
8:48 PM: eg_auth_mut01.dll (ID = 63832)
8:48 PM: addfi.exe (ID = 200)
8:48 PM: a0020742.ini:ztrbbo (ID = 200)
8:48 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs78b42606-91f7-46ee-97b3-6bf37a1b4791.tmp". The process cannot access the file because it is being used by another process
8:48 PM: a0020558.exe:qhmudw (ID = 204)
8:48 PM: d3lc32.exe (ID = 204)
8:48 PM: a0020633.ini:wnbisw (ID = 204)
8:48 PM: a0020635.ini:muijwn (ID = 204)
8:48 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf760f0e0-c890-4d5c-8bc4-29bd62c03f58.tmp". The process cannot access the file because it is being used by another process
8:48 PM: a0020748.ini:vygtku (ID = 204)
8:48 PM: a0020524.exe:wnbgwm (ID = 204)
8:48 PM: a0020968.ini:wnbisw (ID = 204)
8:48 PM: a0020632.exe:wnbgwm (ID = 204)
8:48 PM: crjo.exe (ID = 204)
8:48 PM: a0020638.ini:wrwmkr (ID = 204)
8:48 PM: a0020828.exe:wnbgwm (ID = 204)
8:48 PM: creq32.exe (ID = 204)
8:48 PM: atlwl.exe (ID = 204)
8:48 PM: a0020874.exe:wnbgwm (ID = 204)
8:48 PM: a0020841.ini:wnbisw (ID = 204)
8:48 PM: a0020843.ini:muijwn (ID = 204)
8:48 PM: a0020846.ini:wrwmkr (ID = 204)
8:48 PM: a0020970.ini:muijwn (ID = 204)
8:48 PM: atlmy.exe (ID = 200)
8:49 PM: iefx.exe (ID = 200)
8:49 PM: a0020661.ini:muijwn (ID = 204)
8:49 PM: a0020972.ini:wrwmkr (ID = 204)
8:49 PM: ntph32.exe (ID = 204)
8:49 PM: a0020550.ini:ztrbbo (ID = 200)
8:49 PM: a0020854.ini:vygtku (ID = 204)
8:49 PM: a0020558.exe:wnbgwm (ID = 204)
8:49 PM: crwa32.exe (ID = 200)
8:49 PM: Found Adware: spysheriff fakealert
8:49 PM: 4b.tmp (ID = 244)
8:49 PM: a0020859.ini:pjkxpw (ID = 204)
8:49 PM: a0020734.ini:markax (ID = 204)
8:49 PM: a0020559.ini:muijwn (ID = 204)
8:49 PM: winck.exe (ID = 204)
8:49 PM: mfcpf.exe (ID = 204)
8:49 PM: a0020862.ini:markax (ID = 204)
8:49 PM: a0020634.ini:pomwuh (ID = 200)
8:49 PM: a0020882.dll (ID = 216849)
8:49 PM: appov.exe (ID = 204)
8:49 PM: a0020708.exe:wraiyt (ID = 216849)
8:49 PM: ipqr32.exe (ID = 200)
8:49 PM: a0020958.dll (ID = 216849)
8:49 PM: a0020959.dll (ID = 216849)
8:49 PM: netur.exe (ID = 200)
8:49 PM: a0020604.ini:fvboqx (ID = 200)
8:49 PM: apitg.exe (ID = 200)
8:50 PM: mfced.exe (ID = 200)
8:50 PM: ipqz32.exe (ID = 200)
8:50 PM: syszh32.exe (ID = 200)
8:50 PM: a0020612.ini:vygtku (ID = 204)
8:50 PM: winht.exe (ID = 200)
8:51 PM: apios.exe (ID = 200)
8:51 PM: netil.exe (ID = 200)
8:51 PM: winlq.exe (ID = 200)
8:51 PM: appec32.exe (ID = 200)
8:51 PM: a0020606.ini:ztrbbo (ID = 200)
8:51 PM: a0020561.ini:wrwmkr (ID = 204)
8:51 PM: atldb.exe (ID = 200)
8:51 PM: a0020612.ini:cgktww (ID = 200)
8:51 PM: a0020613.ini:yzjeho (ID = 200)
8:52 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8796eacf-3d28-4dba-bec0-50492672cf41.tmp". The process cannot access the file because it is being used by another process
8:52 PM: apidm.exe (ID = 200)
8:52 PM: atlwm.exe (ID = 200)
8:52 PM: javafs32.exe (ID = 200)
8:52 PM: ipvs.exe (ID = 204)
8:52 PM: a0020527.ini:muijwn (ID = 204)
8:52 PM: addkh32.exe (ID = 200)
8:52 PM: a0020655.ini:ofctwr (ID = 216849)
8:52 PM: mfcjm32.exe (ID = 200)
8:52 PM: mfczm.exe (ID = 200)
8:52 PM: javago.exe (ID = 200)
8:52 PM: ntid.exe (ID = 200)
8:52 PM: appui.exe (ID = 200)
8:52 PM: apiyc.exe (ID = 200)
8:52 PM: wingu.exe (ID = 200)
