Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
16 replies to this topic

#1 tjsst33

tjsst33

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 April 2006 - 12:29 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:23:13 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\CheckS02.exe
C:\WINDOWS\win32087516634824.exe
C:\WINDOWS\sys026348247516.exe
C:\windows\mousepad7.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\win32095166348247.exe
C:\WINDOWS\win32074751663482.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\DOCUME~1\TSCHWA~1\LOCALS~1\Temp\cinfo.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\tschwambach\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ww.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.26:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,jocivph.exe
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O1 - Hosts: 216.130.185.143 adwave.com
O1 - Hosts: 216.130.185.143 www.xzoomy.com
O1 - Hosts: 216.130.185.143 xzoomy.com
O1 - Hosts: 216.130.185.143 www.advnt01.com
O1 - Hosts: 216.130.185.143 advnt01.com
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [XtTb.exe] C:\WINDOWS\XtTb.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
O4 - HKLM\..\Run: [IEXPLOR.EXE] C:\WINDOWS\IEXPLOR.EXE
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\CheckS02.exe
O4 - HKLM\..\Run: [win32087516634824] C:\WINDOWS\win32087516634824.exe
O4 - HKLM\..\Run: [expload.exe] C:\WINDOWS\system32\expload.exe
O4 - HKLM\..\Run: [sys026348247516] C:\WINDOWS\sys026348247516.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname7.exe
O4 - HKLM\..\Run: [wf68b0b4.dll] RUNDLL32.EXE wf68b0b4.dll,I2 0000d4ac0f68b0b4
O4 - HKLM\..\Run: [win32095166348247] C:\WINDOWS\win32095166348247.exe
O4 - HKLM\..\Run: [w0baa964.dll] RUNDLL32.EXE w0baa964.dll,I2 0000d4ac00baa964
O4 - HKLM\..\Run: [w00105a0.dll] RUNDLL32.EXE w00105a0.dll,I2 0000d4ac000105a0
O4 - HKLM\..\Run: [win32074751663482] C:\WINDOWS\win32074751663482.exe
O4 - HKLM\..\Run: [w0023ae6.dll] RUNDLL32.EXE w0023ae6.dll,I2 0000d4ac00023ae6
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [w000f94d.dll] RUNDLL32.EXE w000f94d.dll,I2 0000d4ac0000f94d
O4 - HKLM\..\Run: [w0069166.dll] RUNDLL32.EXE w0069166.dll,I2 0000d4ac00069166
O4 - HKLM\..\Run: [w000ec6f.dll] RUNDLL32.EXE w000ec6f.dll,I2 0000d4ac0000ec6f
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\kwinnrag.exe CORN001
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnrag.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {0F1B982D-C18E-4F2F-8ADB-91C12D858A08} (Raindance Helper Class) - http://www.raindance.com/rndc/webinstall/k2ctl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://nokiaarchive.imarketsource.com/view...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MarketSource.net
O17 - HKLM\Software\..\Telephony: DomainName = MarketSource.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MarketSource.net
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\f40o0ed3eh0.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 01 April 2006 - 01:03 PM

Hello and welcome.. You have an huge load of infections there. Lets get started. :thumbsup:

==

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please copy the following text in the quotebox below to a blank Notepad file. Make sure the filetype is set to "All Files" and save it as Killqoo.reg to your desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\System32\\userinit.exe,jocivph.exe"


Do NOT do anything with it yet.

==

2. Download Hoster.zip:
  • Unzip Hoster to a convenient folder such as C:\Hoster.
  • Run Hoster.exe from its new home.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Original Hosts and then click OK.
  • Click the X to exit the program.
Note; if you were using a custom Hosts file you will need to replace any of those entries yourself.

==

3. Please download Ewido Anti-Malware
  • Install Ewido Anti-malware
  • Launch Ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit Ewido, do not run the scan yet!
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

==

4. Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
4. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

5. Once in Safe Mode, please double-click on the Killqoo.reg on your desktop and allow it to merge with registry by clicking YES on the prompt.

==

6. Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido anti-malware.

==

7. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :flowers:
Hi there, stranger!

#3 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 April 2006 - 04:37 PM

Thanks so much for taking the time to help me! here is the scan report from ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:29:10 PM, 4/1/2006
+ Report-Checksum: 2C7A7F86

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Adware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Adware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-2864880454-815257499-764592997-8116\Software\Bundles -> Adware.SecondThought : Cleaned with backup
HKU\S-1-5-21-2864880454-815257499-764592997-8116\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-2864880454-815257499-764592997-8116\Software\IST -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2864880454-815257499-764592997-8116\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-2864880454-815257499-764592997-8116\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\328520.exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.6:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.38:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.41:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.47:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.48:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.49:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.51:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.69:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.70:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.71:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.72:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.73:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.77:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.79:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.80:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.81:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.107:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.119:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.120:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.133:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.134:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.135:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.136:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.137:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.138:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.140:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.142:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.161:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.163:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.164:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.178:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.179:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.180:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.181:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.194:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.195:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.196:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.198:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.203:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.204:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.210:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@e-2dj6wfk4kidzkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@heritagegalleries.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@riptownmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@sportingnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@webstat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\tschwambach\Cookies\tschwambach@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tschwambach\Desktop\full.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\180sainstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\180sainstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\637win.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Del244.tmp -> Downloader.Small.asf : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Del261.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\exp.exe -> Downloader.Small.abd : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\f247365.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\f258288769.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\f258489588.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\fEGhYef.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\i536.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\insta.exe -> Downloader.Small.ckq : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\mcwin.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\million.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\pre1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\pre2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\res24A.tmp -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\temp.fr998B\Programs\webhdll.dll_tobedeleted -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\temp.frA78F -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\temp.frB69E -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\Temporary Internet Files\Content.IE5\KTAR8P2J\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temp\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\0JKXD2CY\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\0JKXD2CY\eeedo[1].exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\0JKXD2CY\mm83[1].ocx -> Downloader.VB.ov : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\0JKXD2CY\newname7[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\4ULXMTNH\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\4ULXMTNH\drsmartload46a[1].exe -> Downloader.Adload.ai : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\4ULXMTNH\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\50AOR36S\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\Z01T3VNO\328520[1].exe -> Trojan.Small : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\Z01T3VNO\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\Z01T3VNO\optimize[1].exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Content.IE5\Z01T3VNO\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\drsmartload46a.exe -> Downloader.Adload.ai : Cleaned with backup
C:\Program Files\CxtPls -> Adware.Apropos : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\elos.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\IEXPLOR.EXE -> Hijacker.VB.gj : Cleaned with backup
C:\WINDOWS\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\mm83.ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\newname7.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\optimize.exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\WINDOWS\secure32.html -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\system\jatfrtaklm.exe -> Downloader.Small.ayh : Cleaned with backup
C:\WINDOWS\system32\adpopperwin.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\enjsl1171.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\expload.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\full.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\id113.exe -> Trojan.SecondThought.ak : Cleaned with backup
C:\WINDOWS\system32\instawin.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\kwinnrag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\lvl8093ue.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mcspy.exe -> Downloader.Small.ckq : Cleaned with backup
C:\WINDOWS\system32\mmxp2passion.exe -> Downloader.VB.sh : Cleaned with backup
C:\WINDOWS\system32\MTE2ODI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\system32\n62ulgf9162.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\paytime.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\system32\pre2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\q.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\q3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\q5.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\qmdsregj.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\tobundle.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\w000ec6f.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w000f94d.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w00105a0.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w00106a4.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w0014f85.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w0023ae6.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w0069166.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\w0baa964.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\wf68b0b4.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\system32\winspy.exe -> Downloader.Small.ckq : Cleaned with backup
C:\WINDOWS\system32\xxx2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\z2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\zz.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@ad.yieldmanager[5].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\Cookies\tschwambach@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\Temp\f4511387.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
C:\WINDOWS\Temp\q2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Temp\q4.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Temp\q6.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SDSTIRWD\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SDSTIRWD\error[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SDSTIRWD\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\STEFO9AN\full[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\STEFO9AN\mm83[1].ocx -> Downloader.VB.ov : Cleaned with backup
C:\WINDOWS\Temp\xxx1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\Temp\z2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\tool1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool3.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool4.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\tool5.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINDOWS\XtTb.exe -> Adware.PowerZone : Cleaned with backup


::Report End



and here is the new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 4:38:03 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\windows\mousepad7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tschwambach\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ww.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.26:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jocivph.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [wf68b0b4.dll] RUNDLL32.EXE wf68b0b4.dll,I2 0000d4ac0f68b0b4
O4 - HKLM\..\Run: [w0baa964.dll] RUNDLL32.EXE w0baa964.dll,I2 0000d4ac00baa964
O4 - HKLM\..\Run: [w00105a0.dll] RUNDLL32.EXE w00105a0.dll,I2 0000d4ac000105a0
O4 - HKLM\..\Run: [w0023ae6.dll] RUNDLL32.EXE w0023ae6.dll,I2 0000d4ac00023ae6
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [w000f94d.dll] RUNDLL32.EXE w000f94d.dll,I2 0000d4ac0000f94d
O4 - HKLM\..\Run: [w0069166.dll] RUNDLL32.EXE w0069166.dll,I2 0000d4ac00069166
O4 - HKLM\..\Run: [w000ec6f.dll] RUNDLL32.EXE w000ec6f.dll,I2 0000d4ac0000ec6f
O4 - HKLM\..\Run: [w0014f85.dll] RUNDLL32.EXE w0014f85.dll,I2 0000d4ac00014f85
O4 - HKLM\..\Run: [w00106a4.dll] RUNDLL32.EXE w00106a4.dll,I2 0000d4ac000106a4
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnrag.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0F1B982D-C18E-4F2F-8ADB-91C12D858A08} (Raindance Helper Class) - http://www.raindance.com/rndc/webinstall/k2ctl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://nokiaarchive.imarketsource.com/view...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MarketSource.net
O17 - HKLM\Software&#

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 01 April 2006 - 04:43 PM

Please post a fresh HijackThis log completely, it got cut off. I do have the next step ready once I see it. :thumbsup:
Hi there, stranger!

