Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hyjackthis Log


  • This topic is locked This topic is locked
21 replies to this topic

#1 vinsta19

vinsta19

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 12 September 2006 - 06:05 PM

Here is my hyjackthis log, i am getting pop ups and i think it is because of spyware on my computer.


Logfile of HijackThis v1.99.1
Scan saved at 5:59:59 PM, on 9/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1124666244\ee\AOLHostManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1124666244\ee\AOLServiceHost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1124666244\ee\AOLHostManager.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 AM

Posted 14 September 2006 - 02:44 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run from a temp directory.
  • Download and run the HijackThis autoinstall program
  • Please choose the default location of C:\Program Files as the destination.
  • Run the program only from that location from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.
Once you have Hijackthis running from this folder, please reboot and post a new hijackthis log as a reply in this thread.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 September 2006 - 03:53 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:49:40 PM, on 9/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\AOL\1124666244\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1124666244\ee\AOLServiceHost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\AOL\1124666244\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe"
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 AM

Posted 18 September 2006 - 04:49 PM

I need to see a different type of log from Hijackthis
  • Run Hijackthis.
  • Click on "Open the Misc Tools section".
  • Next click on "Open uninstall manager".
  • Press the button 'save list'. It will open a Notepad file.
  • Place the content of that file here in your in your next reply.
==========


Also I need to see a more detailed log.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 September 2006 - 10:28 PM

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Reader 7.0.7
AOL Explorer
AOL Instant Messenger
AOL Toolbar 2.0
Apple Software Update
ATI Control Panel
ATI Display Driver
BigFix
CC_ccProxyExt
ccCommon
ccPxyCore
Conexant AC-Link Audio
Counter-Strike: Source
Dell Photo AIO Printer 922
Full Tilt Poker
GdiplusUpgrade
Hijackthis 1.99.1
HijackThis 1.99.1
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
InterActual Player
Internet Worm Protection
iPod for Windows 2005-10-12
iPod for Windows 2006-01-10
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_08
Learn2 Player (Uninstall Only)
LimeWire 4.10.9
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2005
Microsoft Office Professional Edition 2003
Microsoft Picture It! Premium 10
Microsoft Works
MSN
MSRedist
Nero BurnRights
Nero OEM
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
PowerDVD
Quake 4™
QuickTime
RealPlayer Basic
Recovery Software Suite Gateway
RollerCoaster Tycoon 3
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Soft Data Fax Modem with SmartCP
SPBBC
SpeechRedist
Spy Sweeper
Spyware Cleaner 1.0.5
Steam™
Symantec
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Who Wants To Be A Millionaire
Who Wants To Be A Millionaire Sports Edition
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Yahoo! Toolbar
Yahoo! Widget Engine
Yahoo! Widget Engine

#6 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 18 September 2006 - 10:36 PM

Owner - 06-09-18 22:28:40.32 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Owner\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))


2006-08-22 15:19 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-18 22:24 -------- d-------- C:\Program Files\Hijackthis
2006-09-18 22:18 -------- d-------- C:\Program Files\Common Files
2006-09-18 21:58 -------- d-------- C:\Program Files\Steam
2006-09-18 16:48 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-18 11:57 -------- d-------- C:\Program Files\PartyPoker
2006-09-15 13:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\ourTunes
2006-09-13 11:39 -------- d-------- C:\Program Files\AIM
2006-09-13 11:38 -------- d-------- C:\Program Files\AOL
2006-09-13 11:38 -------- d-------- C:\Program Files\AOD
2006-09-12 18:42 -------- d-------- C:\Program Files\iTunes
2006-09-12 18:42 -------- d-------- C:\Program Files\iPod
2006-09-12 18:39 -------- d-------- C:\Program Files\QuickTime
2006-09-12 18:31 -------- d-------- C:\Program Files\Apple Software Update
2006-09-11 11:44 -------- d-------- C:\Program Files\Java
2006-09-11 01:02 -------- d-------- C:\Program Files\Full Tilt Poker
2006-09-04 17:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-02 15:40 -------- d-------- C:\Program Files\Gluz
2006-09-02 15:39 -------- d-------- C:\Program Files\Aquatica Azure
2006-08-31 16:17 -------- d-------- C:\Program Files\The Weather Channel FW
2006-08-31 16:10 -------- d-------- C:\Program Files\Yahoo!
2006-08-22 15:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\Atari
2006-08-22 15:14 -------- d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-08-22 15:04 -------- d-------- C:\Program Files\Atari
2006-08-21 20:50 -------- d-------- C:\Program Files\Norton Internet Security
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 21:40 -------- d-------- C:\Program Files\Internet Explorer
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-06-22 00:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-22 00:06 1435648 --a------ C:\WINDOWS\system32\query.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\DLBTtime.dll,_RunDLLEntry@16"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"Symantec NetDriver Monitor"="\"C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe\" /Consumer"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPEnh"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"SynTPLpr"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\j2re1.4.2_08\\bin\\jusched.exe\""
"VVSN"="C:\\Program Files\\VVSN\\VVSN.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"MyWebSearch bar Uninstall"="rundll32 C:\\PROGRA~1\\UNINST~1.DLL,O -2"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,84,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"_NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\AOL\\1124666244\\ee\\AOLHostManager.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Mon 09/18/2006 22:30:01.89
ComboFix.txt

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 AM

Posted 19 September 2006 - 09:41 AM

Please click Start -> Control Panel -> Add/Remove Programs and uninstall these programs:

Java 2 Runtime Environment, SE v1.4.2_08
LimeWire 4.10.9
Viewpoint Media Player



The current version of Java can be downloaded from http://java.sun.com/javase/downloads/index.jsp Scroll down the page to 'Java Runtime Environment (JRE) 5.0 Update 8' and press the 'Download' button. On the new web page, click the 'Accept License Agreement' button. Then select 'Windows Offline Installation, Multi-language' in the Windows Platform area just below the Accept button.



============



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 September 2006 - 11:56 AM

Hello,

I have uninstalled the 3 programs you have listed for me to do. When i run that panda scan i try to d/l the activeX and i get thisw error message -

The page cannot be refreshed without resending the information. Click Retry to send info. again ,or click Cancel to return to the page you are trying to view.

ALso when i click retry it continues and it wil lallow me to install the panda scan but it never fully completes, the percentage bar goes up to like 53% and stops, i have let it go for 2 hours and still at 53%.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 AM

Posted 20 September 2006 - 05:27 PM

Panda can be buggy for some people. Are you still getting popups?

Open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 September 2006 - 10:58 PM