8:52 PM: msmy.exe (ID = 200)
8:52 PM: appgo32.exe (ID = 200)
8:52 PM: sdkna32.exe (ID = 200)
8:52 PM: javaod32.exe (ID = 200)
8:52 PM: a0020883.dll (ID = 216849)
8:53 PM: mfcvq.exe (ID = 200)
8:53 PM: iedy.exe (ID = 200)
8:53 PM: ipag.exe (ID = 200)
8:53 PM: mfchc.exe (ID = 200)
8:53 PM: ntmd32.exe (ID = 200)
8:53 PM: iptn32.exe (ID = 200)
8:53 PM: atltc32.exe (ID = 200)
8:53 PM: addkt32.exe (ID = 200)
8:53 PM: windb32.exe (ID = 200)
8:53 PM: netqy32.exe (ID = 200)
8:53 PM: apphe32.exe (ID = 200)
8:53 PM: addhd32.exe (ID = 200)
8:53 PM: addli.exe (ID = 200)
8:53 PM: msvf.exe (ID = 200)
8:53 PM: netmy32.exe (ID = 200)
8:53 PM: sdkcu.exe (ID = 200)
8:53 PM: netqa.exe (ID = 200)
8:53 PM: addqa32.exe (ID = 200)
8:53 PM: apiay32.exe (ID = 200)
8:53 PM: a0020884.dll (ID = 216849)
8:53 PM: a0020885.dll (ID = 216849)
8:53 PM: a0020886.dll (ID = 216849)
8:53 PM: a0020887.dll (ID = 216849)
8:53 PM: iekd32.exe (ID = 200)
8:53 PM: winnh32.exe (ID = 200)
8:54 PM: a0020888.dll (ID = 216849)
8:54 PM: a0020815.exe:wnbgwm (ID = 204)
8:54 PM: a0020889.dll (ID = 216849)
8:55 PM: a0020890.dll (ID = 216849)
8:55 PM: a0020891.dll (ID = 216849)
8:55 PM: d3qr32.exe (ID = 200)
8:55 PM: a0020892.dll (ID = 216849)
8:55 PM: a0020893.dll (ID = 216849)
8:55 PM: a0020773.ini:pomwuh (ID = 200)
8:55 PM: a0020960.dll (ID = 216849)
8:55 PM: a0020894.dll (ID = 216849)
8:55 PM: a0020895.dll (ID = 216849)
8:55 PM: a0020961.dll (ID = 216849)
8:55 PM: crun.exe (ID = 200)
8:55 PM: a0020962.dll (ID = 216849)
8:55 PM: a0020771.exe:wnbgwm (ID = 204)
8:55 PM: a0020619.ini:ijvckh (ID = 200)
8:55 PM: d3qq32.exe (ID = 200)
8:56 PM: mslm32.exe (ID = 200)
8:56 PM: atlkn32.exe (ID = 204)
8:56 PM: a0020860.ini:ijvckh (ID = 200)
8:56 PM: a0020560.ini:fvboqx (ID = 200)
8:56 PM: a0020733.ini:ofctwr (ID = 216849)
8:56 PM: a0020597.exe:wnbgwm (ID = 204)
8:56 PM: a0020540.exe:qhmudw (ID = 204)
8:56 PM: a0020529.ini:wrwmkr (ID = 204)
8:56 PM: a0020540.exe:wnbgwm (ID = 204)
8:56 PM: a0020708.exe:wnbgwm (ID = 204)
8:56 PM: a0021005.ini:wnbisw (ID = 204)
8:56 PM: winwm.exe (ID = 204)
8:56 PM: sdknl.exe (ID = 200)
8:56 PM: systj.exe (ID = 200)
8:56 PM: mfcby32.exe (ID = 200)
8:56 PM: ipck32.exe (ID = 200)
8:56 PM: apijw.exe (ID = 200)
8:56 PM: mfcub.exe (ID = 200)
8:57 PM: apisl32.exe (ID = 200)
8:57 PM: apiqr.exe (ID = 200)
8:57 PM: sysqh.exe (ID = 200)
8:57 PM: ntwh.exe (ID = 200)
8:57 PM: a0020775.ini:fvboqx (ID = 200)
8:57 PM: iedv.exe (ID = 200)
8:57 PM: apiou32.exe (ID = 200)
8:57 PM: iexh.exe (ID = 200)
8:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9edbd3c3-5f97-4858-81a2-32a2c1e4b96e.tmp". The process cannot access the file because it is being used by another process
8:57 PM: a0020748.ini:cgktww (ID = 200)
8:57 PM: msta.exe (ID = 200)
8:57 PM: sysxg32.exe (ID = 200)
8:57 PM: ipyc.exe (ID = 200)
8:57 PM: mfcqq.exe (ID = 200)
8:57 PM: ipda.exe (ID = 200)
8:57 PM: addxc.exe (ID = 200)
8:57 PM: apirw32.exe (ID = 200)
8:57 PM: d3fo.exe (ID = 204)
8:57 PM: a0020749.ini:yzjeho (ID = 200)
8:57 PM: a0020618.ini:pjkxpw (ID = 204)
8:57 PM: apijc32.exe (ID = 200)
8:57 PM: ietw.exe (ID = 200)
8:57 PM: nethx32.exe (ID = 200)
8:57 PM: atllu.exe (ID = 200)
8:57 PM: msdg32.exe (ID = 200)
8:57 PM: javaib.exe (ID = 200)
8:57 PM: a0020777.ini:ztrbbo (ID = 200)
