Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have The Funwebproducts / Mywebsearch Bug


  • Please log in to reply
18 replies to this topic

#1 steven

steven

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 22 June 2007 - 10:22 PM

Hello.
I've been bug free for a long time, thank's to the help from you guys! But alas, I've got the FunWebProducts / MyWebSearch bug that my current spyware / anti virus stuff doesn't remove. Spyware Doctor has been useless in keeping this bug out, or even finding it.
Spybot tries to remove these things, but keep's alerting me to being unable to totally remove this bug.
That's how I knew for sure I was infected. My computer browser has been slowed down too. That was clue # 2.
I have searched other posts and found no identical match to my problem, so I decided to ask and follow your advise in this regard.
Please keep in mind, that I'm on dial up. Hence my hesitation in following one of the previous removal posts. It required several new downloadable cleaners, and I'm also concerned about compatibility with Spyware Doctor.
Thank You,
Steven

Logfile of HijackThis v1.99.1
Scan saved at 8:30:43 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Ahead\InCD\InCD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LocalLink Accelerator\slipcore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LocalLink Accelerator\slipgui.exe
C:\Program Files\interMute\SpySubtract\spysub.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Steven\LOCALS~1\Temp\Temporary Directory 4 for HijackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\LocalLink Accelerator\PBHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\LocalLink Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\SYSTEM32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: LocalLink Accelerator.lnk = C:\Program Files\LocalLink Accelerator\slipgui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...arch.jhtml?p=ZJ
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\LocalLink Accelerator\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\LocalLink Accelerator\gui_resource.dll/328
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9694EC9D-5E1B-444D-B44A-EA74C9070087}: NameServer = 209.131.224.103 209.131.224.93
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Edited by steven, 22 June 2007 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 30 June 2007 - 11:28 AM

Hello,

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 30 June 2007 - 10:40 PM

Hi Teacup, pleased to meet cha.
It's cool on the time. I've seen where you guy's are totally swamped.
Since I posted the 1st HJT log, I've followed some of the others posts by dowmloading SuperAnti Spyware. I ran it + it found bugs I didn't even know I had. I've ran it 5 times, cleaned it each time, and I've been reinfected by mywebsearch twice. I'm thinking it might be one of my kids, though neither one spends much time online. They do - do the itunes + IM stuff.
OK, ran a new log. Let me know what you think.
PS- My pc settings are as recommended here.
Thank You, Steven
Logfile of HijackThis v1.99.1
Scan saved at 10:32:06 PM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\DSentry.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LocalLink Accelerator\slipcore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\LocalLink Accelerator\slipgui.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\interMute\SpySubtract\spysub.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\WINDOWS\SYSTEM32\spider.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\LocalLink Accelerator\PBHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe /disabled
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\LocalLink Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: LocalLink Accelerator.lnk = C:\Program Files\LocalLink Accelerator\slipgui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\spysub.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\LocalLink Accelerator\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\LocalLink Accelerator\gui_resource.dll/328
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9694EC9D-5E1B-444D-B44A-EA74C9070087}: NameServer = 209.131.224.103 209.131.224.93
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 01 July 2007 - 12:40 PM

Hello Steven,

Yes, it could be the kids and what they do. The programs you mention are associated with fun little smileys, which are associated with adware, and so forth. Let's have a look :

Could I please see an uninstall list?

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 01 July 2007 - 10:54 PM

Hi Tea,
I'll have to do some research here to look up what you mention. I was aware that clicking on some questionable things on pages like IM etc. can open some undesired scripts, but I'm not sure how to control that.
Here's what you asked for. ( I think it's what you asked for.)
Take Care, Steven

Ad-aware 6 Personal
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8
American Greetings® Art & More Store
American Greetings® CreataCard® 4
Apple Software Update
ATI Control Panel
ATI Display Driver
Autodesk Express Viewer
AviSynth 2.5
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2™
Calculator Powertoy for Windows XP
Call of Duty
Click'N Design 3D
Conexant SmartHSFi V.9x 56K DF PCI Modem
Creative MediaSource
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support
DellSupport

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 02 July 2007 - 12:32 PM

Hi Steven,

Nothing there that I was looking for, so that's good. I really think it's what they're clicking on and not anything installed or we'd be seeing entries in these logs for FunWebProducts or MyWebSearch, or similar. You have some good protection in place, but not even all that can stop something that is purposely let in.

I'd like to see one more scan.....this one is good at finding and removing bugs in the registry, which is where this might be hanging out.

Download the trial version of Spy Sweeper from
Here


Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 02 July 2007 - 05:21 PM

Hi Tea,
I downloaded the 1st option (without virus protection). Wasn't sure about that. Spysweeper found 10 items. It recommended I reset my I.E.Page settings, but I can't find the place where the shields are.
Oh well. Here's your requested info.