#5 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 April 2006 - 04:48 PM

Sorry about that! Here is the full log:


Logfile of HijackThis v1.99.1
Scan saved at 4:48:22 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\windows\mousepad7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\tschwambach\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ww.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.26:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jocivph.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [wf68b0b4.dll] RUNDLL32.EXE wf68b0b4.dll,I2 0000d4ac0f68b0b4
O4 - HKLM\..\Run: [w0baa964.dll] RUNDLL32.EXE w0baa964.dll,I2 0000d4ac00baa964
O4 - HKLM\..\Run: [w00105a0.dll] RUNDLL32.EXE w00105a0.dll,I2 0000d4ac000105a0
O4 - HKLM\..\Run: [w0023ae6.dll] RUNDLL32.EXE w0023ae6.dll,I2 0000d4ac00023ae6
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [w000f94d.dll] RUNDLL32.EXE w000f94d.dll,I2 0000d4ac0000f94d
O4 - HKLM\..\Run: [w0069166.dll] RUNDLL32.EXE w0069166.dll,I2 0000d4ac00069166
O4 - HKLM\..\Run: [w000ec6f.dll] RUNDLL32.EXE w000ec6f.dll,I2 0000d4ac0000ec6f
O4 - HKLM\..\Run: [w0014f85.dll] RUNDLL32.EXE w0014f85.dll,I2 0000d4ac00014f85
O4 - HKLM\..\Run: [w00106a4.dll] RUNDLL32.EXE w00106a4.dll,I2 0000d4ac000106a4
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnrag.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0F1B982D-C18E-4F2F-8ADB-91C12D858A08} (Raindance Helper Class) - http://www.raindance.com/rndc/webinstall/k2ctl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://nokiaarchive.imarketsource.com/view...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MarketSource.net
O17 - HKLM\Software\..\Telephony: DomainName = MarketSource.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MarketSource.net
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFya2V0U291cmNlIExMQw\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 01 April 2006 - 05:01 PM

Hi again. Some great progressing this far.. :thumbsup:

Please print these instructions out, or write them down, as you can't read them during the fix.

To make sure your DeBugPrivileges are ok:

Please download NTrights.zip by freeatlast.
If you can't access it, download NTrights.zip via here: http://www10.brinkster.com/expl0iter/freea.../dumprights.htm
Save it on your desktop.
Unzip/extract it.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Open the NTrights-folder
Double click on the Debug.bat file to run it, follow any prompts it asks.

REBOOT

Doubleclick the Debug.bat again after reboot.

It will create a log.
If the log says:
"Granting SeDebugPrivilege to Administrators ... successful", you must be ok and things restored well.

==

Please download delcmdservice (by Marckie), and save it to your Desktop.
  • Unzip the content to your Desktop (a folder named delcmdservice)
  • Double-click on the delcmdservice folder
  • Double-click on delreg.bat to launch the tool
  • When the tool has finished, please reboot your computer.
==

Make sure you have BFU and Alcra Plus Remover still in your folder C:\BFU.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Once in Safe Mode, run a scan with HijackThis and check the following objects for removal if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,jocivph.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
O4 - HKLM\..\Run: [wf68b0b4.dll] RUNDLL32.EXE wf68b0b4.dll,I2 0000d4ac0f68b0b4
O4 - HKLM\..\Run: [w0baa964.dll] RUNDLL32.EXE w0baa964.dll,I2 0000d4ac00baa964
O4 - HKLM\..\Run: [w00105a0.dll] RUNDLL32.EXE w00105a0.dll,I2 0000d4ac000105a0
O4 - HKLM\..\Run: [w0023ae6.dll] RUNDLL32.EXE w0023ae6.dll,I2 0000d4ac00023ae6
O4 - HKLM\..\Run: [w000f94d.dll] RUNDLL32.EXE w000f94d.dll,I2 0000d4ac0000f94d
O4 - HKLM\..\Run: [w0069166.dll] RUNDLL32.EXE w0069166.dll,I2 0000d4ac00069166
O4 - HKLM\..\Run: [w000ec6f.dll] RUNDLL32.EXE w000ec6f.dll,I2 0000d4ac0000ec6f
O4 - HKLM\..\Run: [w0014f85.dll] RUNDLL32.EXE w0014f85.dll,I2 0000d4ac00014f85
O4 - HKLM\..\Run: [w00106a4.dll] RUNDLL32.EXE w00106a4.dll,I2 0000d4ac000106a4
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\kwinnrag.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis.

==

I need you to do this again: Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the Scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program.
Reboot into normal Windows and post back with a fresh HiJackThis log. :flowers:
Hi there, stranger!

#7 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 01 April 2006 - 05:37 PM

Here is the latest: :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 5:37:02 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\windows\mousepad7.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\tschwambach\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ww.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.26:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0F1B982D-C18E-4F2F-8ADB-91C12D858A08} (Raindance Helper Class) - http://www.raindance.com/rndc/webinstall/k2ctl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://nokiaarchive.imarketsource.com/view...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MarketSource.net
O17 - HKLM\Software\..\Telephony: DomainName = MarketSource.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MarketSource.net
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 02 April 2006 - 04:32 AM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\IEXPLOR.exe
    C:\windows\keyboard7.exe
    C:\windows\mousepad7.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Run a scan with HijackThis and check the following objects for removal if present:

O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard7.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad7.exe


Close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report. :thumbsup:

Hi there, stranger!

#9 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 02 April 2006 - 03:45 PM

Hi Again...I have tried to run the panda scan three times and each time it gets frozen about halfway through for hours. The last time I ran it, I stopped the scan and saved the report because i don't think it will run the whole way through. Here is what it got so far:



Incident Status Location

Adware:adware/portalscan Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\adlinstallwin32.exe
Adware:adware/clickalchemy Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\alchem.inf
Adware:adware/exact.searchbar Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\blank.gif
Adware:adware/dyfuca Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\cfout.txt
Adware:adware/toprebates Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\djebmm350.exe
Adware:adware/wintools Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\down.cab
Adware:adware/commad Not disinfected C:\WINDOWS\SYSTEM32\atmtd.dll._
Adware:adware/virtualbouncer Not disinfected C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected C:\drsmartload1.exe
Adware:adware/startpage.bbc Not disinfected C:\w.exe
Adware:adware/deskwizz Not disinfected C:\WINDOWS\dh.ini
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\msxct1.ini
Adware:adware/addestroyer Not disinfected C:\Documents and Settings\tschwambach\Start Menu\Programs\AdDestroyer
Adware:adware/twain-tech Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\THI13E8.tmp
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/tvmedia Not disinfected C:\WINDOWS\bundles
Adware:adware/mediatickets Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
Spyware:spyware/apropos Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@10103[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@adultfriendfinder[2].txt
Spyware:Cookie/Deskwizz Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@apps.deskwizz[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@as1.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@cassava[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@dist.belnk[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@fastclick[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@i.screensavers[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@media.fastclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@revenue[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@server.iad.liveperson[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.errorsafe[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@zedo[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.valueclick.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.burstnet.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.bravenet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.statcounter.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\LocalService\Cookies\system@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\LocalService\Cookies\system@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\LocalService\Cookies\system@adrevolver[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\LocalService\Cookies\system@cassava[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\LocalService\Cookies\system@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
Virus:Trj/Java.Binny.A Not disinfected C:\Documents and Settings\tschwambach\.jpi_cache\jar\1.0\archive.jar-60d4ac05-30b0ecd2.zip[Mein.class]
Virus:Trj/Java.Binny.A Not disinfected C:\Documents and Settings\tschwambach\.jpi_cache\jar\1.0\archive.jar-60d4ac05-30b0ecd2.zip[Beyond.class]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tschwambach\Application Data\Mozilla\Profiles\Default User\l5ey3cfc.slt\cookies.txt[]
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@10103[1].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@888[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@adopt.hbmediapro[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@adultfriendfinder[2].txt
Spyware:Cookie/Deskwizz Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@apps.deskwizz[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@as-us.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@as1.falkag[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@cassava[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@dist.belnk[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@entrepreneur[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@fastclick[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@gostats[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@i.screensavers[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@media.fastclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@revenue[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@server.iad.liveperson[1].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.burstbeacon[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@www.errorsafe[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@xiti[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\tschwambach\Cookies\tschwambach@zedo[2].txt
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\alchem.ini
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@888[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@adrevolver[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@adultfriendfinder[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@cassava[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@i.screensavers[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\Cookies\tschwambach@realmedia[2].txt
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\p2psetup.exe
Adware:Adware/KeenValue Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\perfectnavUninstall.exe
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\tschwambach\Local Settings\Temp\THI4356.tmp\twaintec.inf
Adware:Adware/PurityScan Not disinfected C:\Veracruz.exe
Adware:Adware/AdDestroyer Not disinfected C:\WINDOWS\bundles\2504040901.exe
Adware:Adware/TopRebates Not disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/Clickbooth.A Not disinfected C:\WINDOWS\fvauloduq.dll
Adware:Adware/Clickbooth.A Not disinfected C:\WINDOWS\ssqb.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\system32\mc-110-12-0000117.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\Setup94.exe
:thumbsup:

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 03 April 2006 - 07:23 AM

Lets run Killbox again:
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\atmtd.dll
    C:\drsmartload1.exe
    C:\w.exe
    C:\WINDOWS\dh.ini
    C:\WINDOWS\msxct1.ini
    C:\PROGRAM FILES\COMMON FILES\InetGet
    C:\WINDOWS\bundles
    C:\Veracruz.exe
    C:\WINDOWS\fvauloduq.dll
    C:\WINDOWS\ssqb.exe
    C:\WINDOWS\system32\mc-110-12-0000117.exe
    C:\WINDOWS\system32\Setup94.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply. :thumbsup:

Hi there, stranger!