8:57 PM: javavg32.exe (ID = 200)
8:57 PM: netlg.exe (ID = 200)
8:57 PM: netwd32.exe (ID = 200)
8:57 PM: crqj32.exe (ID = 200)
8:57 PM: javafm32.exe (ID = 200)
8:57 PM: a0020969.ini:pomwuh (ID = 200)
8:57 PM: crzs.exe (ID = 200)
8:57 PM: a0020785.ini:cgktww (ID = 200)
8:57 PM: a0020786.ini:yzjeho (ID = 200)
8:57 PM: wineg.exe (ID = 200)
8:57 PM: winet.exe (ID = 200)
8:57 PM: javadj32.exe (ID = 200)
8:57 PM: winyi32.exe (ID = 200)
8:57 PM: winux.exe (ID = 200)
8:57 PM: d3xr32.exe (ID = 200)
8:57 PM: mfcks.exe (ID = 200)
8:57 PM: apibr.exe (ID = 200)
8:57 PM: sysdk.exe (ID = 200)
8:57 PM: winus32.exe (ID = 200)
8:57 PM: atljc.exe (ID = 200)
8:57 PM: javabv32.exe (ID = 200)
8:57 PM: a0020791.ini:ijvckh (ID = 200)
8:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs680587ce-2d7f-42fb-a9c8-b1bd36d82aaf.tmp". The process cannot access the file because it is being used by another process
8:57 PM: sdksb.exe (ID = 200)
8:57 PM: ntuc.exe (ID = 200)
8:57 PM: a0020774.ini:muijwn (ID = 204)
8:57 PM: a0020790.ini:pjkxpw (ID = 204)
8:57 PM: a0020793.ini:markax (ID = 204)
8:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs31004fdc-9f51-4e67-b21c-b01a9b438d6f.tmp". The process cannot access the file because it is being used by another process
8:58 PM: iplt.exe (ID = 200)
8:58 PM: a0020657.exe:wraiyt (ID = 216849)
8:58 PM: a0020636.ini:fvboqx (ID = 200)
8:58 PM: addae32.exe (ID = 200)
8:58 PM: ipbv32.exe (ID = 200)
8:58 PM: sysiv32.exe (ID = 200)
8:58 PM: a0020648.ini:vygtku (ID = 204)
8:58 PM: a0020621.ini:markax (ID = 204)
8:58 PM: syseg32.exe (ID = 204)
8:58 PM: winji32.exe (ID = 200)
8:58 PM: a0020570.ini:vygtku (ID = 204)
8:58 PM: a0021007.ini:muijwn (ID = 204)
8:58 PM: Found Trojan Horse: trojan-backdoor-5sec
8:58 PM: 1.exe (ID = 209533)
8:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34d8c04a-ae6b-4078-b804-770dc0c07b90.tmp". The process cannot access the file because it is being used by another process
8:58 PM: Found Adware: troyanov hijacker
8:58 PM: clickse.exe (ID = 232966)
8:58 PM: ntww.exe (ID = 200)
8:58 PM: mfccj.exe (ID = 200)
8:58 PM: ipup32.exe (ID = 200)
8:58 PM: sdkzg.exe (ID = 200)
8:58 PM: appze.exe (ID = 200)
8:58 PM: winbb.exe (ID = 200)
8:58 PM: d3yl.exe (ID = 200)
8:58 PM: addfi32.exe (ID = 200)
8:58 PM: mfcyk32.exe (ID = 200)
8:58 PM: sysbh32.exe (ID = 200)
8:58 PM: d3bl.exe (ID = 200)
8:58 PM: winpp32.exe (ID = 200)
8:58 PM: addhz32.exe (ID = 200)
8:58 PM: ntyx32.exe (ID = 200)
8:58 PM: ntou.exe (ID = 200)
8:58 PM: iefm.exe (ID = 200)
8:58 PM: Found Trojan Horse: trojan-dropper-fogsearch
8:58 PM: pps.exe (ID = 225611)
8:58 PM: a0020597.exe:wraiyt (ID = 216849)
8:58 PM: mseq.exe (ID = 200)
8:58 PM: Found Adware: spysheriff
8:58 PM: sw.exe (ID = 242)
8:58 PM: ntzx.exe (ID = 200)
8:58 PM: msuw.exe (ID = 200)
8:59 PM: gkawl.dll (ID = 216849)
8:59 PM: fbbgk.dll (ID = 216849)
8:59 PM: atlfq32.exe (ID = 200)
9:01 PM: wingt32.exe (ID = 200)
9:01 PM: addot32.exe (ID = 200)
9:01 PM: apila.exe (ID = 200)
9:01 PM: sdkbx.exe (ID = 200)
9:01 PM: ntkr32.exe (ID = 200)
9:01 PM: mfcsk.exe (ID = 200)
9:01 PM: atlij32.exe (ID = 200)
9:01 PM: ielc.exe (ID = 200)
9:01 PM: winab32.exe (ID = 200)
9:01 PM: sdkxm.exe (ID = 204)
9:01 PM: a0020994.exe:wnbgwm (ID = 204)