5:09 PM: None
5:09 PM: Traces Found: 0
5:09 PM: Full Sweep has completed. Elapsed time 00:17:24
5:09 PM: File Sweep Complete, Elapsed Time: 00:13:32
5:06 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
5:06 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
5:05 PM: Warning: Failed to open file "c:\documents and settings\steven\local settings\temp\jet6edd.tmp". The operation completed successfully
5:03 PM: ApplicationMinimized - EXIT
5:03 PM: ApplicationMinimized - ENTER
4:59 PM: ApplicationMinimized - EXIT
4:59 PM: ApplicationMinimized - ENTER
4:58 PM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:56 PM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:56 PM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:55 PM: Starting File Sweep
4:55 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
4:55 PM: Starting Cookie Sweep
4:55 PM: Registry Sweep Complete, Elapsed Time:00:00:19
4:55 PM: Starting Registry Sweep
4:55 PM: Memory Sweep Complete, Elapsed Time: 00:03:21
4:52 PM: ApplicationMinimized - EXIT
4:52 PM: ApplicationMinimized - ENTER
4:52 PM: Starting Memory Sweep
4:52 PM: Start Full Sweep
4:52 PM: Sweep initiated using definitions version 941
4:51 PM: BHO Shield: found: -- BHO installation allowed at user request
4:51 PM: Warning: no filename sent to VerifyFileSignature
4:50 PM: Warning: DoInject :\Device\HarddiskVolume2\Program Files\Spyware Doctor\sdhelp.exe
4:50 PM: Warning: DoInject :\Device\HarddiskVolume2\Program Files\Spyware Doctor\sdhelp.exe
Keylogger: Off
4:50 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
4:50 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:50 PM: Shield States
4:50 PM: Spyware Definitions: 941
4:48 PM: Spy Sweeper 5.5.1.3356 started
4:48 PM: Spy Sweeper 5.5.1.3356 started
4:48 PM: | Start of Session, Monday, July 02, 2007 |
***************
4:46 PM: Warning: DoInject :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:46 PM: Removal process completed. Elapsed time 00:21:14
4:46 PM: Preparing to restart your computer. Please wait...
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet004\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
4:43 PM: Tamper Detection
4:27 PM: Quarantining All Traces: tendollars cookie
4:27 PM: Quarantining All Traces: go.com cookie
4:27 PM: c:\windows\q329441.log:kmgox is in use. It will be removed on reboot.
4:27 PM: c:\windows\q329834.log:afdwy is in use. It will be removed on reboot.
4:27 PM: c:\windows\kb834707-ie6sp1-20040929.091901.log:bbatr is in use. It will be removed on reboot.
4:27 PM: c:\windows\q816982.log:puewr is in use. It will be removed on reboot.
4:27 PM: tvmedia is in use. It will be removed on reboot.
4:27 PM: Quarantining All Traces: tvmedia
4:27 PM: Quarantining All Traces: instant access
4:27 PM: Quarantining All Traces: tibs dialer
4:27 PM: c:\windows\wiaservc.log:dzfoyk is in use. It will be removed on reboot.
4:27 PM: c:\windows\windowsupdate.log:mcihcy is in use. It will be removed on reboot.
4:27 PM: c:\windows\faxsetup.log:fjfwgu is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(29).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(30).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(29).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(28).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(26).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(27).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(26).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(25).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(24).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(23).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(22).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(21).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(20).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(19).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(18).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(17).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(16).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(15).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(14).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(13).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(12).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(10).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(11).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(10).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(46).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(45).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(9).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(8).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(7).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(44).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(43).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\combatfs(7).cfg:nswrtb is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(42).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(41).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\mididef(40).exe:gsbtq is in use. It will be removed on reboot.
4:27 PM: c:\windows\tmupdate.ini:uotivk is in use. It will be removed on reboot.
4:27 PM: c:\windows\svcpack.log:eelrps is in use. It will be removed on reboot.
4:27 PM: c:\windows\kb885835.log:xjskmc is in use. It will be removed on reboot.
4:27 PM: c:\windows\kb885835.log:ofrse is in use. It will be removed on reboot.
4:27 PM: c:\windows\ieft32.dll:hrowbs is in use. It will be removed on reboot.
4:27 PM: c:\windows\msfsetup.ini:gbrrrs is in use. It will be removed on reboot.
4:27 PM: c:\windows\patch.exe:gvccfw is in use. It will be removed on reboot.
4:27 PM: c:\windows\kb885836.log:kmayas is in use. It will be removed on reboot.
4:27 PM: c:\windows\kb885836.log:alqlyp is in use. It will be removed on reboot.
4:27 PM: c:\windows\wmsysprx.prx:wzunis is in use. It will be removed on reboot.
4:27 PM: c:\windows\kb824105.log:ipkgqv is in use. It will be removed on reboot.
4:27 PM: c:\windows\twunk_16.exe:hfpwpe is in use. It will be removed on reboot.
4:27 PM: c:\windows\readreg(12).exe:rarkr is in use. It will be removed on reboot.
4:27 PM: c:\windows\readreg(12).exe:nxpbod is in use. It will be removed on reboot.
4:27 PM: c:\windows\tsoc.log:esdsqm is in use. It will be removed on reboot.
4:27 PM: c:\windows\readreg(11).exe:rarkr is in use. It will be removed on reboot.
