Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Freepod


  • Please log in to reply
17 replies to this topic

#1 the trooper2

the trooper2

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 13 June 2006 - 09:49 AM

heres my log

Logfile of HijackThis v1.99.1
Scan saved at 15:46:18, on 13/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\myspaces.exe
C:\Program Files\MSN Messenger\msgslang.exe
c:\mc-110-12-0000193.exe
C:\WINDOWS\system32\svchost.exe
c:\mc-110-12-0000193.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSN Explorer] C:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.241:8000/Java/cfs31235.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 13 June 2006 - 12:19 PM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 14 June 2006 - 11:33 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:24:19, 14/06/2006
+ Report-Checksum: 4C981938

+ Scan result:

:mozilla.8:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.15:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.17:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.18:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.32:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.33:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.34:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.35:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.39:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.40:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.41:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.42:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.43:C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\btv22oly.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\1reeggn8.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Josh\Cookies\josh@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Josh\Cookies\josh@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Josh\Cookies\josh@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Josh\Cookies\josh@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\AC3Filter\GPL_rus.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AC3Filter\wdialog_patch.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AC3Filter\wGPL_rus.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AC3Filter\wwdialog_patch.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AvRack\classic.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AvRack\wclassic.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AWS\wwwwwWxBugSetup60b6.04.0.9m.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AWS\wwwwWxBugSetup60b6.04.0.9m.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AWS\wwwWxBugSetup60b6.04.0.9m.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AWS\wwWxBugSetup60b6.04.0.9m.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\AWS\wWxBugSetup60b6.04.0.9m.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\aereg.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\swt-win32-3139.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\swt.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\waereg.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\wAzureus.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\wswt.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\wUninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Azureus\wwaereg.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\BitLord\BitLord.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\BitLord\Downloads.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\BitLord\wBitLord.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\BitLord\wDownloads.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\BitLord\wwBitLord.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\BitLord\wwwBitLord.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\blueyonder IST\Install.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\blueyonder IST\wInstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\blueyonder IST\wuninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\blueyonder IST\wwuninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\CCleaner\CCTreeView.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\CCleaner\lang-1033.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\CCleaner\wCCTreeView.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\divxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wwdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wwwdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wwwwdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wwwwwdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wwwwwwdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivX\wwwwwwwdivxFolder.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\DivX.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\divxicon.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\LICENSE.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\README.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\wDivX.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\wLICENSE.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\wREADME.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\wuninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DivXCodec\wwLICENSE.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\DVD Decrypter\wuninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\dvdSanta\dvdSanta.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\dvdSanta\dvdSanta1.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\dvdSanta\dvdSanta3.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\dvdSanta\dvdSantafaq.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\dvdSanta\wdvdSantafaq.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\npf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\wnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\wwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\wwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\wwwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\wwwwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Empy2000\wwwwwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Ezthemes_WhenUSaveNowCrunch_Installer\wEzthemes_WhenUSaveNowCrunch_Installer.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Ezthemes_WhenUSaveNowCrunch_Installer\wwEzthemes_WhenUSaveNowCrunch_Installer.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Ezthemes_WhenUSaveNowCrunch_Installer\wwwEzthemes_WhenUSaveNowCrunch_Installer.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\filesubmit\ddbigmoonxb.zip\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\GSpot\ExportFormat.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\GSpot221.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\license.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\OggLegal.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\wGSpot221.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\wOggLegal.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\wUninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\w_read_me.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\GSpot\_read_me.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\Mxmidi16.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\MxMidi95.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wGPOnline.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wMxmidi16.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wMxMidi95.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wwGPOnline.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wwMxmidi16.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wwMxMidi95.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wwwGPOnline.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wwwMxmidi16.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Guitar Pro 4 Demo\wwwwMxmidi16.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Internet Explorer\wiedw.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Internet Explorer\wIEXPLORE(2).exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Internet Explorer\wIEXPLORE.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Internet Explorer\wwiedw.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Internet Explorer\wwIEXPLORE(2).exe -> Adware.Agent : Cleaned with backup
C:\Program Files\iTunes\wiTunes.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mesr ist\npf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mesr ist\wnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mesr ist\wwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mesr ist\wwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mesr ist\wwwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mesr ist\wwwwwnpf.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\lvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\wlvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\wwlvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\wwwlvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\wwwwlvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\wwwwwlvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Messenger\wwwwwwlvback.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Microsoft ActiveSync\MSCONV97.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Microsoft ActiveSync\MSWRD832.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Microsoft ActiveSync\RICHINK.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Microsoft ActiveSync\wMSCONV97.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Movie Maker\WMM2FILT.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Movie Maker\WMM2FXA.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Movie Maker\WMM2FXB.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Movie Maker\WMM2RES.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mozilla Firefox\.aut.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mozilla Firefox\LIC.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mozilla Firefox\nssckbi.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Mozilla Firefox\wupdater.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\MSN Messenger\license.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\MSN Messenger\msgslang.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\MSN Messenger\pcsdll.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\NetMeeting\CallLog.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\NetMeeting\h323cc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\NetMeeting\nmft.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\NetMeeting\TestSnd.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Online Services\Refer me to more Internet Service Providers.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Online Services\wRefer me to more Internet Service Providers.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Outlook Express\msoe.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Outlook Express\msoeres.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Outlook Express\wmsoe.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Outlook Express\wmsoeres.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Outlook Express\wsetup50.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\QuickTime\Sample.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\QuickTime\wQuickTimeUpdater.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\aports.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\delphimm.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\SDHelper.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\wSDHelper.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\wunins000.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNowCrunch_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\ToolBar888\MyToolBar.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\ToolBar888\wMyToolBar.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\ToolBar888\wwMyToolBar.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\ToolBar888\wwwMyToolBar.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Toolbar888(2)\basis.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Toolbar888(2)\basis.xm.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Toolbar888(2)\installed..exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Toolbar888(2)\winstalled..exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\odbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\wodbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\wwodbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\wwwodbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\wwwwodbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\wwwwwodbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Uninstall Information\wwwwwwodbc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Winamp\iPod Transfer Log.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Winamp\pconfig.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Winamp\wUninstWA.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Winamp\wWinamp.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Winamp\wwinampa.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\w.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\ww.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\wWinUpdate.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\wwWinUpdate.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\wwwWinUpdate.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\wwwwWinUpdate.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\wwwwwWinUpdate.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows\wwwwwwWinUpdate.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Journal Viewer\jvintl.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Journal Viewer\JVNBDoc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Journal Viewer\wjntview.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Journal Viewer\wjvintl.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Media Player\custsat.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Media Player\npwmsdrm.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Media Player\wwmpenc.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Media Player\wwmplayer.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\Windows Media Player\wwwmplayer.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinRAR\File_Id.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinRAR\Order.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinRAR\wUninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinRAR\wWinRAR.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\LICENSE.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\ORDER.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\VENDOR.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\WINZIP.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\wWZCAB.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\WZ.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\WZCAB.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\WZINST.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\WinZip\WZTUTOR.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\XoftSpy\wuninstall.exe -> Adware.Agent : Cleaned with backup
C:\Program Files\XoftSpy\wXoftSpy.exe -> Adware.Agent : Cleaned with backup
C:\WINDOWS\system32\drivers\helpsys\msnexplorer.exe -> Backdoor.Agent.vk : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 17:30:33, on 14/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\mActiveX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AvRack\wrtlrack.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Win643] C:\mActiveX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.241:8000/Java/cfs31235.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...432322D2D2D.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 14 June 2006 - 03:38 PM

As bad as that was, let's do a couple things

Run http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post the results from Kaspersky scan

==========================================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 15 June 2006 - 01:32 PM

i can't post the scan results of the online one its too many words i'll upload it tomorrow

#6 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 15 June 2006 - 01:35 PM

i could'nt delete the files in the spysweeper scan i had to register

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 15 June 2006 - 03:25 PM

That is not the case, it is trial version and does delete

Take the log and remove the cookie entries and post the rest
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 16 June 2006 - 12:32 PM

i downloaded the wrong version of spy sweeper so i downloaded the new one ran the scan deleted like 2 objects then my pc crashed and had to restart