9:01 PM: a0021009.ini:wrwmkr (ID = 204)
9:01 PM: crkt32.exe (ID = 204)
9:01 PM: a0020976.ini:vygtku (ID = 204)
9:01 PM: a0021051.ini:muijwn (ID = 204)
9:01 PM: a0020842.ini:pomwuh (ID = 200)
9:01 PM: crri.exe (ID = 200)
9:01 PM: a0020913.exe:wnbgwm (ID = 204)
9:01 PM: a0021018.ini:pjkxpw (ID = 204)
9:02 PM: atlbx.exe (ID = 200)
9:02 PM: sysfl.exe (ID = 200)
9:02 PM: mfcen32.exe (ID = 200)
9:02 PM: d3kr.exe (ID = 200)
9:02 PM: syszr32.exe (ID = 200)
9:02 PM: atlfm.exe (ID = 200)
9:02 PM: mfcrj.exe (ID = 200)
9:02 PM: apprn.exe (ID = 200)
9:02 PM: a0020660.ini:pomwuh (ID = 200)
9:02 PM: msma32.exe (ID = 200)
9:02 PM: a0020844.ini:fvboqx (ID = 200)
9:02 PM: winnt.exe (ID = 200)
9:02 PM: winim.exe (ID = 200)
9:02 PM: criv.exe (ID = 200)
9:02 PM: mfcdc32.exe (ID = 200)
9:02 PM: sysnu.exe (ID = 200)
9:02 PM: addug.exe (ID = 200)
9:02 PM: ipui.exe (ID = 200)
9:02 PM: a0020847.ini:ztrbbo (ID = 200)
9:02 PM: sysnh32.exe (ID = 200)
9:02 PM: javacv.exe (ID = 200)
9:02 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || javacv.exe (ID = 0)
9:02 PM: a0021042.exe:poumzo (ID = 200)
9:02 PM: atlvo32.exe (ID = 200)
9:02 PM: addnh.exe (ID = 200)
9:02 PM: mfcri.exe (ID = 200)
9:02 PM: atlfr.exe (ID = 200)
9:02 PM: a0020662.ini:fvboqx (ID = 200)
9:02 PM: iewg32.exe (ID = 200)
9:02 PM: a0020665.ini:ztrbbo (ID = 200)
9:02 PM: netdq.exe (ID = 200)
9:02 PM: a0020854.ini:cgktww (ID = 200)
9:02 PM: a0020855.ini:yzjeho (ID = 200)
9:02 PM: appjv32.exe (ID = 200)
9:02 PM: sdkse32.exe (ID = 200)
9:02 PM: addsz.exe (ID = 200)
9:02 PM: a0020917.ini:pomwuh (ID = 200)
9:02 PM: ntfv.exe (ID = 200)
9:02 PM: a0020639.ini:ztrbbo (ID = 200)
9:02 PM: a0020819.exe:wnbgwm (ID = 204)
9:02 PM: a0021006.ini:pomwuh (ID = 200)
9:02 PM: a0020919.ini:fvboqx (ID = 200)
9:02 PM: atlbv32.exe (ID = 200)
9:02 PM: a0020921.ini:ztrbbo (ID = 200)
9:02 PM: sysav32.exe (ID = 200)
9:02 PM: d3st32.exe (ID = 200)
9:02 PM: winrb.exe (ID = 200)
9:02 PM: iewm32.exe (ID = 200)
9:02 PM: ntck32.exe (ID = 200)
9:02 PM: addwg.exe (ID = 200)
9:02 PM: ieyr32.exe (ID = 200)
9:02 PM: javarv.exe (ID = 200)
9:02 PM: iejf.exe (ID = 200)
9:02 PM: msoi.exe (ID = 200)
9:02 PM: ipqs32.exe (ID = 200)
9:02 PM: d3qk32.exe (ID = 200)
9:02 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9419d5bc-fb42-49fc-ab93-e4df66de3758.tmp". The process cannot access the file because it is being used by another process
9:02 PM: iekf32.exe (ID = 200)
9:02 PM: winhy32.exe (ID = 200)
9:03 PM: javard.exe (ID = 200)
9:03 PM: a0020916.ini:wnbisw (ID = 204)
9:03 PM: a0021053.ini:pjkxpw (ID = 204)
9:03 PM: a0020931.ini:pjkxpw (ID = 204)
9:03 PM: sysok.exe (ID = 200)
9:03 PM: mfcad32.exe (ID = 200)
9:03 PM: crlq32.exe (ID = 200)
9:03 PM: a0020713.ini:wnbisw (ID = 204)
9:03 PM: a0020715.ini:muijwn (ID = 204)
9:03 PM: mssc32.exe (ID = 200)
9:03 PM: a0020562.ini:ztrbbo (ID = 200)
9:03 PM: apiyy32.exe (ID = 200)
9:03 PM: sdkqa32.exe (ID = 204)
9:03 PM: a0020918.ini:muijwn (ID = 204)
9:03 PM: a0020933.ini:markax (ID = 204)
9:03 PM: atlbv.exe (ID = 200)
9:03 PM: javamc32.exe (ID = 200)
9:03 PM: msne32.exe (ID = 200)
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsee74e603-d67d-40c4-9d71-3da9b4506805.tmp". The process cannot access the file because it is being used by another process