#11 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 03 April 2006 - 05:56 PM

********
5:41 PM: | Start of Session, Monday, April 03, 2006 |
5:41 PM: Spy Sweeper started
5:41 PM: Sweep initiated using definitions version 646
5:41 PM: Starting Memory Sweep
5:45 PM: Memory Sweep Complete, Elapsed Time: 00:03:36
5:45 PM: Starting Registry Sweep
5:45 PM: Found Adware: addestroyer
5:45 PM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
5:45 PM: HKCR\interface\{6cdc3337-01f7-4a79-a4af-0b19303cc0be}\ (8 subtraces) (ID = 102732)
5:45 PM: HKCR\interface\{b288f21c-a144-4ca2-9b70-8afa1fae4b06}\ (8 subtraces) (ID = 102734)
5:45 PM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
5:45 PM: HKLM\software\classes\interface\{6cdc3337-01f7-4a79-a4af-0b19303cc0be}\ (8 subtraces) (ID = 102741)
5:45 PM: HKLM\software\classes\interface\{b288f21c-a144-4ca2-9b70-8afa1fae4b06}\ (8 subtraces) (ID = 102743)
5:45 PM: HKLM\software\classes\typelib\{e0d3b292-a0b0-4640-975c-2f882e039f52}\ (9 subtraces) (ID = 102747)
5:45 PM: HKCR\typelib\{e0d3b292-a0b0-4640-975c-2f882e039f52}\ (9 subtraces) (ID = 102751)
5:45 PM: Found Adware: adpowerzone
5:45 PM: HKCR\appid\serverside.dll\ (1 subtraces) (ID = 103151)
5:45 PM: HKCR\appid\{eee0f52e-e32f-4ecb-871f-deff6eba4d35}\ (1 subtraces) (ID = 103152)
5:45 PM: HKCR\serverside.ssinternal\ (5 subtraces) (ID = 103156)
5:45 PM: HKCR\serverside.ssinternal.1\ (3 subtraces) (ID = 103157)
5:45 PM: HKLM\software\classes\appid\serverside.dll\ (1 subtraces) (ID = 103159)
5:45 PM: HKLM\software\classes\appid\{eee0f52e-e32f-4ecb-871f-deff6eba4d35}\ (1 subtraces) (ID = 103160)
5:45 PM: HKLM\software\classes\serverside.ssinternal\ (5 subtraces) (ID = 103164)
5:45 PM: HKLM\software\classes\serverside.ssinternal.1\ (3 subtraces) (ID = 103165)
5:45 PM: Found Adware: apropos
5:45 PM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
5:45 PM: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729)
5:45 PM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
5:45 PM: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767)
5:45 PM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
5:45 PM: Found Adware: internetoptimizer
5:45 PM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128897)
5:45 PM: HKCR\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128933)
5:45 PM: Found Adware: moneytree
5:45 PM: HKCR\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128933)
5:45 PM: Found Adware: kghost-1
5:45 PM: HKCR\appid\kghost.dll\ (1 subtraces) (ID = 129646)
5:45 PM: HKCR\appid\{a9e11198-ec72-4384-9620-7b3187008a4f}\ (1 subtraces) (ID = 129647)
5:45 PM: HKCR\interface\{1b45db89-9bae-4dec-9885-95b18c0be29b}\ (8 subtraces) (ID = 129651)
5:45 PM: HKCR\interface\{12dbc40e-31d4-4642-af9a-5a3e0b15ddd9}\ (8 subtraces) (ID = 129652)
5:45 PM: HKLM\software\classes\appid\kghost.dll\ (1 subtraces) (ID = 129655)
5:45 PM: HKLM\software\classes\appid\{a9e11198-ec72-4384-9620-7b3187008a4f}\ (1 subtraces) (ID = 129656)
5:45 PM: HKLM\software\classes\interface\{1b45db89-9bae-4dec-9885-95b18c0be29b}\ (8 subtraces) (ID = 129660)
5:45 PM: HKLM\software\classes\interface\{12dbc40e-31d4-4642-af9a-5a3e0b15ddd9}\ (8 subtraces) (ID = 129661)
5:45 PM: HKLM\software\classes\typelib\{94a2b786-f47f-4d83-a3c3-d17b306eaff1}\ (9 subtraces) (ID = 129664)
5:45 PM: HKCR\typelib\{94a2b786-f47f-4d83-a3c3-d17b306eaff1}\ (9 subtraces) (ID = 129668)
5:45 PM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\0\win32\ (1 subtraces) (ID = 135203)
5:45 PM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\flags\ (1 subtraces) (ID = 135204)
5:45 PM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\helpdir\ (1 subtraces) (ID = 135205)
5:45 PM: Found Adware: purityscan
5:45 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
5:45 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
5:45 PM: Found Adware: quickbrowser
5:45 PM: HKLM\software\quickbrowser\ (1 subtraces) (ID = 139174)
5:45 PM: Found Adware: elitemediagroup-mediamotor
5:45 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
5:45 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
5:45 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
5:45 PM: Found Trojan Horse: topconverting downloader
5:45 PM: HKLM\software\classes\tpusn\ (1 subtraces) (ID = 143805)
5:45 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/website.ocx\ (2 subtraces) (ID = 143817)
5:45 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\website.ocx (ID = 143831)
5:45 PM: HKCR\tpusn\ (1 subtraces) (ID = 143835)
5:45 PM: Found Adware: clkoptimizer
5:45 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
5:45 PM: HKLM\software\qstat\ || brr (ID = 877670)
5:45 PM: Found Adware: command
5:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
5:45 PM: Found Adware: dollarrevenue
5:45 PM: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803)
5:45 PM: Found Adware: enbrowser
5:45 PM: HKLM\software\system\sysold\ (ID = 926808)
5:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
5:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
5:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
5:45 PM: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836)
5:45 PM: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890)
5:45 PM: Found Adware: zquest
5:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dh\ (2 subtraces) (ID = 1057035)
5:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
5:45 PM: HKCR\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212644)
5:45 PM: HKLM\software\classes\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212651)
5:45 PM: Found Adware: ebates money maker
5:45 PM: HKU\S-1-5-21-2864880454-815257499-764592997-8116\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
5:45 PM: Found Adware: drsnsrch.com hijack
5:45 PM: HKU\S-1-5-21-2864880454-815257499-764592997-8116\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:45 PM: HKU\S-1-5-21-2864880454-815257499-764592997-8116\software\system\sysuid\ (1 subtraces) (ID = 731748)
5:45 PM: Registry Sweep Complete, Elapsed Time:00:00:14
5:45 PM: Starting Cookie Sweep
5:45 PM: Found Spy Cookie: 10101 cookie
5:45 PM: tschwambach@10101[2].txt (ID = 1917)
5:45 PM: Found Spy Cookie: 10102 cookie
5:45 PM: tschwambach@10102[1].txt (ID = 1919)
5:45 PM: Found Spy Cookie: 10103 cookie
5:45 PM: tschwambach@10103[1].txt (ID = 1921)
5:45 PM: Found Spy Cookie: 247realmedia cookie
5:45 PM: tschwambach@247realmedia[1].txt (ID = 1953)
5:45 PM: Found Spy Cookie: 2o7.net cookie
5:45 PM: tschwambach@2o7[1].txt (ID = 1957)
5:45 PM: Found Spy Cookie: 50881381 cookie
5:45 PM: tschwambach@50881381[1].txt (ID = 1981)
5:45 PM: Found Spy Cookie: 888 cookie
5:45 PM: tschwambach@888[1].txt (ID = 2019)
5:45 PM: tschwambach@888[3].txt (ID = 2019)