#9 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 16 June 2006 - 12:34 PM

********
17:09: | Start of Session, 16 June 2006 |
17:09: Spy Sweeper started
17:09: Sweep initiated using definitions version 701
17:09: Starting Memory Sweep
17:14: Found Adware: targetsaver
17:14: Detected running threat: C:\Program Files\MSN Messenger\license.exe (ID = 302229)
17:15: Memory Sweep Complete, Elapsed Time: 00:05:51
17:15: Starting Registry Sweep
17:15: Found Adware: iwantsearch
17:15: HKCR\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}\ (11 subtraces) (ID = 125903)
17:15: Found Adware: start4search toolbar
17:15: HKCR\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}\ (11 subtraces) (ID = 125903)
17:15: Found Adware: ez-finder toolbar
17:15: HKCR\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}\ (11 subtraces) (ID = 125903)
17:15: HKLM\software\classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}\ (11 subtraces) (ID = 125905)
17:15: HKLM\software\classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}\ (11 subtraces) (ID = 125905)
17:15: HKLM\software\classes\clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}\ (11 subtraces) (ID = 125905)
17:15: Found Adware: zeropopup
17:15: HKLM\software\classes\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125907)
17:15: HKLM\software\classes\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125907)
17:15: HKLM\software\classes\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125907)
17:15: HKLM\software\microsoft\internet explorer\toolbar\ || {0e1230f8-ea50-42a9-983c-d22abc2eed3b} (ID = 125908)
17:15: HKLM\software\microsoft\internet explorer\toolbar\ || {0e1230f8-ea50-42a9-983c-d22abc2eed3b} (ID = 125908)
17:15: HKLM\software\microsoft\internet explorer\toolbar\ || {0e1230f8-ea50-42a9-983c-d22abc2eed3b} (ID = 125908)
17:15: HKCR\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125913)
17:15: HKCR\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125913)
17:15: HKCR\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125913)
17:15: Found Adware: ietoolbar
17:15: HKCR\typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}\ (9 subtraces) (ID = 125913)
17:15: HKCR\interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}\ (8 subtraces) (ID = 143013)
17:15: Found Adware: ist yoursitebar
17:15: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (8 subtraces) (ID = 147850)
17:15: HKLM\software\classes\interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}\ (8 subtraces) (ID = 147950)
17:15: Found Adware: 2search
17:15: HKCR\typelib\{4508e20a-acad-11d2-9fc0-00550076e06f}\ (9 subtraces) (ID = 832791)
17:15: HKLM\software\classes\typelib\{4508e20a-acad-11d2-9fc0-00550076e06f}\ (9 subtraces) (ID = 832850)
17:15: Found Adware: accoona toolbar
17:15: HKCR\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\ (2 subtraces) (ID = 954998)
17:15: HKLM\software\classes\clsid\{f80c1d93-0d22-436e-963e-9d3156997a4e}\ (2 subtraces) (ID = 955055)
17:15: Found Adware: command
17:15: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
17:15: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
17:15: Found Adware: clkoptimizer
17:15: HKCR\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (1 subtraces) (ID = 1212684)
17:15: HKLM\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (1 subtraces) (ID = 1212686)
17:15: Found Adware: maxifiles
17:15: HKCR\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1497797)
17:15: HKCR\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1497803)
17:15: HKLM\software\classes\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1498205)
17:15: HKLM\software\classes\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1498211)
17:15: HKLM\software\microsoft\windows\currentversion\uninstall\toolbar888\ (2 subtraces) (ID = 1498367)
17:15: Found Adware: search200.com hijack
17:15: HKU\S-1-5-21-3894198392-1193924609-3670496923-1007\software\microsoft\internet explorer\new windows\allow\ || search200.com (ID = 134078)
17:15: HKU\S-1-5-21-3894198392-1193924609-3670496923-1007\software\microsoft\internet explorer\new windows\allow\ || www.search200.com (ID = 134079)
17:15: Found Adware: fullcontext
17:15: HKU\S-1-5-21-3894198392-1193924609-3670496923-1007\software\eqadvice\ (5 subtraces) (ID = 1190273)
17:15: HKU\S-1-5-21-3894198392-1193924609-3670496923-1007\software\microsoft\internet explorer\menuext\&mytoolbar search\ (2 subtraces) (ID = 1498040)
17:15: HKU\S-1-5-21-3894198392-1193924609-3670496923-1007\software\microsoft\windows\currentversion\policies\explorer\run\ || winupdate.exe (ID = 1503283)
17:16: Found Adware: lopdotcom
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\new windows\allow\ || lop.com (ID = 130287)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\new windows\allow\ || www.lop.com (ID = 130289)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)
17:16: Found Adware: surfsidekick
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
17:16: Found Adware: findthewebsiteyouneed hijack
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
17:16: Found Adware: dealbar toolbar
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {3d782bb3-f2a5-11d3-bf4c-000000000000} (ID = 826103)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {bfa03761-5565-41b3-93d9-82b354c0a8ec} (ID = 826846)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\urlsearchhooks\{944864a5-3916-46e2-96a9-a2e84f3f1208}\ (ID = 955003)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\xbtb04715\ (70 subtraces) (ID = 1156401)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\internet explorer\menuext\&mytoolbar search\ (2 subtraces) (ID = 1498040)
17:16: HKU\WRSS_Profile_S-1-5-21-3894198392-1193924609-3670496923-1006\software\microsoft\windows\currentversion\policies\explorer\run\ || winupdate.exe (ID = 1503283)
17:16: Registry Sweep Complete, Elapsed Time:00:00:20
17:16: Starting Cookie Sweep
17:16: Found Spy Cookie: 2o7.net cookie
17:16: josh@2o7[1].txt (ID = 1957)
17:16: Found Spy Cookie: atlas dmt cookie
17:16: josh@atdmt[2].txt (ID = 2253)
17:16: josh@msnportal.112.2o7[1].txt (ID = 1958)
17:16: Found Spy Cookie: realmedia cookie
17:16: josh@realmedia[1].txt (ID = 3235)
17:16: Found Spy Cookie: tradedoubler cookie
17:16: josh@tradedoubler[1].txt (ID = 3575)
17:16: Found Spy Cookie: trafficmp cookie
17:16: josh@trafficmp[1].txt (ID = 3581)
17:16: Found Spy Cookie: ugo cookie
17:16: josh@ugo[1].txt (ID = 3608)
17:16: Found Spy Cookie: 888 cookie
17:16: john@888[1].txt (ID = 2019)
17:16: john@888[2].txt (ID = 2019)
17:16: Found Spy Cookie: 91338698 cookie
17:16: john@91338698[1].txt (ID = 2025)
17:16: Found Spy Cookie: adlegend cookie
17:16: john@adlegend[1].txt (ID = 2074)
17:16: Found Spy Cookie: hbmediapro cookie
17:16: john@adopt.hbmediapro[1].txt (ID = 2768)
17:16: Found Spy Cookie: adultfriendfinder cookie
17:16: john@adultfriendfinder[1].txt (ID = 2165)
17:16: Found Spy Cookie: ask cookie
17:16: john@ask[2].txt (ID = 2245)
17:16: Found Spy Cookie: atwola cookie
17:16: john@atwola[1].txt (ID = 2255)
17:16: Found Spy Cookie: azjmp cookie
17:16: john@azjmp[2].txt (ID = 2270)
17:16: Found Spy Cookie: a cookie
17:16: john@a[1].txt (ID = 2027)
17:16: Found Spy Cookie: belnk cookie
17:16: john@belnk[1].txt (ID = 2292)
17:16: Found Spy Cookie: cassava cookie
17:16: john@cassava[1].txt (ID = 2362)
17:16: Found Spy Cookie: about cookie
17:16: john@chineseculture.about[2].txt (ID = 2038)
17:16: Found Spy Cookie: did-it cookie
17:16: john@did-it[2].txt (ID = 2523)
17:16: john@dist.belnk[2].txt (ID = 2293)
17:16: Found Spy Cookie: screensavers.com cookie
17:16: john@i.screensavers[2].txt (ID = 3298)
17:16: Found Spy Cookie: infospace cookie
17:16: john@infospace[1].txt (ID = 2865)
17:16: Found Spy Cookie: monstermarketplace cookie
17:16: john@monstermarketplace[1].txt (ID = 3006)
17:16: Found Spy Cookie: mywebsearch cookie
17:16: john@mywebsearch[2].txt (ID = 3051)
17:16: Found Spy Cookie: rn11 cookie
17:16: john@rn11[2].txt (ID = 3261)
17:16: Found Spy Cookie: searchweb2 cookie
17:16: john@searchweb2[1].txt (ID = 3325)
17:16: Found Spy Cookie: clicktracks cookie
17:16: john@stats2.clicktracks[2].txt (ID = 2407)
17:16: Found Spy Cookie: toplist cookie
17:16: john@toplist[1].txt (ID = 3557)
17:16: Found Spy Cookie: tracking cookie
17:16: john@tracking[1].txt (ID = 3571)
17:16: Found Spy Cookie: upspiral cookie
17:16: john@upspiral[1].txt (ID = 3614)
17:16: Found Spy Cookie: webpower cookie
17:16: john@webpower[1].txt (ID = 3660)
17:16: john@www.888[1].txt (ID = 2020)
17:16: Found Spy Cookie: redzip cookie
17:16: john@www.redzip[2].txt (ID = 3250)
17:16: john@www.screensavers[1].txt (ID = 3298)
17:16: john@www.upspiral[1].txt (ID = 3615)
17:16: Found Spy Cookie: zenotecnico cookie
17:16: john@zenotecnico[2].txt (ID = 3858)
17:16: Cookie Sweep Complete, Elapsed Time: 00:00:03