9:04 PM: mfcbg.exe (ID = 204)
9:04 PM: a0021036.exe (ID = 200)
9:04 PM: msmz.exe (ID = 204)
9:04 PM: syson32.exe (ID = 200)
9:04 PM: a0020819.exe:wraiyt (ID = 216849)
9:04 PM: iewk.exe (ID = 200)
9:04 PM: mfcly.exe (ID = 200)
9:04 PM: ipww.exe (ID = 200)
9:05 PM: ipba32.exe (ID = 200)
9:05 PM: apiei32.exe (ID = 200)
9:05 PM: mfczg32.exe (ID = 200)
9:05 PM: ipls.exe (ID = 200)
9:05 PM: crsa32.exe (ID = 200)
9:05 PM: ieif32.exe (ID = 200)
9:05 PM: msbk32.exe (ID = 200)
9:05 PM: ntoi32.exe (ID = 200)
9:05 PM: apidv32.exe (ID = 200)
9:05 PM: a0021008.ini:fvboqx (ID = 200)
9:05 PM: a0021015.ini:vygtku (ID = 204)
9:05 PM: a0020971.ini:fvboqx (ID = 200)
9:05 PM: applz.exe (ID = 200)
9:05 PM: a0021010.ini:ztrbbo (ID = 200)
9:05 PM: a0020528.ini:fvboqx (ID = 200)
9:05 PM: msjb32.exe (ID = 200)
9:05 PM: netns.exe (ID = 200)
9:05 PM: sdkjs.exe (ID = 200)
9:05 PM: a0020776.ini:wrwmkr (ID = 204)
9:05 PM: netag.exe (ID = 200)
9:05 PM: sdklr.exe (ID = 200)
9:05 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs620635a2-8462-4cb7-9d9c-fcddef53664c.tmp". The process cannot access the file because it is being used by another process
9:05 PM: a0020530.ini:ztrbbo (ID = 200)
9:05 PM: sdkrx32.exe (ID = 200)
9:05 PM: appwa.exe (ID = 200)
9:05 PM: ipyj32.exe (ID = 200)
9:05 PM: addvj32.exe (ID = 200)
9:05 PM: ntka.exe (ID = 200)
9:05 PM: sdkbs32.exe (ID = 200)
9:05 PM: atlsg32.exe (ID = 200)
9:05 PM: iphx.exe (ID = 200)
9:05 PM: apirl.exe (ID = 200)
9:05 PM: appwh32.exe (ID = 200)
9:05 PM: mfcrl.exe (ID = 200)
9:05 PM: p2esocks_1032.dll (ID = 63832)
9:05 PM: a0020785.ini:vygtku (ID = 204)
9:05 PM: ipxf.exe (ID = 200)
9:05 PM: sdkjw.exe (ID = 200)
9:05 PM: a0020754.ini:pjkxpw (ID = 204)
9:05 PM: a0020664.ini:wrwmkr (ID = 204)
9:06 PM: d3ix.exe (ID = 200)
9:06 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd4c62e6-3efa-43bc-9ed7-cf7641af0766.tmp". The process cannot access the file because it is being used by another process
9:06 PM: crst.exe (ID = 200)
9:06 PM: crer32.exe (ID = 200)
9:06 PM: syswv32.exe (ID = 200)
9:06 PM: a0020973.ini:ztrbbo (ID = 200)
9:06 PM: javarx32.exe (ID = 200)
9:06 PM: addwr.exe (ID = 200)
9:06 PM: d3qk.exe (ID = 200)
9:06 PM: a0020714.ini:pomwuh (ID = 200)
9:06 PM: a0020570.ini:cgktww (ID = 200)
9:06 PM: mfcvh32.exe (ID = 200)
9:06 PM: atltc.exe (ID = 200)
9:06 PM: javagi32.exe (ID = 200)
9:06 PM: a0020657.exe:wnbgwm (ID = 204)
9:07 PM: iegv32.exe (ID = 200)
9:07 PM: a0020976.ini:cgktww (ID = 200)
9:07 PM: atlts.exe (ID = 204)
9:07 PM: a0020718.ini:wrwmkr (ID = 204)
9:07 PM: atltx32.exe (ID = 200)
9:07 PM: addex32.exe (ID = 200)
9:07 PM: a0020925.ini:cgktww (ID = 200)
9:07 PM: a0020926.ini:yzjeho (ID = 200)
9:07 PM: ntdt.exe (ID = 200)
9:07 PM: a0020648.ini:cgktww (ID = 200)
9:07 PM: a0020649.ini:yzjeho (ID = 200)
9:07 PM: a0021015.ini:cgktww (ID = 200)
9:07 PM: a0021016.ini:yzjeho (ID = 200)
9:07 PM: mssf.exe (ID = 200)
9:07 PM: a0020977.ini:yzjeho (ID = 200)
9:07 PM: a0020932.ini:ijvckh (ID = 200)
9:07 PM: appcd32.exe (ID = 200)
9:07 PM: a0020980.ini:pjkxpw (ID = 204)
9:07 PM: mshe.exe (ID = 200)
9:07 PM: mspy32.exe (ID = 200)
9:07 PM: iebt32.exe (ID = 200)
9:07 PM: a0020815.exe:wraiyt (ID = 216849)
9:07 PM: a0020571.ini:yzjeho (ID = 200)