5:45 PM: Found Spy Cookie: websponsors cookie
5:45 PM: tschwambach@a.websponsors[1].txt (ID = 3665)
5:45 PM: Found Spy Cookie: go.com cookie
5:45 PM: tschwambach@abc.go[2].txt (ID = 2729)
5:45 PM: Found Spy Cookie: about cookie
5:45 PM: tschwambach@about[2].txt (ID = 2037)
5:45 PM: Found Spy Cookie: yieldmanager cookie
5:45 PM: tschwambach@ad.yieldmanager[1].txt (ID = 3751)
5:45 PM: tschwambach@ad.yieldmanager[3].txt (ID = 3751)
5:45 PM: Found Spy Cookie: adecn cookie
5:45 PM: tschwambach@adecn[1].txt (ID = 2063)
5:45 PM: Found Spy Cookie: adknowledge cookie
5:45 PM: tschwambach@adknowledge[2].txt (ID = 2072)
5:45 PM: Found Spy Cookie: adlegend cookie
5:45 PM: tschwambach@adlegend[1].txt (ID = 2074)
5:45 PM: Found Spy Cookie: hbmediapro cookie
5:45 PM: tschwambach@adopt.hbmediapro[2].txt (ID = 2768)
5:45 PM: Found Spy Cookie: hotbar cookie
5:45 PM: tschwambach@adopt.hotbar[2].txt (ID = 4207)
5:45 PM: Found Spy Cookie: specificclick.com cookie
5:45 PM: tschwambach@adopt.specificclick[2].txt (ID = 3400)
5:45 PM: Found Spy Cookie: adprofile cookie
5:45 PM: tschwambach@adprofile[2].txt (ID = 2084)
5:45 PM: Found Spy Cookie: addynamix cookie
5:45 PM: tschwambach@ads.addynamix[2].txt (ID = 2062)
5:45 PM: Found Spy Cookie: cc214142 cookie
5:45 PM: tschwambach@ads.cc214142[2].txt (ID = 2367)
5:45 PM: Found Spy Cookie: pointroll cookie
5:45 PM: tschwambach@ads.pointroll[1].txt (ID = 3148)
5:45 PM: Found Spy Cookie: revenue.net cookie
5:45 PM: tschwambach@ads1.revenue[1].txt (ID = 3258)
5:45 PM: Found Spy Cookie: adultfriendfinder cookie
5:45 PM: tschwambach@adultfriendfinder[2].txt (ID = 2165)
5:45 PM: Found Spy Cookie: reunion cookie
5:45 PM: tschwambach@affiliates.reunion[2].txt (ID = 3256)
5:45 PM: Found Spy Cookie: deskwizz cookie
5:45 PM: tschwambach@apps.deskwizz[1].txt (ID = 2518)
5:45 PM: Found Spy Cookie: falkag cookie
5:45 PM: tschwambach@as-us.falkag[2].txt (ID = 2650)
5:45 PM: tschwambach@as1.falkag[1].txt (ID = 2650)
5:45 PM: Found Spy Cookie: askmen cookie
5:45 PM: tschwambach@askmen[1].txt (ID = 2247)
5:45 PM: Found Spy Cookie: ask cookie
5:45 PM: tschwambach@ask[1].txt (ID = 2245)
5:45 PM: Found Spy Cookie: belnk cookie
5:45 PM: tschwambach@ath.belnk[2].txt (ID = 2293)
5:45 PM: Found Spy Cookie: atwola cookie
5:45 PM: tschwambach@atwola[2].txt (ID = 2255)
5:45 PM: Found Spy Cookie: azjmp cookie
5:45 PM: tschwambach@azjmp[2].txt (ID = 2270)
5:45 PM: Found Spy Cookie: a cookie
5:45 PM: tschwambach@a[1].txt (ID = 2027)
5:45 PM: tschwambach@belnk[1].txt (ID = 2292)
5:45 PM: Found Spy Cookie: bluestreak cookie
5:45 PM: tschwambach@bluestreak[2].txt (ID = 2314)
5:45 PM: Found Spy Cookie: bravenet cookie
5:45 PM: tschwambach@bravenet[1].txt (ID = 2322)
5:45 PM: Found Spy Cookie: bs.serving-sys cookie
5:45 PM: tschwambach@bs.serving-sys[2].txt (ID = 2330)
5:45 PM: Found Spy Cookie: burstnet cookie
5:45 PM: tschwambach@burstnet[1].txt (ID = 2336)
5:45 PM: Found Spy Cookie: casalemedia cookie
5:45 PM: tschwambach@casalemedia[1].txt (ID = 2354)
5:45 PM: Found Spy Cookie: cassava cookie
5:45 PM: tschwambach@cassava[1].txt (ID = 2362)
5:45 PM: tschwambach@cbs.112.2o7[1].txt (ID = 1958)
5:45 PM: tschwambach@cnn.122.2o7[1].txt (ID = 1958)
5:45 PM: Found Spy Cookie: dealtime cookie
5:45 PM: tschwambach@dealtime[2].txt (ID = 2505)
5:45 PM: Found Spy Cookie: did-it cookie
5:45 PM: tschwambach@did-it[1].txt (ID = 2523)
5:45 PM: tschwambach@dist.belnk[1].txt (ID = 2293)
5:45 PM: tschwambach@espn.go[2].txt (ID = 2729)
5:45 PM: Found Spy Cookie: exitexchange cookie
5:45 PM: tschwambach@exitexchange[1].txt (ID = 2633)
5:45 PM: Found Spy Cookie: fastclick cookie
5:45 PM: tschwambach@fastclick[2].txt (ID = 2651)
5:45 PM: tschwambach@forums.go[1].txt (ID = 2729)
5:45 PM: Found Spy Cookie: gostats cookie
5:45 PM: tschwambach@gostats[2].txt (ID = 2747)
5:45 PM: tschwambach@go[1].txt (ID = 2728)
5:45 PM: Found Spy Cookie: starware.com cookie
5:45 PM: tschwambach@h.starware[1].txt (ID = 3442)
5:45 PM: tschwambach@hbmediapro[1].txt (ID = 2767)
5:45 PM: Found Spy Cookie: clickandtrack cookie
5:45 PM: tschwambach@hits.clickandtrack[1].txt (ID = 2397)
5:45 PM: Found Spy Cookie: screensavers.com cookie
5:45 PM: tschwambach@i.screensavers[1].txt (ID = 3298)
5:45 PM: Found Spy Cookie: inqwire cookie
5:45 PM: tschwambach@inqwire[2].txt (ID = 2867)
5:45 PM: tschwambach@insider.espn.go[1].txt (ID = 2729)
5:45 PM: tschwambach@lungdiseases.about[2].txt (ID = 2038)
5:45 PM: Found Spy Cookie: metareward.com cookie
5:45 PM: tschwambach@metareward[1].txt (ID = 2990)
5:45 PM: tschwambach@msnportal.112.2o7[1].txt (ID = 1958)
5:45 PM: Found Spy Cookie: mygeek cookie
5:45 PM: tschwambach@mygeek[2].txt (ID = 3041)
5:45 PM: Found Spy Cookie: realmedia cookie
5:45 PM: tschwambach@network.realmedia[1].txt (ID = 3236)
5:45 PM: Found Spy Cookie: nextag cookie
5:45 PM: tschwambach@nextag[2].txt (ID = 5014)
5:45 PM: tschwambach@partygaming.122.2o7[1].txt (ID = 1958)
5:45 PM: Found Spy Cookie: partypoker cookie
5:45 PM: tschwambach@partypoker[1].txt (ID = 3111)
5:45 PM: Found Spy Cookie: freestats.net cookie
5:45 PM: tschwambach@pennypincher.freestats[2].txt (ID = 2705)
5:45 PM: tschwambach@proxy.espn.go[1].txt (ID = 2729)
5:45 PM: Found Spy Cookie: questionmarket cookie
5:45 PM: tschwambach@questionmarket[1].txt (ID = 3217)
5:45 PM: tschwambach@realmedia[2].txt (ID = 3235)
5:45 PM: tschwambach@register.go[1].txt (ID = 2729)
5:45 PM: tschwambach@reunion[1].txt (ID = 3255)
5:45 PM: tschwambach@revenue[1].txt (ID = 3257)
5:45 PM: Found Spy Cookie: rightmedia cookie
5:45 PM: tschwambach@rightmedia[2].txt (ID = 3259)
5:45 PM: Found Spy Cookie: rn11 cookie
5:45 PM: tschwambach@rn11[2].txt (ID = 3261)
5:45 PM: tschwambach@rsi.abc.go[1].txt (ID = 2729)
5:45 PM: tschwambach@rsi.espn.go[1].txt (ID = 2729)
5:45 PM: Found Spy Cookie: searchadnetwork cookie
5:45 PM: tschwambach@searchadnetwork[2].txt (ID = 3311)
5:45 PM: Found Spy Cookie: server.iad.liveperson cookie
5:45 PM: tschwambach@server.iad.liveperson[1].txt (ID = 3341)
5:45 PM: Found Spy Cookie: serving-sys cookie
5:45 PM: tschwambach@serving-sys[2].txt (ID = 3343)
5:45 PM: Found Spy Cookie: sirsearch cookie
5:45 PM: tschwambach@sirsearch[1].txt (ID = 3379)
5:45 PM: tschwambach@sports-att.espn.go[1].txt (ID = 2729)
5:45 PM: tschwambach@sports.espn.go[2].txt (ID = 2729)
5:45 PM: tschwambach@stat.dealtime[1].txt (ID = 2506)
5:45 PM: Found Spy Cookie: statcounter cookie
5:45 PM: tschwambach@statcounter[1].txt (ID = 3447)
5:45 PM: Found Spy Cookie: tacoda cookie
5:45 PM: tschwambach@tacoda[2].txt (ID = 6444)
5:45 PM: Found Spy Cookie: tradedoubler cookie
5:45 PM: tschwambach@tradedoubler[1].txt (ID = 3575)
5:45 PM: Found Spy Cookie: trafficmp cookie
5:45 PM: tschwambach@trafficmp[1].txt (ID = 3581)