4:27 PM: c:\windows\readreg(10).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\zapotec.bmp:kyirdq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(13).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(3).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(22).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\twunk_16.exe:rgbpjm is in use. It will be removed on reboot.
4:26 PM: c:\windows\oobeact.log:vfkqpn is in use. It will be removed on reboot.
4:26 PM: c:\windows\tntgh.txt:wbosnk is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(33).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(30).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\appoc32.dll:abttd is in use. It will be removed on reboot.
4:26 PM: c:\windows\twain_32.dll:oswysw is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(12).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb839643-directx9.log:ydrkbf is in use. It will be removed on reboot.
4:26 PM: c:\windows\appmu32(3).dll:ihdtte is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(15).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\comsetup.log:sjvbj is in use. It will be removed on reboot.
4:26 PM: c:\windows\comsetup.log:rqdlpg is in use. It will be removed on reboot.
4:26 PM: c:\windows\comsetup.log:dfqcvt is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(50).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(49).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(48).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(11).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(8).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(9).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\n_axpplx.log:kxjdu is in use. It will be removed on reboot.
4:26 PM: c:\windows\n_axpplx.log:cxmzv is in use. It will be removed on reboot.
4:26 PM: c:\windows\ncuninst.exe:pqhkh is in use. It will be removed on reboot.
4:26 PM: c:\windows\notepad.exe:huhtms is in use. It will be removed on reboot.
4:26 PM: c:\windows\muninst.exe:xqxwf is in use. It will be removed on reboot.
4:26 PM: c:\windows\oeuninst.exe:vwhqai is in use. It will be removed on reboot.
4:26 PM: c:\windows\oeuninst.exe:rzibjw is in use. It will be removed on reboot.
4:26 PM: c:\windows\ppsetup.log:vwuaxq is in use. It will be removed on reboot.
4:26 PM: c:\windows\q329112.log:hcjejc is in use. It will be removed on reboot.
4:26 PM: c:\windows\q329441.log:krvwld is in use. It will be removed on reboot.
4:26 PM: c:\windows\q329834.log:tujtgj is in use. It will be removed on reboot.
4:26 PM: c:\windows\q331953.log:dvuyju is in use. It will be removed on reboot.
4:26 PM: c:\windows\q810833.log:vtggiq is in use. It will be removed on reboot.
4:26 PM: c:\windows\q810833.log:mgieys is in use. It will be removed on reboot.
4:26 PM: c:\windows\q811789.log:rdpmvn is in use. It will be removed on reboot.
4:26 PM: c:\windows\q811789.log:kzizs is in use. It will be removed on reboot.
4:26 PM: c:\windows\q811789.log:ihftif is in use. It will be removed on reboot.
4:26 PM: c:\windows\q812415.log:rodtxo is in use. It will be removed on reboot.
4:26 PM: c:\windows\q814033.log:biyzkp is in use. It will be removed on reboot.
4:26 PM: c:\windows\q815485.log:peodev is in use. It will be removed on reboot.
4:26 PM: c:\windows\q816486.log:gnmjqh is in use. It will be removed on reboot.
4:26 PM: c:\windows\q816486.log:eqmoye is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(47).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(6).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(5).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(17).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(13).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(26).exe:hfyeoa is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb867282.log:pqvpsf is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(32).exe:iwhdlb is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(14).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(35).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(24).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(36).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(3).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(9).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(4).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\jkqfm.dat:nyjnry is in use. It will be removed on reboot.
4:26 PM: c:\windows\ogzva.log:jathdy is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(8).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(14).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\tmupdate.dll:dzmbw is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(25).exe:ryewe is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(25).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\odbc.ini:yoeepc is in use. It will be removed on reboot.
4:26 PM: c:\windows\windows update.log:sgpvj is in use. It will be removed on reboot.
4:26 PM: c:\windows\windows update.log:fgbieu is in use. It will be removed on reboot.
4:26 PM: c:\windows\tbnpk.log:ftqvig is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(7).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\spupdsvc.log:zdbyna is in use. It will be removed on reboot.
4:26 PM: c:\windows\spupdsvc.log:jbgkls is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(18).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(19).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(20).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\q817472.log:sxrwtx is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841873.log:pwznz is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb826959.log:klfvby is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(21).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\iis6.log:vezsij is in use. It will be removed on reboot.
4:26 PM: c:\windows\blue lace 16.bmp:aefcwm is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(5).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\xpsp1hfm.log:kurtgw is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(31).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\q817606.log:lhhxtd is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(2).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(23).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb840315.log:uasngd is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(27).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb842773.log:oarwyy is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb842773.log:eqaesr is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg.exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb825119.log:aqdtkx is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb886185.log:oaltlr is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb828028.log:bjaunk is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(28).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(4).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(6).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(29).exe:zfqjqd is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(37).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\winnt.bmp:bgwrme is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(34).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\reglocs.old:yfzum is in use. It will be removed on reboot.