9:07 PM: systp32.exe (ID = 200)
9:07 PM: a0020716.ini:fvboqx (ID = 200)
9:07 PM: mscy32.exe (ID = 200)
9:08 PM: a0020719.ini:ztrbbo (ID = 200)
9:08 PM: appin.exe (ID = 200)
9:08 PM: ipfj32.exe (ID = 200)
9:08 PM: a0020981.ini:ijvckh (ID = 200)
9:08 PM: javann32.exe (ID = 200)
9:08 PM: appau32.exe (ID = 200)
9:08 PM: apitq.exe (ID = 200)
9:08 PM: a0021019.ini:ijvckh (ID = 200)
9:08 PM: a0021052.ini:fvboqx (ID = 200)
9:08 PM: msec32.exe (ID = 200)
9:08 PM: ntjf.exe (ID = 200)
9:08 PM: d3sr.exe (ID = 200)
9:08 PM: ipfm.exe (ID = 200)
9:08 PM: netrr32.exe (ID = 200)
9:08 PM: addwt.exe (ID = 200)
9:08 PM: ntmu.exe (ID = 200)
9:08 PM: javamx.exe (ID = 200)
9:08 PM: winig32.exe (ID = 200)
9:08 PM: a0020755.ini:ijvckh (ID = 200)
9:08 PM: mssf32.exe (ID = 200)
9:08 PM: iptl32.exe (ID = 200)
9:08 PM: a0020654.ini:ijvckh (ID = 200)
9:08 PM: a0020672.ini:cgktww (ID = 200)
9:08 PM: a0020576.ini:ijvckh (ID = 200)
9:08 PM: addtd.exe (ID = 200)
9:08 PM: a0020756.ini:ofctwr (ID = 216849)
9:08 PM: a0020983.ini:markax (ID = 204)
9:08 PM: a0020575.ini:pjkxpw (ID = 204)
9:08 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs08e0f0d7-c98e-442b-848f-2c86a4b76759.tmp". The process cannot access the file because it is being used by another process
9:08 PM: a0020672.ini:vygtku (ID = 204)
9:08 PM: a0020673.ini:yzjeho (ID = 200)
9:08 PM: apizz32.exe (ID = 200)
9:08 PM: d3wg.exe (ID = 200)
9:08 PM: a0020726.ini:cgktww (ID = 200)
9:08 PM: a0020727.ini:yzjeho (ID = 200)
9:08 PM: sysfu32.exe (ID = 200)
9:08 PM: a0020678.ini:ijvckh (ID = 200)
9:08 PM: addca.exe (ID = 200)
9:08 PM: javatd.exe (ID = 200)
9:08 PM: d3sz.exe (ID = 200)
9:08 PM: ipxb.exe (ID = 200)
9:08 PM: crau32.exe (ID = 200)
9:08 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8670b207-9af1-484f-b8f9-6c7e98630b28.tmp". The process cannot access the file because it is being used by another process
9:08 PM: javamz32.exe (ID = 200)
9:08 PM: appdx32.exe (ID = 200)
9:08 PM: a0020771.exe:wraiyt (ID = 216849)
9:08 PM: sdkvr32.exe (ID = 200)
9:08 PM: a0020726.ini:vygtku (ID = 204)
9:08 PM: sysgw32.exe (ID = 200)
9:08 PM: a0020653.ini:pjkxpw (ID = 204)
9:08 PM: a0020757.ini:markax (ID = 204)
9:09 PM: a0020732.ini:ijvckh (ID = 200)
9:09 PM: a0020656.ini:markax (ID = 204)
9:09 PM: atlzl32.exe (ID = 200)
9:09 PM: lctappend.txt (ID = 65692)
9:09 PM: lupdtr.exe (ID = 65698)
9:09 PM: a0020677.ini:pjkxpw (ID = 204)
9:09 PM: sdkmb32.exe (ID = 200)
9:09 PM: a0020736.exe:wraiyt (ID = 216849)
9:09 PM: a0020620.ini:ofctwr (ID = 216849)
9:09 PM: a0020792.ini:ofctwr (ID = 216849)
9:10 PM: msmd.exe (ID = 200)
9:10 PM: ntke32.exe (ID = 200)
9:10 PM: a0020925.ini:vygtku (ID = 204)
9:10 PM: a0020578.ini:markax (ID = 204)
9:10 PM: a0020680.ini:markax (ID = 204)
9:10 PM: a0020731.ini:pjkxpw (ID = 204)
9:10 PM: ierh32.exe (ID = 200)
9:10 PM: sysxk32.exe (ID = 200)
9:10 PM: apifh.exe (ID = 200)
9:10 PM: iely32.exe (ID = 200)
9:10 PM: a0020736.exe:wnbgwm (ID = 204)
9:10 PM: sdkhc32.exe (ID = 204)
9:10 PM: a0020920.ini:wrwmkr (ID = 204)
9:10 PM: a0021020.ini:markax (ID = 204)
9:10 PM: addin32.exe (ID = 200)
9:10 PM: dc2.url (ID = 54373)
9:10 PM: dc4.url (ID = 54472)
9:10 PM: credit counseling.url (ID = 130668)
9:10 PM: insurance home.url (ID = 130676)
9:10 PM: mortgage life insurance.url (ID = 130681)