17:16: Starting File Sweep
17:16: Found Trojan Horse: trojan downloader matcash
17:16: c:\program files\common files\inetget (1 subtraces) (ID = -2147477182)
17:16: c:\program files\toolbar888 (2 subtraces) (ID = -2147456311)
17:16: Found Trojan Horse: rbot
17:16: a0170704.exe (ID = 269648)
17:16: a0170551.exe (ID = 269648)
17:16: a0170785.exe (ID = 269648)
17:16: a0173885.exe (ID = 269648)
17:16: a0173862.exe (ID = 269648)
17:16: a0170817.exe (ID = 269648)
17:16: a0170632.exe (ID = 269648)
17:16: a0170833.exe (ID = 269648)
17:16: a0173998.exe (ID = 269648)
17:16: a0170645.exe (ID = 269648)
17:16: a0170671.exe (ID = 269648)
17:16: a0173856.exe (ID = 269648)
17:16: a0170683.exe (ID = 269648)
17:16: Found Adware: dollarrevenue
17:16: a0161646.exe (ID = 278325)
17:16: a0173479.exe (ID = 269275)
17:17: a0251080.exe (ID = 302229)
17:17: a0250983.exe (ID = 302229)
17:17: a0250991.exe (ID = 302229)
17:17: a0170795.exe (ID = 269648)
17:17: a0251037.exe (ID = 302229)
17:17: a0251161.exe (ID = 302229)
17:17: a0131202.exe (ID = 268424)
17:17: Found Adware: winantispyware 2005
17:17: a0161593.exe (ID = 266682)
17:17: tbfp[2].avi (ID = 305667)
17:17: license.exe (ID = 302229)
17:17: a0250906.exe (ID = 302229)
17:17: a0250960.exe (ID = 302229)
17:17: a0252160.exe (ID = 302229)
17:17: a0173795.exe (ID = 269648)
17:17: a0250981.exe (ID = 302229)
17:17: a0172434.exe (ID = 269648)
17:17: a0172435.exe (ID = 269648)
17:17: a0172436.exe (ID = 269648)
17:17: tbfp[4].avi (ID = 305667)
17:17: a0141459.exe (ID = 251021)
17:17: a0170490.exe (ID = 269648)
17:17: a0171607.exe (ID = 269648)
17:17: a0168090.exe (ID = 288490)
17:17: Found Adware: enbrowser
17:17: a0140350.exe (ID = 245111)
17:18: a0250967.exe (ID = 302229)
17:18: maxidr[1].avi (ID = 302928)
17:18: a0170936.exe (ID = 269648)
17:18: a0250930.exe (ID = 302229)
17:18: dc3.exe (ID = 305667)
17:18: a0251040.exe (ID = 302229)
17:18: maxidr[7].avi (ID = 302928)
17:18: a0141398.exe (ID = 245110)
17:18: tbfp[1].avi (ID = 305667)
17:18: a0157540.exe (ID = 245111)
17:19: a0171600.exe (ID = 269648)
17:19: a0171601.exe (ID = 269648)
17:19: a0251095.exe (ID = 302229)
17:19: a0251093.exe (ID = 302229)
17:19: a0251030.exe (ID = 302229)
17:19: a0250992.exe (ID = 302229)
17:19: a0172019.exe (ID = 269648)
17:19: a0172020.exe (ID = 269648)
17:19: a0171461.exe (ID = 269648)
17:19: a0251100.exe (ID = 302229)
17:19: a0251067.exe (ID = 302229)
17:19: a0171137.exe (ID = 269648)
17:19: a0167105.exe (ID = 269648)
17:19: a0251114.exe (ID = 302229)
17:19: a0172373.exe (ID = 269648)
17:19: a0172374.exe (ID = 269648)
17:19: a0172375.exe (ID = 269648)
17:19: a0172376.exe (ID = 269648)
17:20: a0251046.exe (ID = 302229)
17:20: a0161650.exe (ID = 251021)
17:20: basis.xml (ID = 244764)
17:20: a0172481.exe (ID = 269648)
17:20: a0172482.exe (ID = 269648)
17:20: a0172483.exe (ID = 269648)
17:20: a0250952.exe (ID = 302229)
17:20: a0252212.exe (ID = 302229)
17:20: Found Adware: findthewebsiteyouneed hijacker
17:20: a0141496.exe (ID = 253753)
17:20: Found Adware: wfgtech
17:20: a0173485.exe (ID = 247595)
17:21: a0250970.exe (ID = 302229)
17:21: a0173480.exe (ID = 244430)
17:21: a0141397.exe (ID = 245111)
17:21: a0251094.exe (ID = 302229)
17:21: a0139180.exe (ID = 269648)
17:21: a0252174.exe (ID = 302229)
17:21: a0168298.exe (ID = 269648)
17:21: maxidr[1].avi (ID = 302928)
17:21: a0250945.exe (ID = 302229)
17:21: a0250849.exe (ID = 302229)
17:22: a0170539.exe (ID = 269648)
17:22: a0173933.exe (ID = 269648)
17:22: a0250918.exe (ID = 302229)
17:22: freeprodtb.exe (ID = 305667)
17:22: a0172111.exe (ID = 269648)
17:22: maxidr[4].avi (ID = 302928)
17:22: a0251056.exe (ID = 302229)
17:22: a0168210.exe (ID = 308)
17:22: tbfp[2].avi (ID = 305667)
17:22: a0117240.exe (ID = 212831)
17:22: a0251061.exe (ID = 302229)
17:22: a0250820.exe (ID = 302229)
17:22: maxidr[2].avi (ID = 302928)
17:22: a0251047.exe (ID = 302229)
17:22: a0250996.exe (ID = 302229)
17:23: a0251116.exe (ID = 302229)
17:23: a0170517.exe (ID = 269648)
17:23: a0170896.exe (ID = 269648)
17:23: a0250872.exe (ID = 302229)
17:23: a0170618.exe (ID = 269648)
17:23: a0139311.exe (ID = 245111)
17:24: a0171425.exe (ID = 269648)
17:24: maxidr[2].avi (ID = 302928)
17:24: a0139312.exe (ID = 245110)
17:24: tbfp[1].avi (ID = 305667)
17:25: a0140352.exe (ID = 245110)
17:25: Found Adware: look2me
17:25: a0159569.dll (ID = 159)
17:25: Found Adware: zenosearchassistant
17:25: a0173481.exe (ID = 300281)
17:25: a0171526.exe (ID = 269648)
17:25: a0171528.exe (ID = 269648)
17:26: a0172397.exe (ID = 269648)
17:26: a0172398.exe (ID = 269648)
17:26: a0172399.exe (ID = 269648)
17:26: a0173816.exe (ID = 269648)
17:26: a0157502.exe (ID = 269649)
17:26: a0170994.exe (ID = 269648)
17:26: a0168270.exe (ID = 269648)
17:26: a0250976.exe (ID = 302229)
17:27: Found Adware: visfx
17:27: a0168132.exe (ID = 244295)
17:27: a0155293.exe (ID = 269649)
17:27: a0251106.exe (ID = 302229)
17:27: a0250948.exe (ID = 302229)
17:27: a0250939.exe (ID = 302229)
17:27: a0185488.exe (ID = 301241)
17:27: a0250980.exe (ID = 302229)
17:27: a0250988.exe (ID = 302229)
17:27: a0251082.exe (ID = 302229)
17:27: a0161661.exe (ID = 268840)
17:27: a0150486.exe (ID = 274033)
17:27: tbfp[1].avi (ID = 305667)
17:27: a0170735.exe (ID = 269648)
17:28: a0172377.exe (ID = 269648)
17:28: a0172378.exe (ID = 269648)
17:28: a0172379.exe (ID = 269648)
17:28: a0172380.exe (ID = 269648)
17:28: a0173989.exe (ID = 269648)
17:28: a0161597.dll (ID = 266629)
17:28: a0173489.exe (ID = 293)
17:28: a0164912.exe (ID = 266685)
17:28: a0173744.exe (ID = 269648)
17:28: a0170534.exe (ID = 269648)
17:28: a0250833.exe (ID = 302928)
17:28: Found Adware: linkmaker
17:28: a0173483.dll (ID = 255544)
17:28: a0173993.exe (ID = 269648)
17:28: a0170946.exe (ID = 269648)
17:29: a0171530.exe (ID = 269648)
17:29: a0171531.exe (ID = 269648)
17:29: a0139181.exe (ID = 269648)
17:29: a0139218.exe (ID = 269648)
17:29: a0161649.exe (ID = 270019)
17:29: a0161595.dll (ID = 266628)
17:29: a0161651.exe (ID = 253753)
17:29: a0170512.exe (ID = 269648)
17:29: a0170701.exe (ID = 269648)
17:29: a0117241.config (ID = 212361)
17:29: a0251112.exe (ID = 302229)
17:29: a0251072.exe (ID = 302229)
17:29: a0170564.exe (ID = 269648)
17:29: a0251058.exe (ID = 302229)
17:29: a0251148.exe (ID = 302229)
17:29: a0168222.exe (ID = 269648)
17:29: a0170533.exe (ID = 269648)
17:29: a0172484.exe (ID = 269648)
17:29: a0172485.exe (ID = 269648)
17:29: a0172486.exe (ID = 269648)
17:29: a0172487.exe (ID = 269648)
17:29: a0171365.exe (ID = 269648)
17:29: a0171366.exe (ID = 269648)
17:29: a0161653.exe (ID = 245111)
17:29: maxidr[6].avi (ID = 302928)
17:29: a0170608.exe (ID = 269648)
17:29: a0251039.exe (ID = 302229)
17:29: a0170985.exe (ID = 269648)
17:29: a0251051.exe (ID = 302229)
17:29: a0250982.exe (ID = 302229)
17:29: a0250837.dll (ID = 310565)
17:29: a0251036.exe (ID = 302229)
17:29: a0161656.dll (ID = 159)
17:29: a0171003.exe (ID = 269648)
17:29: a0251115.exe (ID = 302229)
17:29: a0162761.exe (ID = 269648)
17:30: a0170788.exe (ID = 269648)
17:30: a0250936.exe (ID = 302229)
17:30: a0170634.exe (ID = 269648)
17:30: a0250821.exe (ID = 305667)
17:30: a0250836.exe (ID = 305667)
17:30: a0250997.exe (ID = 302229)
17:30: a0250958.exe (ID = 302229)
17:30: a0171010.exe (ID = 269648)
17:30: a0170746.exe (ID = 269648)
17:30: a0139298.exe (ID = 212831)
17:30: a0170766.exe (ID = 269648)
17:30: a0171411.exe (ID = 269648)
17:30: a0171897.exe (ID = 269648)
17:30: a0171004.exe (ID = 269648)
17:30: a0171533.exe (ID = 269648)
17:30: a0161645.exe (ID = 270017)
17:30: a0170640.exe (ID = 269648)
17:30: a0170854.exe (ID = 269648)
17:30: a0170812.exe (ID = 269648)
17:30: a0170853.exe (ID = 269648)
17:30: a0170759.exe (ID = 269648)
17:30: a0157539.exe (ID = 245110)
17:30: a0164910.dll (ID = 266628)
17:30: a0171889.exe (ID = 269648)
17:30: a0171234.exe (ID = 269648)
17:30: a0167152.exe (ID = 269648)
17:30: a0167115.exe (ID = 269648)
17:30: a0171343.exe (ID = 269648)
17:31: a0168139.exe (ID = 185254)
17:31: a0171660.exe (ID = 269648)
17:31: a0171177.exe (ID = 269648)
17:31: a0141469.exe (ID = 270019)
17:31: a0173924.exe (ID = 269648)
17:31: a0251042.exe (ID = 302229)
17:31: a0139182.exe (ID = 269648)
17:32: a0170736.exe (ID = 269648)
17:32: a0150487.vbs (ID = 231442)
17:32: a0251014.exe (ID = 302229)
17:32: a0251096.exe (ID = 302229)
17:32: tbfp[3].avi (ID = 305667)
17:33: a0251043.exe (ID = 302229)
17:33: a0251021.exe (ID = 302229)
17:33: a0251117.exe (ID = 302229)
17:33: a0251038.exe (ID = 302229)
17:33: a0251012.exe (ID = 302229)
17:33: a0250944.exe (ID = 302229)
17:33: a0170895.exe (ID = 269648)
17:33: a0173815.exe (ID = 269648)
17:33: maxidr[4].avi (ID = 302928)
17:33: Found Adware: purityscan
17:33: installer.exe (ID = 73121)
17:33: a0173995.exe (ID = 269648)
17:33: a0170760.exe (ID = 269648)
17:33: a0171011.exe (ID = 269648)
17:33: mytoolbar.dll (ID = 310565)
17:33: a0250984.exe (ID = 302229)
