Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comp Freezes Often Help If U Dare!


  • Please log in to reply
16 replies to this topic

#1 Ironbrandon

Ironbrandon

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 02 July 2006 - 04:17 AM

:thumbsup: Logfile of HijackThis v1.99.1
Scan saved at 12:18:03 AM, on 7/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\dcomcfg.exe
C:\WINDOWS\System32\atmclk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Brandon.BRANDON-F63A3WW\Desktop\Skins\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\PROGRA~1\BPK\bpkwb.dll
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp101.tmp
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [bootloader] C:\WINDOWS\bootload.exe
O4 - HKLM\..\Run: [MalwareWipe] C:\Program Files\MalwareWipe\MalwareWipe.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146192252015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

BC AdBot (Login to Remove)

 


#2 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 02 July 2006 - 06:14 AM

:thumbsup: REALLY?!!! THANKS!! I loved when bf2 exits and the comp restarts 15 times before I can load up the desktop. I guess i should jus*Pop up* just wait till the comp is no longer able to go onto forums for help.
lol doesn't matter tho. jk lol
help me please.
:flowers:

#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 02 July 2006 - 10:42 AM

You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

==========================================

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
=========================================

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 11 July 2006 - 11:15 AM

OK my comp has been horrible since I last posted. I usually can't even get it on past the logon screen without it freezing. I managed to get some free anti virus software but I'm sure im not clean. I keep freezing up all the time when i try to open anything. The SmitFraud thing doesn't do anything when i open it up. The Spysweeper always gets an error at the start up and I have to delete it under processes before it freezes the comp. When I go into safe mode, the smitfraud is gone. Idk what to do now I can get on the internet but I can't do anything without it freezing. I got so many processes running I think somthing must be wrong with it. I was also wondering if the freezing up has somthing to do with the settings of the processor and everything that you can mess around with when u go to the settings at the startup. ok well I couldn't get the smitfraud thing posted but I managed to run spysweeper once, and got Zone alarm(free version). I can't upgrade to service pack 2 either. could that be a problem. Ive tried updating for a long time but Iv'e always got an error. heres my log. Idk what else i should do now.






Logfile of HijackThis v1.99.1
Scan saved at 12:07:57 PM, on 7/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
X:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brandon.BRANDON-F63A3WW\Desktop\Skins\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\System32\hp101.tmp (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] X:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146192252015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

:thumbsup:
Idk what to do with all my free time!!! no COMPUTER = Depression.

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 11 July 2006 - 02:45 PM

Make sure you extracted smitfraud's FOLDER to the desktop - it should have 7 or 8 files in it

Try running spysweeper in safe mode
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 12 July 2006 - 07:10 PM

pressing f8 wouldn't get me into safe mode so i did it through typin msconfig in "run". :thumbsup:
I ransmit fraud. heres me rapport.

SmitFraudFix v2.69

Scan done at 18:05:28.20, Wed 07/12/2006
Run from C:\Documents and Settings\Brandon.BRANDON-F63A3WW\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


And my new log file.

I think my processor is going extra slow for some reason.

Logfile of HijackThis v1.99.1
Scan saved at 7:55:55 PM, on 7/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\cleanmgr.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Brandon.BRANDON-F63A3WW\Desktop\Skins\HijackThis.exe

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Zone Labs Client] X:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146192252015
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_D..._Non_Member.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks for the help... really :flowers:

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 July 2006 - 10:38 AM

You have not posted the SpySweeper log

Fix this with HJT – mark it, close IE, click fix checked

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

With that gone the log should be clean

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 13 July 2006 - 01:13 PM

Please tell me why my processor says 1.09 GHZ and it used to be like 1.7 when i went to properties on my comp. Its using up 100 percent and theres a lot of new processes running now that i got those anti spyware programs. What should i do to make it not use up 100 percent of its usage all the time.

heres the sweep log.