9:10 PM: help desk software.url (ID = 130675)
9:10 PM: ab scissor.url (ID = 130666)
9:10 PM: videos.url (ID = 130694)
9:10 PM: what is hydrocodone.url (ID = 130695)
9:10 PM: online gambling casino.url (ID = 130684)
9:10 PM: refinancing my mortgage.url (ID = 130691)
9:10 PM: debt credit card.url (ID = 130671)
9:10 PM: fha.url (ID = 130673)
9:10 PM: loan for debt consolidation.url (ID = 130677)
9:10 PM: health insurance.url (ID = 130674)
9:10 PM: personal loans online.url (ID = 130688)
9:10 PM: payroll advance.url (ID = 130687)
9:10 PM: marketing email.url (ID = 130679)
9:10 PM: prescription drugs rx online.url (ID = 130690)
9:10 PM: credit report.url (ID = 130669)
9:10 PM: tahoe vacation rental.url (ID = 130692)
9:10 PM: escorts.url (ID = 130672)
9:10 PM: order phentermine.url (ID = 130686)
9:10 PM: mortgage insurance.url (ID = 130680)
9:10 PM: personal loans with bad credit.url (ID = 130689)
9:10 PM: crm software.url (ID = 130670)
9:10 PM: nevada corporations.url (ID = 130682)
9:10 PM: unsecured bad credit loans.url (ID = 130693)
9:10 PM: loan for people with bad credit.url (ID = 130678)
9:10 PM: broadband comparison.url (ID = 130667)
9:10 PM: online betting site.url (ID = 130683)
9:10 PM: online instant loan.url (ID = 130685)
9:10 PM: search the web.url (ID = 54454)
9:10 PM: only sex website.url (ID = 54373)
9:10 PM: seven days of free porn.url (ID = 54472)
9:10 PM: credit counseling.url (ID = 130668)
9:10 PM: insurance home.url (ID = 130676)
9:10 PM: mortgage life insurance.url (ID = 130681)
9:10 PM: help desk software.url (ID = 130675)
9:10 PM: ab scissor.url (ID = 130666)
9:10 PM: videos.url (ID = 130694)
9:10 PM: what is hydrocodone.url (ID = 130695)
9:10 PM: online gambling casino.url (ID = 130684)
9:10 PM: refinancing my mortgage.url (ID = 130691)
9:10 PM: debt credit card.url (ID = 130671)
9:10 PM: fha.url (ID = 130673)
9:10 PM: loan for debt consolidation.url (ID = 130677)
9:11 PM: health insurance.url (ID = 130674)
9:11 PM: personal loans online.url (ID = 130688)
9:11 PM: payroll advance.url (ID = 130687)
9:11 PM: marketing email.url (ID = 130679)
9:11 PM: prescription drugs rx online.url (ID = 130690)
9:11 PM: credit report.url (ID = 130669)
9:11 PM: tahoe vacation rental.url (ID = 130692)
9:11 PM: escorts.url (ID = 130672)
9:11 PM: order phentermine.url (ID = 130686)
9:11 PM: online betting site.url (ID = 130683)
9:11 PM: mortgage insurance.url (ID = 130680)
9:11 PM: personal loans with bad credit.url (ID = 130689)
9:11 PM: crm software.url (ID = 130670)
9:11 PM: nevada corporations.url (ID = 130682)
9:11 PM: unsecured bad credit loans.url (ID = 130693)
9:11 PM: loan for people with bad credit.url (ID = 130678)
9:11 PM: broadband comparison.url (ID = 130667)
9:11 PM: online instant loan.url (ID = 130685)
9:11 PM: dc6.url (ID = 54373)
9:11 PM: dc5.url (ID = 54454)
9:11 PM: pi.sys (ID = 209534)
9:11 PM: Warning: Unhandled Archive Type
9:12 PM: Warning: Invalid Stream
9:12 PM: File Sweep Complete, Elapsed Time: 00:30:13
9:12 PM: Full Sweep has completed. Elapsed time 00:35:26
9:12 PM: Traces Found: 811
********
8:32 PM: | Start of Session, Monday, February 06, 2006 |
8:32 PM: Spy Sweeper started
8:33 PM: Your spyware definitions have been updated.