17:33: a0251081.exe (ID = 302229)
17:33: a0170764.exe (ID = 269648)
17:33: a0173884.exe (ID = 269648)
17:33: a0170555.exe (ID = 269648)
17:33: a0174019.exe (ID = 269648)
17:33: a0173913.exe (ID = 269648)
17:34: a0170510.exe (ID = 269648)
17:34: a0170516.exe (ID = 269648)
17:34: maxidr[4].avi (ID = 302928)
17:34: a0170665.exe (ID = 269648)
17:34: a0173601.exe (ID = 269648)
17:34: a0170653.exe (ID = 269648)
17:34: a0174026.exe (ID = 269648)
17:34: a0250974.exe (ID = 302229)
17:34: a0156301.config (ID = 212361)
17:34: a0170737.exe (ID = 269648)
17:34: a0173837.exe (ID = 269648)
17:34: a0170673.exe (ID = 269648)
17:34: a0170755.exe (ID = 269648)
17:34: a0251006.exe (ID = 302229)
17:34: a0251078.exe (ID = 302229)
17:34: a0173505.exe (ID = 269648)
17:34: a0173805.exe (ID = 269648)
17:34: a0250950.exe (ID = 302229)
17:34: a0251089.exe (ID = 302229)
17:34: a0251111.exe (ID = 302229)
17:34: a0250935.exe (ID = 302229)
17:34: a0170523.exe (ID = 269648)
17:34: a0170697.exe (ID = 269648)
17:34: a0161654.exe (ID = 245110)
17:34: a0250963.exe (ID = 302229)
17:34: a0250933.exe (ID = 302229)
17:34: a0251139.dll (ID = 310565)
17:34: maxidr[3].avi (ID = 302928)
17:34: a0156455.exe (ID = 269649)
17:34: a0251054.exe (ID = 302229)
17:34: a0139183.exe (ID = 269648)
17:34: a0170728.exe (ID = 269648)
17:34: a0170646.exe (ID = 269648)
17:34: a0170700.exe (ID = 269648)
17:34: a0167109.exe (ID = 269648)
17:34: a0170761.exe (ID = 269648)
17:34: a0173916.exe (ID = 269648)
17:34: a0172036.exe (ID = 269648)
17:34: a0139219.exe (ID = 269648)
17:34: a0167099.exe (ID = 269648)
17:34: a0170927.exe (ID = 269648)
17:34: a0170862.exe (ID = 269648)
17:34: a0170524.exe (ID = 269648)
17:34: a0170609.exe (ID = 269648)
17:34: a0162762.exe (ID = 269648)
17:34: a0170693.exe (ID = 269648)
17:34: a0170506.exe (ID = 269648)
17:34: a0177163.dll (ID = 159)
17:34: a0159531.exe (ID = 269649)
17:34: a0139184.exe (ID = 269648)
17:34: a0168265.exe (ID = 269648)
17:34: a0171250.exe (ID = 269648)
17:35: a0171535.exe (ID = 269648)
17:35: a0171537.exe (ID = 269648)
17:35: a0171969.exe (ID = 269648)
17:35: a0170874.exe (ID = 269648)
17:35: a0173793.exe (ID = 269648)
17:35: a0170669.exe (ID = 269648)
17:35: a0173863.exe (ID = 269648)
17:35: a0162763.exe (ID = 269648)
17:35: a0170678.exe (ID = 269648)
17:35: a0170806.exe (ID = 269648)
17:35: a0170622.exe (ID = 269648)
17:35: a0170763.exe (ID = 269648)
17:35: a0168244.exe (ID = 269648)
17:35: a0173824.exe (ID = 269648)
17:35: a0161594.dll (ID = 266627)
17:35: a0168240.exe (ID = 269648)
17:35: a0170847.exe (ID = 269648)
17:35: a0167110.exe (ID = 269648)
17:35: a0162764.exe (ID = 269648)
17:35: a0172043.exe (ID = 269648)
17:35: a0172010.exe (ID = 269648)
17:35: a0172011.exe (ID = 269648)
17:35: a0172012.exe (ID = 269648)
17:35: a0172013.exe (ID = 269648)
17:35: a0170684.exe (ID = 269648)
17:35: a0170805.exe (ID = 269648)
17:35: a0170637.exe (ID = 269648)
17:35: a0170592.exe (ID = 269648)
17:35: a0168223.exe (ID = 269648)
17:35: a0184342.exe (ID = 283452)
17:35: a0168141.vbs (ID = 231442)
17:35: a0171070.exe (ID = 269648)
17:35: a0169376.exe (ID = 269648)
17:36: a0150890.exe (ID = 269649)
17:36: a0164915.exe (ID = 266682)
17:36: a0162765.exe (ID = 269648)
17:36: a0171012.exe (ID = 269648)
17:36: a0171151.exe (ID = 269648)
17:36: a0250932.exe (ID = 302229)
17:36: a0170797.exe (ID = 269648)
17:36: a0170920.exe (ID = 269648)
17:36: a0139262.exe (ID = 269648)
17:36: a0154292.exe (ID = 269649)
17:36: a0172445.exe (ID = 269648)
17:36: a0172446.exe (ID = 269648)
17:36: a0170873.exe (ID = 269648)
17:36: a0170971.exe (ID = 269648)
17:36: a0162766.exe (ID = 269648)
17:36: a0173746.exe (ID = 269648)
17:36: a0139187.exe (ID = 269648)
17:36: a0162767.exe (ID = 269648)
17:36: a0171671.exe (ID = 269648)
17:36: a0171672.exe (ID = 269648)
17:36: a0139220.exe (ID = 269648)
17:36: a0150901.exe (ID = 269649)
17:36: a0161592.dll (ID = 266686)
17:36: a0172449.exe (ID = 269648)
17:36: a0172450.exe (ID = 269648)
17:36: a0172451.exe (ID = 269648)
17:36: a0172452.exe (ID = 269648)
17:36: a0173830.exe (ID = 269648)
17:36: a0156308.exe (ID = 269649)
17:36: a0159565.exe (ID = 269649)
17:36: a0139221.exe (ID = 269648)
17:36: a0161663.exe (ID = 268995)
17:36: a0164913.dll (ID = 266684)
17:36: a0173763.exe (ID = 269648)
17:36: a0170852.exe (ID = 269648)
17:36: a0170881.exe (ID = 269648)
17:36: a0173593.exe (ID = 269648)
17:37: a0170544.exe (ID = 269648)
17:37: a0170801.exe (ID = 269648)
17:37: a0171944.exe (ID = 269648)
17:37: a0170877.exe (ID = 269648)
17:37: a0173841.exe (ID = 269648)
17:37: a0161591.exe (ID = 266685)
17:37: a0170549.exe (ID = 269648)
17:37: a0173968.exe (ID = 269648)
17:37: a0173832.exe (ID = 269648)
17:37: a0173814.exe (ID = 269648)
17:37: a0139222.exe (ID = 269648)
17:37: a0139188.exe (ID = 269648)
17:37: a0174022.exe (ID = 269648)
17:37: a0170952.exe (ID = 269648)
17:37: a0170951.exe (ID = 269648)
17:37: a0170968.exe (ID = 269648)
17:37: a0173860.exe (ID = 269648)
17:37: a0177166.dll (ID = 159)
17:37: a0172343.exe (ID = 269648)
17:37: a0148784.exe (ID = 185254)
17:37: a0168271.exe (ID = 269648)
17:37: a0162790.exe (ID = 269648)
17:37: a0170556.exe (ID = 269648)
17:37: a0173750.exe (ID = 269648)
17:37: a0139223.exe (ID = 269648)
17:37: a0168260.exe (ID = 269648)
17:37: a0250959.exe (ID = 302229)
17:37: a0161652.exe (ID = 250842)
17:37: a0162768.exe (ID = 269648)
17:37: maxidr[4].avi (ID = 302928)
17:37: a0162769.exe (ID = 269648)
17:38: a0251010.exe (ID = 302229)
17:38: a0251110.exe (ID = 302229)
17:38: a0251057.exe (ID = 302229)
17:38: a0250931.exe (ID = 302229)
17:38: a0251008.exe (ID = 302229)
17:38: a0161684.dll (ID = 159)
17:38: a0251017.exe (ID = 302229)
17:38: a0251053.exe (ID = 302229)
17:38: a0171998.exe (ID = 269648)
17:38: a0251091.exe (ID = 302229)
17:38: a0250979.exe (ID = 302229)
17:38: a0161596.dll (ID = 266684)
17:38: a0251003.exe (ID = 302229)
17:38: a0170593.exe (ID = 269648)
17:38: a0173767.exe (ID = 269648)
17:38: a0173821.exe (ID = 269648)
17:38: a0170981.exe (ID = 269648)
17:38: a0169377.exe (ID = 269648)
17:38: a0168279.exe (ID = 269648)
17:38: a0251002.exe (ID = 302229)
17:38: a0171480.exe (ID = 269648)
17:38: a0171481.exe (ID = 269648)
17:38: a0171482.exe (ID = 269648)
17:38: a0170630.exe (ID = 269648)
17:38: a0177170.dll (ID = 159)
17:38: a0171652.exe (ID = 269648)
17:38: a0171653.exe (ID = 269648)
17:38: a0171654.exe (ID = 269648)
17:38: a0174021.exe (ID = 269648)
17:38: a0173967.exe (ID = 269648)
17:38: a0170613.exe (ID = 269648)
17:38: a0162759.exe (ID = 269648)
17:38: a0170851.exe (ID = 269648)
17:38: a0170732.exe (ID = 269648)
17:38: a0170808.exe (ID = 269648)
17:38: a0170876.exe (ID = 269648)
17:38: a0170504.exe (ID = 269648)
17:38: a0174011.exe (ID = 269648)
17:38: a0174008.exe (ID = 269648)
17:38: a0170835.exe (ID = 269648)
17:38: a0150671.config (ID = 212361)
17:38: a0251044.exe (ID = 302229)
17:38: a0171293.exe (ID = 269648)
17:38: a0171294.exe (ID = 269648)
17:38: a0162770.exe (ID = 269648)
17:38: a0171970.exe (ID = 269648)
17:38: a0170579.exe (ID = 269648)
17:38: a0170682.exe (ID = 269648)
17:38: a0174018.exe (ID = 269648)
17:38: a0170765.exe (ID = 269648)
17:38: a0173975.exe (ID = 269648)
17:38: a0171990.exe (ID = 269648)
17:38: a0171243.exe (ID = 269648)
17:38: a0156300.exe (ID = 212831)
17:38: a0251005.exe (ID = 302229)
17:38: a0172128.exe (ID = 269648)
17:38: a0159574.exe (ID = 269649)
17:38: a0170721.exe (ID = 269648)
17:38: a0170668.exe (ID = 269648)
17:38: Found Adware: whenu searchbar/pricebandit
17:38: a0117210.exe (ID = 166872)
17:38: a0170548.exe (ID = 269648)
17:38: a0168224.exe (ID = 269648)
17:38: a0170741.exe (ID = 269648)
17:38: a0167103.exe (ID = 269648)
17:38: a0170718.exe (ID = 269648)
17:38: a0170513.exe (ID = 269648)
17:38: a0170922.exe (ID = 269648)
17:38: a0170601.exe (ID = 269648)
17:38: a0173817.exe (ID = 269648)
17:38: a0170947.exe (ID = 269648)
17:38: a0170868.exe (ID = 269648)
17:38: a0173806.exe (ID = 269648)
17:39: a0144765.exe (ID = 185254)
17:39: a0173810.exe (ID = 269648)
17:39: a0170875.exe (ID = 269648)
17:39: a0173886.exe (ID = 269648)
17:39: a0170525.exe (ID = 269648)
17:39: a0177172.dll (ID = 159)
17:39: a0170810.exe (ID = 269648)
17:39: a0173880.exe (ID = 269648)
17:39: a0170491.exe (ID = 269648)
17:39: a0170580.exe (ID = 269648)
17:39: a0170882.exe (ID = 269648)
17:39: a0170758.exe (ID = 269648)
17:39: a0170816.exe (ID = 269648)
17:39: a0173780.exe (ID = 269648)
17:39: a0173562.exe (ID = 269648)
17:39: a0170652.exe (ID = 269648)
17:39: a0173895.exe (ID = 269648)
17:39: a0170787.exe (ID = 269648)
17:39: a0170803.exe (ID = 269648)
17:39: a0172381.exe (ID = 269648)
17:39: a0172382.exe (ID = 269648)
17:39: a0172383.exe (ID = 269648)
17:39: a0172384.exe (ID = 269648)
17:39: a0172401.exe (ID = 269648)
17:39: a0172402.exe (ID = 269648)
17:39: a0172403.exe (ID = 269648)
17:39: a0172404.exe (ID = 269648)
17:39: a0167100.exe (ID = 269648)