4:26 PM: c:\windows\atloj32.dll:oxnvi is in use. It will be removed on reboot.
4:26 PM: c:\windows\~glc0000.tmp:qpnyxy is in use. It will be removed on reboot.
4:26 PM: c:\windows\appmu32(2).dll:ihdtte is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841533.log:wqlkqd is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841533.log:roxaav is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb834707.log:fchxzc is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb873376.log:jpqncy is in use. It will be removed on reboot.
4:26 PM: c:\windows\dtcinstall.log:kwwdt is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(16).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(32).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\readreg(2).exe:rarkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\regopt.log:jvgzya is in use. It will be removed on reboot.
4:26 PM: c:\windows\river sumida.bmp:tvzfak is in use. It will be removed on reboot.
4:26 PM: c:\windows\combatfs(32).cfg:nswrtb is in use. It will be removed on reboot.
4:26 PM: c:\windows\winnt256.bmp:ztdpkq is in use. It will be removed on reboot.
4:26 PM: c:\windows\combatfs(31).cfg:nswrtb is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(39).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841356.log:wazqvv is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841356.log:nbksan is in use. It will be removed on reboot.
4:26 PM: c:\windows\mszn.dll:ghdys is in use. It will be removed on reboot.
4:26 PM: c:\windows\apiyw.dll:zwiitp is in use. It will be removed on reboot.
4:26 PM: c:\windows\twunk_32.exe:tflumg is in use. It will be removed on reboot.
4:26 PM: c:\windows\q811630.log:ekckia is in use. It will be removed on reboot.
4:26 PM: c:\windows\oewablog.txt:qppjrm is in use. It will be removed on reboot.
4:26 PM: c:\windows\q331060.log:semwfp is in use. It will be removed on reboot.
4:26 PM: c:\windows\msck.dll:vfanw is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef.exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\javaty.dll:rdzsew is in use. It will be removed on reboot.
4:26 PM: c:\windows\javaty.dll:mdftol is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(38).exe:gsbtq is in use. It will be removed on reboot.
4:26 PM: c:\windows\vmuninst.log:vzmpvp is in use. It will be removed on reboot.
4:26 PM: c:\windows\ieft32.dll:vyajw is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb885250.log:bjpwkd is in use. It will be removed on reboot.
4:26 PM: c:\windows\appxw.dll:bpwym is in use. It will be removed on reboot.
4:26 PM: c:\windows\appxw.dll:abkdic is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb888113.log:kmayas is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb888113.log:dntduc is in use. It will be removed on reboot.
4:26 PM: c:\windows\q828026.log:rppcnc is in use. It will be removed on reboot.
4:26 PM: c:\windows\calera.ini:trusix is in use. It will be removed on reboot.
4:26 PM: c:\windows\slrundll(2).exe:olonoo is in use. It will be removed on reboot.
4:26 PM: c:\windows\slrundll(2).exe:hcjlky is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb840987.log:xvgie is in use. It will be removed on reboot.
4:26 PM: c:\windows\atlgm.dll:ewcpg is in use. It will be removed on reboot.
4:26 PM: c:\windows\appku32.dll:sxbnnz is in use. It will be removed on reboot.
4:26 PM: c:\windows\q816982.log:zoxpkr is in use. It will be removed on reboot.
4:26 PM: c:\windows\q816982.log:sgpkra is in use. It will be removed on reboot.
4:26 PM: c:\windows\slrundll.exe:olonoo is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb828741.log:cmyidj is in use. It will be removed on reboot.
4:26 PM: cws_tiny0 is in use. It will be removed on reboot.
4:26 PM: Quarantining All Traces: cws_tiny0
4:26 PM: c:\windows\system.tmp:xefsyk is in use. It will be removed on reboot.
4:26 PM: c:\windows\oobeact.log:uberzt is in use. It will be removed on reboot.
4:26 PM: c:\windows\tntgh.txt:jincxg is in use. It will be removed on reboot.
4:26 PM: c:\windows\system.ini:xefsyk is in use. It will be removed on reboot.
4:26 PM: c:\windows\ievv.dll:iazrjk is in use. It will be removed on reboot.
4:26 PM: c:\windows\sdkkc32.dll:kelsxf is in use. It will be removed on reboot.
4:26 PM: c:\windows\q828026.log:gounhk is in use. It will be removed on reboot.
4:26 PM: c:\windows\ctdvaudy.cdf:sbxlid is in use. It will be removed on reboot.
4:26 PM: c:\windows\msfsetup.ini:zaocy is in use. It will be removed on reboot.
4:26 PM: c:\windows\twunk_16.exe:puntb is in use. It will be removed on reboot.
4:26 PM: c:\windows\iehx32.dll:nydtln is in use. It will be removed on reboot.
4:26 PM: c:\windows\vbaddin.ini:dodqur is in use. It will be removed on reboot.
4:26 PM: c:\windows\zapotec.bmp:pnmssr is in use. It will be removed on reboot.
4:26 PM: c:\windows\appmu32(3).dll:sfwrbk is in use. It will be removed on reboot.
4:26 PM: c:\windows\appmu32.dll:sfwrbk is in use. It will be removed on reboot.
4:26 PM: c:\windows\ppsetup.log:xnsgi is in use. It will be removed on reboot.
4:26 PM: c:\windows\q328213.log:cipbut is in use. It will be removed on reboot.
4:26 PM: c:\windows\q329170.log:ldnghu is in use. It will be removed on reboot.
4:26 PM: c:\windows\q810577.log:bnryih is in use. It will be removed on reboot.
4:26 PM: c:\windows\windows update.log:wimex is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb821557.log:dzrqad is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841873.log:vnamey is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb841873.log:jbxfjt is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb817611.log:gowwpn is in use. It will be removed on reboot.
4:26 PM: c:\windows\mididef(23).exe:eumfmd is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb828028.log:fefdz is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb835732.log:vmlqx is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb835732.log:nzbpkw is in use. It will be removed on reboot.