8:34 PM: BHO Shield: found: appma.dll-- BHO installation denied at user request
8:37 PM: | End of Session, Monday, February 06, 2006 |

Edited by Malbec1970, 06 February 2006 - 09:43 PM.


#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 07 February 2006 - 04:28 PM

Post a new HiJack log

Are you sure you let spy sweeper finish - it doens't look like it - it doesn not say

Removal process initiated

You need to run it again

When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 Malbec1970

Malbec1970
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 14 February 2006 - 10:57 PM

Thanks! I ended up purchasing a new computer...but I did sweep it with this software. Here's that log:

********
10:38 PM: | Start of Session, Tuesday, February 14, 2006 |
10:38 PM: Spy Sweeper started
10:38 PM: Sweep initiated using definitions version 614
10:38 PM: Starting Memory Sweep
10:41 PM: Memory Sweep Complete, Elapsed Time: 00:03:26
10:41 PM: Starting Registry Sweep
10:41 PM: Registry Sweep Complete, Elapsed Time:00:00:17
10:41 PM: Starting Cookie Sweep
10:41 PM: Found Spy Cookie: 2o7.net cookie
10:41 PM: christina@2o7[2].txt (ID = 1957)
10:41 PM: Found Spy Cookie: pointroll cookie
10:41 PM: christina@ads.pointroll[1].txt (ID = 3148)
10:41 PM: Found Spy Cookie: advertising cookie
10:41 PM: christina@advertising[2].txt (ID = 2175)
10:41 PM: Found Spy Cookie: apmebf cookie
10:41 PM: christina@apmebf[1].txt (ID = 2229)
10:41 PM: Found Spy Cookie: atlas dmt cookie
10:41 PM: christina@atdmt[2].txt (ID = 2253)
10:41 PM: Found Spy Cookie: overture cookie
10:41 PM: christina@data4.perf.overture[2].txt (ID = 3106)
10:41 PM: Found Spy Cookie: mediaplex cookie
10:41 PM: christina@mediaplex[2].txt (ID = 6442)
10:41 PM: christina@perf.overture[1].txt (ID = 3106)
10:41 PM: Found Spy Cookie: questionmarket cookie
10:41 PM: christina@questionmarket[1].txt (ID = 3217)
10:41 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:41 PM: Starting File Sweep
10:52 PM: File Sweep Complete, Elapsed Time: 00:10:44
10:52 PM: Full Sweep has completed. Elapsed time 00:14:30
10:52 PM: Traces Found: 9
10:55 PM: Removal process initiated
10:55 PM: Quarantining All Traces: 2o7.net cookie
10:55 PM: Quarantining All Traces: advertising cookie
10:55 PM: Quarantining All Traces: apmebf cookie
10:55 PM: Quarantining All Traces: atlas dmt cookie
10:55 PM: Quarantining All Traces: mediaplex cookie
10:55 PM: Quarantining All Traces: overture cookie
10:55 PM: Quarantining All Traces: pointroll cookie
10:55 PM: Quarantining All Traces: questionmarket cookie
10:55 PM: Removal process completed. Elapsed time 00:00:01
********
10:34 PM: | Start of Session, Tuesday, February 14, 2006 |
10:34 PM: Spy Sweeper started
10:35 PM: Your spyware definitions have been updated.
10:38 PM: | End of Session, Tuesday, February 14, 2006 |

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 15 February 2006 - 10:39 AM

That's one way to clean it!!

Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/details...&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Check for updates and run weekly
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users