17:39: a0161672.exe (ID = 268995)
17:39: a0172021.exe (ID = 269648)
17:39: a0171622.exe (ID = 269648)
17:39: a0171624.exe (ID = 269648)
17:39: a0167122.exe (ID = 269648)
17:39: a0162771.exe (ID = 269648)
17:39: a0166052.dll (ID = 159)
17:39: a0168215.exe (ID = 269648)
17:39: a0170980.exe (ID = 269648)
17:39: a0173503.exe (ID = 269648)
17:39: a0173878.exe (ID = 269648)
17:39: a0170695.exe (ID = 269648)
17:39: a0168225.exe (ID = 269648)
17:39: a0161647.exe (ID = 287152)
17:39: a0170647.exe (ID = 269648)
17:39: a0171894.exe (ID = 269648)
17:39: a0171603.exe (ID = 269648)
17:39: a0170628.exe (ID = 269648)
17:39: a0170530.exe (ID = 269648)
17:39: a0173538.exe (ID = 269648)
17:39: a0171895.exe (ID = 269648)
17:39: a0171896.exe (ID = 269648)
17:39: a0168226.exe (ID = 269648)
17:39: a0171157.exe (ID = 269648)
17:39: a0171901.exe (ID = 269648)
17:39: a0171902.exe (ID = 269648)
17:39: a0173537.exe (ID = 269648)
17:39: a0170569.exe (ID = 269648)
17:39: a0173877.exe (ID = 269648)
17:39: a0170880.exe (ID = 269648)
17:39: a0168227.exe (ID = 269648)
17:39: a0171005.exe (ID = 269648)
17:39: a0171429.exe (ID = 269648)
17:39: a0171430.exe (ID = 269648)
17:39: a0170837.exe (ID = 269648)
17:39: a0170838.exe (ID = 269648)
17:39: a0173600.exe (ID = 269648)
17:39: a0171655.exe (ID = 269648)
17:39: a0171656.exe (ID = 269648)
17:39: a0171657.exe (ID = 269648)
17:39: a0171047.exe (ID = 269648)
17:39: a0139263.exe (ID = 269648)
17:39: a0168243.exe (ID = 269648)
17:39: a0171018.exe (ID = 269648)
17:39: a0170643.exe (ID = 269648)
17:39: a0170840.exe (ID = 269648)
17:39: a0170531.exe (ID = 269648)
17:39: a0157513.exe (ID = 269649)
17:39: a0161574.exe (ID = 269649)
17:39: a0171927.exe (ID = 269648)
17:39: a0171928.exe (ID = 269648)
17:39: a0171929.exe (ID = 269648)
17:39: a0172421.exe (ID = 269648)
17:39: a0172422.exe (ID = 269648)
17:39: a0172423.exe (ID = 269648)
17:39: a0172424.exe (ID = 269648)
17:39: a0170957.exe (ID = 269648)
17:39: a0170596.exe (ID = 269648)
17:39: a0162800.exe (ID = 269648)
17:39: a0171462.exe (ID = 269648)
17:39: a0171463.exe (ID = 269648)
17:39: a0171464.exe (ID = 269648)
17:39: preuninstallhl.exe (ID = 255545)
17:39: a0170821.exe (ID = 269648)
17:40: a0171515.exe (ID = 269648)
17:40: a0139264.exe (ID = 269648)
17:40: a0251027.exe (ID = 302229)
17:40: a0170657.exe (ID = 269648)
17:40: a0170514.exe (ID = 269648)
17:40: a0170848.exe (ID = 269648)
17:40: a0170823.exe (ID = 269648)
17:40: a0171933.exe (ID = 269648)
17:40: a0171934.exe (ID = 269648)
17:40: a0171935.exe (ID = 269648)
17:40: a0171681.exe (ID = 269648)
17:40: a0139265.exe (ID = 269648)
17:40: a0171673.exe (ID = 269648)
17:40: a0171674.exe (ID = 269648)
17:40: a0170989.exe (ID = 269648)
17:40: a0172488.exe (ID = 269648)
17:40: a0172489.exe (ID = 269648)
17:40: a0172490.exe (ID = 269648)
17:40: a0172491.exe (ID = 269648)
17:40: a0167116.exe (ID = 269648)
17:40: a0171019.exe (ID = 269648)
17:40: a0171539.exe (ID = 269648)
17:40: a0171540.exe (ID = 269648)
17:40: a0168267.exe (ID = 269648)
17:40: a0173866.exe (ID = 269648)
17:40: a0171459.exe (ID = 269648)
17:40: a0167128.exe (ID = 269648)
17:40: a0171517.exe (ID = 269648)
17:40: a0171519.exe (ID = 269648)
17:40: a0171675.exe (ID = 269648)
17:40: a0173772.exe (ID = 269648)
17:40: a0170620.exe (ID = 269648)
17:40: a0173831.exe (ID = 269648)
17:40: a0172453.exe (ID = 269648)
17:40: a0172455.exe (ID = 269648)
17:40: a0172456.exe (ID = 269648)
17:40: a0171930.exe (ID = 269648)
17:40: a0171295.exe (ID = 269648)
17:40: a0171296.exe (ID = 269648)
17:40: a0168276.exe (ID = 269648)
17:41: a0168277.exe (ID = 269648)
17:41: a0139266.exe (ID = 269648)
17:41: a0162772.exe (ID = 269648)
17:41: a0172437.exe (ID = 269648)
17:41: a0172405.exe (ID = 269648)
17:41: a0172406.exe (ID = 269648)
17:41: a0172407.exe (ID = 269648)
17:41: a0171975.exe (ID = 269648)
17:41: a0171991.exe (ID = 269648)
17:41: a0139267.exe (ID = 269648)
17:41: a0172427.exe (ID = 269648)
17:41: a0170906.exe (ID = 269648)
17:41: freeprodtb.exe (ID = 305667)
17:41: a0164927.dll (ID = 159)
17:41: maxidr[2].avi (ID = 302928)
17:41: a0251073.exe (ID = 302229)
17:41: a0153022.exe (ID = 269649)
17:41: a0171167.exe (ID = 269648)
17:41: a0171452.exe (ID = 269648)
17:41: a0171168.exe (ID = 269648)
17:41: a0139227.exe (ID = 269648)
17:41: a0139189.exe (ID = 269648)
17:41: a0139228.exe (ID = 269648)
17:41: a0172351.exe (ID = 269648)
17:41: a0172352.exe (ID = 269648)
17:41: a0171863.exe (ID = 269648)
17:41: a0171864.exe (ID = 269648)
17:41: a0171865.exe (ID = 269648)
17:41: a0173511.exe (ID = 269648)
17:41: a0167095.exe (ID = 269648)
17:41: a0167117.exe (ID = 269648)
17:41: a0251033.exe (ID = 302229)
17:41: maxidr[5].avi (ID = 302928)
17:41: a0251034.exe (ID = 302229)
17:41: a0250965.exe (ID = 302229)
17:41: a0139229.exe (ID = 269648)
17:41: a0251098.exe (ID = 302229)
17:41: a0171465.exe (ID = 269648)
17:41: a0171466.exe (ID = 269648)
17:41: a0171467.exe (ID = 269648)
17:41: a0167129.exe (ID = 269648)
17:41: a0141471.dll (ID = 159)
17:42: a0172026.exe (ID = 269648)
17:42: a0172027.exe (ID = 269648)
17:42: a0141468.dll (ID = 159)
17:42: a0139190.exe (ID = 269648)
17:42: a0139230.exe (ID = 269648)
17:42: a0162801.exe (ID = 269648)
17:42: a0173812.exe (ID = 269648)
17:42: a0170804.exe (ID = 269648)
17:42: a0173766.exe (ID = 269648)
17:42: a0251020.exe (ID = 302229)
17:42: a0171959.exe (ID = 269648)
17:42: a0173864.exe (ID = 269648)
17:42: a0170619.exe (ID = 269648)
17:42: a0250973.exe (ID = 302229)
17:42: a0171305.exe (ID = 269648)
17:42: a0171306.exe (ID = 269648)
17:42: a0173764.exe (ID = 269648)
17:42: a0171498.exe (ID = 269648)
17:42: a0168211.exe (ID = 308)
17:42: a0172129.exe (ID = 269648)
17:42: a0172130.exe (ID = 269648)
17:42: a0172151.exe (ID = 269648)
17:42: a0172337.exe (ID = 269648)
17:42: a0161607.exe (ID = 269649)
17:42: a0172504.exe (ID = 269648)
17:42: a0172505.exe (ID = 269648)
17:42: a0172506.exe (ID = 269648)
17:42: a0172507.exe (ID = 269648)
17:42: a0173524.exe (ID = 269648)
17:42: a0173820.exe (ID = 269648)
17:42: a0162773.exe (ID = 269648)
17:42: a0139268.exe (ID = 269648)
17:42: a0168228.exe (ID = 269648)
17:42: a0171289.exe (ID = 269648)
17:42: a0171290.exe (ID = 269648)
17:42: a0170842.exe (ID = 269648)
17:42: a0173828.exe (ID = 269648)
17:42: a0171245.exe (ID = 269648)
17:42: a0162774.exe (ID = 269648)
17:42: a0157529.exe (ID = 269649)
17:42: a0170961.exe (ID = 269648)
17:42: a0170604.exe (ID = 269648)
17:42: a0251001.exe (ID = 302229)
17:42: a0172457.exe (ID = 269648)
17:42: a0172458.exe (ID = 269648)
17:42: a0172459.exe (ID = 269648)
17:42: a0172460.exe (ID = 269648)
17:42: a0171307.exe (ID = 269648)
17:42: a0171308.exe (ID = 269648)
17:42: a0137903.exe (ID = 212831)
17:42: a0141451.dll (ID = 159)
17:42: a0251025.exe (ID = 302229)
17:42: a0171954.exe (ID = 269648)
17:42: a0173827.exe (ID = 269648)
17:42: a0250946.exe (ID = 302229)
17:42: maxidr[5].avi (ID = 302928)
17:42: a0251086.exe (ID = 302229)
17:42: a0250987.exe (ID = 302229)
17:42: a0139231.exe (ID = 269648)
17:42: a0168278.exe (ID = 269648)
17:43: a0177167.dll (ID = 159)
17:43: a0162760.exe (ID = 269648)
17:43: a0251050.exe (ID = 302229)
17:43: a0251009.exe (ID = 302229)
17:43: a0139191.exe (ID = 269648)
17:43: a0170711.exe (ID = 269648)
17:43: a0170869.exe (ID = 269648)
17:43: a0156492.exe (ID = 269649)
17:43: a0170903.exe (ID = 269648)
17:43: a0170912.exe (ID = 269648)
17:43: a0123539.exe (ID = 244295)
17:43: a0170834.exe (ID = 269648)
17:43: a0173768.exe (ID = 269648)
17:43: a0171995.exe (ID = 269648)
17:43: a0171999.exe (ID = 269648)
17:43: a0172000.exe (ID = 269648)
17:43: a0172001.exe (ID = 269648)
17:43: a0172353.exe (ID = 269648)
17:43: a0172354.exe (ID = 269648)
17:43: a0172355.exe (ID = 269648)
17:43: a0172356.exe (ID = 269648)
17:43: a0170893.exe (ID = 269648)
17:43: a0171903.exe (ID = 269648)
17:43: a0171904.exe (ID = 269648)
17:43: maxidr[3].avi (ID = 302928)
17:43: a0170924.exe (ID = 269648)
17:43: a0171520.exe (ID = 269648)
17:43: a0171521.exe (ID = 269648)
17:43: a0171522.exe (ID = 269648)
17:43: a0139232.exe (ID = 269648)
17:43: a0251032.exe (ID = 302229)
17:43: a0251105.exe (ID = 302229)
17:43: a0139192.exe (ID = 269648)
17:43: a0170552.exe (ID = 269648)
17:43: a0170969.exe (ID = 269648)
17:43: a0173915.exe (ID = 269648)
17:43: a0139233.exe (ID = 269648)
17:43: a0170677.exe (ID = 269648)
17:43: a0168229.exe (ID = 269648)
17:43: a0171932.exe (ID = 269648)
17:43: maxidr[1].avi (ID = 302928)
17:43: a0251074.exe (ID = 302229)
17:43: a0139269.exe (ID = 269648)
17:43: a0139270.exe (ID = 269648)
17:43: a0250962.exe (ID = 302229)
17:43: a0170731.exe (ID = 269648)
17:43: a0170866.exe (ID = 269648)
17:43: a0250999.exe (ID = 302229)
17:43: a0251028.exe (ID = 302229)
17:43: a0251088.exe (ID = 302229)
17:43: a0250957.exe (ID = 302229)
17:43: a0170492.exe (ID = 269648)
17:43: a0251035.exe (ID = 302229)
17:44: a0173936.exe (ID = 269648)