4:26 PM: c:\windows\lexstat(2).ini:vyjmay is in use. It will be removed on reboot.
4:26 PM: c:\windows\lexstat(2).ini:lmgzmd is in use. It will be removed on reboot.
4:26 PM: c:\windows\iaomq.dat:iupdak is in use. It will be removed on reboot.
4:26 PM: c:\windows\q329115.log:nnbtse is in use. It will be removed on reboot.
4:26 PM: c:\windows\sdkfz32.dll:faglz is in use. It will be removed on reboot.
4:26 PM: c:\windows\winnt.bmp:ojhtxi is in use. It will be removed on reboot.
4:26 PM: c:\windows\winnt.bmp:crbpn is in use. It will be removed on reboot.
4:26 PM: c:\windows\runtsckl.exe:obwpey is in use. It will be removed on reboot.
4:26 PM: c:\windows\reglocs.old:nfdib is in use. It will be removed on reboot.
4:26 PM: c:\windows\appmu32(2).dll:sfwrbk is in use. It will be removed on reboot.
4:26 PM: c:\windows\msdfmap.ini:ycdpx is in use. It will be removed on reboot.
4:26 PM: c:\windows\kb834707-ie6sp1-20040929.091901.log:ocseo is in use. It will be removed on reboot.
4:26 PM: c:\windows\ipnj.dll:xchpog is in use. It will be removed on reboot.
4:26 PM: c:\windows\djbdrv.log:mjcws is in use. It will be removed on reboot.
4:26 PM: coolwebsearch (cws) is in use. It will be removed on reboot.
4:25 PM: Quarantining All Traces: coolwebsearch (cws)
4:25 PM: Quarantining All Traces: agent.ay downloader
4:25 PM: c:\windows\wiaservc.log:hmvrh is in use. It will be removed on reboot.
4:25 PM: c:\windows\faxsetup.log:ravxo is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(29).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(29).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(26).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\msoffice.ini:qdvcz is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(26).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(10).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(46).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(45).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(44).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(7).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\vmuninst.log:olkdn is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb824105.log:udblc is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(43).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(42).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(41).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(40).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\msoffice.ini:ovfsr is in use. It will be removed on reboot.
4:25 PM: c:\windows\appoc32.dll:qzxrif is in use. It will be removed on reboot.
4:25 PM: c:\windows\visi.ini:orjum is in use. It will be removed on reboot.
4:25 PM: c:\windows\ctdvaudy.cdf:pcktvg is in use. It will be removed on reboot.
4:25 PM: c:\windows\twunk_16.exe:nwkuh is in use. It will be removed on reboot.
4:25 PM: c:\windows\svcpack.log:oujej is in use. It will be removed on reboot.
4:25 PM: c:\windows\slrundll(2).exe:tvibya is in use. It will be removed on reboot.
4:25 PM: c:\windows\$ntservicepackuninstall$\winhlp32.exe:ojerz is in use. It will be removed on reboot.
4:25 PM: c:\windows\wmsysprx.prx:zxplny is in use. It will be removed on reboot.
4:25 PM: c:\windows\system.ini:levsi is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb824146.log:lbpls is in use. It will be removed on reboot.
4:25 PM: c:\windows\zapotec.bmp:vmjxuq is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(13).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(13).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(3).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(3).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(22).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(22).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(10).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(33).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(33).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(30).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(30).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\sessmgr.setup.log:innyy is in use. It will be removed on reboot.
4:25 PM: c:\windows\sessmgr.setup.log:anvicr is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(12).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(12).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(15).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(15).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(50).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(50).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(49).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(49).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(48).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(48).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(11).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(11).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(8).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(8).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(9).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(9).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\muninst.exe:xcipk is in use. It will be removed on reboot.
4:25 PM: c:\windows\muninst.exe:qfccv is in use. It will be removed on reboot.
4:25 PM: c:\windows\oeuninst.exe:yqfeb is in use. It will be removed on reboot.
4:25 PM: c:\windows\notepad(2).exe:jbdcvl is in use. It will be removed on reboot.
4:25 PM: c:\windows\q323255.log:xlhgh is in use. It will be removed on reboot.
4:25 PM: c:\windows\q323255.log:qoktk is in use. It will be removed on reboot.
4:25 PM: c:\windows\q329170.log:insre is in use. It will be removed on reboot.
4:25 PM: c:\windows\q810577.log:trplz is in use. It will be removed on reboot.
4:25 PM: c:\windows\q812415.log:uabuq is in use. It will be removed on reboot.
4:25 PM: c:\windows\q814033.log:duzpin is in use. It will be removed on reboot.
4:25 PM: c:\windows\q815485.log:mslak is in use. It will be removed on reboot.
4:25 PM: c:\windows\q816486.log:vvrdky is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(47).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(47).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(17).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(17).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\winhelp.exe:rqqkl is in use. It will be removed on reboot.