********
12:11 PM: | Start of Session, Thursday, July 13, 2006 |
12:11 PM: Spy Sweeper started
12:11 PM: Sweep initiated using definitions version 717
12:11 PM: Starting Memory Sweep
12:14 PM: Memory Sweep Complete, Elapsed Time: 00:03:13
12:14 PM: Starting Registry Sweep
12:14 PM: Found Trojan Horse: trojan-downloader-zlob
12:14 PM: HKCR\avzipenchancer.chl\ (2 subtraces) (ID = 1530184)
12:14 PM: HKLM\software\classes\avzipenchancer.chl\ (2 subtraces) (ID = 1530187)
12:14 PM: Registry Sweep Complete, Elapsed Time:00:00:16
12:14 PM: Starting Cookie Sweep
12:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:14 PM: Starting File Sweep
12:37 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:52 PM: File Sweep Complete, Elapsed Time: 00:38:14
12:52 PM: Full Sweep has completed. Elapsed time 00:41:52
12:52 PM: Traces Found: 6
12:59 PM: Removal process initiated
12:59 PM: Quarantining All Traces: trojan-downloader-zlob
12:59 PM: Removal process completed. Elapsed time 00:00:00
1:00 PM: Deletion from quarantine initiated
1:00 PM: Processing: trojan-downloader-zlob
1:00 PM: Deletion from quarantine completed. Elapsed time 00:00:00
2:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
2:07 PM: IE Tracking Cookies Shield: Removed atwola cookie
2:07 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
2:08 PM: Processing Startup Alerts
2:08 PM: Removed Startup entry: MicrosoftAntiSpywareCleaner
2:08 PM: Processing Startup Alerts
2:08 PM: Removed Startup entry: MMTray
********
12:06 PM: | Start of Session, Thursday, July 13, 2006 |
12:06 PM: Spy Sweeper started
12:06 PM: Sweep initiated using definitions version 717
12:06 PM: Found Trojan Horse: trojan-downloader-zlob
12:06 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zipcodec\ || uninstallstring (ID = 1530347)
12:06 PM: uninst.exe (ID = 1530347)
12:06 PM: IE Tracking Cookies Shield: Removed tacoda cookie
12:06 PM: Starting Memory Sweep
12:08 PM: Sweep Canceled
12:08 PM: Memory Sweep Complete, Elapsed Time: 00:01:30
12:08 PM: Traces Found: 2
12:08 PM: Removal process initiated
12:08 PM: Quarantining All Traces: trojan-downloader-zlob
12:08 PM: Removal process completed. Elapsed time 00:00:01
12:11 PM: | End of Session, Thursday, July 13, 2006 |
********
6:08 PM: | Start of Session, Wednesday, July 12, 2006 |
6:08 PM: Spy Sweeper started
6:08 PM: Sweep initiated using definitions version 556
6:08 PM: Starting Memory Sweep
6:11 PM: Memory Sweep Complete, Elapsed Time: 00:02:53
6:11 PM: Starting Registry Sweep
7:10 PM: Registry Sweep Complete, Elapsed Time:00:59:34
7:10 PM: Warning: Access is denied
7:10 PM: Starting Cookie Sweep
7:10 PM: Found Spy Cookie: websponsors cookie
7:10 PM: administrator@a.websponsors[2].txt (ID = 3665)
7:10 PM: Found Spy Cookie: 2o7.net cookie
7:10 PM: brandon@2o7[2].txt (ID = 1957)
7:10 PM: Found Spy Cookie: yieldmanager cookie
7:10 PM: brandon@ad.yieldmanager[1].txt (ID = 3751)
7:10 PM: Found Spy Cookie: adtech cookie
7:10 PM: brandon@adtech[2].txt (ID = 2155)
7:10 PM: Found Spy Cookie: falkag cookie
7:10 PM: brandon@as-eu.falkag[1].txt (ID = 2650)
7:10 PM: Found Spy Cookie: atwola cookie
7:10 PM: brandon@atwola[1].txt (ID = 2255)
7:10 PM: Found Spy Cookie: banners cookie
7:10 PM: brandon@banners[1].txt (ID = 2282)
7:11 PM: Found Spy Cookie: bravenet cookie
7:11 PM: brandon@bravenet[1].txt (ID = 2322)
7:11 PM: Found Spy Cookie: casalemedia cookie
7:11 PM: brandon@casalemedia[2].txt (ID = 2354)
7:11 PM: Found Spy Cookie: clickzs cookie
7:11 PM: brandon@cz5.clickzs[2].txt (ID = 2413)
7:11 PM: Found Spy Cookie: webtrends cookie
7:11 PM: brandon@m.webtrends[2].txt (ID = 3669)
7:11 PM: brandon@microsofteup.112.2o7[1].txt (ID = 1958)
7:11 PM: Found Spy Cookie: realmedia cookie
7:11 PM: brandon@realmedia[1].txt (ID = 3235)
7:11 PM: Found Spy Cookie: revenue.net cookie
7:11 PM: brandon@revenue[2].txt (ID = 3257)
7:11 PM: Found Spy Cookie: statcounter cookie
7:11 PM: brandon@statcounter[2].txt (ID = 3447)
7:11 PM: Found Spy Cookie: trafficmp cookie
7:11 PM: brandon@trafficmp[1].txt (ID = 3581)
7:11 PM: Found Spy Cookie: weborama cookie
7:11 PM: brandon@weborama[1].txt (ID = 3658)
7:11 PM: Found Spy Cookie: zedo cookie
7:11 PM: brandon@zedo[2].txt (ID = 3762)
7:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:18
7:11 PM: Starting File Sweep
7:53 PM: Sweep Canceled
7:53 PM: File Sweep Complete, Elapsed Time: 00:41:36
7:53 PM: Traces Found: 18
7:53 PM: Removal process initiated
7:53 PM: Quarantining All Traces: websponsors cookie
7:53 PM: Quarantining All Traces: 2o7.net cookie
7:53 PM: Quarantining All Traces: yieldmanager cookie