10:46 PM: Removal process completed. Elapsed time 00:00:01
10:46 PM: Quarantining All Traces: questionmarket cookie
10:46 PM: Quarantining All Traces: mediaplex cookie
10:46 PM: Quarantining All Traces: webtrends cookie
10:46 PM: Quarantining All Traces: ru4 cookie
10:46 PM: Quarantining All Traces: atwola cookie
10:46 PM: Quarantining All Traces: atlas dmt cookie
10:46 PM: Quarantining All Traces: advertising cookie
10:46 PM: Quarantining All Traces: 2o7.net cookie
10:46 PM: Quarantining All Traces: whenu savenow
10:46 PM: Removal process initiated
10:45 PM: Traces Found: 9
10:45 PM: Full Sweep has completed. Elapsed time 00:17:56
10:45 PM: File Sweep Complete, Elapsed Time: 00:16:16
10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@advertising[1].txt". The operation completed successfully
10:29 PM: Starting File Sweep
10:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:29 PM: c:\documents and settings\owner\cookies\owner@questionmarket[2].txt (ID = 3217)
10:29 PM: Found Spy Cookie: questionmarket cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@mediaplex[1].txt (ID = 6442)
10:29 PM: Found Spy Cookie: mediaplex cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@m.webtrends[1].txt (ID = 3669)
10:29 PM: Found Spy Cookie: webtrends cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@edge.ru4[2].txt (ID = 3269)
10:29 PM: Found Spy Cookie: ru4 cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
10:29 PM: Found Spy Cookie: atwola cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
10:29 PM: Found Spy Cookie: atlas dmt cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@advertising[1].txt (ID = 2175)
10:29 PM: Found Spy Cookie: advertising cookie
10:29 PM: c:\documents and settings\owner\cookies\owner@2o7[1].txt (ID = 1957)
10:29 PM: Found Spy Cookie: 2o7.net cookie
10:29 PM: Starting Cookie Sweep
10:29 PM: Registry Sweep Complete, Elapsed Time:00:00:12
10:29 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
10:29 PM: Found Adware: whenu savenow
10:29 PM: Starting Registry Sweep
10:29 PM: Memory Sweep Complete, Elapsed Time: 00:01:23
10:27 PM: Starting Memory Sweep
10:27 PM: Sweep initiated using definitions version 744
10:27 PM: Spy Sweeper 5.0.5.1286 started
10:27 PM: | Start of Session, Wednesday, September 20, 2006 |
********
10:27 PM: | End of Session, Wednesday, September 20, 2006 |
9:58 PM: Definitions cannot be updated because subscription has expired.
9:58 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:39 PM: Shield States
9:39 PM: Spyware Definitions: 744
9:39 PM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
9:37 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
9:36 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:32 PM: Shield States
9:32 PM: Spyware Definitions: 744
9:31 PM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
7:38 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
7:38 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:39 AM: Shield States
11:39 AM: Spyware Definitions: 744
11:38 AM: Spy Sweeper 5.0.5.1286 started
A system shutdown is in progress
12:48 AM: Warning: System Error. Code: 1115.
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
12:48 AM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
12:48 AM: Tamper Detection
9:57 PM: Definitions cannot be updated because subscription has expired.
9:57 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:44 PM: Shield States
3:44 PM: Spyware Definitions: 744
3:44 PM: Spy Sweeper 5.0.5.1286 started
Operation: File Access
Target:
Source: C:\PROGRA~1\NORTON~2\NAVW32.EXE
12:38 AM: Tamper Detection
Operation: File Access
Target:
Source: C:\WINDOWS\SYSTEM32\CLEANMGR.EXE
11:29 PM: Tamper Detection
10:35 PM: Removal process completed. Elapsed time 00:00:02
10:35 PM: Quarantining All Traces: burstnet cookie
10:35 PM: Quarantining All Traces: burstbeacon cookie
10:35 PM: Quarantining All Traces: tribalfusion cookie
10:35 PM: Quarantining All Traces: questionmarket cookie
10:35 PM: Quarantining All Traces: partypoker cookie
10:35 PM: Quarantining All Traces: nextag cookie
10:35 PM: Quarantining All Traces: mediaplex cookie
10:35 PM: Quarantining All Traces: clickbank cookie
10:35 PM: Quarantining All Traces: atwola cookie
10:35 PM: Quarantining All Traces: atlas dmt cookie
10:35 PM: Quarantining All Traces: tacoda cookie
10:35 PM: Quarantining All Traces: advertising cookie
10:35 PM: Quarantining All Traces: adtech cookie
10:35 PM: Quarantining All Traces: pointroll cookie
10:35 PM: Quarantining All Traces: yieldmanager cookie
10:35 PM: Quarantining All Traces: 2o7.net cookie
10:35 PM: Quarantining All Traces: whenu savenow
10:35 PM: Removal process initiated
10:34 PM: Traces Found: 18
10:34 PM: Full Sweep has completed. Elapsed time 00:13:27
10:34 PM: File Sweep Complete, Elapsed Time: 00:11:29
10:32 PM: Warning: Unable to sweep compressed file: "c:\windows\temp\gtb45.tmp.cab": File not found
10:32 PM: Warning: Unable to sweep compressed file: "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\0d2bshuz\manifest[1].cab": File not found
10:32 PM: Warning: Failed to read file "c:\windows\temp\cs278e467f-dde9-4647-9f9d-eeab1076ac48.tmp". "c:\windows\temp\cs278e467f-dde9-4647-9f9d-eeab1076ac48.tmp": File not found
10:32 PM: Warning: Failed to read file "c:\windows\temp\cs2d3ebdc9-51b5-4526-9121-e55d9a661b61.tmp". "c:\windows\temp\cs2d3ebdc9-51b5-4526-9121-e55d9a661b61.tmp": File not found
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\qtsession$1privelegedaction.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\macdoquit.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\jdirect\soundlib.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\jdirect\quicktimevrlib.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\jdirect\qtstreaminglib.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\jdirect\primitiveslib.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\jdirect\interfacelib.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\jdirect\carboncorelib.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\io\qtioexception.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\io\openmoviefile.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\io\openfile.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\app\view\qtjcomponent.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\app\spaces\space.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\app\display\qtdrawable.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\quicktime\app\anim\spriteinvalidexception.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\com\apple\mrj\macos\carbon\timer$1deferrer.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\aawtmp\c6431968\16c2f4\com\apple\mrj\macos\carbon\eventlooptimerclosureupp.class". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\servic001.log". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\servic000.log". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cio_ndcs.log". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\_istmp1.dir\_istmp0.dir\value.shl". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs278e467f-dde9-4647-9f9d-eeab1076ac48.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs5d95935e-2752-4c7b-b373-9b0269c3b177.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csfc277faf-68a4-4de3-acd1-94ef035ff7d8.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs684d2000-0d01-4803-a4a0-c01cd059979b.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs5d05c824-bda1-41a8-98e6-62c82e8ed2a2.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs2d3ebdc9-51b5-4526-9121-e55d9a661b61.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csb7b5dfa1-14a0-4d65-adc5-620ee70bd896.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs3e47db19-cd44-4b38-ab88-2b02828f4f07.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\gtb45.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs22b5bef1-892d-4ab3-92ba-d8ec844d58e0.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\x-click-but21[2].gif". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\canxk8is.htm". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\answers[1].gif". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_924[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_923[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1690[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_922[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_921[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_920[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_919[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_918[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_917[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_916[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_915[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_914[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_913[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_912[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_909[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_908[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_907[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_906[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_905[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3462[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1670[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_902[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_901[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3460[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_900[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3452[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_380[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3450[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_130[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_120[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3442[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_2930[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3440[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_2413[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1900[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_2410[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3432[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_1640[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_360[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3430[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_3322[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_100[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_2810[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3320[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3312[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_2400[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3422[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_2800[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_1630[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3420[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_92[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1520[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_240[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3310[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3412[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_3820[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_1620[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_340[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1003[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_1002[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1001[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_3410[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_3302[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1510[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3300[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3810[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_80[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_1504[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3402[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1502[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_1500[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_220[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1610[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_219[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_3400[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3800[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_211[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_210[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_2120[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_2510[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_70[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_205[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_2500[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1220[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_3010[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1600[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1210[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_3000[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1200[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_320[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_937[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_936[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_935[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3390[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_934[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_2110[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_933[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_932[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_931[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_930[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_929[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_60[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_928[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_927[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_926[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_925[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3382[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3380[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_50[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_304[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_302[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3372[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_300[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_3370[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sd0xqnm9\appid_904[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_903[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\670lcr6h\appid_40[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3362[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1313[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3360[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_30[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_7[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_1309[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\sp09s7mx\appid_1306[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\0jcvof0n\appid_3352[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\cookies\owner@mapquest[1].txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\sx3vsjvl\frmp-bg-savedclose[1].png". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs382807c2-3830-421a-a681-1f84d8e03257.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\e1a3uhy9\cw-bg-toplftcnr[1].gif". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs925f0fef-c1bf-40af-bb4a-726b493077c8.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs082e0a26-b22d-4c62-b8f2-ead16bd196fb.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\e1a3uhy9\cagt6jwh.htm". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs0a522ec6-15a8-4424-abca-52991a073924.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs9c530518-fcbc-40b0-a130-001cc3cd503b.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\is8f.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs8f358e1b-fea5-47be-9b54-a34341357e65.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs9eb22659-46c0-4da7-bad9-f27d7bdc1f15.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csc90a6dda-575e-4c6b-b81f-675f5aab23e1.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csb7c6d9e1-5e90-40ea-b589-1d3a725a5674.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs25f4272d-5d58-4193-9e3f-9a536b8630bf.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csf13c34e8-e345-4064-8798-02919c5ba9a9.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs42a94a48-9541-4e63-8111-29120be4d989.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csb578eb88-2473-488a-86cc-8665307bf85b.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs43cbfbfd-993e-4264-bbbd-2e016eb3801c.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\csdd38c919-41b5-4821-97d7-4ecef952bbf7.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs5f253c4a-d544-4e67-89b5-c40a84548760.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs1eb8f6b6-688c-4311-beae-deacaa765b95.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\sx3vsjvl\confirm[1].js". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs3629c398-fab1-4e66-9545-8de25bfb4817.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs4b4de9a0-7edb-4727-ba15-7f77e114f7a9.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs3289922d-50ea-470c-a0d9-758544303544.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\cs0fa5765b-6f5b-449b-b6ee-6358570cd53e.tmp". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\windows\temp\rstavrbt_succeeded.txt". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\qidr9p5c\answers[1].gif". The operation completed successfully
10:32 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary directory 1 for hijackthis.zip\hijackthis.exe:zone.identifier". The operation completed successfully
10:31 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\documents and settings\owner\local settings\temp\temporary directory 1 for hijackthis.zip\hijackthis.exe". "c:\documents and settings\owner\local settings\temp\temporary directory 1 for hijackthis.zip\hijackthis.exe": File not found
10:31 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\documents and settings\owner\local settings\temp\autodl%3fbundleid=10380_b19770de.exe". "c:\documents and settings\owner\local settings\temp\autodl%3fbundleid=10380_b19770de.exe": File not found
10:31 PM: Warning: Failed to read file "c:\windows\temp\glf84.exe". "c:\windows\temp\glf84.exe": File not found
10:30 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\windows\temp\qtinstallerhelper.dll". "c:\windows\temp\qtinstallerhelper.dll": File not found
10:23 PM: Starting File Sweep
10:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
10:23 PM: c:\documents and settings\owner\cookies\owner@www.burstnet[2].txt (ID = 2337)
10:23 PM: Found Spy Cookie: burstnet cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@www.burstbeacon[1].txt (ID = 2335)
10:23 PM: Found Spy Cookie: burstbeacon cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@tribalfusion[2].txt (ID = 3589)
10:23 PM: Found Spy Cookie: tribalfusion cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@tacoda[2].txt (ID = 6444)
10:23 PM: c:\documents and settings\owner\cookies\owner@questionmarket[2].txt (ID = 3217)
10:23 PM: Found Spy Cookie: questionmarket cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@partypoker[1].txt (ID = 3111)
10:23 PM: Found Spy Cookie: partypoker cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@nextag[2].txt (ID = 5014)
10:23 PM: Found Spy Cookie: nextag cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@mediaplex[2].txt (ID = 6442)
10:23 PM: Found Spy Cookie: mediaplex cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@clickbank[1].txt (ID = 2398)
10:23 PM: Found Spy Cookie: clickbank cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
10:23 PM: Found Spy Cookie: atwola cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
10:23 PM: Found Spy Cookie: atlas dmt cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@anad.tacoda[2].txt (ID = 6445)
10:23 PM: Found Spy Cookie: tacoda cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@advertising[2].txt (ID = 2175)
10:23 PM: Found Spy Cookie: advertising cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@adtech[2].txt (ID = 2155)
10:23 PM: Found Spy Cookie: adtech cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@ads.pointroll[2].txt (ID = 3148)
10:23 PM: Found Spy Cookie: pointroll cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@ad.yieldmanager[1].txt (ID = 3751)
10:23 PM: Found Spy Cookie: yieldmanager cookie
10:23 PM: c:\documents and settings\owner\cookies\owner@2o7[2].txt (ID = 1957)
10:23 PM: Found Spy Cookie: 2o7.net cookie
10:22 PM: Starting Cookie Sweep
10:22 PM: Registry Sweep Complete, Elapsed Time:00:00:12
10:22 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
10:22 PM: Found Adware: whenu savenow
10:22 PM: Starting Registry Sweep
10:22 PM: Memory Sweep Complete, Elapsed Time: 00:01:40
10:21 PM: Starting Memory Sweep
10:21 PM: Sweep initiated using definitions version 744
10:21 PM: Spy Sweeper 5.0.5.1286 started
10:21 PM: | Start of Session, Monday, September 18, 2006 |
********
10:21 PM: | End of Session, Monday, September 18, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:18 PM: Shield States
10:18 PM: Spyware Definitions: 744
10:18 PM: Spy Sweeper 5.0.5.1286 started
9:57 PM: Definitions cannot be updated because subscription has expired.
9:57 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:54 PM: Shield States
9:54 PM: Spyware Definitions: 744
9:53 PM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
9:40 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
9:40 PM: Tamper Detection
5:27 PM: IE Favorites Shield: Entry Allowed: http://www.cstrike-planet.com/forum/showth...20367#post20367
5:27 PM: IE Favorites Shield: Entry Allowed: http://www.cstrike-planet.com/forum/showth...20367#post20367
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:51 AM: Shield States
11:51 AM: Spyware Definitions: 744
11:51 AM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
10:25 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
10:25 PM: Tamper Detection
9:43 PM: Definitions cannot be updated because subscription has expired.
9:42 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:42 PM: Shield States
9:42 PM: Spyware Definitions: 744
9:41 PM: Spy Sweeper 5.0.5.1286 started
A system shutdown is in progress
11:28 PM: Warning: System Error. Code: 1115.
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
11:28 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
11:27 PM: Tamper Detection
7:03 PM: Definitions cannot be updated because subscription has expired.
7:03 PM: Automated check for program update in progress.
6:45 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
6:37 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:25 PM: Shield States
6:25 PM: Spyware Definitions: 744
6:25 PM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
6:22 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
6:22 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:19 PM: Shield States
6:19

#11 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 September 2006 - 11:01 PM