17:44: a0174024.exe (ID = 269648)
17:44: a0167107.exe (ID = 269648)
17:44: a0139193.exe (ID = 269648)
17:44: a0170990.exe (ID = 269648)
17:44: a0139234.exe (ID = 269648)
17:44: a0172461.exe (ID = 269648)
17:44: a0172462.exe (ID = 269648)
17:44: a0172463.exe (ID = 269648)
17:44: a0172464.exe (ID = 269648)
17:44: a0139235.exe (ID = 269648)
17:44: a0171080.exe (ID = 269648)
17:44: a0168268.exe (ID = 269648)
17:44: a0139194.exe (ID = 269648)
17:44: a0171433.exe (ID = 269648)
17:44: a0171661.exe (ID = 269648)
17:44: a0172357.exe (ID = 269648)
17:44: a0171523.exe (ID = 269648)
17:44: a0171524.exe (ID = 269648)
17:44: a0173557.exe (ID = 269648)
17:44: a0171880.exe (ID = 269648)
17:44: a0171866.exe (ID = 269648)
17:44: a0171867.exe (ID = 269648)
17:44: a0171868.exe (ID = 269648)
17:44: a0171413.exe (ID = 269648)
17:44: a0171414.exe (ID = 269648)
17:44: a0171415.exe (ID = 269648)
17:44: a0172508.exe (ID = 269648)
17:44: a0172509.exe (ID = 269648)
17:44: a0172510.exe (ID = 269648)
17:44: a0172511.exe (ID = 269648)
17:44: a0139195.exe (ID = 269648)
17:44: a0251049.exe (ID = 302229)
17:44: a0161671.exe (ID = 269649)
17:44: a0168263.exe (ID = 269648)
17:44: a0171020.exe (ID = 269648)
17:44: a0171457.exe (ID = 269648)
17:44: a0171453.exe (ID = 269648)
17:44: a0156328.exe (ID = 269649)
17:44: a0172492.exe (ID = 269648)
17:44: a0172493.exe (ID = 269648)
17:44: a0172494.exe (ID = 269648)
17:44: a0172495.exe (ID = 269648)
17:44: a0170547.exe (ID = 269648)
17:44: a0170542.exe (ID = 269648)
17:44: a0139271.exe (ID = 269648)
17:44: a0171442.exe (ID = 269648)
17:44: a0139272.exe (ID = 269648)
17:44: a0170599.exe (ID = 269648)
17:44: a0173838.exe (ID = 269648)
17:44: a0170902.exe (ID = 269648)
17:44: a0171955.exe (ID = 269648)
17:44: a0173808.exe (ID = 269648)
17:44: Found Adware: shopathomeselect
17:44: intlib.bin (ID = 131688)
17:44: a0152981.exe (ID = 269649)
17:44: a0170615.exe (ID = 269648)
17:44: a0170809.exe (ID = 269648)
17:44: a0171658.exe (ID = 269648)
17:44: a0171659.exe (ID = 269648)
17:44: a0171666.exe (ID = 269648)
17:44: a0156353.exe (ID = 269649)
17:44: a0250993.exe (ID = 302229)
17:44: a0139196.exe (ID = 269648)
17:44: tbfp[5].avi (ID = 305667)
17:44: a0170734.exe (ID = 269648)
17:44: a0168230.exe (ID = 269648)
17:44: a0139236.exe (ID = 269648)
17:44: a0170762.exe (ID = 269648)
17:44: a0173792.exe (ID = 269648)
17:45: a0251041.exe (ID = 302229)
17:45: a0170594.exe (ID = 269648)
17:45: a0170850.exe (ID = 269648)
17:45: a0137904.config (ID = 212361)
17:45: a0168231.exe (ID = 269648)
17:45: a0172044.exe (ID = 269648)
17:45: a0172045.exe (ID = 269648)
17:45: a0172048.exe (ID = 269648)
17:45: a0172049.exe (ID = 269648)
17:45: a0170546.exe (ID = 269648)
17:45: a0173757.exe (ID = 269648)
17:45: a0139237.exe (ID = 269648)
17:45: a0174003.exe (ID = 269648)
17:45: a0171064.exe (ID = 269648)
17:45: a0162777.exe (ID = 269648)
17:45: a0170694.exe (ID = 269648)
17:45: a0170849.exe (ID = 269648)
17:45: a0173904.exe (ID = 269648)
17:45: a0168232.exe (ID = 269648)
17:45: a0170897.exe (ID = 269648)
17:45: a0173541.exe (ID = 269648)
17:45: a0173516.exe (ID = 269648)
17:45: a0173802.exe (ID = 269648)
17:45: a0173999.exe (ID = 269648)
17:45: a0173574.exe (ID = 269648)
17:45: a0171994.exe (ID = 269648)
17:45: a0173881.exe (ID = 269648)
17:45: a0171628.exe (ID = 269648)
17:45: a0171629.exe (ID = 269648)
17:45: a0171630.exe (ID = 269648)
17:45: a0171684.exe (ID = 269648)
17:45: a0168233.exe (ID = 269648)
17:45: a0171434.exe (ID = 269648)
17:45: a0171435.exe (ID = 269648)
17:45: a0171436.exe (ID = 269648)
17:45: a0173912.exe (ID = 269648)
17:45: a0170688.exe (ID = 269648)
17:45: a0174010.exe (ID = 269648)
17:45: a0170846.exe (ID = 269648)
17:45: a0168238.exe (ID = 269648)
17:45: a0172516.exe (ID = 269648)
17:45: a0171443.exe (ID = 269648)
17:45: a0139238.exe (ID = 269648)
17:45: a0173747.exe (ID = 269648)
17:45: a0173935.exe (ID = 269648)
17:45: a0139239.exe (ID = 269648)
17:45: a0172002.exe (ID = 269648)
17:45: a0172003.exe (ID = 269648)
17:45: a0172004.exe (ID = 269648)
17:45: a0172005.exe (ID = 269648)
17:45: a0139240.exe (ID = 269648)
17:45: a0171170.exe (ID = 269648)
17:45: a0171483.exe (ID = 269648)
17:45: a0171484.exe (ID = 269648)
17:45: a0171485.exe (ID = 269648)
17:45: a0146767.exe (ID = 185254)
17:45: a0139241.exe (ID = 269648)
17:45: a0171235.exe (ID = 269648)
17:45: a0251019.exe (ID = 302229)
17:45: a0172344.exe (ID = 269648)
17:45: a0171541.exe (ID = 269648)
17:45: a0171542.exe (ID = 269648)
17:45: a0171543.exe (ID = 269648)
17:45: a0141483.dll (ID = 159)
17:45: a0139242.exe (ID = 269648)
17:45: a0139243.exe (ID = 269648)
17:45: a0170943.exe (ID = 269648)
17:45: a0173769.exe (ID = 269648)
17:45: a0139197.exe (ID = 269648)
17:45: a0251119.exe (ID = 302229)
17:45: a0139244.exe (ID = 269648)
17:45: a0171021.exe (ID = 269648)
17:45: a0139198.exe (ID = 269648)
17:45: a0139273.exe (ID = 269648)
17:45: a0251075.exe (ID = 302229)
17:45: a0162791.exe (ID = 269648)
17:45: a0139245.exe (ID = 269648)
17:45: a0172520.exe (ID = 269648)
17:45: a0172521.exe (ID = 269648)
17:45: a0172522.exe (ID = 269648)
17:45: a0172523.exe (ID = 269648)
17:45: a0172496.exe (ID = 269648)
17:45: a0172497.exe (ID = 269648)
17:45: a0172498.exe (ID = 269648)
17:45: a0172499.exe (ID = 269648)
17:45: a0250989.exe (ID = 302229)
17:45: a0171049.exe (ID = 269648)
17:45: a0172114.exe (ID = 269648)
17:45: a0139246.exe (ID = 269648)
17:45: a0139247.exe (ID = 269648)
17:45: a0171631.exe (ID = 269648)
17:45: a0171632.exe (ID = 269648)
17:45: a0171633.exe (ID = 269648)
17:45: a0171389.exe (ID = 269648)
17:45: a0171390.exe (ID = 269648)
17:45: a0171391.exe (ID = 269648)
17:45: a0171152.exe (ID = 269648)
17:45: a0167098.exe (ID = 269648)
17:45: a0171022.exe (ID = 269648)
17:45: a0168234.exe (ID = 269648)
17:45: a0171692.exe (ID = 269648)
17:45: maxidr[3].avi (ID = 302928)
17:45: a0171747.exe (ID = 269648)
17:45: a0173908.exe (ID = 269648)
17:45: a0173823.exe (ID = 269648)
17:45: a0173879.exe (ID = 269648)
17:45: a0149908.exe (ID = 271320)
17:45: a0250986.exe (ID = 302229)
17:45: a0173741.exe (ID = 269648)
17:45: a0171348.exe (ID = 269648)
17:45: a0139248.exe (ID = 269648)
17:45: a0168235.exe (ID = 269648)
17:45: a0173867.exe (ID = 269648)
17:45: a0168236.exe (ID = 269648)
17:45: a0170915.exe (ID = 269648)
17:45: a0170500.exe (ID = 269648)
17:45: a0170907.exe (ID = 269648)
17:45: a0172465.exe (ID = 269648)
17:45: a0172466.exe (ID = 269648)
17:45: a0172467.exe (ID = 269648)
17:46: a0172468.exe (ID = 269648)
17:46: a0139199.exe (ID = 269648)
17:46: a0139200.exe (ID = 269648)
17:46: a0139201.exe (ID = 269648)
17:46: a0170883.exe (ID = 269648)
17:46: a0170807.exe (ID = 269648)
17:46: a0172015.exe (ID = 269648)
17:46: a0153023.exe (ID = 269649)
17:46: a0168237.exe (ID = 269648)
17:46: a0139202.exe (ID = 269648)
17:46: a0170991.exe (ID = 269648)
17:46: pf78ba.exe (ID = 268846)
17:46: a0171609.exe (ID = 269648)
17:46: a0171667.exe (ID = 269648)
17:46: a0168245.exe (ID = 269648)
17:46: a0167119.exe (ID = 269648)
17:46: a0172410.exe (ID = 269648)
17:46: a0172411.exe (ID = 269648)
17:46: a0172412.exe (ID = 269648)
17:46: a0172183.exe (ID = 269648)
17:46: a0172184.exe (ID = 269648)
17:46: a0172185.exe (ID = 269648)
17:46: a0172186.exe (ID = 269648)
17:46: a0170941.exe (ID = 269648)
17:46: a0170964.exe (ID = 269648)
17:46: a0171869.exe (ID = 269648)
17:46: a0171870.exe (ID = 269648)
17:46: a0171871.exe (ID = 269648)
17:46: a0171309.exe (ID = 269648)
17:46: a0171310.exe (ID = 269648)
17:46: a0168269.exe (ID = 269648)
17:46: a0162778.exe (ID = 269648)
17:46: a0139203.exe (ID = 269648)
17:46: a0162755.exe (ID = 304)
17:46: a0171229.exe (ID = 269648)
17:46: a0171077.exe (ID = 269648)
17:46: a0171694.exe (ID = 269648)
17:46: a0171695.exe (ID = 269648)
17:46: a0171696.exe (ID = 269648)
17:46: a0171662.exe (ID = 269648)
17:46: a0171445.exe (ID = 269648)
17:46: a0171086.exe (ID = 269648)
17:46: a0172413.exe (ID = 269648)
17:46: a0172414.exe (ID = 269648)
17:46: a0172415.exe (ID = 269648)
17:46: a0172416.exe (ID = 269648)
17:46: maxidr[6].avi (ID = 302928)
17:46: a0171491.exe (ID = 269648)
17:46: a0171492.exe (ID = 269648)
17:46: a0171493.exe (ID = 269648)
17:46: a0171544.exe (ID = 269648)
17:46: a0171545.exe (ID = 269648)
17:46: a0171546.exe (ID = 269648)
17:46: a0171612.exe (ID = 269648)
17:46: a0171613.exe (ID = 269648)
17:46: a0172469.exe (ID = 269648)
17:46: a0172470.exe (ID = 269648)
17:46: a0172471.exe (ID = 269648)
17:46: a0172472.exe (ID = 269648)
17:46: a0170793.exe (ID = 269648)
17:46: a0170692.exe (ID = 269648)
17:46: a0171872.exe (ID = 269648)
17:46: a0171873.exe (ID = 269648)
17:46: a0171936.exe (ID = 269648)
17:46: a0171937.exe (ID = 269648)
17:46: a0171939.exe (ID = 269648)
17:46: a0171416.exe (ID = 269648)
17:46: a0171417.exe (ID = 269648)
17:46: a0170997.exe (ID = 269648)
17:46: a0170879.exe (ID = 269648)
17:46: a0170756.exe (ID = 269648)
17:46: a0172187.exe (ID = 269648)