7:53 PM: Quarantining All Traces: adtech cookie
7:53 PM: Quarantining All Traces: falkag cookie
7:53 PM: Quarantining All Traces: atwola cookie
7:53 PM: Quarantining All Traces: banners cookie
7:53 PM: Quarantining All Traces: bravenet cookie
7:53 PM: Quarantining All Traces: casalemedia cookie
7:53 PM: Quarantining All Traces: clickzs cookie
7:53 PM: Quarantining All Traces: webtrends cookie
7:53 PM: Quarantining All Traces: realmedia cookie
7:53 PM: Quarantining All Traces: revenue.net cookie
7:53 PM: Quarantining All Traces: statcounter cookie
7:53 PM: Quarantining All Traces: trafficmp cookie
7:53 PM: Quarantining All Traces: weborama cookie
7:53 PM: Quarantining All Traces: zedo cookie
7:53 PM: Removal process completed. Elapsed time 00:00:38
7:54 PM: Deletion from quarantine initiated
7:54 PM: Processing: realmedia cookie
7:54 PM: Processing: atwola cookie
7:54 PM: Processing: banners cookie
7:54 PM: Processing: websponsors cookie
7:54 PM: Processing: clickzs cookie
7:54 PM: Processing: casalemedia cookie
7:54 PM: Processing: yieldmanager cookie
7:54 PM: Processing: bravenet cookie
7:54 PM: Processing: webtrends cookie
7:54 PM: Processing: weborama cookie
7:54 PM: Processing: falkag cookie
7:54 PM: Processing: trafficmp cookie
7:54 PM: Processing: 2o7.net cookie
7:54 PM: Processing: revenue.net cookie
7:54 PM: Processing: statcounter cookie
7:54 PM: Processing: adtech cookie
7:54 PM: Processing: zedo cookie
7:54 PM: Deletion from quarantine completed. Elapsed time 00:00:00
12:04 PM: IE Tracking Cookies Shield: Removed yieldmanager cookie
12:04 PM: IE Tracking Cookies Shield: Removed casalemedia cookie
12:04 PM: IE Tracking Cookies Shield: Removed webtrends cookie
12:04 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:04 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
12:04 PM: IE Tracking Cookies Shield: Removed realmedia cookie
12:04 PM: IE Tracking Cookies Shield: Removed questionmarket cookie
12:04 PM: IE Tracking Cookies Shield: Removed realmedia cookie
12:04 PM: IE Tracking Cookies Shield: Removed serving-sys cookie
12:04 PM: IE Tracking Cookies Shield: Removed tribalfusion cookie
12:04 PM: Messenger service has been disabled.
12:05 PM: Your spyware definitions have been updated.
12:06 PM: Processing Startup Alerts
12:06 PM: Removed Startup entry: QuickTime Task
12:06 PM: Removed Startup entry: CursorXP
12:06 PM: Removed Startup entry: AIM
12:06 PM: | End of Session, Thursday, July 13, 2006 |
********
4:02 PM: | Start of Session, Sunday, July 02, 2006 |
4:02 PM: Spy Sweeper started
4:02 PM: Sweep initiated using definitions version 711
4:02 PM: Found Trojan Horse: trojan-downloader-zlob
4:02 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
4:02 PM: atmclk.exe (ID = 1052560)
4:02 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1351224)
4:02 PM: regperf.exe (ID = 1351224)
4:02 PM: Starting Memory Sweep
4:02 PM: Found System Monitor: perfect keylogger
4:02 PM: Detected running threat: C:\PROGRA~1\BPK\bpkwb.dll (ID = 72425)
4:05 PM: Detected running threat: C:\Program Files\BPK\bpkwb.dll (ID = 72425)
4:10 PM: Found Adware: spyware quake fakealert
4:10 PM: Detected running threat: C:\WINDOWS\system32\guxxa.dll (ID = 317962)
4:11 PM: Memory Sweep Complete, Elapsed Time: 00:08:57
4:11 PM: Starting Registry Sweep
4:11 PM: HKCR\clsid\{1e1b2879-88ff-11d3-8d96-d7acac95951a}\ (11 subtraces) (ID = 136695)
4:11 PM: HKCR\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a}\ (8 subtraces) (ID = 136696)
4:11 PM: HKCR\pk.ie.1\ (3 subtraces) (ID = 136697)
4:11 PM: HKCR\pk.ie\ (5 subtraces) (ID = 136698)
4:11 PM: HKLM\software\classes\clsid\{1e1b2879-88ff-11d3-8d96-d7acac95951a}\ (11 subtraces) (ID = 136702)
4:11 PM: HKLM\software\classes\interface\{1e1b2878-88ff-11d3-8d96-d7acac95951a}\ (8 subtraces) (ID = 136703)
4:11 PM: HKLM\software\classes\pk.ie.1\ (3 subtraces) (ID = 136704)
4:11 PM: HKLM\software\classes\pk.ie\ (5 subtraces) (ID = 136705)
4:11 PM: HKLM\software\classes\typelib\{1e1b286c-88ff-11d3-8d96-d7acac95951a}\ (9 subtraces) (ID = 136706)
4:11 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{1e1b2879-88ff-11d3-8d96-d7acac95951a}\ (1 subtraces) (ID = 136708)
4:11 PM: HKCR\typelib\{1e1b286c-88ff-11d3-8d96-d7acac95951a}\ (9 subtraces) (ID = 136714)
4:12 PM: Found Adware: winad
4:12 PM: HKCR\appid\mediagateway.exe\ (1 subtraces) (ID = 359541)
4:12 PM: HKLM\software\classes\appid\mediagateway.exe\ (1 subtraces) (ID = 359543)
4:12 PM: Found Adware: security2k hijacker
4:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
4:12 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