2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:42 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:41 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
2:36 PM: Traces Found: 10
2:36 PM: Full Sweep has completed. Elapsed time 00:44:27
2:36 PM: File Sweep Complete, Elapsed Time: 00:35:23
2:01 PM: Starting File Sweep
2:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
2:01 PM: c:\documents and settings\owner\cookies\owner@twci.coremetrics[1].txt (ID = 2472)
2:01 PM: Found Spy Cookie: coremetrics cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@questionmarket[1].txt (ID = 3217)
2:01 PM: Found Spy Cookie: questionmarket cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@mediaplex[1].txt (ID = 6442)
2:01 PM: Found Spy Cookie: mediaplex cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
2:01 PM: Found Spy Cookie: atwola cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
2:01 PM: Found Spy Cookie: atlas dmt cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@advertising[1].txt (ID = 2175)
2:01 PM: Found Spy Cookie: advertising cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@ads.pointroll[2].txt (ID = 3148)
2:01 PM: Found Spy Cookie: pointroll cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@ads.addynamix[1].txt (ID = 2062)
2:01 PM: Found Spy Cookie: addynamix cookie
2:01 PM: c:\documents and settings\owner\cookies\owner@2o7[2].txt (ID = 1957)
2:01 PM: Found Spy Cookie: 2o7.net cookie
2:01 PM: Starting Cookie Sweep
2:01 PM: Registry Sweep Complete, Elapsed Time:00:01:18
2:00 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
2:00 PM: Found Adware: whenu savenow
1:59 PM: Starting Registry Sweep
1:59 PM: Memory Sweep Complete, Elapsed Time: 00:07:24
1:52 PM: Starting Memory Sweep
1:52 PM: Sweep initiated using definitions version 744
1:52 PM: Spy Sweeper 5.0.5.1286 started
1:52 PM: | Start of Session, Saturday, September 02, 2006 |
********
1:52 PM: | End of Session, Saturday, September 02, 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
1:52 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
1:43 PM: Shield States
1:43 PM: Spyware Definitions: 744
1:42 PM: Spy Sweeper 5.0.5.1286 started
4:10 PM: IE Hijack Shield: Resetting IE advanced data value.
4:10 PM: IE Hijack Shield: Resetting IE advanced data value.
4:10 PM: IE Hijack Shield: Resetting Home Page value.
4:09 PM: BHO Shield: found: yt.dll-- BHO installation allowed at user request
3:59 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
3:58 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:57 PM: Shield States
3:57 PM: Spyware Definitions: 744
3:57 PM: Spy Sweeper 5.0.5.1286 started
1:34 PM: Removal process completed. Elapsed time 00:00:11
1:34 PM: Quarantining All Traces: atwola cookie
1:34 PM: Quarantining All Traces: atlas dmt cookie
1:34 PM: Quarantining All Traces: advertising cookie
1:34 PM: Quarantining All Traces: whenu savenow
1:34 PM: Removal process initiated
1:34 PM: Sweep Status: 4 Items Found
1:34 PM: Traces Found: 4
1:34 PM: File Sweep Complete, Elapsed Time: 00:07:15
1:34 PM: Sweep Canceled
1:27 PM: Starting File Sweep
1:27 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:27 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
1:27 PM: Found Spy Cookie: atwola cookie
1:27 PM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
1:27 PM: Found Spy Cookie: atlas dmt cookie
1:27 PM: c:\documents and settings\owner\cookies\owner@advertising[1].txt (ID = 2175)
1:27 PM: Found Spy Cookie: advertising cookie
1:27 PM: Starting Cookie Sweep
1:27 PM: Registry Sweep Complete, Elapsed Time:00:00:16
1:27 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
1:27 PM: Found Adware: whenu savenow
1:27 PM: Starting Registry Sweep
1:27 PM: Memory Sweep Complete, Elapsed Time: 00:01:38
1:25 PM: Starting Memory Sweep
1:25 PM: Sweep initiated using definitions version 744
1:25 PM: Spy Sweeper 5.0.5.1286 started
1:25 PM: | Start of Session, Thursday, August 31, 2006 |
********
1:25 PM: | End of Session, Thursday, August 31, 2006 |
1:24 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
1:05 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
1:02 PM: Shield States
1:02 PM: Spyware Definitions: 744
1:02 PM: Spy Sweeper 5.0.5.1286 started
12:47 PM: Definitions cannot be updated because subscription has expired.
12:47 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:53 PM: Shield States
4:53 PM: Spyware Definitions: 744
4:53 PM: Spy Sweeper 5.0.5.1286 started
12:46 PM: Definitions cannot be updated because subscription has expired.
12:46 PM: Automated check for program update in progress.
Operation: File Access
Target:
Source: C:\PROGRA~1\NORTON~2\NAVW32.EXE
4:10 PM: Tamper Detection
12:45 PM: Definitions cannot be updated because subscription has expired.
12:45 PM: Automated check for program update in progress.
12:45 PM: Removal process completed. Elapsed time 00:02:20
12:45 PM: Quarantining All Traces: zedo cookie
12:45 PM: Quarantining All Traces: adserver cookie
12:45 PM: Quarantining All Traces: tribalfusion cookie
12:45 PM: Quarantining All Traces: realmedia cookie
12:45 PM: Quarantining All Traces: questionmarket cookie
12:45 PM: Quarantining All Traces: bluestreak cookie
12:45 PM: Quarantining All Traces: atwola cookie
12:45 PM: Quarantining All Traces: atlas dmt cookie
12:45 PM: Quarantining All Traces: advertising cookie
12:45 PM: Quarantining All Traces: pointroll cookie
12:45 PM: Quarantining All Traces: 2o7.net cookie
12:45 PM: Quarantining All Traces: whenu savenow
12:43 PM: Removal process initiated
12:42 PM: Traces Found: 13
12:42 PM: Full Sweep has completed. Elapsed time 01:43:20
12:41 PM: File Sweep Complete, Elapsed Time: 01:31:54
Operation: File Access
Target:
Source: C:\WINDOWS\SYSTEM32\CLEANMGR.EXE
12:40 PM: Tamper Detection
12:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\61wzi1qh\pixel[3].gif". The operation completed successfully
11:10 AM: Starting File Sweep
11:09 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
11:09 AM: c:\documents and settings\owner\cookies\owner@zedo[2].txt (ID = 3762)
11:09 AM: Found Spy Cookie: zedo cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@z1.adserver[1].txt (ID = 2142)
11:09 AM: Found Spy Cookie: adserver cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@tribalfusion[2].txt (ID = 3589)
11:09 AM: Found Spy Cookie: tribalfusion cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@realmedia[1].txt (ID = 3235)
11:09 AM: Found Spy Cookie: realmedia cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@questionmarket[2].txt (ID = 3217)
11:09 AM: Found Spy Cookie: questionmarket cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@partygaming.122.2o7[1].txt (ID = 1958)
11:09 AM: c:\documents and settings\owner\cookies\owner@bluestreak[2].txt (ID = 2314)
11:09 AM: Found Spy Cookie: bluestreak cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
11:09 AM: Found Spy Cookie: atwola cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
11:09 AM: Found Spy Cookie: atlas dmt cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@advertising[1].txt (ID = 2175)
11:09 AM: Found Spy Cookie: advertising cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@ads.pointroll[2].txt (ID = 3148)
11:09 AM: Found Spy Cookie: pointroll cookie
11:09 AM: c:\documents and settings\owner\cookies\owner@2o7[2].txt (ID = 1957)
11:09 AM: Found Spy Cookie: 2o7.net cookie
11:09 AM: Starting Cookie Sweep
11:09 AM: Registry Sweep Complete, Elapsed Time:00:01:42
11:09 AM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
11:09 AM: Found Adware: whenu savenow
11:08 AM: Starting Registry Sweep
11:08 AM: Memory Sweep Complete, Elapsed Time: 00:08:55
10:59 AM: Starting Memory Sweep
10:58 AM: Sweep initiated using definitions version 744
10:58 AM: Spy Sweeper 5.0.5.1286 started
10:58 AM: | Start of Session, Sunday, August 27, 2006 |
********
10:58 AM: | End of Session, Sunday, August 27, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:58 AM: Shield States
10:58 AM: Spyware Definitions: 744
10:58 AM: Spy Sweeper 5.0.5.1286 started
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:13 PM: Shield States
5:13 PM: Spyware Definitions: 744
5:13 PM: Spy Sweeper 5.0.5.1286 started
3:33 PM: Definitions cannot be updated because subscription has expired.
3:33 PM: Automated check for program update in progress.
2:55 PM: Renewing Spy Sweeper subscription.
3:32 PM: Ignoring Spy Sweeper subscription renewal.
2:35 AM: Your definitions are up to date.
2:35 AM: Automated check for program update in progress.
2:35 AM: Your definitions are up to date.
2:34 AM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:51 PM: Shield States
3:51 PM: Spyware Definitions: 744
3:51 PM: Spy Sweeper 5.0.5.1286 started
2:35 AM: Your spyware definitions have been updated.
2:34 AM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:33 AM: Shield States
2:33 AM: Spyware Definitions: 743
2:33 AM: Spy Sweeper 5.0.5.1286 started
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:43 PM: Shield States
7:43 PM: Spyware Definitions: 743
7:43 PM: Spy Sweeper 5.0.5.1286 started
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
4:51 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
4:51 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:34 AM: Shield States
6:34 AM: Spyware Definitions: 743
6:33 AM: Spy Sweeper 5.0.5.1286 started
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
12:25 AM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
11:12 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\[1].ssq". The process cannot access the file because it is being used by another process
11:12 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\[1].ssq". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: TCSIDLs.Refresh: could not map user [S-1-5-21-1353024681-375290947-3466193478-501]
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is being used by another process
10:24 PM: Warning: Cannot open file "C:\Documents and Settings\Guest\NTUser.dat". The process cannot access the file because it is bein

#12 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 20 September 2006 - 11:09 PM