5:45 PM: Found Spy Cookie: trb.com cookie
5:45 PM: tschwambach@trb[2].txt (ID = 3587)
5:45 PM: Found Spy Cookie: tribalfusion cookie
5:45 PM: tschwambach@tribalfusion[1].txt (ID = 3589)
5:45 PM: tschwambach@try.starware[1].txt (ID = 3442)
5:45 PM: Found Spy Cookie: videodome cookie
5:45 PM: tschwambach@videodome[1].txt (ID = 3638)
5:45 PM: Found Spy Cookie: burstbeacon cookie
5:45 PM: tschwambach@www.burstbeacon[1].txt (ID = 2335)
5:45 PM: tschwambach@www.dealtime[1].txt (ID = 2506)
5:45 PM: tschwambach@www.metareward[1].txt (ID = 2991)
5:45 PM: tschwambach@www.screensavers[1].txt (ID = 3298)
5:45 PM: tschwambach@www.searchadnetwork[1].txt (ID = 3312)
5:45 PM: Found Spy Cookie: xiti cookie
5:45 PM: tschwambach@xiti[1].txt (ID = 3717)
5:45 PM: Found Spy Cookie: adserver cookie
5:45 PM: tschwambach@z1.adserver[1].txt (ID = 2142)
5:45 PM: Found Spy Cookie: zedo cookie
5:45 PM: tschwambach@zedo[2].txt (ID = 3762)
5:45 PM: system@888[1].txt (ID = 2019)
5:45 PM: system@888[2].txt (ID = 2019)
5:45 PM: system@a.websponsors[2].txt (ID = 3665)
5:45 PM: system@adknowledge[2].txt (ID = 2072)
5:45 PM: system@adopt.hbmediapro[2].txt (ID = 2768)
5:45 PM: system@adopt.hotbar[2].txt (ID = 4207)
5:45 PM: Found Spy Cookie: adrevolver cookie
5:45 PM: system@adrevolver[1].txt (ID = 2088)
5:45 PM: system@cassava[1].txt (ID = 2362)
5:45 PM: system@hits.clickandtrack[2].txt (ID = 2397)
5:45 PM: Found Spy Cookie: maxserving cookie
5:45 PM: system@maxserving[2].txt (ID = 2966)
5:45 PM: system@partypoker[1].txt (ID = 3111)
5:45 PM: system@realmedia[1].txt (ID = 3235)
5:45 PM: Found Spy Cookie: upspiral cookie
5:45 PM: system@upspiral[1].txt (ID = 3614)
5:45 PM: system@www.888[1].txt (ID = 2020)
5:45 PM: Found Spy Cookie: redzip cookie
5:45 PM: system@www.redzip[2].txt (ID = 3250)
5:45 PM: system@www.upspiral[2].txt (ID = 3615)
5:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
5:45 PM: Starting File Sweep
5:45 PM: c:\documents and settings\tschwambach\start menu\programs\addestroyer (ID = -2147481465)
5:45 PM: Found Trojan Horse: 2nd-thought
5:45 PM: c:\windows\bundles (8 subtraces) (ID = -2147481535)
5:45 PM: Found Adware: bullguard popup ad
5:45 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
5:46 PM: Found Adware: ssqb
5:46 PM: a0142036.dll (ID = 76899)
5:46 PM: a0138637.dll (ID = 65344)
5:46 PM: a0140666.dll (ID = 268933)
5:46 PM: Found Adware: webrebates
5:46 PM: djebmm350.exe (ID = 83905)
5:46 PM: a0139285.exe (ID = 49300)
5:46 PM: a0138903.dll (ID = 49298)
5:46 PM: a0138941.dll (ID = 49298)
5:46 PM: Found Adware: surfsidekick
5:46 PM: a0140776.dll (ID = 273539)
5:46 PM: a0140681.exe (ID = 49300)
5:46 PM: a0140788.exe (ID = 49300)
5:46 PM: Found Adware: maxifiles
5:46 PM: a0140742.exe (ID = 185254)
5:46 PM: a0140740.exe (ID = 49300)
5:46 PM: Found Adware: fullcontext
5:46 PM: a0141914.exe (ID = 274032)
5:46 PM: a0141934.exe (ID = 48224)
5:46 PM: Found Adware: windows afa internet enhancement
5:46 PM: a0140715.exe (ID = 90525)
5:46 PM: a0140761.exe (ID = 49300)
5:47 PM: a0139319.exe (ID = 249558)
5:47 PM: a0138788.exe (ID = 65346)
5:47 PM: a0139447.dll (ID = 65344)
5:47 PM: a0135678.dll (ID = 49298)
5:47 PM: Found Adware: look2me
5:47 PM: a0141921.exe (ID = 65722)
5:47 PM: a0136007.exe (ID = 65346)
5:47 PM: a0138375.exe (ID = 65346)
5:47 PM: a0137301.exe (ID = 65346)
5:47 PM: a0138484.exe (ID = 65346)
5:47 PM: a0139189.exe (ID = 65346)
5:47 PM: a0140738.exe (ID = 76898)
5:47 PM: a0136053.exe (ID = 65346)
5:47 PM: a0140737.exe (ID = 65346)
5:47 PM: a0138672.exe (ID = 65346)
5:47 PM: a0138975.exe (ID = 65346)
5:47 PM: a0138942.exe (ID = 65346)
5:47 PM: a0140787.exe (ID = 65346)
5:47 PM: a0139471.exe (ID = 49300)
5:47 PM: a0140471.exe (ID = 76898)
5:47 PM: a0140473.exe (ID = 65346)
5:47 PM: a0136052.exe (ID = 49300)
5:47 PM: a0139284.exe (ID = 65346)
5:47 PM: a0138703.exe (ID = 65346)
5:47 PM: a0136080.exe (ID = 65346)
5:47 PM: a0135680.exe (ID = 49300)
5:47 PM: a0139120.exe (ID = 65346)
5:47 PM: Found Trojan Horse: trojan downloader matcash
5:47 PM: a0140810.exe (ID = 246327)
5:47 PM: a0138400.exe (ID = 65346)
5:47 PM: a0139018.exe (ID = 65346)
5:47 PM: a0138638.exe (ID = 65346)
5:47 PM: a0135723.exe (ID = 49300)
5:47 PM: a0138748.exe (ID = 65346)
5:47 PM: a0138835.exe (ID = 65346)
5:47 PM: a0139080.exe (ID = 65346)
5:47 PM: a0138431.exe (ID = 65346)
5:47 PM: a0140759.exe (ID = 76898)
5:47 PM: a0138807.exe (ID = 65346)
5:47 PM: a0138833.dll (ID = 65344)
5:47 PM: a0140760.exe (ID = 65346)
5:47 PM: a0137260.exe (ID = 65346)
5:47 PM: a0139098.exe (ID = 65346)
5:47 PM: a0138316.exe (ID = 65346)
5:47 PM: drsmartload1.exe (ID = 245972)
5:47 PM: a0138414.exe (ID = 65346)
5:47 PM: a0138717.exe (ID = 65346)
5:47 PM: a0135957.exe (ID = 49300)
5:47 PM: a0139223.exe (ID = 65346)
5:47 PM: a0135877.exe (ID = 65346)
5:47 PM: a0135833.exe (ID = 49300)
5:47 PM: a0138532.exe (ID = 65346)
5:47 PM: a0140527.exe (ID = 76898)
5:47 PM: a0137106.exe (ID = 65346)
5:47 PM: a0138862.exe (ID = 65346)
5:47 PM: a0137080.exe (ID = 49300)
5:47 PM: a0138608.exe (ID = 65346)
5:47 PM: a0138991.exe (ID = 65346)
5:47 PM: Found Adware: zenosearchassistant
5:47 PM: a0140722.exe (ID = 245938)
5:47 PM: a0138359.exe (ID = 49300)
5:47 PM: a0140573.exe (ID = 269844)
5:48 PM: a0135972.exe (ID = 65346)
5:48 PM: a0140528.exe (ID = 65346)
5:48 PM: a0138621.exe (ID = 65346)
5:48 PM: a0141924.ocx (ID = 188117)
5:48 PM: a0139033.exe (ID = 65346)
5:48 PM: a0137092.exe (ID = 65346)
5:48 PM: dhu.exe (ID = 269844)
5:48 PM: a0140651.exe (ID = 65346)
5:48 PM: a0138943.exe (ID = 49300)
5:48 PM: a0138656.exe (ID = 65346)
5:48 PM: drsmartload482a.exe (ID = 270829)
5:48 PM: Found Trojan Horse: lzio
5:48 PM: a0140725.exe (ID = 81002)
5:48 PM: a0136064.exe (ID = 49300)
5:48 PM: a0138837.exe (ID = 49300)
5:48 PM: a0135677.dll (ID = 65344)
5:48 PM: Found Adware: elitemediagroup-pop64
5:48 PM: a0140713.exe (ID = 244513)
5:48 PM: a0137274.exe (ID = 65346)
5:48 PM: a0140577.exe (ID = 268798)
5:48 PM: a0139190.exe (ID = 49300)
5:48 PM: a0139224.exe (ID = 49300)
5:48 PM: a0138455.exe (ID = 65346)
5:48 PM: a0138904.exe (ID = 65346)
5:48 PM: a0139154.exe (ID = 65346)
5:48 PM: a0138358.exe (ID = 65346)
5:48 PM: a0137185.exe (ID = 65346)
5:48 PM: a0135988.exe (ID = 65346)
5:48 PM: a0139170.exe (ID = 65346)
5:48 PM: a0138472.exe (ID = 65346)
5:48 PM: a0141916.exe (ID = 274033)
5:49 PM: a0137183.dll (ID = 65344)
5:49 PM: a0135834.exe (ID = 65346)
5:49 PM: a0135956.exe (ID = 65346)
5:49 PM: a0135816.exe (ID = 65346)
5:49 PM: a0137079.exe (ID = 65346)
5:49 PM: a0140716.vbs (ID = 231442)
5:49 PM: a0135938.exe (ID = 65346)
5:49 PM: a0139470.exe (ID = 76898)
5:49 PM: a0140682.exe (ID = 76898)
5:49 PM: a0139472.exe (ID = 65346)
5:49 PM: a0140826.exe (ID = 65346)