4:12 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
4:12 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
4:12 PM: Found Adware: security toolbar
4:12 PM: HKLM\software\microsoft\windows\currentversion\uninstall\security toolbar\ (2 subtraces) (ID = 1035010)
4:12 PM: Found Adware: spyware quake
4:12 PM: HKCR\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}\ (20 subtraces) (ID = 1218826)
4:12 PM: HKLM\software\classes\clsid\{5b55c4e3-c179-ba0b-b4fd-f2db862d6202}\ (20 subtraces) (ID = 1218857)
4:12 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 1497178)
4:12 PM: Found Adware: popuper
4:12 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || dcomcfg.exe (ID = 1497181)
4:12 PM: HKCR\typelib\{9163b40f-fed6-4b74-a4b2-b73b24e8b0e6}\ (9 subtraces) (ID = 1516833)
4:12 PM: HKLM\software\classes\typelib\{9163b40f-fed6-4b74-a4b2-b73b24e8b0e6}\ (9 subtraces) (ID = 1516866)
4:12 PM: HKCR\vsenchancer.chl\ (2 subtraces) (ID = 1519747)
4:12 PM: HKLM\software\classes\vsenchancer.chl\ (2 subtraces) (ID = 1519792)
4:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {af3fd9a8-1287-4159-9212-9a5b4494af70} (ID = 1522791)
4:12 PM: HKU\S-1-5-21-1214440339-1960408961-725345543-1004\software\classes\clsid\{af3fd9a8-1287-4159-9212-9a5b4494af70}\ (3 subtraces) (ID = 1522072)
4:12 PM: Registry Sweep Complete, Elapsed Time:00:00:31
4:12 PM: Starting Cookie Sweep
4:12 PM: Found Spy Cookie: 2o7.net cookie
4:12 PM: brandon@112.2o7[2].txt (ID = 1958)
4:12 PM: brandon@2o7[2].txt (ID = 1957)
4:12 PM: Found Spy Cookie: 80503492 cookie
4:12 PM: brandon@80503492[1].txt (ID = 2013)
4:12 PM: Found Spy Cookie: 888 cookie
4:12 PM: brandon@888[1].txt (ID = 2019)
4:12 PM: brandon@888[2].txt (ID = 2019)
4:12 PM: Found Spy Cookie: about cookie
4:12 PM: brandon@about[2].txt (ID = 2037)
4:12 PM: Found Spy Cookie: yieldmanager cookie
4:12 PM: brandon@ad.yieldmanager[2].txt (ID = 3751)
4:12 PM: Found Spy Cookie: adecn cookie
4:12 PM: brandon@adecn[2].txt (ID = 2063)
4:12 PM: Found Spy Cookie: adknowledge cookie
4:12 PM: brandon@adknowledge[2].txt (ID = 2072)
4:12 PM: Found Spy Cookie: specificclick.com cookie
4:12 PM: brandon@adopt.specificclick[2].txt (ID = 3400)
4:12 PM: Found Spy Cookie: adrevolver cookie
4:12 PM: brandon@adrevolver[1].txt (ID = 2088)
4:12 PM: brandon@adrevolver[2].txt (ID = 2088)
4:12 PM: Found Spy Cookie: addynamix cookie
4:12 PM: brandon@ads.addynamix[1].txt (ID = 2062)
4:12 PM: Found Spy Cookie: pointroll cookie
4:12 PM: brandon@ads.pointroll[1].txt (ID = 3148)
4:12 PM: Found Spy Cookie: adtech cookie
4:12 PM: brandon@adtech[2].txt (ID = 2155)
4:12 PM: Found Spy Cookie: tacoda cookie
4:12 PM: brandon@anad.tacoda[1].txt (ID = 6445)
4:12 PM: brandon@anat.tacoda[1].txt (ID = 6445)
4:12 PM: Found Spy Cookie: apmebf cookie
4:12 PM: brandon@apmebf[2].txt (ID = 2229)
4:12 PM: Found Spy Cookie: ask cookie
4:12 PM: brandon@ask[1].txt (ID = 2245)
4:12 PM: Found Spy Cookie: atwola cookie
4:12 PM: brandon@atwola[1].txt (ID = 2255)
4:12 PM: Found Spy Cookie: belnk cookie
4:12 PM: brandon@belnk[2].txt (ID = 2292)
4:12 PM: Found Spy Cookie: bluestreak cookie
4:12 PM: brandon@bluestreak[1].txt (ID = 2314)
4:12 PM: Found Spy Cookie: burstnet cookie
4:12 PM: brandon@burstnet[2].txt (ID = 2336)
4:12 PM: Found Spy Cookie: casalemedia cookie
4:12 PM: brandon@casalemedia[2].txt (ID = 2354)
4:12 PM: Found Spy Cookie: cassava cookie
4:12 PM: brandon@cassava[1].txt (ID = 2362)
4:12 PM: brandon@columbusoh.about[1].txt (ID = 2038)
4:12 PM: Found Spy Cookie: clickzs cookie
4:12 PM: brandon@cz11.clickzs[2].txt (ID = 2413)
4:12 PM: brandon@dist.belnk[2].txt (ID = 2293)
4:12 PM: Found Spy Cookie: ru4 cookie
4:12 PM: brandon@edge.ru4[1].txt (ID = 3269)
4:12 PM: brandon@experts.about[2].txt (ID = 2038)
4:12 PM: Found Spy Cookie: gamespy cookie
4:12 PM: brandon@gamespy[1].txt (ID = 2719)
4:12 PM: Found Spy Cookie: herfirstanalsex cookie
4:12 PM: brandon@herfirstanalsex[2].txt (ID = 2769)
4:12 PM: Found Spy Cookie: clickandtrack cookie
4:12 PM: brandon@hits.clickandtrack[2].txt (ID = 2397)
4:12 PM: Found Spy Cookie: domainsponsor cookie
4:12 PM: brandon@landing.domainsponsor[1].txt (ID = 2535)
4:12 PM: Found Spy Cookie: webtrends cookie
4:12 PM: brandon@m.webtrends[1].txt (ID = 3669)
4:12 PM: Found Spy Cookie: malwarewipe cookie
4:12 PM: brandon@malwarewipe[1].txt (ID = 6467)
4:12 PM: brandon@maxim.122.2o7[1].txt (ID = 1958)
4:12 PM: Found Spy Cookie: maxserving cookie
4:12 PM: brandon@maxserving[2].txt (ID = 2966)
4:12 PM: Found Spy Cookie: mygeek cookie
4:12 PM: brandon@mygeek[1].txt (ID = 3041)
4:12 PM: Found Spy Cookie: realmedia cookie