10:05 PM: Removal process completed. Elapsed time 00:00:20
10:05 PM: Quarantining All Traces: realmedia cookie
10:05 PM: Quarantining All Traces: mediaplex cookie
10:05 PM: Quarantining All Traces: atwola cookie
10:05 PM: Quarantining All Traces: atlas dmt cookie
10:05 PM: Quarantining All Traces: advertising cookie
10:05 PM: Quarantining All Traces: 2o7.net cookie
10:05 PM: Quarantining All Traces: whenu savenow
10:05 PM: Removal process initiated
10:04 PM: Traces Found: 7
10:04 PM: Full Sweep has completed. Elapsed time 00:27:24
10:04 PM: File Sweep Complete, Elapsed Time: 00:21:14
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\4d4rcb4j\emailgen[5].png". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\61wzi1qh\documentdotwrite[1].js". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zu43vxcl\contentrightline[1].gif". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\4d4rcb4j\uwc[1].htm". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zu43vxcl\onlinenow[1].png". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klkhufo5\narrowleftbg[1].gif". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\4d4rcb4j\confirminvite[1].css". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\61wzi1qh\magglass[1].png". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klkhufo5\confirm[1].js". The operation completed successfully
10:01 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\61wzi1qh\home[1].css". The operation completed successfully
10:00 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@onwisconsin[1].txt". The operation completed successfully
10:00 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\klkhufo5\pixel[1].gif". The operation completed successfully
9:43 PM: Starting File Sweep
9:43 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:43 PM: c:\documents and settings\owner\cookies\owner@realmedia[1].txt (ID = 3235)
9:43 PM: Found Spy Cookie: realmedia cookie
9:43 PM: c:\documents and settings\owner\cookies\owner@mediaplex[1].txt (ID = 6442)
9:43 PM: Found Spy Cookie: mediaplex cookie
9:43 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
9:43 PM: Found Spy Cookie: atwola cookie
9:43 PM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
9:43 PM: Found Spy Cookie: atlas dmt cookie
9:43 PM: c:\documents and settings\owner\cookies\owner@advertising[1].txt (ID = 2175)
9:43 PM: Found Spy Cookie: advertising cookie
9:43 PM: c:\documents and settings\owner\cookies\owner@2o7[2].txt (ID = 1957)
9:43 PM: Found Spy Cookie: 2o7.net cookie
9:43 PM: Starting Cookie Sweep
9:43 PM: Registry Sweep Complete, Elapsed Time:00:01:09
9:42 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
9:42 PM: Found Adware: whenu savenow
9:41 PM: Starting Registry Sweep
9:41 PM: Memory Sweep Complete, Elapsed Time: 00:04:45
9:37 PM: Starting Memory Sweep
9:36 PM: Sweep initiated using definitions version 743
9:36 PM: Spy Sweeper 5.0.5.1286 started
9:36 PM: | Start of Session, Thursday, August 17, 2006 |
********
9:36 PM: | End of Session, Thursday, August 17, 2006 |
9:36 PM: Renewing Spy Sweeper subscription.
9:27 PM: Your spyware definitions have been updated.
9:26 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:25 PM: Shield States
9:25 PM: Spyware Definitions: 724
9:25 PM: Spy Sweeper 5.0.5.1286 started
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:21 PM: Shield States
9:21 PM: Spyware Definitions: 724
9:20 PM: Spy Sweeper 5.0.5.1286 started
4:53 PM: Your spyware definitions have been updated.
4:53 PM: Removal process completed. Elapsed time 00:00:17
4:53 PM: Quarantining All Traces: zedo cookie
4:53 PM: Quarantining All Traces: tribalfusion cookie
4:53 PM: Quarantining All Traces: trafficmp cookie
4:53 PM: Quarantining All Traces: tacoda cookie
4:53 PM: Quarantining All Traces: realmedia cookie
4:53 PM: Quarantining All Traces: questionmarket cookie
4:53 PM: Quarantining All Traces: nextag cookie
4:53 PM: Quarantining All Traces: fastclick cookie
4:53 PM: Quarantining All Traces: ru4 cookie
4:53 PM: Quarantining All Traces: bizrate cookie
4:53 PM: Quarantining All Traces: atwola cookie
4:53 PM: Quarantining All Traces: atlas dmt cookie
4:53 PM: Quarantining All Traces: falkag cookie
4:53 PM: Quarantining All Traces: advertising cookie
4:53 PM: Quarantining All Traces: 2o7.net cookie
4:53 PM: Quarantining All Traces: whenu savenow
4:52 PM: Removal process initiated
4:52 PM: Traces Found: 16
4:52 PM: Full Sweep has completed. Elapsed time 00:37:05
4:52 PM: File Sweep Complete, Elapsed Time: 00:28:47
4:23 PM: Starting File Sweep
4:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:23 PM: c:\documents and settings\owner\cookies\owner@zedo[1].txt (ID = 3762)
4:23 PM: Found Spy Cookie: zedo cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@tribalfusion[1].txt (ID = 3589)
4:23 PM: Found Spy Cookie: tribalfusion cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@trafficmp[1].txt (ID = 3581)
4:23 PM: Found Spy Cookie: trafficmp cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@tacoda[1].txt (ID = 6444)
4:23 PM: Found Spy Cookie: tacoda cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@realmedia[2].txt (ID = 3235)
4:23 PM: Found Spy Cookie: realmedia cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@questionmarket[2].txt (ID = 3217)
4:23 PM: Found Spy Cookie: questionmarket cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@nextag[1].txt (ID = 5014)
4:23 PM: Found Spy Cookie: nextag cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@fastclick[1].txt (ID = 2651)
4:23 PM: Found Spy Cookie: fastclick cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@edge.ru4[2].txt (ID = 3269)
4:23 PM: Found Spy Cookie: ru4 cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@bizrate[2].txt (ID = 2308)
4:23 PM: Found Spy Cookie: bizrate cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@atwola[1].txt (ID = 2255)
4:23 PM: Found Spy Cookie: atwola cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@atdmt[2].txt (ID = 2253)
4:23 PM: Found Spy Cookie: atlas dmt cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@as-us.falkag[2].txt (ID = 2650)
4:23 PM: Found Spy Cookie: falkag cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@advertising[1].txt (ID = 2175)
4:23 PM: Found Spy Cookie: advertising cookie
4:23 PM: c:\documents and settings\owner\cookies\owner@2o7[1].txt (ID = 1957)
4:23 PM: Found Spy Cookie: 2o7.net cookie
4:23 PM: Starting Cookie Sweep
4:23 PM: Registry Sweep Complete, Elapsed Time:00:00:21
4:23 PM: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
4:23 PM: Found Adware: whenu savenow
4:23 PM: Starting Registry Sweep
4:23 PM: Memory Sweep Complete, Elapsed Time: 00:07:37
4:15 PM: Starting Memory Sweep
4:15 PM: Sweep initiated using definitions version 719
4:15 PM: Spy Sweeper 5.0.5.1286 started
4:15 PM: | Start of Session, Saturday, July 22, 2006 |
********
4:15 PM: | End of Session, Saturday, July 22, 2006 |
4:15 PM: BHO Shield: found: -- BHO installation allowed at user request
4:14 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:13 PM: Shield States
4:13 PM: Spyware Definitions: 719
4:13 PM: Spy Sweeper 5.0.5.1286 started
8:56 PM: Your spyware definitions have been updated.
8:55 PM: Sent error log: C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
8:54 PM: Automated check for program update in progress.
4:05 PM: Automated check for program update in progress.
4:13 PM: BHO Shield: found: -- BHO installation denied at user request
4:12 PM: BHO Shield: found: -- BHO installation denied at user request
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:11 PM: Shield States
4:11 PM: Spyware Definitions: 691
4:10 PM: Spy Sweeper 5.0.5.1286 started
3:59 PM: Your definitions are up to date.
3:59 PM: Updating spyware definitions
3:58 PM: Your spyware definitions have been updated.
11:34 PM: Quarantine item removal complete.
11:34 PM: Automatic removal of old quarantine items in progress.
11:28 AM: Traces Found: 18
11:28 AM: Full Sweep has completed. Elapsed time 00:23:56
11:28 AM: File Sweep Complete, Elapsed Time: 00:17:56
11:28 AM: Warning: Unhandled Archive Type
11:28 AM: Warning: Unhandled Archive Type
11:10 AM: Starting File Sweep
11:10 AM: Cookie Sweep Complete, Elapsed Time: 00:00:02
11:10 AM: owner@zedo[1].txt (ID = 3762)
11:10 AM: Found Spy Cookie: zedo cookie
11:10 AM: owner@z1.adserver[1].txt (ID = 2142)
11:10 AM: Found Spy Cookie: adserver cookie
11:10 AM: owner@vip.clickzs[2].txt (ID = 2413)
11:10 AM: owner@tribalfusion[1].txt (ID = 3589)
11:10 AM: Found Spy Cookie: tribalfusion cookie
11:10 AM: owner@statcounter[1].txt (ID = 3447)
11:10 AM: Found Spy Cookie: statcounter cookie
11:10 AM: owner@server.iad.liveperson[1].txt (ID = 3341)
11:10 AM: Found Spy Cookie: server.iad.liveperson cookie
11:10 AM: owner@questionmarket[2].txt (ID = 3217)
11:10 AM: Found Spy Cookie: questionmarket cookie
11:10 AM: owner@perf.overture[1].txt (ID = 3106)
11:10 AM: Found Spy Cookie: overture cookie
11:10 AM: owner@msnportal.112.2o7[1].txt (ID = 1958)
11:10 AM: owner@mediaplex[1].txt (ID = 6442)
11:10 AM: Found Spy Cookie: mediaplex cookie
11:10 AM: owner@cz7.clickzs[2].txt (ID = 2413)
11:10 AM: Found Spy Cookie: clickzs cookie
11:10 AM: owner@atwola[1].txt (ID = 2255)
11:10 AM: Found Spy Cookie: atwola cookie
11:10 AM: owner@atdmt[2].txt (ID = 2253)
11:10 AM: Found Spy Cookie: atlas dmt cookie
11:10 AM: owner@advertising[1].txt (ID = 2175)
11:10 AM: Found Spy Cookie: advertising cookie
11:10 AM: owner@ads.addynamix[1].txt (ID = 2062)
11:10 AM: Found Spy Cookie: addynamix cookie
11:10 AM: owner@adopt.specificclick[2].txt (ID = 3400)
11:10 AM: Found Spy Cookie: specificclick.com cookie