4:25 PM: c:\windows\winhelp.exe:ponxg is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(14).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(14).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(35).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(35).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(46).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(45).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(24).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(24).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(44).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(36).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(36).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(43).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\msfsetup.ini:ebqcq is in use. It will be removed on reboot.
4:25 PM: c:\windows\msoffice.ini:edahmk is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(42).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(41).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(40).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(25).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(25).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(7).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\spupdsvc.log:lwagak is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(18).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(18).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\visi.ini:wksyl is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(19).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(19).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\vbaddin.ini:dkztq is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(20).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(20).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb821557.log:stqlr is in use. It will be removed on reboot.
4:25 PM: c:\windows\q817472.log:xuwkg is in use. It will be removed on reboot.
4:25 PM: c:\windows\$ntservicepackuninstall$\hh.exe:cosgg is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb841873.log:dahrg is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(39).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(21).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(21).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(39).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(5).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(5).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(31).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(31).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb817611.log:hrxee is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(2).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(2).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(23).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(23).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(27).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(27).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(32).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb825119.log:ssixb is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb825119.log:mdmqf is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb828028.log:cttcv is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb835732.log:ztzvy is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb835732.log:syegk is in use. It will be removed on reboot.
4:25 PM: c:\windows\lexstat(2).ini:rbmhd is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb839645.log:nmevr is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb839645.log:gzlumy is in use. It will be removed on reboot.
4:25 PM: c:\windows\vmmreg32.dll:lpita is in use. It will be removed on reboot.
4:25 PM: c:\windows\vmmreg32.dll:lmrzp is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(28).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(28).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(4).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(4).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb886185.log:zkvlnj is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(6).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(6).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb823182.log:ejlqq is in use. It will be removed on reboot.
4:25 PM: c:\windows\maxlink.ini:ltjcb is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(37).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(37).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\winnt.bmp:uhwawq is in use. It will be removed on reboot.
4:25 PM: c:\windows\runtsckl.exe:frayt is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(34).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(34).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\atloj32.dll:hhsig is in use. It will be removed on reboot.
4:25 PM: c:\windows\santa fe stucco.bmp:maoyf is in use. It will be removed on reboot.
4:25 PM: c:\windows\kb873376.log:notszi is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(16).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(16).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(32).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\addkj32(2).dll:qyxuew is in use. It will be removed on reboot.
4:25 PM: c:\windows\system.tmp:levsi is in use. It will be removed on reboot.
4:25 PM: c:\windows\q811630.log:lsiyb is in use. It will be removed on reboot.
4:25 PM: c:\windows\msgsocm.log:mciuki is in use. It will be removed on reboot.
4:25 PM: c:\windows\msdfmap.ini:tcxpqx is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef.exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef.exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\twunk_16.exe:wxyva is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(38).exe:obkkd is in use. It will be removed on reboot.
4:25 PM: c:\windows\crwh32.dll:xbrfbw is in use. It will be removed on reboot.
4:25 PM: c:\windows\bmhac.log:izlhcx is in use. It will be removed on reboot.
4:25 PM: c:\windows\appxw.dll:bbjcea is in use. It will be removed on reboot.
4:25 PM: c:\windows\appku32.dll:fzneod is in use. It will be removed on reboot.
4:25 PM: c:\windows\q816982.log:nnciea is in use. It will be removed on reboot.
4:25 PM: c:\windows\clock.avi:vpeyea is in use. It will be removed on reboot.
4:25 PM: c:\windows\slrundll.exe:tvibya is in use. It will be removed on reboot.
4:25 PM: c:\windows\mididef(38).exe:udift is in use. It will be removed on reboot.
4:25 PM: c:\windows\djbdrv.log:oxazy is in use. It will be removed on reboot.
4:25 PM: c:\windows\prairie wind.bmp:zgmqyz is in use. It will be removed on reboot.