4:12 PM: brandon@network.realmedia[1].txt (ID = 3236)
4:12 PM: Found Spy Cookie: offeroptimizer cookie
4:12 PM: brandon@offeroptimizer[2].txt (ID = 3087)
4:12 PM: Found Spy Cookie: overture cookie
4:12 PM: brandon@overture[1].txt (ID = 3105)
4:12 PM: Found Spy Cookie: paycounter cookie
4:12 PM: brandon@paycounter[2].txt (ID = 3115)
4:12 PM: brandon@pcworld.about[1].txt (ID = 2038)
4:12 PM: Found Spy Cookie: qksrv cookie
4:12 PM: brandon@qksrv[2].txt (ID = 3213)
4:12 PM: Found Spy Cookie: questionmarket cookie
4:12 PM: brandon@questionmarket[1].txt (ID = 3217)
4:12 PM: brandon@realmedia[1].txt (ID = 3235)
4:12 PM: Found Spy Cookie: adjuggler cookie
4:12 PM: brandon@rotator.adjuggler[1].txt (ID = 2071)
4:12 PM: Found Spy Cookie: server.iad.liveperson cookie
4:12 PM: brandon@server.iad.liveperson[1].txt (ID = 3341)
4:12 PM: Found Spy Cookie: serving-sys cookie
4:12 PM: brandon@serving-sys[2].txt (ID = 3343)
4:12 PM: Found Spy Cookie: statcounter cookie
4:12 PM: brandon@statcounter[2].txt (ID = 3447)
4:12 PM: brandon@tacoda[1].txt (ID = 6444)
4:12 PM: Found Spy Cookie: tradedoubler cookie
4:12 PM: brandon@tradedoubler[1].txt (ID = 3575)
4:12 PM: Found Spy Cookie: trafficmp cookie
4:12 PM: brandon@trafficmp[1].txt (ID = 3581)
4:12 PM: Found Spy Cookie: tribalfusion cookie
4:12 PM: brandon@tribalfusion[2].txt (ID = 3589)
4:12 PM: Found Spy Cookie: tripod cookie
4:12 PM: brandon@tripod[1].txt (ID = 3591)
4:12 PM: brandon@www.888[1].txt (ID = 2020)
4:12 PM: brandon@www.burstnet[1].txt (ID = 2337)
4:12 PM: Found Spy Cookie: stopzilla cookie
4:12 PM: brandon@www.stopzilla[2].txt (ID = 3466)
4:12 PM: Found Spy Cookie: xiti cookie
4:12 PM: brandon@xiti[1].txt (ID = 3717)
4:12 PM: Found Spy Cookie: yadro cookie
4:12 PM: brandon@yadro[1].txt (ID = 3743)
4:12 PM: Found Spy Cookie: zedo cookie
4:12 PM: brandon@zedo[1].txt (ID = 3762)
4:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:13
4:12 PM: Starting File Sweep
4:15 PM: c:\program files\bpk (22 subtraces) (ID = -2147480476)
4:15 PM: Found Adware: networkessentials
4:15 PM: c:\program files\support software (ID = -2147480532)
4:15 PM: Found Adware: bullguard popup ad
4:15 PM: c:\windows\temp\bullguard (ID = -2147476409)
4:15 PM: Found Adware: webhancer
4:15 PM: c:\program files\whinstall (2 subtraces) (ID = -2147480064)
4:15 PM: Found Adware: 180search assistant/zango
4:15 PM: c:\windows\system32\fleok (ID = -2147480556)
4:15 PM: c:\program files\security toolbar (2 subtraces) (ID = -2147462697)
4:15 PM: c:\program files\spywarequake.com (3 subtraces) (ID = -2147450807)
4:15 PM: Found Adware: findwhatevernow toolbar
4:15 PM: c:\program files\externalicons (ID = -2147480981)
4:15 PM: ldff35.tmp (ID = 317619)
4:16 PM: Found Adware: shopathomeselect
4:16 PM: 935155f1-0480-45d8-b196-1fd8dc (ID = 75611)
4:16 PM: Found Adware: targetsaver
4:16 PM: tsupdate[3].ini (ID = 78279)
4:16 PM: tsupdate[4].ini (ID = 78279)
4:16 PM: tsupdate[2].ini (ID = 78279)
4:16 PM: Found Adware: golden palace casino
4:16 PM: continue golden palace casino setup.lnk (ID = 61885)
4:16 PM: Found Adware: websearch toolbar
4:16 PM: conflict.cab (ID = 84685)
4:17 PM: conflict.inf (ID = 84686)
4:17 PM: Found Adware: elitebar
4:17 PM: 272833218.dll (ID = 59982)
4:17 PM: Found Adware: hungryhands
4:17 PM: acsproxystub.exe (ID = 62542)
4:17 PM: 71229c2a-a75c-48a9-a18e-131e35 (ID = 90430)
4:19 PM: tsupdate[1].ini (ID = 78279)
4:19 PM: Found Adware: ieplugin
4:19 PM: desktop toolbar (ID = 63344)
4:20 PM: spyware-quake.exe (ID = 315742)
4:20 PM: conflict.cab (ID = 84685)
4:20 PM: Found Adware: directrevenue-abetterinternet
4:20 PM: randreco.exe (ID = 83452)
4:21 PM: conflict.inf (ID = 84686)
4:21 PM: Found Adware: gain - common components
4:21 PM: fsg.exe (ID = 61353)
4:23 PM: farmmext.cab (ID = 83277)
4:23 PM: Found Adware: lopdotcom
4:23 PM: fbe49f14.exe (ID = 121)
4:23 PM: preinstaller.exe (ID = 70589)
4:24 PM: ts_8_new.exe (ID = 78282)
4:24 PM: comver.dll (ID = 111424)
4:25 PM: wtoolsp[1].cab (ID = 87680)
4:25 PM: bpkhk.dll (ID = 72412)
4:25 PM: Found Adware: purityscan
4:25 PM: mediatickets.exe (ID = 73150)
4:25 PM: bpkr.exe (ID = 208281)
4:26 PM: exzlznmq.exe (ID = 304)
4:26 PM: backup-20050107-041741-974.inf (ID = 73158)
4:27 PM: glf1f3glf1f3.exe (ID = 78282)
4:27 PM: desktop toolbar (ID = 63344)
4:27 PM: wekglhik.exe (ID = 304)
4:27 PM: yeuvigim.exe (ID = 304)
4:27 PM: run.exe (ID = 75862)
4:28 PM: dlmax.cab (ID = 83261)
4:29 PM: dlmax.cab (ID = 83261)
4:29 PM: Found Adware: mindset interactive - favoriteman
4:29 PM: setup_powersearch_mindset_p1.exe (ID = 69863)
4:31 PM: license.txt (ID = 72462)
4:32 PM: fbfc1289.exe (ID = 121)