11:10 AM: owner@ad.yieldmanager[1].txt (ID = 3751)
11:10 AM: Found Spy Cookie: yieldmanager cookie
11:10 AM: owner@2o7[2].txt (ID = 1957)
11:10 AM: Found Spy Cookie: 2o7.net cookie
11:10 AM: Starting Cookie Sweep
11:10 AM: Registry Sweep Complete, Elapsed Time:00:00:41
11:09 AM: Starting Registry Sweep
11:09 AM: Memory Sweep Complete, Elapsed Time: 00:05:07
11:04 AM: Starting Memory Sweep
11:04 AM: Sweep initiated using definitions version 714
11:04 AM: Spy Sweeper started
11:04 AM: | Start of Session, Monday, July 10, 2006 |
********
12:11 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
12:01 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
5:20 PM: Your spyware definitions have been updated.
9:09 PM: Removal process completed. Elapsed time 00:00:07
9:09 PM: Quarantining All Traces: zedo cookie
9:09 PM: Quarantining All Traces: yieldmanager cookie
9:09 PM: Quarantining All Traces: websponsors cookie
9:09 PM: Quarantining All Traces: trafficmp cookie
9:09 PM: Quarantining All Traces: tacoda cookie
9:09 PM: Quarantining All Traces: specificclick.com cookie
9:09 PM: Quarantining All Traces: sextracker cookie
9:09 PM: Quarantining All Traces: serving-sys cookie
9:09 PM: Quarantining All Traces: realmedia cookie
9:09 PM: Quarantining All Traces: questionmarket cookie
9:09 PM: Quarantining All Traces: paycounter cookie
9:09 PM: Quarantining All Traces: overture cookie
9:09 PM: Quarantining All Traces: nextag cookie
9:09 PM: Quarantining All Traces: mrskin cookie
9:09 PM: Quarantining All Traces: mediaplex cookie
9:09 PM: Quarantining All Traces: maxserving cookie
9:09 PM: Quarantining All Traces: fastclick cookie
9:09 PM: Quarantining All Traces: falkag cookie
9:09 PM: Quarantining All Traces: casalemedia cookie
9:09 PM: Quarantining All Traces: bluestreak cookie
9:09 PM: Quarantining All Traces: atwola cookie
9:09 PM: Quarantining All Traces: atlas dmt cookie
9:09 PM: Quarantining All Traces: advertising cookie
9:09 PM: Quarantining All Traces: adultfriendfinder cookie
9:09 PM: Quarantining All Traces: adserver cookie
9:09 PM: Quarantining All Traces: addynamix cookie
9:09 PM: Quarantining All Traces: about cookie
9:09 PM: Quarantining All Traces: 2o7.net cookie
9:09 PM: Removal process initiated
9:08 PM: Traces Found: 36
9:08 PM: Full Sweep has completed. Elapsed time 00:34:32
9:08 PM: File Sweep Complete, Elapsed Time: 00:25:30
9:08 PM: Warning: Unhandled Archive Type
9:08 PM: Warning: Unhandled Archive Type
9:08 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@valueclick[1].txt". The system cannot find the file specified
8:43 PM: Starting File Sweep
8:43 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
8:43 PM: owner@zedo[1].txt (ID = 3762)
8:43 PM: Found Spy Cookie: zedo cookie
8:43 PM: owner@z1.adserver[1].txt (ID = 2142)
8:43 PM: Found Spy Cookie: adserver cookie
8:43 PM: owner@trafficmp[1].txt (ID = 3581)
8:43 PM: Found Spy Cookie: trafficmp cookie
8:43 PM: owner@tacoda[1].txt (ID = 6444)
8:43 PM: owner@sextracker[1].txt (ID = 3361)
8:43 PM: owner@serving-sys[2].txt (ID = 3343)
8:43 PM: Found Spy Cookie: serving-sys cookie
8:43 PM: owner@realmedia[1].txt (ID = 3235)
8:43 PM: Found Spy Cookie: realmedia cookie
8:43 PM: owner@questionmarket[1].txt (ID = 3217)
8:43 PM: Found Spy Cookie: questionmarket cookie
8:43 PM: owner@perf.overture[1].txt (ID = 3106)
8:43 PM: Found Spy Cookie: overture cookie
8:43 PM: owner@paycounter[1].txt (ID = 3115)
8:43 PM: Found Spy Cookie: paycounter cookie
8:43 PM: owner@partygaming.122.2o7[1].txt (ID = 1958)
8:43 PM: owner@nextag[2].txt (ID = 5014)
8:43 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
8:43 PM: owner@mrskin[1].txt (ID = 3020)
8:43 PM: Found Spy Cookie: mrskin cookie
8:43 PM: owner@mediaplex[1].txt (ID = 6442)
8:43 PM: Found Spy Cookie: mediaplex cookie
8:43 PM: owner@maxserving[1].txt (ID = 2966)
8:43 PM: Found Spy Cookie: maxserving cookie
8:43 PM: owner@fastclick[1].txt (ID = 2651)
8:43 PM: Found Spy Cookie: fastclick cookie
8:43 PM: owner@counter1.sextracker[1].txt (ID = 3362)
8:43 PM: Found Spy Cookie: sextracker cookie
8:43 PM: owner@cbs.112.2o7[1].txt (ID = 1958)
8:43 PM: owner@casalemedia[2].txt (ID = 2354)
8:43 PM: Found Spy Cookie: casalemedia cookie
8:43 PM: owner@cars.about[1].txt (ID = 2038)
8:43 PM: owner@bluestreak[1].txt (ID = 2314)
8:43 PM: Found Spy Cookie: bluestreak cookie
8:43 PM: owner@atwola[1].txt (ID = 2255)
8:43 PM: Found Spy Cookie: atwola cookie
8:43 PM: owner@atdmt[2].txt (ID = 2253)
8:43 PM: Found Spy Cookie: atlas dmt cookie
8:43 PM: owner@as-us.falkag[1].txt (ID = 2650)
8:43 PM: Found Spy Cookie: falkag cookie
8:43 PM: owner@anad.tacoda[1].txt (ID = 6445)
8:43 PM: Found Spy Cookie: tacoda cookie
8:43 PM: owner@advertising[2].txt (ID = 2175)
8:43 PM: Found Spy Cookie: advertising cookie
8:43 PM: owner@adultfriendfinder[2].txt (ID = 2165)
8:43 PM: Found Spy Cookie: adultfriendfinder cookie
8:43 PM: owner@ads.addynamix[1].txt (ID = 2062)
8:43 PM: Found Spy Cookie: addynamix cookie
8:43 PM: owner@adq.nextag[2].txt (ID = 5015)
8:43 PM: Found Spy Cookie: nextag cookie
8:43 PM: owner@adopt.specificclick[1].txt (ID = 3400)
8:43 PM: Found Spy Cookie: specificclick.com cookie
8:43 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
8:43 PM: Found Spy Cookie: yieldmanager cookie
8:43 PM: owner@about[2].txt (ID = 2037)
8:43 PM: Found Spy Cookie: about cookie
8:43 PM: owner@a.websponsors[2].txt (ID = 3665)
8:43 PM: Found Spy Cookie: websponsors cookie
8:43 PM: owner@2o7[2].txt (ID = 1957)
8:43 PM: guest@2o7[2].txt (ID = 1957)
8:43 PM: Found Spy Cookie: 2o7.net cookie
8:43 PM: Starting Cookie Sweep
8:43 PM: Registry Sweep Complete, Elapsed Time:00:01:18
8:41 PM: Starting Registry Sweep
8:41 PM: Memory Sweep Complete, Elapsed Time: 00:07:27
8:34 PM: Starting Memory Sweep
8:34 PM: Sweep initiated using definitions version 711
8:34 PM: Spy Sweeper started
8:34 PM: | Start of Session, Tuesday, July 04, 2006 |
********
8:34 PM: | End of Session, Tuesday, July 04, 2006 |
10:26 AM: Your spyware definitions have been updated.
9:30 PM: Your spyware definitions have been updated.
8:04 PM: Your spyware definitions have been updated.
8:03 PM: Your spyware definitions have been updated.
4:20 AM: Quarantine item removal complete.
4:20 AM: Automatic removal of old quarantine items in progress.
8:00 PM: Your spyware definitions have been updated.
7:59 PM: Your spyware definitions have been updated.
8:34 PM: Removal process completed. Elapsed time 00:00:01
8:34 PM: Quarantining All Traces: starware.com cookie
8:34 PM: Quarantining All Traces: specificclick.com cookie
8:34 PM: Quarantining All Traces: pointroll cookie
8:34 PM: Quarantining All Traces: mediaplex cookie
8:34 PM: Quarantining All Traces: did-it cookie
8:34 PM: Quarantining All Traces: atwola cookie
8:34 PM: Quarantining All Traces: atlas dmt cookie
8:34 PM: Quarantining All Traces: advertising cookie
8:34 PM: Quarantining All Traces: 2o7.net cookie
8:34 PM: Removal process initiated
8:28 PM: Quarantine item removal complete.
8:28 PM: Automatic removal of old quarantine items in progress.
8:25 PM: Traces Found: 14
8:25 PM: Full Sweep has completed. Elapsed time 00:24:08
8:25 PM: File Sweep Complete, Elapsed Time: 00:19:01
8:25 PM: Warning: Unhandled Archive Type
8:25 PM: Warning: Unhandled Archive Type
8:25 PM: Warning: Unhandled Archive Type
8:25 PM: Warning: Unhandled Archive Type
8:25 PM: Warning: Unhandled Archive Type
8:25 PM: Warning: Unhandled Archive Type
8:06 PM: Starting File Sweep
8:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:06 PM: owner@mediaplex[1].txt (ID = 6442)
8:06 PM: Found Spy Cookie: mediaplex cookie
8:06 PM: owner@h.starware[2].txt (ID = 3442)
8:06 PM: Found Spy Cookie: starware.com cookie
8:06 PM: owner@ford.112.2o7[1].txt (ID = 1958)
8:06 PM: owner@did-it[2].txt (ID = 2523)
8:06 PM: Found Spy Cookie: did-it cookie
8:06 PM: owner@atwola[1].txt (ID = 2255)
8:06 PM: owner@atdmt[2].txt (ID = 2253)
8:06 PM: owner@advertising[1].txt (ID = 2175)
8:06 PM: owner@adopt.specificclick[2].txt (ID = 3400)
8:06 PM: Found Spy Cookie: specificclick.com cookie
8:06 PM: owner@2o7[1].txt (ID = 1957)
8:06 PM: guest@atwola[1].txt (ID = 2255)
8:06 PM: Found Spy Cookie: atwola cookie
8:06 PM: guest@atdmt[1].txt (ID = 2253)
8:06 PM: Found Spy Cookie: atlas dmt cookie
8:06 PM: guest@advertising[2].txt (ID = 2175)
8:06 PM: Found Spy Cookie: advertising cookie
8:06 PM: guest@ads.pointroll[2].txt (ID = 3148)
8:06 PM: Found Spy Cookie: pointroll cookie
8:06 PM: guest@2o7[2].txt (ID = 1957)
8:06 PM: Found Spy Cookie: 2o7.net cookie
8:06 PM: Starting Cookie Sweep
8:06 PM: Registry Sweep Complete, Elapsed Time:00:00:12
8:06 PM: Starting Registry Sweep
8:06 PM: Memory Sweep Complete, Elapsed Time: 00:04:50
8:01 PM: Starting Memory Sweep
8:01 PM: Sweep initiated using definitions version 704
8:01 PM: Spy Sweeper started
8:01 PM: | Start of Session, Wednesday, June 21, 2006 |
********
8:01 PM: | End of Session, Wednesday, June 21, 2006 |
8:00 PM: BHO Shield: found: -- BHO installation denied at user request
6:21 PM: Your spyware definitions have been updated.
5:14 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
8:33 PM: Your spyware definitions have been updated.
8:31 PM: Removal process completed. Elapsed time 00:00:02
8:31 PM: Quarantining All Traces: webtrendslive cookie
8:31 PM: Quarantining All Traces: tacoda cookie
8:31 PM: Quarantining All Traces: specificclick.com cookie
8:31 PM: Quarantining All Traces: questionmarket cookie
8:31 PM: Quarantining All Traces: go.com cookie
8:31 PM: Quarantining All Traces: casalemedia cookie
8:31 PM: Quarantining All Traces: atwola cookie