17:46: a0172188.exe (ID = 269648)
17:46: a0172189.exe (ID = 269648)
17:46: a0172190.exe (ID = 269648)
17:46: a0251108.exe (ID = 302229)
17:46: a0250953.exe (ID = 302229)
17:46: a0251048.exe (ID = 302229)
17:46: f50i.tcp (ID = 276229)
17:46: a0171065.exe (ID = 269648)
17:46: a0164911.dll (ID = 266629)
17:46: a0171138.exe (ID = 269648)
17:46: a0171446.exe (ID = 269648)
17:46: a0171698.exe (ID = 269648)
17:46: a0171699.exe (ID = 269648)
17:46: a0168241.exe (ID = 269648)
17:46: a0171700.exe (ID = 269648)
17:46: a0171701.exe (ID = 269648)
17:46: a0171702.exe (ID = 269648)
17:46: a0170502.exe (ID = 269648)
17:46: a0172524.exe (ID = 269648)
17:46: a0172525.exe (ID = 269648)
17:46: a0172526.exe (ID = 269648)
17:46: a0172527.exe (ID = 269648)
17:46: a0170945.exe (ID = 269648)
17:46: a0167120.exe (ID = 269648)
17:46: a0173991.exe (ID = 269648)
17:46: a0171420.exe (ID = 269648)
17:46: a0171421.exe (ID = 269648)
17:46: a0171664.exe (ID = 269648)
17:46: a0162779.exe (ID = 269648)
17:46: a0171392.exe (ID = 269648)
17:46: a0171394.exe (ID = 269648)
17:46: a0251103.exe (ID = 302229)
17:46: a0173778.exe (ID = 269648)
17:46: a0173871.exe (ID = 269648)
17:46: a0172528.exe (ID = 269648)
17:46: a0172529.exe (ID = 269648)
17:46: a0172530.exe (ID = 269648)
17:46: a0172531.exe (ID = 269648)
17:46: a0172532.exe (ID = 269648)
17:46: a0172533.exe (ID = 269648)
17:46: a0172534.exe (ID = 269648)
17:46: a0172535.exe (ID = 269648)
17:46: a0170878.exe (ID = 269648)
17:46: a0171096.exe (ID = 269648)
17:46: a0171097.exe (ID = 269648)
17:46: a0171251.exe (ID = 269648)
17:46: a0171081.exe (ID = 269648)
17:46: a0171153.exe (ID = 269648)
17:46: a0171311.exe (ID = 269648)
17:46: a0171312.exe (ID = 269648)
17:46: a0250985.exe (ID = 302229)
17:46: a0171084.exe (ID = 269648)
17:46: a0171078.exe (ID = 269648)
17:47: a0171395.exe (ID = 269648)
17:47: a0171703.exe (ID = 269648)
17:47: a0171704.exe (ID = 269648)
17:47: a0171705.exe (ID = 269648)
17:47: a0250941.exe (ID = 302229)
17:47: a0170992.exe (ID = 269648)
17:47: a0171098.exe (ID = 269648)
17:47: a0171099.exe (ID = 269648)
17:47: a0172536.exe (ID = 269648)
17:47: a0172537.exe (ID = 269648)
17:47: a0172538.exe (ID = 269648)
17:47: a0172539.exe (ID = 269648)
17:47: a0171028.exe (ID = 269648)
17:47: a0171082.exe (ID = 269648)
17:47: a0171029.exe (ID = 269648)
17:47: a0171140.exe (ID = 269648)
17:47: a0171178.exe (ID = 269648)
17:47: a0171179.exe (ID = 269648)
17:47: a0171056.exe (ID = 269648)
17:47: a0171030.exe (ID = 269648)
17:47: a0171154.exe (ID = 269648)
17:47: a0171180.exe (ID = 269648)
17:47: a0171181.exe (ID = 269648)
17:47: a0171182.exe (ID = 269648)
17:47: a0171183.exe (ID = 269648)
17:47: a0171252.exe (ID = 269648)
17:47: a0171706.exe (ID = 269648)
17:47: a0171707.exe (ID = 269648)
17:47: a0171708.exe (ID = 269648)
17:47: a0171184.exe (ID = 269648)
17:47: a0171185.exe (ID = 269648)
17:47: a0171634.exe (ID = 269648)
17:47: a0171635.exe (ID = 269648)
17:47: a0171636.exe (ID = 269648)
17:47: a0171104.exe (ID = 269648)
17:47: a0171253.exe (ID = 269648)
17:47: a0171254.exe (ID = 269648)
17:47: a0172500.exe (ID = 269648)
17:47: a0172501.exe (ID = 269648)
17:47: a0172502.exe (ID = 269648)
17:47: a0172503.exe (ID = 269648)
17:47: a0250975.exe (ID = 302229)
17:47: a0171329.exe (ID = 269648)
17:47: a0171330.exe (ID = 269648)
17:47: a0171141.exe (ID = 269648)
17:47: a0171881.exe (ID = 269648)
17:47: a0171132.exe (ID = 269648)
17:47: a0170747.exe (ID = 269648)
17:47: a0170864.exe (ID = 269648)
17:47: a0171709.exe (ID = 269648)
17:47: a0171710.exe (ID = 269648)
17:47: a0171711.exe (ID = 269648)
17:47: a0171255.exe (ID = 269648)
17:47: a0251118.exe (ID = 302229)
17:47: a0171712.exe (ID = 269648)
17:47: a0171713.exe (ID = 269648)
17:47: a0171714.exe (ID = 269648)
17:47: a0172473.exe (ID = 269648)
17:47: a0172474.exe (ID = 269648)
17:47: a0172475.exe (ID = 269648)
17:47: a0171331.exe (ID = 269648)
17:47: a0251065.exe (ID = 302229)
17:47: a0171349.exe (ID = 269648)
17:47: a0171350.exe (ID = 269648)
17:47: a0171715.exe (ID = 269648)
17:47: a0171716.exe (ID = 269648)
17:47: a0171717.exe (ID = 269648)
17:47: a0171189.exe (ID = 269648)
17:47: a0172540.exe (ID = 269648)
17:47: a0172541.exe (ID = 269648)
17:47: a0172542.exe (ID = 269648)
17:47: a0172543.exe (ID = 269648)
17:47: a0171190.exe (ID = 269648)
17:47: a0171191.exe (ID = 269648)
17:47: a0171142.exe (ID = 269648)
17:47: a0171192.exe (ID = 269648)
17:47: a0171031.exe (ID = 269648)
17:47: a0158532.exe (ID = 269649)
17:47: a0250942.exe (ID = 302229)
17:47: a0171945.exe (ID = 269648)
17:47: a0171973.exe (ID = 269648)
17:47: a0171718.exe (ID = 269648)
17:47: a0171719.exe (ID = 269648)
17:47: a0171720.exe (ID = 269648)
17:47: a0171721.exe (ID = 269648)
17:47: a0171722.exe (ID = 269648)
17:47: a0168220.exe (ID = 269648)
17:47: a0168221.exe (ID = 269648)
17:47: a0171637.exe (ID = 269648)
17:47: a0171638.exe (ID = 269648)
17:47: a0171639.exe (ID = 269648)
17:47: a0170959.exe (ID = 269648)
17:47: a0170861.exe (ID = 269648)
17:47: a0170625.exe (ID = 269648)
17:47: a0170498.exe (ID = 269648)
17:47: a0170509.exe (ID = 269648)
17:47: a0168239.exe (ID = 269648)
17:47: a0173589.exe (ID = 269648)
17:47: a0170667.exe (ID = 269648)
17:47: a0170582.exe (ID = 269648)
17:47: a0171956.exe (ID = 269648)
17:47: a0170781.exe (ID = 269648)
17:47: a0174020.exe (ID = 269648)
17:47: a0173520.exe (ID = 269648)
17:47: a0171313.exe (ID = 269648)
17:47: a0171314.exe (ID = 269648)
17:47: a0172544.exe (ID = 269648)
17:47: a0172545.exe (ID = 269648)
17:47: a0172546.exe (ID = 269648)
17:47: a0172547.exe (ID = 269648)
17:47: a0164909.dll (ID = 266627)
17:47: a0167106.exe (ID = 269648)
17:47: a0171400.exe (ID = 269648)
17:47: a0170953.exe (ID = 269648)
17:47: a0173986.exe (ID = 269648)
17:47: a0172548.exe (ID = 269648)
17:47: a0172549.exe (ID = 269648)
17:47: a0172550.exe (ID = 269648)
17:47: a0171725.exe (ID = 269648)
17:47: a0171726.exe (ID = 269648)
17:47: a0167108.exe (ID = 269648)
17:47: a0171746.exe (ID = 269648)
17:47: a0164916.dll (ID = 266686)
17:47: a0168264.exe (ID = 269648)
17:47: a0168242.exe (ID = 269648)
17:47: a0172552.exe (ID = 269648)
17:47: a0172553.exe (ID = 269648)
17:47: a0172554.exe (ID = 269648)
17:47: a0172555.exe (ID = 269648)
17:47: a0171640.exe (ID = 269648)
17:47: a0171641.exe (ID = 269648)
17:47: a0171642.exe (ID = 269648)
17:47: a0153114.exe (ID = 269649)
17:47: a0177168.dll (ID = 159)
17:47: a0168246.exe (ID = 269648)
17:47: a0171361.exe (ID = 269648)
17:47: a0171362.exe (ID = 269648)
17:47: a0167130.exe (ID = 269648)
17:47: a0167131.exe (ID = 269648)
17:47: a0171193.exe (ID = 269648)
17:47: a0171256.exe (ID = 269648)
17:47: a0171143.exe (ID = 269648)
17:47: a0171727.exe (ID = 269648)
17:47: a0171728.exe (ID = 269648)
17:47: a0171729.exe (ID = 269648)
17:47: a0171257.exe (ID = 269648)
17:47: a0171107.exe (ID = 269648)
17:47: a0171196.exe (ID = 269648)
17:47: a0171258.exe (ID = 269648)
17:47: a0171730.exe (ID = 269648)
17:47: a0171731.exe (ID = 269648)
17:47: a0171732.exe (ID = 269648)
17:47: a0171259.exe (ID = 269648)
17:47: a0171260.exe (ID = 269648)
17:47: a0171261.exe (ID = 269648)
17:47: a0171236.exe (ID = 269648)
17:47: a0171197.exe (ID = 269648)
17:47: a0171262.exe (ID = 269648)
17:47: a0171198.exe (ID = 269648)
17:47: a0171733.exe (ID = 269648)
17:47: a0171734.exe (ID = 269648)
17:47: a0171735.exe (ID = 269648)
17:47: a0171263.exe (ID = 269648)
17:47: a0171264.exe (ID = 269648)
17:47: a0171171.exe (ID = 269648)
17:47: a0171199.exe (ID = 269648)
17:47: a0172556.exe (ID = 269648)
17:47: a0172557.exe (ID = 269648)
17:47: a0172558.exe (ID = 269648)
17:47: a0172559.exe (ID = 269648)
17:47: a0171144.exe (ID = 269648)
17:47: a0171265.exe (ID = 269648)
17:47: a0171328.exe (ID = 269648)
17:47: a0171145.exe (ID = 269648)
17:47: a0171200.exe (ID = 269648)
17:47: a0171201.exe (ID = 269648)
17:47: a0171266.exe (ID = 269648)
17:47: a0171202.exe (ID = 269648)
17:47: a0171203.exe (ID = 269648)
17:47: a0173887.exe (ID = 269648)
17:47: a0170748.exe (ID = 269648)
17:48: a0170598.exe (ID = 269648)
17:48: a0173889.exe (ID = 269648)
17:48: a0171267.exe (ID = 269648)
17:48: a0171268.exe (ID = 269648)
17:48: a0171337.exe (ID = 269648)
17:48: a0171338.exe (ID = 269648)
17:48: a0171204.exe (ID = 269648)
17:48: a0171401.exe (ID = 269648)
17:48: a0172560.exe (ID = 269648)
17:48: a0172561.exe (ID = 269648)
17:48: a0172562.exe (ID = 269648)
17:48: a0172563.exe (ID = 269648)
17:48: a0172564.exe (ID = 269648)
17:48: a0172565.exe (ID = 269648)
17:48: a0171325.exe (ID = 269648)
17:48: a0171736.exe (ID = 269648)
17:48: a0171737.exe (ID = 269648)
17:48: a0171738.exe (ID = 269648)
17:48: a0172338.exe (ID = 269648)
17:48: a0171422.exe (ID = 269648)
17:48: a0171424.exe (ID = 269648)
17:48: a0171850.exe (ID = 269648)
17:48: a0172568.exe (ID = 269648)
17:48: a0172569.exe (ID = 269648)
17:48: a0172572.exe (ID = 269648)
17:48: a0172573.exe (ID = 269648)