4:32 PM: Found Adware: ebates money maker
4:32 PM: mmaker4b.exe (ID = 59685)
4:33 PM: inst.bin (ID = 72431)
4:34 PM: Found Adware: webrebates
4:34 PM: webr.exe (ID = 83926)
4:35 PM: Found Adware: look2me
4:35 PM: bw2.com (ID = 65722)
4:36 PM: glfe0glfe0.exe (ID = 78282)
4:36 PM: Found Adware: marketscore
4:36 PM: osic.tmp (ID = 185507)
4:37 PM: bpkun.exe (ID = 72420)
4:38 PM: bundleinstaller.exe (ID = 269312)
4:39 PM: f62edf46.exe (ID = 121)
4:39 PM: Found Trojan Horse: trojan agent winlogonhook
4:39 PM: cli83.tmp (ID = 301531)
4:40 PM: glf14glf14.exe (ID = 78282)
4:42 PM: bpk.chm (ID = 208279)
4:43 PM: Found Adware: blazefind
4:43 PM: senh.exe (ID = 51490)
4:44 PM: tsinstall_4_0_3_8_b17.exe (ID = 78267)
4:49 PM: ldca7e.tmp (ID = 304743)
4:51 PM: guxxa.dll (ID = 317962)
4:52 PM: bpkvw.exe (ID = 72422)
4:57 PM: vocabulary (ID = 78283)
4:58 PM: 251b17d5-30b9-43fb-87b2-9c22ba (ID = 107546)
4:59 PM: class-barrel (ID = 78229)
4:59 PM: b9f3a3aa-14e9-49cb-97cf-4071c0 (ID = 119317)
5:03 PM: bpki.dll (ID = 72415)
5:03 PM: Found Adware: linkmaker
5:03 PM: b7aa1.tmp (ID = 304397)
5:04 PM: bpk.exe (ID = 208280)
5:04 PM: Found Trojan Horse: trojan-downloader-aux
5:04 PM: win87.tmp.exe (ID = 282640)
5:05 PM: Found Trojan Horse: trojan-downloader-errlook
5:05 PM: win8d.tmp.exe (ID = 283245)
5:05 PM: Found Adware: cws_adslim
5:05 PM: win95.tmp.exe (ID = 302473)
5:07 PM: Found Adware: trust cleaner
5:07 PM: wschtm35.dll (ID = 305322)
5:07 PM: Found Adware: surfsidekick
5:07 PM: sskupdater3.exe (ID = 303011)
5:10 PM: i_bpk2003.exe (ID = 208278)
5:10 PM: jiub5f27y.hhy (ID = 276229)
5:11 PM: BHO Shield: found: -- BHO installation denied at user request
5:12 PM: Found Trojan Horse: trojan-dropper-joiner
5:12 PM: pre.exe (ID = 300247)
5:13 PM: i9e.tmp (ID = 253411)
5:14 PM: bpkwb.dll (ID = 72425)
5:16 PM: Found Adware: e2g
5:16 PM: nein.exe (ID = 293584)
5:16 PM: Found Trojan Horse: trojan-downloader-ac2
5:16 PM: ac2_0004.exe (ID = 273770)
5:16 PM: !update.exe (ID = 296574)
5:16 PM: Found Adware: clkoptimizer
5:16 PM: f1442000.exe (ID = 268995)
5:16 PM: !update.exe (ID = 296574)
5:16 PM: nqprm.dat (ID = 268995)
5:17 PM: Found Trojan Horse: trojan downloader matcash
5:17 PM: v.tmp (ID = 255142)
5:17 PM: bundleinstall.exe (ID = 268834)
5:17 PM: rk.bin (ID = 235981)
5:17 PM: srsvc.exe (ID = 304262)
5:17 PM: f966546.exe (ID = 268995)
5:17 PM: farmmext.ini (ID = 83282)
5:18 PM: affupdate[3].ini (ID = 78227)
5:18 PM: affupdate[1].ini (ID = 78227)
5:18 PM: affupdate[2].ini (ID = 78227)
5:18 PM: polmx2.inf (ID = 83430)
5:18 PM: affupdate[1].ini (ID = 78227)
5:18 PM: uninstall.bat (ID = 202688)
5:18 PM: Found Adware: twain-tech
5:18 PM: multimpp.inf (ID = 81828)
5:18 PM: belt.inf (ID = 83154)
5:18 PM: belt.ini (ID = 83156)
5:18 PM: polmx3.inf (ID = 81859)
5:18 PM: farmmext.inf (ID = 83281)
5:18 PM: mxtarget.inf (ID = 81843)
5:18 PM: mxtarget.inf (ID = 81843)
5:18 PM: Found Adware: wildmedia
5:18 PM: y (ID = 88414)
5:18 PM: dlmax.inf (ID = 83267)
5:18 PM: dlmax.inf (ID = 83267)
5:18 PM: downloads.url (ID = 72428)
5:18 PM: order.url (ID = 72469)
5:19 PM: Found Adware: azsearch toolbar
5:19 PM: azesearch.inf (ID = 50329)
5:21 PM: Warning: Failed to open file "x:\av voice changer diamond 4.0.54.exe". Access is denied
5:22 PM: File Sweep Complete, Elapsed Time: 01:10:08
5:22 PM: Full Sweep has completed. Elapsed time 01:19:53
5:22 PM: Traces Found: 384
5:26 PM: Removal process initiated
5:27 PM: Quarantining All Traces: 180search assistant/zango
5:27 PM: Quarantining All Traces: clkoptimizer
5:27 PM: Quarantining All Traces: directrevenue-abetterinternet
5:27 PM: Quarantining All Traces: elitebar
5:27 PM: Quarantining All Traces: look2me
5:27 PM: Quarantining All Traces: lopdotcom
5:27 PM: Quarantining All Traces: perfect keylogger
5:28 PM: perfect keylogger is in use. It will be removed on reboot.
5:28 PM: bpkwb.dll is in use. It will be removed on reboot.
5:28 PM: C:\PROGRA~1\BPK\bpkwb.dll is in use. It will be removed on reboot.
5:28 PM: C:\Program Files\BPK\bpkwb.dll is in use. It will be removed on reboot.
5:28 PM: Quarantining All Traces: popuper
5:28 PM: Quarantining All Traces: purityscan
5:28 PM: Quarantining All Traces: security2k hijacker
5:28 PM: Quarantining All Traces: spyware quake fakealert
5:28 PM: spyware quake fakealert is in use. It will be removed on reboot.
5:28 PM: guxxa.dll is in use. It will be removed on reboot.
5:28 PM: Quarantining All Traces: trojan agent winlogonhook
5:28 PM: Quarantining All Traces: trojan downloader matcash
5:28 PM: Quarantining All Traces: trojan-downloader-ac2