8:31 PM: Quarantining All Traces: atlas dmt cookie
8:31 PM: Quarantining All Traces: advertising cookie
8:31 PM: Quarantining All Traces: 2o7.net cookie
8:31 PM: Removal process initiated
4:19 PM: Traces Found: 14
4:19 PM: Full Sweep has completed. Elapsed time 00:33:36
4:19 PM: File Sweep Complete, Elapsed Time: 00:26:37
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
4:19 PM: Warning: Unhandled Archive Type
3:53 PM: Starting File Sweep
3:52 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
3:52 PM: owner@tacoda[1].txt (ID = 6444)
3:52 PM: Found Spy Cookie: tacoda cookie
3:52 PM: owner@statse.webtrendslive[1].txt (ID = 3667)
3:52 PM: Found Spy Cookie: webtrendslive cookie
3:52 PM: owner@sports.espn.go[2].txt (ID = 2729)
3:52 PM: owner@rsi.espn.go[1].txt (ID = 2729)
3:52 PM: owner@questionmarket[1].txt (ID = 3217)
3:52 PM: Found Spy Cookie: questionmarket cookie
3:52 PM: owner@go[1].txt (ID = 2728)
3:52 PM: owner@espn.go[2].txt (ID = 2729)
3:52 PM: Found Spy Cookie: go.com cookie
3:52 PM: owner@casalemedia[1].txt (ID = 2354)
3:52 PM: Found Spy Cookie: casalemedia cookie
3:52 PM: owner@atwola[1].txt (ID = 2255)
3:52 PM: owner@atdmt[2].txt (ID = 2253)
3:52 PM: Found Spy Cookie: atlas dmt cookie
3:52 PM: owner@ar.atwola[2].txt (ID = 2256)
3:52 PM: Found Spy Cookie: atwola cookie
3:52 PM: owner@advertising[2].txt (ID = 2175)
3:52 PM: Found Spy Cookie: advertising cookie
3:52 PM: owner@adopt.specificclick[2].txt (ID = 3400)
3:52 PM: Found Spy Cookie: specificclick.com cookie
3:52 PM: owner@2o7[1].txt (ID = 1957)
3:52 PM: Found Spy Cookie: 2o7.net cookie
3:52 PM: Starting Cookie Sweep
3:52 PM: Registry Sweep Complete, Elapsed Time:00:01:03
3:51 PM: Starting Registry Sweep
3:51 PM: Memory Sweep Complete, Elapsed Time: 00:05:44
3:46 PM: Starting Memory Sweep
3:46 PM: Sweep initiated using definitions version 696
3:46 PM: Spy Sweeper started
3:46 PM: | Start of Session, Saturday, June 10, 2006 |
********
3:46 PM: | End of Session, Saturday, June 10, 2006 |
1:04 PM: Quarantine item removal complete.
1:04 PM: Automatic removal of old quarantine items in progress.
12:35 PM: Your spyware definitions have been updated.
4:08 PM: Your spyware definitions have been updated.
4:36 PM: Quarantine item removal complete.
4:36 PM: Automatic removal of old quarantine items in progress.
4:08 PM: Your spyware definitions have been updated.
11:33 AM: Your spyware definitions have been updated.
6:17 PM: Your spyware definitions have been updated.
9:58 PM: Quarantine item removal complete.
9:58 PM: Automatic removal of old quarantine items in progress.
6:16 PM: Your spyware definitions have been updated.
12:25 AM: Your spyware definitions have been updated.
12:25 AM: Your spyware definitions have been updated.
12:24 AM: Removal process completed. Elapsed time 00:00:43
12:24 AM: Quarantining All Traces: tribalfusion cookie
12:24 AM: Quarantining All Traces: sexlist cookie
12:23 AM: Quarantining All Traces: limewire
12:23 AM: Quarantining All Traces: gnutella protocol
12:23 AM: Quarantining All Traces: ed2k protocol
12:23 AM: Quarantining All Traces: bearshare
12:23 AM: Quarantining All Traces: atwola cookie
12:23 AM: Quarantining All Traces: atlas dmt cookie
12:23 AM: Quarantining All Traces: advertising cookie
12:23 AM: Quarantining All Traces: adserver cookie
12:23 AM: Quarantining All Traces: 2o7.net cookie
12:23 AM: Removal process initiated
5:53 PM: Traces Found: 158
5:53 PM: Full Sweep has completed. Elapsed time 00:33:10
5:53 PM: File Sweep Complete, Elapsed Time: 00:26:18
5:52 PM: Warning: Unhandled Archive Type
5:52 PM: Warning: Unhandled Archive Type
5:49 PM: limewirewin4.10.5.exe (ID = 288651)
5:48 PM: limewirewin4.10.9.exe (ID = 288649)
5:41 PM: stubinstaller.exe (ID = 278690)
5:29 PM: limewire20.dll (ID = 278760)
5:28 PM: limewire20.dll (ID = 104074)
5:27 PM: c:\program files\limewire (48 subtraces) (ID = -2147478534)
5:26 PM: Starting File Sweep
5:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:26 PM: owner@z1.adserver[1].txt (ID = 2142)
5:26 PM: Found Spy Cookie: adserver cookie
5:26 PM: owner@tribalfusion[1].txt (ID = 3589)
5:26 PM: Found Spy Cookie: tribalfusion cookie
5:26 PM: owner@sexlist[2].txt (ID = 3353)
5:26 PM: Found Spy Cookie: sexlist cookie
5:26 PM: owner@atwola[1].txt (ID = 2255)
5:26 PM: owner@atdmt[2].txt (ID = 2253)
5:26 PM: Found Spy Cookie: atlas dmt cookie
5:26 PM: owner@ar.atwola[2].txt (ID = 2256)
5:26 PM: Found Spy Cookie: atwola cookie
5:26 PM: owner@advertising[2].txt (ID = 2175)
5:26 PM: Found Spy Cookie: advertising cookie
5:26 PM: owner@2o7[1].txt (ID = 1957)
5:26 PM: Found Spy Cookie: 2o7.net cookie
5:26 PM: Starting Cookie Sweep
5:26 PM: Registry Sweep Complete, Elapsed Time:00:00:55
5:26 PM: HKLM\software\magnet\handlers\bearshare\ (9 subtraces) (ID = 650373)
5:26 PM: HKLM\software\classes\clsid\{558ec983-bedb-9168-b2de-31dbf0ee543e}\ (18 subtraces) (ID = 510600)
5:26 PM: HKCR\clsid\{558ec983-bedb-9168-b2de-31dbf0ee543e}\ (18 subtraces) (ID = 510553)
5:26 PM: Found Other: bearshare
5:26 PM: HKLM\software\microsoft\windows\currentversion\uninstall\limewire\ (9 subtraces) (ID = 302891)
5:26 PM: HKLM\software\limewire\ (1 subtraces) (ID = 302764)
5:26 PM: Found Other: limewire
5:26 PM: HKLM\software\classes\gnutella\ (8 subtraces) (ID = 164202)
5:26 PM: HKLM\software\classes\ed2k\ (8 subtraces) (ID = 164172)
5:26 PM: HKCR\gnutella\ (8 subtraces) (ID = 163311)
5:26 PM: Found Other: gnutella protocol
5:26 PM: HKCR\ed2k\ (8 subtraces) (ID = 163281)
5:26 PM: Found Other: ed2k protocol
5:25 PM: Starting Registry Sweep
5:25 PM: Memory Sweep Complete, Elapsed Time: 00:05:49
5:19 PM: Starting Memory Sweep
5:19 PM: Sweep initiated using definitions version 683
5:19 PM: Spy Sweeper started
5:19 PM: | Start of Session, Wednesday, May 24, 2006 |
********
5:19 PM: | End of Session, Wednesday, May 24, 2006 |
5:12 PM: Quarantine item removal complete.
5:12 PM: Automatic removal of old quarantine items in progress.
4:54 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
4:46 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
5:47 PM: Your spyware definitions have been updated.
5:44 PM: Removal process completed. Elapsed time 00:00:02
5:44 PM: Quarantining All Traces: zedo cookie
5:44 PM: Quarantining All Traces: mediaplex cookie
5:44 PM: Quarantining All Traces: fastclick cookie
5:44 PM: Quarantining All Traces: casalemedia cookie
5:44 PM: Quarantining All Traces: burstnet cookie
5:44 PM: Quarantining All Traces: burstbeacon cookie
5:44 PM: Quarantining All Traces: atwola cookie
5:44 PM: Quarantining All Traces: atlas dmt cookie
5:44 PM: Quarantining All Traces: ask cookie
5:44 PM: Quarantining All Traces: advertising cookie
5:44 PM: Quarantining All Traces: 2o7.net cookie
5:44 PM: Removal process initiated
1:34 PM: Traces Found: 11
1:34 PM: Full Sweep has completed. Elapsed time 00:48:00
1:34 PM: File Sweep Complete, Elapsed Time: 00:34:02
1:00 PM: Starting File Sweep
1:00 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
1:00 PM: owner@zedo[2].txt (ID = 3762)
1:00 PM: Found Spy Cookie: zedo cookie
1:00 PM: owner@www.burstbeacon[1].txt (ID = 2335)
1:00 PM: Found Spy Cookie: burstbeacon cookie
1:00 PM: owner@mediaplex[2].txt (ID = 6442)
1:00 PM: Found Spy Cookie: mediaplex cookie
1:00 PM: owner@fastclick[2].txt (ID = 2651)
1:00 PM: Found Spy Cookie: fastclick cookie
1:00 PM: owner@casalemedia[2].txt (ID = 2354)
1:00 PM: Found Spy Cookie: casalemedia cookie
1:00 PM: owner@burstnet[2].txt (ID = 2336)
1:00 PM: Found Spy Cookie: burstnet cookie
1:00 PM: owner@atwola[1].txt (ID = 2255)
1:00 PM: Found Spy Cookie: atwola cookie
1:00 PM: owner@atdmt[2].txt (ID = 2253)
1:00 PM: Found Spy Cookie: atlas dmt cookie
1:00 PM: owner@ask[1].txt (ID = 2245)
1:00 PM: Found Spy Cookie: ask cookie
1:00 PM: owner@advertising[2].txt (ID = 2175)
1:00 PM: Found Spy Cookie: advertising cookie
1:00 PM: owner@2o7[2].txt (ID = 1957)
1:00 PM: Found Spy Cookie: 2o7.net cookie
12:59 PM: Starting Cookie Sweep
12:59 PM: Registry Sweep Complete, Elapsed Time:00:01:57
12:57 PM: Starting Registry Sweep
12:57 PM: Memory Sweep Complete, Elapsed Time: 00:11:40
12:46 PM: Starting Memory Sweep
12:46 PM: Sweep initiated using definitions version 682
12:46 PM: Spy Sweeper started
12:46 PM: | Start of Session, Sunday, May 21, 2006 |
********
12:46 PM: | End of Session, Sunday, May 21, 2006 |
4:33 PM: Quarantine item removal complete.
4:33 PM: Automatic removal of old quarantine items in progress.
3:56 PM: Warning: Failed to load image: C:\DOCUME~1\OWNER\LOCALS~1\TEMP\SET28.TMP
5:47 PM: Removal process completed. Elapsed time 00:00:07
5:47 PM: Quarantining All Traces: zedo cookie
5:47 PM: Quarantining All Traces: tradedoubler cookie
5:47 PM: Quarantining All Traces: questionmarket cookie
5:47 PM: Quarantining All Traces: pointroll cookie
5:47 PM: Quarantining All Traces: coremetrics cookie
5:47 PM: Quarantining All Traces: atwola cookie
5:47 PM: Quarantining All Traces: atlas dmt cookie
5:47 PM: Quarantining All Traces: advertising cookie
5:47 PM: Quarantining All Traces: addynamix cookie
5:47 PM: Quarantining All Traces: 2o7.net cookie
5:47 PM: Removal process initiated
5:40 PM: Traces Found: 10
5:40 PM: Full Sweep has completed. Elapsed time 00:20:46
5:40 PM: File Sweep Complete, Elapsed Time: 00:16:20
5:40 PM: Warning: Unhandled Archive Type
5:40 PM: Warning: Unhandled Archive Type
5:40 PM: Warning: Unhandled Archive Type
5:40 PM: Warning: Unhandled Archive Type
5:24 PM: Starting File Sweep
5:24 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
5:24 PM: owner@zedo[2].txt (ID = 3762)
5:24 PM: Found Spy Cookie: zedo cookie
5:24 PM: owner@tradedoubler[2].txt (ID = 3575)