5:49 PM: a0135795.exe (ID = 65346)
5:49 PM: a0135705.exe (ID = 65346)
5:49 PM: a0135911.exe (ID = 65346)
5:49 PM: a0135722.exe (ID = 65346)
5:49 PM: a0138545.exe (ID = 65346)
5:49 PM: a0137314.exe (ID = 65346)
5:49 PM: a0138702.exe (ID = 49300)
5:49 PM: a0139453.exe (ID = 49300)
5:50 PM: a0139121.exe (ID = 49300)
5:50 PM: Found Adware: begin2search
5:50 PM: greenmovie1.ico (ID = 51033)
5:50 PM: Found Adware: shopathomeselect
5:50 PM: vp.dat (ID = 75984)
5:50 PM: a0138429.dll (ID = 65344)
5:50 PM: a0140472.exe (ID = 49300)
5:50 PM: a0135910.exe (ID = 49300)
5:50 PM: fvauloduq.dll (ID = 76899)
5:50 PM: a0136066.exe (ID = 65346)
5:50 PM: Found Adware: webhancer
5:50 PM: a0139269.exe (ID = 267886)
5:50 PM: mp3red5.ico (ID = 51044)
5:50 PM: a0138655.exe (ID = 49300)
5:50 PM: a0138774.exe (ID = 65346)
5:50 PM: a0135954.dll (ID = 65344)
5:50 PM: a0141920.exe (ID = 244513)
5:50 PM: a0140568.exe (ID = 244271)
5:50 PM: a0138641.exe (ID = 49300)
5:50 PM: a0135817.exe (ID = 49300)
5:50 PM: a0135796.exe (ID = 49300)
5:50 PM: a0142038.exe (ID = 246327)
5:50 PM: a0138718.exe (ID = 49300)
5:51 PM: a0135975.exe (ID = 49300)
5:51 PM: a0140579.ocx (ID = 188117)
5:51 PM: a0139439.exe (ID = 249558)
5:51 PM: a0138905.exe (ID = 49300)
5:51 PM: a0138435.exe (ID = 49300)
5:51 PM: a0135708.exe (ID = 49300)
5:51 PM: mjv57gml.dat (ID = 75607)
5:51 PM: a0140668.exe (ID = 268934)
5:51 PM: a0139099.exe (ID = 49300)
5:51 PM: a0140669.exe (ID = 268798)
5:51 PM: a0135704.dll (ID = 65344)
5:51 PM: a0138902.dll (ID = 65344)
5:51 PM: a0136081.exe (ID = 49300)
5:51 PM: a0140650.dll (ID = 65344)
5:51 PM: a0140861.exe (ID = 269844)
5:51 PM: a0138860.dll (ID = 65344)
5:51 PM: a0135939.exe (ID = 49300)
5:51 PM: 0hmbb41t.dat (ID = 75821)
5:51 PM: Found Adware: mirar webband
5:51 PM: a0140809.exe (ID = 272168)
5:51 PM: a0137304.exe (ID = 49300)
5:51 PM: a0135881.exe (ID = 49300)
5:51 PM: a0138398.dll (ID = 65344)
5:51 PM: mc-110-12-0000117.exe (ID = 246327)
5:51 PM: a0138401.exe (ID = 49300)
5:51 PM: a0137262.exe (ID = 49300)
5:51 PM: ssqb.exe (ID = 73282)
5:51 PM: a0141886.dll (ID = 144945)
5:51 PM: a0135990.exe (ID = 49300)
5:51 PM: a0138700.dll (ID = 65344)
5:51 PM: a0140735.dll (ID = 65344)
5:51 PM: a0138456.exe (ID = 49300)
5:52 PM: a0138653.dll (ID = 65344)
5:52 PM: a0139078.dll (ID = 65344)
5:52 PM: a0140728.dll (ID = 159)
5:52 PM: serversideuninstaller.exe (ID = 49300)
5:52 PM: a0138762.exe (ID = 65346)
5:53 PM: a0139396.exe (ID = 188791)
5:54 PM: a0138378.exe (ID = 49300)
5:54 PM: a0138715.dll (ID = 65344)
5:54 PM: a0138669.dll (ID = 65344)
5:54 PM: a0140563.exe (ID = 73419)
5:54 PM: a0138619.dll (ID = 65344)
5:54 PM: a0135719.dll (ID = 65344)
5:54 PM: a0139459.dll (ID = 159)
5:55 PM: a0138974.dll (ID = 49298)
5:55 PM: a0141930.exe (ID = 293)
5:55 PM: a0140887.dll (ID = 159)
5:55 PM: a0138759.dll (ID = 65344)
5:55 PM: a0138355.dll (ID = 65344)
5:55 PM: a0139016.dll (ID = 65344)
5:55 PM: a0139468.dll (ID = 65344)
5:55 PM: a0140806.exe (ID = 244762)
5:55 PM: Found Adware: mypcsearch
5:55 PM: a0139406.exe (ID = 70341)
5:55 PM: wnu_48.exe (ID = 268798)
5:55 PM: a0138771.dll (ID = 65344)
5:55 PM: a0138786.dll (ID = 65344)
5:55 PM: a0140516.dll (ID = 159)
5:55 PM: wnu_169.exe (ID = 268798)
5:55 PM: a0138453.dll (ID = 65344)
5:55 PM: a0138990.dll (ID = 49298)
5:56 PM: a0141884.exe (ID = 268798)
5:56 PM: a0139463.dll (ID = 159)
5:56 PM: a0140469.dll (ID = 65344)
5:56 PM: bulldownload.exe (ID = 52017)
5:56 PM: a0140758.dll (ID = 49298)
5:56 PM: a0135706.dll (ID = 49298)
5:56 PM: a0140807.exe (ID = 190798)
5:56 PM: a0138789.exe (ID = 49300)
5:56 PM: a0138751.exe (ID = 49300)
5:56 PM: a0138863.exe (ID = 49300)
5:56 PM: mfex-54.dat (ID = 188787)
5:56 PM: a0139155.exe (ID = 49300)
5:56 PM: a0138745.dll (ID = 65344)
5:56 PM: win.exe (ID = 269842)
5:56 PM: a0138671.exe (ID = 49300)
5:56 PM: a0138761.exe (ID = 49300)
5:56 PM: a0138976.exe (ID = 49300)
5:56 PM: a0138940.dll (ID = 65344)
5:56 PM: a0136006.exe (ID = 49300)
5:56 PM: a0140886.exe (ID = 231443)
5:57 PM: a0140757.dll (ID = 65344)
5:57 PM: a0140785.dll (ID = 65344)
5:57 PM: a0139452.dll (ID = 49298)
5:57 PM: a0140853.dll (ID = 65344)
5:57 PM: a0135794.dll (ID = 49298)
5:57 PM: a0140885.exe (ID = 249558)
5:57 PM: a0140571.exe (ID = 73420)
5:57 PM: a0139097.dll (ID = 49298)
5:57 PM: a0139079.dll (ID = 49298)
5:57 PM: a0138469.dll (ID = 65344)
5:57 PM: bingo2.ico (ID = 51022)
5:57 PM: a0138530.dll (ID = 65344)
5:57 PM: a0138482.dll (ID = 65344)
5:57 PM: a0138415.exe (ID = 49300)
5:57 PM: a0135909.dll (ID = 65344)
5:57 PM: a0139266.exe (ID = 271215)
5:57 PM: a0140800.exe (ID = 49302)
5:58 PM: a0140653.exe (ID = 244271)
5:58 PM: a0138639.dll (ID = 49298)
5:58 PM: a0135793.dll (ID = 65344)
5:58 PM: a0138434.dll (ID = 49298)
5:59 PM: a0140874.exe (ID = 271320)
5:59 PM: a0140898.exe (ID = 271320)
5:59 PM: a0139153.dll (ID = 49298)
5:59 PM: a0135971.dll (ID = 65344)
5:59 PM: cl7u4rbd.dat (ID = 75949)
5:59 PM: a0138317.exe (ID = 49300)
5:59 PM: a0139305.exe (ID = 204831)
5:59 PM: a0140883.dll (ID = 159)
5:59 PM: a0141939.exe (ID = 204831)
5:59 PM: a0138654.dll (ID = 49298)
5:59 PM: a0137187.exe (ID = 49300)
5:59 PM: a0138972.dll (ID = 65344)
5:59 PM: a0141941.dll (ID = 159)
5:59 PM: a0139152.dll (ID = 65344)
5:59 PM: a0139167.dll (ID = 65344)
5:59 PM: a0138992.exe (ID = 49300)
5:59 PM: a0138471.exe (ID = 49300)
5:59 PM: a0139082.exe (ID = 49300)
5:59 PM: a0139119.dll (ID = 49298)
5:59 PM: a0139304.exe (ID = 269842)
5:59 PM: a0138989.dll (ID = 65344)
5:59 PM: a0138372.dll (ID = 65344)
5:59 PM: a0139171.exe (ID = 49300)
6:00 PM: a0139188.dll (ID = 65344)
6:00 PM: a0135814.dll (ID = 65344)
6:00 PM: a0139518.dll (ID = 188787)
6:00 PM: a0139282.dll (ID = 65344)
6:00 PM: a0138808.exe (ID = 49300)
6:00 PM: a0137258.dll (ID = 65344)
6:00 PM: a0138485.exe (ID = 49300)
6:00 PM: a0139306.exe (ID = 269844)
6:00 PM: a0138805.dll (ID = 65344)
6:00 PM: a0139019.exe (ID = 49300)
6:00 PM: a0138670.dll (ID = 49298)
6:00 PM: a0137095.exe (ID = 49300)
6:00 PM: a0135831.dll (ID = 65344)
6:00 PM: a0138544.exe (ID = 49300)
6:00 PM: a0141947.exe (ID = 293)
6:00 PM: a0140529.exe (ID = 49300)
6:00 PM: a0137318.exe (ID = 49300)
6:00 PM: a0135876.dll (ID = 65344)
6:00 PM: a0137104.dll (ID = 65344)
6:00 PM: installer[2].exe (ID = 231664)
6:00 PM: a0137107.exe (ID = 49300)
6:00 PM: drsmartload482a.exe (ID = 270829)
6:01 PM: a0139308.ocx (ID = 188117)
6:01 PM: a0138776.exe (ID = 49300)
6:01 PM: a0141938.exe (ID = 251295)
6:01 PM: a0137302.dll (ID = 49298)
6:01 PM: a0137271.dll (ID = 65344)
6:01 PM: a0137077.dll (ID = 49298)
6:01 PM: a0140870.exe (ID = 270829)
6:01 PM: a0138609.exe (ID = 49300)
6:01 PM: a0138623.exe (ID = 49300)
6:01 PM: dc2.exe (ID = 244271)
6:01 PM: a0140465.dll (ID = 159)
6:01 PM: Found Adware: ist surf accuracy