5:28 PM: Quarantining All Traces: trojan-downloader-zlob
5:28 PM: trojan-downloader-zlob is in use. It will be removed on reboot.
5:28 PM: atmclk.exe is in use. It will be removed on reboot.
5:28 PM: Quarantining All Traces: websearch toolbar
5:28 PM: Quarantining All Traces: wildmedia
5:28 PM: Quarantining All Traces: azsearch toolbar
5:28 PM: Quarantining All Traces: blazefind
5:28 PM: Quarantining All Traces: cws_adslim
5:28 PM: Quarantining All Traces: e2g
5:28 PM: Quarantining All Traces: findwhatevernow toolbar
5:28 PM: Quarantining All Traces: linkmaker
5:28 PM: Quarantining All Traces: marketscore
5:28 PM: Quarantining All Traces: mindset interactive - favoriteman
5:28 PM: Quarantining All Traces: shopathomeselect
5:28 PM: Quarantining All Traces: surfsidekick
5:28 PM: Quarantining All Traces: targetsaver
5:28 PM: Quarantining All Traces: trojan-downloader-aux
5:28 PM: Quarantining All Traces: trojan-downloader-errlook
5:28 PM: Quarantining All Traces: trojan-dropper-joiner
5:28 PM: Quarantining All Traces: trust cleaner
5:28 PM: Quarantining All Traces: winad
5:28 PM: Quarantining All Traces: bullguard popup ad
5:28 PM: Quarantining All Traces: ebates money maker
5:28 PM: Quarantining All Traces: golden palace casino
5:28 PM: Quarantining All Traces: hungryhands
5:28 PM: Quarantining All Traces: ieplugin
5:29 PM: Quarantining All Traces: networkessentials
5:29 PM: Quarantining All Traces: security toolbar
5:29 PM: Quarantining All Traces: spyware quake
5:29 PM: Quarantining All Traces: twain-tech
5:29 PM: Quarantining All Traces: webhancer
5:29 PM: Quarantining All Traces: webrebates
5:29 PM: Quarantining All Traces: 2o7.net cookie
5:29 PM: Quarantining All Traces: 80503492 cookie
5:29 PM: Quarantining All Traces: 888 cookie
5:29 PM: Quarantining All Traces: about cookie
5:29 PM: Quarantining All Traces: addynamix cookie
5:29 PM: Quarantining All Traces: adecn cookie
5:29 PM: Quarantining All Traces: adjuggler cookie
5:29 PM: Quarantining All Traces: adknowledge cookie
5:29 PM: Quarantining All Traces: adrevolver cookie
5:29 PM: Quarantining All Traces: adtech cookie
5:29 PM: Quarantining All Traces: apmebf cookie
5:29 PM: Quarantining All Traces: ask cookie
5:29 PM: Quarantining All Traces: atwola cookie
5:29 PM: Quarantining All Traces: belnk cookie
5:29 PM: Quarantining All Traces: bluestreak cookie
5:29 PM: Quarantining All Traces: burstnet cookie
5:29 PM: Quarantining All Traces: casalemedia cookie
5:29 PM: Quarantining All Traces: cassava cookie
5:29 PM: Quarantining All Traces: clickandtrack cookie
5:29 PM: Quarantining All Traces: clickzs cookie
5:29 PM: Quarantining All Traces: domainsponsor cookie
5:29 PM: Quarantining All Traces: gain - common components
5:29 PM: Quarantining All Traces: gamespy cookie
5:29 PM: Quarantining All Traces: herfirstanalsex cookie
5:29 PM: Quarantining All Traces: malwarewipe cookie
5:29 PM: Quarantining All Traces: maxserving cookie
5:29 PM: Quarantining All Traces: mygeek cookie
5:29 PM: Quarantining All Traces: offeroptimizer cookie
5:29 PM: Quarantining All Traces: overture cookie
5:29 PM: Quarantining All Traces: paycounter cookie
5:29 PM: Quarantining All Traces: pointroll cookie
5:29 PM: Quarantining All Traces: qksrv cookie
5:29 PM: Quarantining All Traces: questionmarket cookie
5:29 PM: Quarantining All Traces: realmedia cookie
5:29 PM: Quarantining All Traces: ru4 cookie
5:29 PM: Quarantining All Traces: server.iad.liveperson cookie
5:29 PM: Quarantining All Traces: serving-sys cookie
5:29 PM: Quarantining All Traces: specificclick.com cookie
5:29 PM: Quarantining All Traces: statcounter cookie
5:29 PM: Quarantining All Traces: stopzilla cookie
5:29 PM: Quarantining All Traces: tacoda cookie
5:29 PM: Quarantining All Traces: tradedoubler cookie
5:29 PM: Quarantining All Traces: trafficmp cookie
5:29 PM: Quarantining All Traces: tribalfusion cookie
5:29 PM: Quarantining All Traces: tripod cookie
5:29 PM: Quarantining All Traces: webtrends cookie
5:29 PM: Quarantining All Traces: xiti cookie
5:29 PM: Quarantining All Traces: yadro cookie
5:29 PM: Quarantining All Traces: yieldmanager cookie
5:29 PM: Quarantining All Traces: zedo cookie
5:30 PM: Removal process completed. Elapsed time 00:03:40
9:09 PM: Processing Startup Alerts
9:09 PM: Removed Startup entry: AIM
6:07 PM: Program Version 4.5.9 (Build 709) Using Spyware Definitions 556
6:08 PM: | End of Session, Wednesday, July 12, 2006 |
********
4:01 PM: | Start of Session, Sunday, July 02, 2006 |
4:01 PM: Spy Sweeper started
4:02 PM: Your spyware definitions have been updated.
4:02 PM: | End of Session, Sunday, July 02, 2006 |