5:24 PM: Found Spy Cookie: tradedoubler cookie
5:24 PM: owner@questionmarket[2].txt (ID = 3217)
5:24 PM: Found Spy Cookie: questionmarket cookie
5:24 PM: owner@data.coremetrics[1].txt (ID = 2472)
5:24 PM: Found Spy Cookie: coremetrics cookie
5:24 PM: owner@atwola[1].txt (ID = 2255)
5:24 PM: Found Spy Cookie: atwola cookie
5:24 PM: owner@atdmt[2].txt (ID = 2253)
5:24 PM: Found Spy Cookie: atlas dmt cookie
5:24 PM: owner@advertising[1].txt (ID = 2175)
5:24 PM: Found Spy Cookie: advertising cookie
5:24 PM: owner@ads.pointroll[2].txt (ID = 3148)
5:24 PM: Found Spy Cookie: pointroll cookie
5:24 PM: owner@ads.addynamix[1].txt (ID = 2062)
5:24 PM: Found Spy Cookie: addynamix cookie
5:24 PM: owner@2o7[2].txt (ID = 1957)
5:24 PM: Found Spy Cookie: 2o7.net cookie
5:24 PM: Starting Cookie Sweep
5:24 PM: Registry Sweep Complete, Elapsed Time:00:00:14
5:24 PM: Starting Registry Sweep
5:24 PM: Memory Sweep Complete, Elapsed Time: 00:04:05
5:20 PM: Starting Memory Sweep
5:20 PM: Sweep initiated using definitions version 682
5:20 PM: Spy Sweeper started
5:20 PM: | Start of Session, Friday, May 19, 2006 |
********
5:20 PM: | End of Session, Friday, May 19, 2006 |
4:56 PM: Your spyware definitions have been updated.
4:56 PM: Your spyware definitions have been updated.
1:25 AM: Quarantine item removal complete.
1:25 AM: Automatic removal of old quarantine items in progress.
4:55 PM: Your spyware definitions have been updated.
3:26 PM: Your spyware definitions have been updated.
3:32 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
3:30 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
3:26 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
10:31 AM: Quarantine item removal complete.
10:31 AM: Automatic removal of old quarantine items in progress.
11:26 PM: Removal process completed. Elapsed time 00:00:11
11:26 PM: Quarantining All Traces: yieldmanager cookie
11:26 PM: Quarantining All Traces: tribalfusion cookie
11:26 PM: Quarantining All Traces: trafficmp cookie
11:26 PM: Quarantining All Traces: tradedoubler cookie
11:26 PM: Quarantining All Traces: ru4 cookie
11:26 PM: Quarantining All Traces: realmedia cookie
11:26 PM: Quarantining All Traces: mediaplex cookie
11:26 PM: Quarantining All Traces: fastclick cookie
11:26 PM: Quarantining All Traces: casalemedia cookie
11:26 PM: Quarantining All Traces: atwola cookie
11:26 PM: Quarantining All Traces: atlas dmt cookie
11:26 PM: Quarantining All Traces: advertising cookie
11:26 PM: Quarantining All Traces: adserver cookie
11:26 PM: Quarantining All Traces: adrevolver cookie
11:26 PM: Quarantining All Traces: 2o7.net cookie
11:26 PM: Removal process initiated
10:34 PM: Traces Found: 17
10:34 PM: Full Sweep has completed. Elapsed time 00:47:33
10:34 PM: File Sweep Complete, Elapsed Time: 00:39:59
10:34 PM: Warning: Unhandled Archive Type
10:34 PM: Warning: Unhandled Archive Type
9:54 PM: Starting File Sweep
9:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:54 PM: owner@z1.adserver[1].txt (ID = 2142)
9:54 PM: Found Spy Cookie: adserver cookie
9:54 PM: owner@tribalfusion[1].txt (ID = 3589)
9:54 PM: Found Spy Cookie: tribalfusion cookie
9:54 PM: owner@trafficmp[2].txt (ID = 3581)
9:54 PM: Found Spy Cookie: trafficmp cookie
9:54 PM: owner@tradedoubler[1].txt (ID = 3575)
9:54 PM: Found Spy Cookie: tradedoubler cookie
9:54 PM: owner@realmedia[2].txt (ID = 3235)
9:54 PM: Found Spy Cookie: realmedia cookie
9:54 PM: owner@mediaplex[2].txt (ID = 6442)
9:54 PM: Found Spy Cookie: mediaplex cookie
9:54 PM: owner@fastclick[2].txt (ID = 2651)
9:54 PM: Found Spy Cookie: fastclick cookie
9:54 PM: owner@edge.ru4[2].txt (ID = 3269)
9:54 PM: Found Spy Cookie: ru4 cookie
9:54 PM: owner@casalemedia[1].txt (ID = 2354)
9:54 PM: Found Spy Cookie: casalemedia cookie
9:54 PM: owner@atwola[1].txt (ID = 2255)
9:54 PM: owner@atdmt[2].txt (ID = 2253)
9:54 PM: Found Spy Cookie: atlas dmt cookie
9:54 PM: owner@ar.atwola[1].txt (ID = 2256)
9:54 PM: Found Spy Cookie: atwola cookie
9:54 PM: owner@advertising[2].txt (ID = 2175)
9:54 PM: Found Spy Cookie: advertising cookie
9:54 PM: owner@adrevolver[3].txt (ID = 2088)
9:54 PM: owner@adrevolver[2].txt (ID = 2088)
9:54 PM: Found Spy Cookie: adrevolver cookie
9:54 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
9:54 PM: Found Spy Cookie: yieldmanager cookie
9:54 PM: owner@2o7[2].txt (ID = 1957)
9:54 PM: Found Spy Cookie: 2o7.net cookie
9:54 PM: Starting Cookie Sweep
9:54 PM: Registry Sweep Complete, Elapsed Time:00:01:08
9:53 PM: Starting Registry Sweep
9:53 PM: Memory Sweep Complete, Elapsed Time: 00:06:13
9:46 PM: Starting Memory Sweep
9:46 PM: Sweep initiated using definitions version 676
9:46 PM: Spy Sweeper started
9:46 PM: | Start of Session, Wednesday, May 10, 2006 |
********
9:46 PM: | End of Session, Wednesday, May 10, 2006 |
3:39 PM: Your spyware definitions have been updated.
3:37 PM: Your spyware definitions have been updated.
11:57 AM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
11:52 AM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
8:58 PM: Quarantine item removal complete.
8:58 PM: Automatic removal of old quarantine items in progress.
3:37 PM: Your spyware definitions have been updated.
12:27 PM: Allowed Startup entry: wextract_cleanup0
12:27 PM: Allowed Startup entry: Windows Defender
12:27 PM: Processing Startup Alerts
5:53 PM: Removal process completed. Elapsed time 00:00:02
5:53 PM: Quarantining All Traces: zedo cookie
5:53 PM: Quarantining All Traces: yieldmanager cookie
5:53 PM: Quarantining All Traces: webtrendslive cookie
5:53 PM: Quarantining All Traces: tribalfusion cookie
5:53 PM: Quarantining All Traces: trafficmp cookie
5:53 PM: Quarantining All Traces: tacoda cookie
5:53 PM: Quarantining All Traces: realtracker cookie
5:53 PM: Quarantining All Traces: realmedia cookie
5:53 PM: Quarantining All Traces: questionmarket cookie
5:53 PM: Quarantining All Traces: pointroll cookie
5:53 PM: Quarantining All Traces: netster cookie
5:53 PM: Quarantining All Traces: mediaplex cookie
5:53 PM: Quarantining All Traces: casalemedia cookie
5:53 PM: Quarantining All Traces: atwola cookie
5:53 PM: Quarantining All Traces: atlas dmt cookie
5:53 PM: Quarantining All Traces: ask cookie
5:53 PM: Quarantining All Traces: advertising cookie
5:53 PM: Quarantining All Traces: adserver cookie
5:53 PM: Quarantining All Traces: adrevolver cookie
5:53 PM: Quarantining All Traces: 2o7.net cookie
5:53 PM: Removal process initiated
5:05 PM: Traces Found: 22
5:05 PM: Full Sweep has completed. Elapsed time 00:23:36
5:05 PM: File Sweep Complete, Elapsed Time: 00:14:41
5:05 PM: Warning: Unhandled Archive Type
5:05 PM: Warning: Unhandled Archive Type
4:51 PM: Starting File Sweep
4:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
4:51 PM: owner@zedo[1].txt (ID = 3762)
4:51 PM: owner@z1.adserver[1].txt (ID = 2142)
4:51 PM: Found Spy Cookie: adserver cookie
4:51 PM: owner@web4.realtracker[1].txt (ID = 3242)
4:51 PM: Found Spy Cookie: realtracker cookie
4:51 PM: owner@tribalfusion[2].txt (ID = 3589)
4:51 PM: Found Spy Cookie: tribalfusion cookie
4:51 PM: owner@trafficmp[1].txt (ID = 3581)
4:51 PM: Found Spy Cookie: trafficmp cookie
4:51 PM: owner@tacoda[1].txt (ID = 6444)
4:51 PM: Found Spy Cookie: tacoda cookie
4:51 PM: owner@statse.webtrendslive[2].txt (ID = 3667)
4:51 PM: Found Spy Cookie: webtrendslive cookie
4:51 PM: owner@realmedia[1].txt (ID = 3235)
4:51 PM: Found Spy Cookie: realmedia cookie
4:51 PM: owner@questionmarket[2].txt (ID = 3217)
4:51 PM: Found Spy Cookie: questionmarket cookie
4:51 PM: owner@netster[1].txt (ID = 3071)
4:51 PM: Found Spy Cookie: netster cookie
4:51 PM: owner@mediaplex[2].txt (ID = 6442)
4:51 PM: Found Spy Cookie: mediaplex cookie
4:51 PM: owner@casalemedia[2].txt (ID = 2354)
4:51 PM: Found Spy Cookie: casalemedia cookie
4:51 PM: owner@c5.zedo[1].txt (ID = 3763)
4:51 PM: Found Spy Cookie: zedo cookie
4:51 PM: owner@atwola[1].txt (ID = 2255)
4:51 PM: Found Spy Cookie: atwola cookie
4:51 PM: owner@atdmt[2].txt (ID = 2253)
4:51 PM: Found Spy Cookie: atlas dmt cookie
4:51 PM: owner@ask[1].txt (ID = 2245)
4:51 PM: Found Spy Cookie: ask cookie
4:51 PM: owner@advertising[2].txt (ID = 2175)
4:51 PM: Found Spy Cookie: advertising cookie
4:51 PM: owner@ads.pointroll[1].txt (ID = 3148)
4:51 PM: Found Spy Cookie: pointroll cookie
4:51 PM: owner@adrevolver[3].txt (ID = 2088)
4:51 PM: owner@adrevolver[2].txt (ID = 2088)
4:51 PM: Found Spy Cookie: adrevolver cookie
4:51 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
4:51 PM: Found Spy Cookie: yieldmanager cookie
4:51 PM: owner@2o7[2].txt (ID = 1957)
4:51 PM: Found Spy Cookie: 2o7.net cookie
4:50 PM: Starting Cookie Sweep
4:50 PM: Registry Sweep Complete, Elapsed Time:00:01:29
4:49 PM: Starting Registry Sweep
4:49 PM: Memory Sweep Complete, Elapsed Time: 00:07:08
4:42 PM: Starting Memory Sweep
4:42 PM: Sweep initiated using definitions version 670
4:42 PM: Spy Sweeper started
4:42 PM: | Start of Session, Sunday, May 07, 2006 |
********
11:44 AM: Quarantine item removal complete.
11:44 AM: Automatic removal of old quarantine items in progress.
11:25 AM: Your spyware definitions have been updated.
11:55 PM: Quarantine item removal complete.
11:55 PM: Automatic removal of old quarantine items in progress.
11:24 AM: Your spyware definitions have been updated.
7:56 PM: Warning: Failed to get log from SSI driver. Insufficient system resources exist to complete the requested service
7:02 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
6:56 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
8:00 PM: Removal process completed. Elapsed time 00:00:11
8:00 PM: Quarantining All Traces: yieldmanager cookie