4:25 PM: c:\windows\prairie wind.bmp:lkqtu is in use. It will be removed on reboot.
4:25 PM: cws_ns3 is in use. It will be removed on reboot.
4:24 PM: Quarantining All Traces: cws_ns3
4:24 PM: Quarantining All Traces: cws-aboutblank
4:24 PM: Removal process initiated
4:22 PM: Traces Found: 513
4:22 PM: Full Sweep has completed. Elapsed time 00:19:14
4:22 PM: File Sweep Complete, Elapsed Time: 00:15:25
4:17 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
4:17 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
4:17 PM: C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\97D8189D-2A72-4DD6-A573-935060.asq (ID = 365038)
4:17 PM: Warning: Failed to open file "c:\documents and settings\steven\local settings\temp\jet14c6.tmp". The operation completed successfully
4:17 PM: Warning: Failed to open file "c:\documents and settings\steven\application data\mozilla\firefox\profiles\2uqf8us5.default\parent.lock". The operation completed successfully
4:17 PM: c:\windows\wiaservc.log:hmvrh (ID = 56322)
4:17 PM: c:\windows\wiaservc.log:dzfoyk (ID = 200)
4:17 PM: c:\windows\windowsupdate.log:mcihcy (ID = 201)
4:16 PM: c:\windows\system.tmp:xefsyk (ID = 54093)
4:16 PM: c:\windows\faxsetup.log:ravxo (ID = 56711)
4:16 PM: c:\windows\faxsetup.log:fjfwgu (ID = 201)
4:16 PM: c:\windows\mididef(29).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\mididef(29).exe:gsbtq (ID = 201)
4:16 PM: c:\windows\combatfs(30).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(29).exe:udift (ID = 56322)
4:16 PM: c:\windows\combatfs(29).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(28).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(26).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\mididef(26).exe:gsbtq (ID = 201)
4:16 PM: c:\windows\combatfs(27).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\oobeact.log:uberzt (ID = 54051)
4:16 PM: c:\windows\combatfs(26).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(25).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(24).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(23).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(22).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(21).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(20).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\tntgh.txt:jincxg (ID = 54093)
4:16 PM: c:\windows\msoffice.ini:qdvcz (ID = 56599)
4:16 PM: c:\windows\combatfs(19).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(18).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(17).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(16).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(15).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(14).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(26).exe:udift (ID = 56322)
4:16 PM: c:\windows\combatfs(13).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(12).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(10).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\mididef(10).exe:gsbtq (ID = 201)
4:16 PM: c:\windows\combatfs(11).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(46).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\combatfs(10).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(46).exe:gsbtq (ID = 201)
4:16 PM: c:\windows\mididef(45).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\mididef(45).exe:gsbtq (ID = 201)
4:16 PM: c:\windows\system.ini:xefsyk (ID = 54093)
4:16 PM: c:\windows\mididef(44).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\combatfs(9).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\combatfs(8).cfg:nswrtb (ID = 201)
4:16 PM: c:\windows\mididef(7).exe:obkkd (ID = 56711)
4:16 PM: c:\windows\mididef(7).exe:gsbtq (ID = 201)
4:16 PM: c:\windows\vmuninst.log:olkdn (ID = 56447)
4:15 PM: c:\windows\kb824105.log:udblc (ID = 56447)
4:15 PM: c:\windows\mididef(44).exe:gsbtq (ID = 201)
4:15 PM: c:\windows\mididef(43).exe:obkkd (ID = 56711)
4:15 PM: c:\windows\mididef(43).exe:gsbtq (ID = 201)
4:15 PM: c:\windows\combatfs(7).cfg:nswrtb (ID = 201)
4:15 PM: c:\windows\ievv.dll:iazrjk (ID = 54093)
4:15 PM: c:\windows\mididef(42).exe:obkkd (ID = 56711)
4:15 PM: c:\windows\mididef(42).exe:gsbtq (ID = 201)
4:15 PM: c:\windows\mididef(41).exe:obkkd (ID = 56711)
4:15 PM: c:\windows\mididef(41).exe:gsbtq (ID = 201)
4:15 PM: c:\windows\mididef(40).exe:obkkd (ID = 56711)
4:15 PM: c:\windows\mididef(40).exe:gsbtq (ID = 201)
4:15 PM: c:\windows\sdkkc32.dll:kelsxf (ID = 54093)
4:15 PM: c:\windows\msoffice.ini:ovfsr (ID = 56322)
4:15 PM: c:\windows\appoc32.dll:qzxrif (ID = 56287)
4:15 PM: c:\windows\q828026.log:gounhk (ID = 54432)
4:15 PM: c:\windows\visi.ini:orjum (ID = 56711)
4:15 PM: c:\windows\tmupdate.ini:uotivk (ID = 200)
4:15 PM: c:\windows\ctdvaudy.cdf:sbxlid (ID = 54093)
4:15 PM: c:\windows\ctdvaudy.cdf:pcktvg (ID = 56287)
4:15 PM: c:\windows\msfsetup.ini:zaocy (ID = 53966)
4:15 PM: c:\windows\twunk_16.exe:nwkuh (ID = 56447)
4:15 PM: c:\windows\twunk_16.exe:puntb (ID = 53966)
4:15 PM: c:\windows\svcpack.log:oujej (ID = 56603)
4:15 PM: c:\windows\svcpack.log:eelrps (ID = 201)
4:15 PM: c:\windows\iehx32.dll:nydtln (ID = 54051)
4:15 PM: c:\windows\kb885835.log:xjskmc (ID = 200)
4:15 PM: c:\windows\kb885835.log:ofrse (ID = 201)
4:15 PM: c:\windows\ieft32.dll:hrowbs (ID = 201)
4:14 PM: c:\windows\slrundll(2).exe:tvibya (ID = 56447)
4:14 PM: c:\windows\$ntservicepackuninstall$\winhlp32.exe:ojerz (ID = 56599)
4:14 PM: c:\windows\msfsetup.ini:gbrrrs (ID = 200)
4:14 PM: c:\windows\vbaddin.ini:dodqur (ID = 54432)
4:14 PM: c:\windows\patch.exe:gvccfw (ID = 201)
4:14 PM: c:\windows\kb885836.log:kmayas (ID = 201)
4:14 PM: c:\windows\kb885836.log:alqlyp (ID = 201)
4:14 PM: c:\windows\wmsysprx.prx:zxplny (ID = 56287)
4:14 PM: c:\windows\wmsysprx.prx:wzunis (ID = 200)
4:14 PM: c:\windows\kb824105.log:ipkgqv (ID = 201)
4:14 PM: c:\windows\twunk_16.exe:hfpwpe (ID = 201)
4:14 PM: c:\windows\system.ini:levsi (ID = 56447)
4:14 PM: c:\windows\readreg(12).exe:rarkr (ID = 200)
4:14 PM: c:\windows\readreg(12).exe:nxpbod (ID = 200)
4:14 PM: c:\windows\tsoc.log:esdsqm (ID = 201)
4:14 PM: c:\windows\kb824146.log:lbpls (ID = 56447)
4:14 PM: c:\windows\readreg(11).exe:rarkr (ID = 200)
4:14 PM: c:\windows\readreg(10).exe:rarkr (ID = 200)
4:14 PM: c:\windows\zapotec.bmp:vmjxuq (ID = 56287)
4:14 PM: c:\windows\zapotec.bmp:pnmssr (ID = 54093)
4:14 PM: c:\windows\zapotec.bmp:kyirdq (ID = 201)
4:14 PM: c:\windows\mididef(13).exe:udift (ID = 56322)
4:14 PM: c:\windows\mididef(13).exe:obkkd (ID = 56711)
4:14 PM: c:\windows\mididef(13).exe:gsbtq (ID = 201)
4:14 PM: c:\windows\mididef(3).exe:udift (ID = 56322)