6:01 PM: istdialog[1].dll (ID = 266604)
6:01 PM: a0138534.exe (ID = 49300)
6:01 PM: a0140786.dll (ID = 49298)
6:01 PM: win.exe (ID = 269842)
6:02 PM: a0139314.exe (ID = 251295)
6:02 PM: a0139310.exe (ID = 268798)
6:02 PM: a0138454.dll (ID = 49298)
6:02 PM: a0137300.dll (ID = 65344)
6:02 PM: a0137312.dll (ID = 65344)
6:02 PM: dc3.exe (ID = 244271)
6:02 PM: a0140520.dll (ID = 159)
6:02 PM: a0139096.dll (ID = 65344)
6:02 PM: mfex-87.dat (ID = 188787)
6:02 PM: a0135679.exe (ID = 65346)
6:02 PM: a0138412.dll (ID = 65344)
6:02 PM: a0135986.dll (ID = 65344)
6:02 PM: a0138701.dll (ID = 49298)
6:02 PM: a0138540.dll (ID = 65344)
6:02 PM: a0139031.dll (ID = 65344)
6:02 PM: a0140663.exe (ID = 268995)
6:02 PM: a0136004.dll (ID = 65344)
6:02 PM: a0139449.exe (ID = 65346)
6:02 PM: a0139450.exe (ID = 76898)
6:03 PM: a0136078.dll (ID = 65344)
6:03 PM: a0139118.dll (ID = 65344)
6:03 PM: a0139169.dll (ID = 49298)
6:03 PM: a0135721.dll (ID = 49298)
6:03 PM: a0141958.exe (ID = 251295)
6:03 PM: a0136050.dll (ID = 65344)
6:03 PM: win.exe (ID = 269842)
6:03 PM: a0139522.exe (ID = 188791)
6:03 PM: a0139017.dll (ID = 49298)
6:03 PM: a0136065.dll (ID = 65344)
6:03 PM: a0140665.exe (ID = 268995)
6:03 PM: a0135936.dll (ID = 65344)
6:03 PM: a0137277.exe (ID = 49300)
6:03 PM: a0137076.dll (ID = 65344)
6:03 PM: nt68rrtc12.sys (ID = 220230)
6:03 PM: cmdinst.exe (ID = 231664)
6:03 PM: a0137089.dll (ID = 65344)
6:03 PM: a0136051.dll (ID = 49298)
6:03 PM: a0139034.exe (ID = 49300)
6:03 PM: a0138606.dll (ID = 65344)
6:03 PM: a0139467.dll (ID = 49298)
6:03 PM: a0138314.dll (ID = 65344)
6:03 PM: a0139221.dll (ID = 65344)
6:03 PM: a0140470.dll (ID = 49298)
6:03 PM: a0139222.dll (ID = 49298)
6:04 PM: a0140906.exe (ID = 249558)
6:05 PM: a0142037.exe (ID = 73282)
6:05 PM: a0141922.exe (ID = 49297)
6:05 PM: a0141970.exe (ID = 65348)
6:05 PM: a0140694.dll (ID = 64124)
6:06 PM: autoit3.exe (ID = 185254)
6:07 PM: pqniujlt.dat (ID = 75801)
6:07 PM: a0140871.exe (ID = 249558)
6:10 PM: inneradinstall.log (ID = 49035)
6:10 PM: a0141937.dll (ID = 159)
6:10 PM: a0140727.dll (ID = 159)
6:10 PM: atmtd.dll._ (ID = 166754)
6:11 PM: a0140685.exe (ID = 185254)
6:11 PM: a0140763.exe (ID = 185254)
6:11 PM: a0140846.dll (ID = 159)
6:11 PM: a0140791.exe (ID = 185254)
6:12 PM: a0135973.dll (ID = 49298)
6:12 PM: a0138483.dll (ID = 49298)
6:12 PM: a0140771.dll (ID = 273831)
6:12 PM: a0138607.dll (ID = 49298)
6:12 PM: a0135987.dll (ID = 49298)
6:12 PM: a0138758.dll (ID = 49298)
6:12 PM: a0140905.exe (ID = 249558)
6:13 PM: a0141887.exe (ID = 249558)
6:13 PM: a0139428.exe (ID = 65739)
6:13 PM: a0137259.dll (ID = 49298)
6:13 PM: webrebates_auto_installsilent.exe (ID = 83962)
6:13 PM: a0136005.dll (ID = 49298)
6:13 PM: a0136062.dll (ID = 49298)
6:13 PM: a0139187.dll (ID = 49298)
6:13 PM: mmaker2.exe (ID = 59684)
6:14 PM: a0138620.dll (ID = 49298)
6:15 PM: a0137091.dll (ID = 49298)
6:15 PM: a0138716.dll (ID = 49298)
6:15 PM: a0137273.dll (ID = 49298)
6:15 PM: a0138531.dll (ID = 49298)
6:15 PM: a0138542.dll (ID = 49298)
6:15 PM: a0140680.dll (ID = 49298)
6:15 PM: a0139272.dll (ID = 273831)
6:15 PM: a0141918.exe (ID = 251279)
6:15 PM: a0140664.exe (ID = 268932)
6:15 PM: a0141885.exe (ID = 144946)
6:15 PM: a0141883.dll (ID = 159)
6:15 PM: a0140526.dll (ID = 49298)
6:15 PM: a0140662.dll (ID = 268799)
6:16 PM: a0140524.dll (ID = 65344)
6:16 PM: installer[1].exe (ID = 231664)
6:16 PM: a0140777.dll (ID = 159)
6:17 PM: a0141931.dll (ID = 159)
6:17 PM: a0140801.ocx (ID = 188117)
6:17 PM: trebates.exe (ID = 83925)
6:17 PM: trebates.exe (ID = 83925)
6:17 PM: trebates.exe (ID = 83925)
6:18 PM: a0140904.exe (ID = 249558)
6:18 PM: a0140736.dll (ID = 49298)
6:18 PM: a0135815.dll (ID = 49298)
6:18 PM: a0137105.dll (ID = 49298)
6:18 PM: a0138806.dll (ID = 49298)
6:18 PM: Found Adware: targetsaver
6:18 PM: class-barrel (ID = 78229)
6:18 PM: a0137316.dll (ID = 49298)
6:18 PM: a0136079.dll (ID = 49298)
6:18 PM: a0135879.dll (ID = 49298)
6:19 PM: a0138374.dll (ID = 49298)
6:19 PM: a0138470.dll (ID = 49298)
6:19 PM: 2504040901.exe (ID = 48165)
6:19 PM: a0135908.dll (ID = 49298)
6:19 PM: a0138861.dll (ID = 49298)
6:19 PM: a0138787.dll (ID = 49298)
6:19 PM: a0140566.exe (ID = 244271)
6:19 PM: a0135832.dll (ID = 49298)
6:19 PM: a0140808.exe (ID = 267157)
6:19 PM: a0139283.dll (ID = 49298)
6:20 PM: a0140811.exe (ID = 144946)
6:20 PM: a0135955.dll (ID = 49298)
6:20 PM: a0139032.dll (ID = 49298)
6:20 PM: a0135937.dll (ID = 49298)
6:21 PM: a0140907.exe (ID = 249558)
6:21 PM: a0138746.dll (ID = 49298)
6:22 PM: a0141928.exe (ID = 111348)
6:22 PM: xdhd.dll (ID = 76899)
6:22 PM: a0138773.dll (ID = 49298)
6:22 PM: a0138834.dll (ID = 49298)
6:22 PM: a0137184.dll (ID = 49298)
6:23 PM: a0139431.dll (ID = 188787)
6:23 PM: a0138315.dll (ID = 49298)
6:23 PM: a0138357.dll (ID = 49298)
6:23 PM: a0138399.dll (ID = 49298)
6:23 PM: a0140778.dll (ID = 159)
6:24 PM: a0138413.dll (ID = 49298)
6:25 PM: vocabulary (ID = 78283)
6:25 PM: Found Adware: twain-tech
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: a0140508.cfg (ID = 91140)
6:25 PM: a0140643.cfg (ID = 91140)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: a0140561.lnk (ID = 48314)
6:25 PM: Found Adware: directrevenue-abetterinternet
6:25 PM: alchem.inf (ID = 83109)
6:25 PM: alchem.ini (ID = 83112)
6:25 PM: Found Adware: ieplugin
6:25 PM: wininit.ini (ID = 63389)
6:25 PM: a0140701.inf (ID = 83109)
6:25 PM: a0140697.inf (ID = 81856)
6:25 PM: twaintec.inf (ID = 81889)
6:25 PM: polmx.inf (ID = 81856)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: temp.frf7a4 (ID = 81859)
6:25 PM: temp.fr2a4d (ID = 81859)
6:25 PM: mxtarget.inf (ID = 81843)
6:25 PM: a0139399.ini (ID = 188794)
6:25 PM: nqivuzpxoz6ywah5khugkt.vbs (ID = 185675)
6:25 PM: a0139403.ini (ID = 188799)
6:25 PM: a0139405.cfg (ID = 91140)
6:25 PM: a0139397.ini (ID = 267887)
6:29 PM: Warning: Invalid Stream
6:30 PM: File Sweep Complete, Elapsed Time: 00:44:40
6:30 PM: Full Sweep has completed. Elapsed time 00:49:01
6:30 PM: Traces Found: 916
6:51 PM: Removal process initiated
6:51 PM: Quarantining All Traces: 2nd-thought
6:51 PM: Quarantining All Traces: clkoptimizer
6:51 PM: Quarantining All Traces: directrevenue-abetterinternet
6:51 PM: Quarantining All Traces: fullcontext
6:51 PM: Quarantining All Traces: look2me
6:51 PM: Quarantining All Traces: lzio
6:51 PM: Quarantining All Traces: purityscan
6:51 PM: Quarantining All Traces: trojan downloader matcash
6:51 PM: Quarantining All Traces: apropos
6:51 PM: Quarantining All Traces: begin2search
6:51 PM: Quarantining All Traces: dollarrevenue
6:51 PM: Quarantining All Traces: elitemediagroup-mediamotor
6:51 PM: Quarantining All Traces: enbrowser
6:51 PM: Quarantining All Traces: internetoptimizer
6:51 PM: Quarantining All Traces: maxifiles