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 July 2006 - 02:16 PM

With all of those Run Spysweeper again - you were loaded!

How much memory do you have

Get all of these and/or verify you have the current versions

SpywareBlaster 3.5.1 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS Windows Defender - http://www.microsoft.com/downloads/details...;displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS Defender (W2k/XP) and Spybot, fixing anything they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize

Check for updates and run weekly
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 13 July 2006 - 02:51 PM

i need service pack 2. I ordered the cd because Ive tried plenty of times to do the update but it gets an error every time. I can't install the defender without sp2! I wish i cud get it help me install it some other way than the update if possible! :thumbsup:

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 July 2006 - 03:07 PM

No SP2 until you are clean - Run SpySweeper again
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 13 July 2006 - 03:24 PM

in safe mode? or normal?
is there a p2p program that isn't loaded with spyware? I had Ares light b4 and some the k++ i tried doesn't connect.

#13 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 13 July 2006 - 03:56 PM

Normal

I would not trust any of them, its not always the program but what you DL
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#14 Ironbrandon

Ironbrandon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:46 AM

Posted 18 July 2006 - 02:16 AM

Spywaresweeper kept finding stuff. it must regenerate somehow. well the trial is over anyhow.

#15 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 18 July 2006 - 06:44 PM

You need to post a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users