#10 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 16 June 2006 - 12:35 PM

Logfile of HijackThis v1.99.1
Scan saved at 18:35:50, on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\mActiveX.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\TClock\TClock.exe
C:\Program Files\WinZip\WINZIP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Win643] C:\mActiveX.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.241:8000/Java/cfs31235.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#11 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 16 June 2006 - 12:39 PM

heres the online scan log http://rapidshare.de/files/23240542/gdhjgf.txt.html it was too many characters too post normally

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 16 June 2006 - 01:02 PM

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

============================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKLM\..\Run: [Win643] C:\mActiveX.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\mActiveX.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system


Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

============================

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 –k

O4 - HKLM\..\Run: [Win643] C:\mActiveX.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\mActiveX.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 17 June 2006 - 06:57 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:55:13, on 17/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Online Services\Use MSN Explorer to sign up for Internet Access (US only).exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josh\My Documents\Unzipped\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.241:8000/Java/cfs31235.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



it all worked apart from one of the temp files didn't delete it said it was being used by another program or person.

you put the insructions twice was that just a mistake?

oh and i keep getting spy sweeper popping up saying targetsaver was detected running in memory would you like to run a sweep to remove this threat

Edited by the trooper2, 17 June 2006 - 06:59 AM.


#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 17 June 2006 - 09:45 AM

Did you let Spysweeper remove it??

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HJT – mark them, close IE, click fix checked

O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll

O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\ToolBar888

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 the trooper2

the trooper2
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 18 June 2006 - 05:32 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:31:32, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TClock\TClock.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Azureus\wUninstall.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Josh\My Documents\Unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with TrueSpeed Download Manager - C:\Program Files\TrueSpeed\DBooster.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://66.252.20.241:8000/Java/cfs31235.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://www.livemetallica.com/nugster/dlControl.CAB
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


it all worked but again one of the files wouldn't delete

thanks for helping me :thumbsup:


oh and i'm running a sweep now to remove targetsaver




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users