6:51 PM: Quarantining All Traces: surfsidekick
6:51 PM: Quarantining All Traces: topconverting downloader
6:51 PM: Quarantining All Traces: zquest
6:52 PM: Quarantining All Traces: addestroyer
6:52 PM: Quarantining All Traces: adpowerzone
6:52 PM: Quarantining All Traces: bullguard popup ad
6:52 PM: Quarantining All Traces: command
6:53 PM: Quarantining All Traces: drsnsrch.com hijack
6:53 PM: Quarantining All Traces: ebates money maker
6:53 PM: Quarantining All Traces: elitemediagroup-pop64
6:53 PM: Quarantining All Traces: ieplugin
6:53 PM: Quarantining All Traces: ist surf accuracy
6:53 PM: Quarantining All Traces: kghost-1
6:53 PM: Quarantining All Traces: mirar webband
6:53 PM: Quarantining All Traces: moneytree
6:53 PM: Quarantining All Traces: mypcsearch
6:53 PM: Quarantining All Traces: quickbrowser
6:53 PM: Quarantining All Traces: shopathomeselect
6:53 PM: Quarantining All Traces: ssqb
6:53 PM: Quarantining All Traces: targetsaver
6:53 PM: Quarantining All Traces: twain-tech
6:53 PM: Quarantining All Traces: webhancer
6:55 PM: Quarantining All Traces: webrebates
6:55 PM: Quarantining All Traces: windows afa internet enhancement
6:55 PM: Quarantining All Traces: zenosearchassistant
6:56 PM: Quarantining All Traces: 10101 cookie
6:56 PM: Quarantining All Traces: 10102 cookie
6:56 PM: Quarantining All Traces: 10103 cookie
6:56 PM: Quarantining All Traces: 247realmedia cookie
6:56 PM: Quarantining All Traces: 2o7.net cookie
6:56 PM: Quarantining All Traces: 50881381 cookie
6:56 PM: Quarantining All Traces: 888 cookie
6:56 PM: Quarantining All Traces: a cookie
6:56 PM: Quarantining All Traces: about cookie
6:56 PM: Quarantining All Traces: addynamix cookie
6:56 PM: Quarantining All Traces: adecn cookie
6:56 PM: Quarantining All Traces: adknowledge cookie
6:56 PM: Quarantining All Traces: adlegend cookie
6:56 PM: Quarantining All Traces: adprofile cookie
6:56 PM: Quarantining All Traces: adrevolver cookie
6:56 PM: Quarantining All Traces: adserver cookie
6:56 PM: Quarantining All Traces: adultfriendfinder cookie
6:56 PM: Quarantining All Traces: ask cookie
6:56 PM: Quarantining All Traces: askmen cookie
6:56 PM: Quarantining All Traces: atwola cookie
6:56 PM: Quarantining All Traces: azjmp cookie
6:56 PM: Quarantining All Traces: belnk cookie
6:56 PM: Quarantining All Traces: bluestreak cookie
6:56 PM: Quarantining All Traces: bravenet cookie
6:56 PM: Quarantining All Traces: bs.serving-sys cookie
6:56 PM: Quarantining All Traces: burstbeacon cookie
6:56 PM: Quarantining All Traces: burstnet cookie
6:56 PM: Quarantining All Traces: casalemedia cookie
6:56 PM: Quarantining All Traces: cassava cookie
6:56 PM: Quarantining All Traces: cc214142 cookie
6:56 PM: Quarantining All Traces: clickandtrack cookie
6:56 PM: Quarantining All Traces: dealtime cookie
6:56 PM: Quarantining All Traces: deskwizz cookie
6:56 PM: Quarantining All Traces: did-it cookie
6:56 PM: Quarantining All Traces: exitexchange cookie
6:56 PM: Quarantining All Traces: falkag cookie
6:56 PM: Quarantining All Traces: fastclick cookie
6:56 PM: Quarantining All Traces: freestats.net cookie
6:56 PM: Quarantining All Traces: go.com cookie
6:56 PM: Quarantining All Traces: gostats cookie
6:56 PM: Quarantining All Traces: hbmediapro cookie
6:56 PM: Quarantining All Traces: hotbar cookie
6:56 PM: Quarantining All Traces: inqwire cookie
6:56 PM: Quarantining All Traces: maxserving cookie
6:56 PM: Quarantining All Traces: metareward.com cookie
6:56 PM: Quarantining All Traces: mygeek cookie
6:56 PM: Quarantining All Traces: nextag cookie
6:56 PM: Quarantining All Traces: partypoker cookie
6:56 PM: Quarantining All Traces: pointroll cookie
6:56 PM: Quarantining All Traces: questionmarket cookie
6:56 PM: Quarantining All Traces: realmedia cookie
6:56 PM: Quarantining All Traces: redzip cookie
6:56 PM: Quarantining All Traces: reunion cookie
6:56 PM: Quarantining All Traces: revenue.net cookie
6:56 PM: Quarantining All Traces: rightmedia cookie
6:56 PM: Quarantining All Traces: rn11 cookie
6:56 PM: Quarantining All Traces: screensavers.com cookie
6:56 PM: Quarantining All Traces: searchadnetwork cookie
6:56 PM: Quarantining All Traces: server.iad.liveperson cookie
6:56 PM: Quarantining All Traces: serving-sys cookie
6:56 PM: Quarantining All Traces: sirsearch cookie
6:56 PM: Quarantining All Traces: specificclick.com cookie
6:56 PM: Quarantining All Traces: starware.com cookie
6:56 PM: Quarantining All Traces: statcounter cookie
6:56 PM: Quarantining All Traces: tacoda cookie
6:56 PM: Quarantining All Traces: tradedoubler cookie
6:56 PM: Quarantining All Traces: trafficmp cookie
6:56 PM: Quarantining All Traces: trb.com cookie
6:56 PM: Quarantining All Traces: tribalfusion cookie
6:56 PM: Quarantining All Traces: upspiral cookie
6:56 PM: Quarantining All Traces: videodome cookie
6:56 PM: Quarantining All Traces: websponsors cookie
6:56 PM: Quarantining All Traces: xiti cookie
6:56 PM: Quarantining All Traces: yieldmanager cookie
6:56 PM: Quarantining All Traces: zedo cookie
6:56 PM: Removal process completed. Elapsed time 00:05:16
********
5:39 PM: | Start of Session, Monday, April 03, 2006 |
5:39 PM: Spy Sweeper started
5:40 PM: Your spyware definitions have been updated.
5:41 PM: | End of Session, Monday, April 03, 2006 |

:thumbsup:

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 04 April 2006 - 12:41 AM

And a fresh HijackThis log please.. We'll see whats left :thumbsup:
Hi there, stranger!

#13 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 04 April 2006 - 03:57 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:57:38 PM, on 4/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\tschwambach\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ww.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.100.26:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0F1B982D-C18E-4F2F-8ADB-91C12D858A08} (Raindance Helper Class) - http://www.raindance.com/rndc/webinstall/k2ctl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://nokiaarchive.imarketsource.com/view...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MarketSource.net
O17 - HKLM\Software\..\Telephony: DomainName = MarketSource.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MarketSource.net
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

:thumbsup:

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:03 PM

Posted 05 April 2006 - 03:45 AM

Hows the system running? :thumbsup:
Hi there, stranger!

#15 tjsst33

tjsst33
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 05 April 2006 - 12:13 PM

Everything is great. No pop-ups, good speed. I think you saved my computer!! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users