8:00 PM: Quarantining All Traces: webtrendslive cookie
8:00 PM: Quarantining All Traces: tribalfusion cookie
8:00 PM: Quarantining All Traces: trafficmp cookie
8:00 PM: Quarantining All Traces: tacoda cookie
8:00 PM: Quarantining All Traces: statcounter cookie
8:00 PM: Quarantining All Traces: specificclick.com cookie
8:00 PM: Quarantining All Traces: realmedia cookie
8:00 PM: Quarantining All Traces: questionmarket cookie
8:00 PM: Quarantining All Traces: pointroll cookie
8:00 PM: Quarantining All Traces: overture cookie
8:00 PM: Quarantining All Traces: nextag cookie
8:00 PM: Quarantining All Traces: mediaplex cookie
8:00 PM: Quarantining All Traces: casalemedia cookie
8:00 PM: Quarantining All Traces: atwola cookie
8:00 PM: Quarantining All Traces: atlas dmt cookie
8:00 PM: Quarantining All Traces: advertising cookie
8:00 PM: Quarantining All Traces: adrevolver cookie
8:00 PM: Quarantining All Traces: 2o7.net cookie
8:00 PM: Quarantining All Traces: 247realmedia cookie
8:00 PM: Removal process initiated
7:20 PM: Traces Found: 22
7:20 PM: Full Sweep has completed. Elapsed time 00:41:57
7:20 PM: File Sweep Complete, Elapsed Time: 00:26:19
7:20 PM: Warning: Unhandled Archive Type
7:20 PM: Warning: Unhandled Archive Type
7:20 PM: Warning: Unhandled Archive Type
6:54 PM: Starting File Sweep
6:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
6:54 PM: owner@tribalfusion[1].txt (ID = 3589)
6:54 PM: Found Spy Cookie: tribalfusion cookie
6:54 PM: owner@trafficmp[2].txt (ID = 3581)
6:54 PM: Found Spy Cookie: trafficmp cookie
6:54 PM: owner@tacoda[1].txt (ID = 6444)
6:54 PM: Found Spy Cookie: tacoda cookie
6:54 PM: owner@statse.webtrendslive[1].txt (ID = 3667)
6:54 PM: Found Spy Cookie: webtrendslive cookie
6:54 PM: owner@statcounter[1].txt (ID = 3447)
6:54 PM: Found Spy Cookie: statcounter cookie
6:54 PM: owner@realmedia[1].txt (ID = 3235)
6:54 PM: Found Spy Cookie: realmedia cookie
6:54 PM: owner@questionmarket[2].txt (ID = 3217)
6:54 PM: Found Spy Cookie: questionmarket cookie
6:54 PM: owner@perf.overture[1].txt (ID = 3106)
6:54 PM: Found Spy Cookie: overture cookie
6:54 PM: owner@nextag[1].txt (ID = 5014)
6:54 PM: owner@mediaplex[1].txt (ID = 6442)
6:54 PM: Found Spy Cookie: mediaplex cookie
6:54 PM: owner@casalemedia[2].txt (ID = 2354)
6:54 PM: Found Spy Cookie: casalemedia cookie
6:54 PM: owner@atwola[1].txt (ID = 2255)
6:54 PM: Found Spy Cookie: atwola cookie
6:54 PM: owner@atdmt[2].txt (ID = 2253)
6:54 PM: Found Spy Cookie: atlas dmt cookie
6:54 PM: owner@advertising[1].txt (ID = 2175)
6:54 PM: Found Spy Cookie: advertising cookie
6:54 PM: owner@ads.pointroll[2].txt (ID = 3148)
6:54 PM: Found Spy Cookie: pointroll cookie
6:54 PM: owner@adrevolver[3].txt (ID = 2088)
6:54 PM: owner@adrevolver[2].txt (ID = 2088)
6:54 PM: Found Spy Cookie: adrevolver cookie
6:54 PM: owner@adq.nextag[1].txt (ID = 5015)
6:54 PM: Found Spy Cookie: nextag cookie
6:54 PM: owner@adopt.specificclick[2].txt (ID = 3400)
6:54 PM: Found Spy Cookie: specificclick.com cookie
6:54 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
6:54 PM: Found Spy Cookie: yieldmanager cookie
6:54 PM: owner@2o7[1].txt (ID = 1957)
6:54 PM: Found Spy Cookie: 2o7.net cookie
6:54 PM: owner@247realmedia[2].txt (ID = 1953)
6:54 PM: Found Spy Cookie: 247realmedia cookie
6:53 PM: Starting Cookie Sweep
6:53 PM: Registry Sweep Complete, Elapsed Time:00:01:37
6:52 PM: Starting Registry Sweep
6:52 PM: Memory Sweep Complete, Elapsed Time: 00:13:39
6:38 PM: Starting Memory Sweep
6:38 PM: Sweep initiated using definitions version 668
6:38 PM: Spy Sweeper started
6:38 PM: | Start of Session, Sunday, April 30, 2006 |
********
6:38 PM: | End of Session, Sunday, April 30, 2006 |
1:25 PM: Allowed Startup entry: HPSoftwareUpdate
1:25 PM: Processing Startup Alerts
1:24 PM: Allowed Startup entry: HPSoftwareUpdate
1:24 PM: Processing Startup Alerts
9:47 PM: Your spyware definitions have been updated.
11:18 AM: Quarantine item removal complete.
11:18 AM: Automatic removal of old quarantine items in progress.
9:47 PM: Your spyware definitions have been updated.
9:40 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
9:38 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
9:35 PM: IE Security Shield: found: C:\PROGRAM FILES\MICROSOFT MONEY 2005\MNYCOREFILES\MSMONEY.EXE -- IE Security modification denied
5:39 PM: Quarantine item removal complete.
5:39 PM: Automatic removal of old quarantine items in progress.
12:55 AM: Allowed Startup entry: Recguard
12:55 AM: Allowed Startup entry: ATIPTA
12:55 AM: Allowed Startup entry: Symantec NetDriver Monitor
12:55 AM: Allowed Startup entry: HostManager
12:55 AM: Allowed Startup entry: ccApp
12:55 AM: Allowed Startup entry: RemoteControl
12:55 AM: Allowed Startup entry: HP Software Update
12:55 AM: Allowed Startup entry: DW4
12:55 AM: Allowed Startup entry: BigFix.lnk
12:55 AM: Processing Startup Alerts
9:46 PM: Your spyware definitions have been updated.
11:22 AM: Allowed Startup entry: HP Software Update
11:22 AM: Allowed Startup entry: RemoteControl
11:22 AM: Allowed Startup entry: ccApp
11:22 AM: Allowed Startup entry: HostManager
11:22 AM: Allowed Startup entry: Symantec NetDriver Monitor
11:22 AM: Allowed Startup entry: ATIPTA
11:22 AM: Allowed Startup entry: Recguard
11:22 AM: Allowed Startup entry: DW4
11:22 AM: Allowed Startup entry: BigFix.lnk
11:22 AM: Processing Startup Alerts
6:29 PM: Warning: Failed to get log from SSI driver. Insufficient system resources exist to complete the requested service
6:29 PM: Warning: Failed to get log from SSI driver. Insufficient system resources exist to complete the requested service
11:58 PM: Removal process completed. Elapsed time 00:00:12
11:58 PM: Quarantining All Traces: zedo cookie
11:58 PM: Quarantining All Traces: yieldmanager cookie
11:58 PM: Quarantining All Traces: ru4 cookie
11:58 PM: Quarantining All Traces: realmedia cookie
11:58 PM: Quarantining All Traces: questionmarket cookie
11:58 PM: Quarantining All Traces: pointroll cookie
11:58 PM: Quarantining All Traces: overture cookie
11:58 PM: Quarantining All Traces: nextag cookie
11:58 PM: Quarantining All Traces: mediaplex cookie
11:58 PM: Quarantining All Traces: coremetrics cookie
11:58 PM: Quarantining All Traces: casalemedia cookie
11:58 PM: Quarantining All Traces: atwola cookie
11:58 PM: Quarantining All Traces: atlas dmt cookie
11:58 PM: Quarantining All Traces: advertising cookie
11:58 PM: Quarantining All Traces: 2o7.net cookie
11:58 PM: Removal process initiated
11:05 PM: Traces Found: 17
11:05 PM: Full Sweep has completed. Elapsed time 00:40:14
11:05 PM: File Sweep Complete, Elapsed Time: 00:25:48
11:05 PM: Warning: Unhandled Archive Type
11:05 PM: Warning: Unhandled Archive Type
11:05 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
11:04 PM: Warning: Unhandled Archive Type
10:39 PM: Starting File Sweep
10:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
10:39 PM: owner@zedo[2].txt (ID = 3762)
10:39 PM: Found Spy Cookie: zedo cookie
10:39 PM: owner@twci.coremetrics[1].txt (ID = 2472)
10:39 PM: Found Spy Cookie: coremetrics cookie
10:39 PM: owner@realmedia[1].txt (ID = 3235)
10:39 PM: Found Spy Cookie: realmedia cookie
10:39 PM: owner@questionmarket[1].txt (ID = 3217)
10:39 PM: Found Spy Cookie: questionmarket cookie
10:39 PM: owner@perf.overture[1].txt (ID = 3106)
10:39 PM: Found Spy Cookie: overture cookie
10:39 PM: owner@nextag[2].txt (ID = 5014)
10:39 PM: Found Spy Cookie: nextag cookie
10:39 PM: owner@mediaplex[2].txt (ID = 6442)
10:39 PM: Found Spy Cookie: mediaplex cookie
10:39 PM: owner@edge.ru4[2].txt (ID = 3269)
10:39 PM: Found Spy Cookie: ru4 cookie
10:39 PM: owner@casalemedia[2].txt (ID = 2354)
10:39 PM: Found Spy Cookie: casalemedia cookie
10:39 PM: owner@atwola[1].txt (ID = 2255)
10:39 PM: owner@atdmt[2].txt (ID = 2253)
10:39 PM: Found Spy Cookie: atlas dmt cookie
10:39 PM: owner@ar.atwola[1].txt (ID = 2256)
10:39 PM: Found Spy Cookie: atwola cookie
10:39 PM: owner@advertising[1].txt (ID = 2175)
10:39 PM: Found Spy Cookie: advertising cookie
10:39 PM: owner@ads.pointroll[1].txt (ID = 3148)
10:39 PM: Found Spy Cookie: pointroll cookie
10:39 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
10:39 PM: Found Spy Cookie: yieldmanager cookie
10:39 PM: owner@2o7[1].txt (ID = 1957)
10:39 PM: guest@2o7[2].txt (ID = 1957)
10:39 PM: Found Spy Cookie: 2o7.net cookie
10:39 PM: Starting Cookie Sweep
10:39 PM: Registry Sweep Complete, Elapsed Time:00:01:28
10:37 PM: Starting Registry Sweep
10:37 PM: Memory Sweep Complete, Elapsed Time: 00:12:27
10:25 PM: Starting Memory Sweep
10:25 PM: Sweep initiated using definitions version 663
10:25 PM: Spy Sweeper started
10:25 PM: | Start of Session, Sunday, April 23, 2006 |
********

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 AM

Posted 21 September 2006 - 04:01 PM

I see that your subscription for Spysweeper has expired, or maybe this is just the trial version. Either way, since you can no longer get updated definitions for it I would recommend uninstalling it or purchasing a license. Without regular updates, it's not much good to you.

Are you still getting popups?
Please post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 vinsta19

vinsta19
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 23 September 2006 - 02:13 PM

Hello again,

I have another problem, when i start up my computer i get an error message:

C:\PROGRA~1\UNINST~1.DLL
The specified module could not be found.

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 AM

Posted 23 September 2006 - 02:25 PM

Please post a new hijackthis log.
Are you still getting popups?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users