4:14 PM: c:\windows\mididef(3).exe:obkkd (ID = 56711)
4:14 PM: c:\windows\mididef(3).exe:gsbtq (ID = 201)
4:14 PM: c:\windows\mididef(22).exe:udift (ID = 56322)
4:14 PM: c:\windows\mididef(22).exe:obkkd (ID = 56711)
4:14 PM: c:\windows\mididef(22).exe:gsbtq (ID = 201)
4:14 PM: c:\windows\twunk_16.exe:rgbpjm (ID = 201)
4:14 PM: c:\windows\mididef(10).exe:udift (ID = 56322)
4:14 PM: c:\windows\oobeact.log:vfkqpn (ID = 200)
4:14 PM: c:\windows\tntgh.txt:wbosnk (ID = 201)
4:14 PM: c:\windows\mididef(33).exe:udift (ID = 56322)
4:14 PM: c:\windows\mididef(33).exe:obkkd (ID = 56711)
4:14 PM: c:\windows\mididef(33).exe:gsbtq (ID = 201)
4:14 PM: c:\windows\mididef(30).exe:udift (ID = 56322)
4:14 PM: c:\windows\mididef(30).exe:obkkd (ID = 56711)
4:14 PM: c:\windows\mididef(30).exe:gsbtq (ID = 201)
4:14 PM: c:\windows\sessmgr.setup.log:innyy (ID = 56447)
4:14 PM: c:\windows\sessmgr.setup.log:anvicr (ID = 56447)
4:14 PM: c:\windows\appoc32.dll:abttd (ID = 201)
4:14 PM: c:\windows\twain_32.dll:oswysw (ID = 201)
4:13 PM: c:\windows\mididef(12).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(12).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(12).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\kb839643-directx9.log:ydrkbf (ID = 200)
4:13 PM: c:\windows\appmu32(3).dll:sfwrbk (ID = 54093)
4:13 PM: c:\windows\appmu32(3).dll:ihdtte (ID = 200)
4:13 PM: c:\windows\mididef(15).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(15).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(15).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\comsetup.log:sjvbj (ID = 200)
4:13 PM: c:\windows\comsetup.log:rqdlpg (ID = 201)
4:13 PM: c:\windows\comsetup.log:dfqcvt (ID = 200)
4:13 PM: c:\windows\mididef(50).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(50).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(50).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\mididef(49).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(49).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(49).exe:gsbtq (ID = 201)
4:13 PM: C:\WINDOWS\msxw\dict.dat (ID = 54050)
4:13 PM: c:\windows\mididef(48).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(48).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(48).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\mididef(11).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(11).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(11).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\appmu32.dll:sfwrbk (ID = 54093)
4:13 PM: c:\windows\mididef(8).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(8).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(8).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\mididef(9).exe:udift (ID = 56322)
4:13 PM: c:\windows\mididef(9).exe:obkkd (ID = 56711)
4:13 PM: c:\windows\mididef(9).exe:gsbtq (ID = 201)
4:13 PM: c:\windows\n_axpplx.log:kxjdu (ID = 200)
4:13 PM: c:\windows\n_axpplx.log:cxmzv (ID = 200)
4:13 PM: c:\windows\ncuninst.exe:pqhkh (ID = 200)
4:13 PM: c:\windows\notepad.exe:huhtms (ID = 200)
4:13 PM: c:\windows\muninst.exe:xqxwf (ID = 201)
4:13 PM: c:\windows\muninst.exe:xcipk (ID = 56447)
4:13 PM: c:\windows\muninst.exe:qfccv (ID = 56717)
4:13 PM: c:\windows\oeuninst.exe:yqfeb (ID = 489543)
4:13 PM: c:\windows\oeuninst.exe:vwhqai (ID = 201)
4:13 PM: c:\windows\oeuninst.exe:rzibjw (ID = 201)
4:13 PM: c:\windows\ppsetup.log:xnsgi (ID = 53966)
4:13 PM: c:\windows\ppsetup.log:vwuaxq (ID = 201)
4:13 PM: c:\windows\notepad(2).exe:jbdcvl (ID = 56287)
4:13 PM: c:\windows\q323255.log:xlhgh (ID = 56447)
4:13 PM: c:\windows\q323255.log:qoktk (ID = 56322)
4:13 PM: c:\windows\q328213.log:cipbut (ID = 54093)
4:13 PM: c:\windows\q329112.log:hcjejc (ID = 201)
4:13 PM: c:\windows\q329170.log:ldnghu (ID = 54093)
4:13 PM: c:\windows\q329170.log:insre (ID = 56717)
4:13 PM: c:\windows\q329441.log:krvwld (ID = 201)
4:13 PM: c:\windows\q329441.log:kmgox (ID = 81628)
4:13 PM: c:\windows\q329834.log:tujtgj (ID = 201)
4:13 PM: c:\windows\q329834.log:afdwy (ID = 81628)
4:13 PM: c:\windows\q331953.log:dvuyju (ID = 200)
4:13 PM: c:\windows\q810833.log:vtggiq (ID = 200)
4:13 PM: c:\windows\q810833.log:mgieys (ID = 57119)
4:13 PM: c:\windows\q810577.log:trplz (ID = 56447)
4:13 PM: c:\windows\q810577.log:bnryih (ID = 54051)
4:13 PM: c:\windows\q811789.log:rdpmvn (ID = 200)
4:13 PM: c:\windows\q811789.log:kzizs (ID = 200)
4:13 PM: c:\windows\q811789.log:ihftif (ID = 201)
4:13 PM: c:\windows\q812415.log:uabuq (ID = 56447)
4:13 PM: c:\windows\q812415.log:rodtxo (ID = 200)
4:13 PM: c:\windows\q814033.log:duzpin (ID = 56447)
4:13 PM: c:\windows\q814033.log:biyzkp (ID = 200)
4:13 PM: c:\windows\q815485.log:peodev (ID = 200)
4:13 PM: c:\windows\q815485.log:mslak (ID = 56711)
4:13 PM: c:\windows\q816486.log:vvrdky (ID = 56287)
4:13 PM: c:\windows\q816486.log:gnmjqh (ID = 201)
4:13 PM: c:\windows\q816486.log:eqmoye (ID = 57119)
4:12 PM: c:\windows\mididef(47).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(47).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(47).exe:gsbtq (ID = 201)
4:12 PM: c:\windows\readreg(6).exe:rarkr (ID = 200)
4:12 PM: c:\windows\readreg(5).exe:rarkr (ID = 200)
4:12 PM: c:\windows\mididef(17).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(17).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(17).exe:gsbtq (ID = 201)
4:12 PM: c:\windows\readreg(13).exe:rarkr (ID = 200)
4:12 PM: c:\windows\mididef(26).exe:hfyeoa (ID = 201)
4:12 PM: c:\windows\winhelp.exe:rqqkl (ID = 56711)
4:12 PM: c:\windows\winhelp.exe:ponxg (ID = 56322)
4:12 PM: c:\windows\kb867282.log:pqvpsf (ID = 200)
4:12 PM: c:\windows\mididef(32).exe:iwhdlb (ID = 57119)
4:12 PM: c:\windows\mididef(14).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(14).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(14).exe:gsbtq (ID = 201)
4:12 PM: c:\windows\mididef(35).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(35).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(35).exe:gsbtq (ID = 201)
4:12 PM: c:\windows\mididef(46).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(45).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(24).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(24).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(24).exe:gsbtq (ID = 201)
4:12 PM: c:\windows\mididef(44).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(36).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(36).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(36).exe:gsbtq (ID = 201)
4:12 PM: c:\windows\readreg(3).exe:rarkr (ID = 200)
4:12 PM: c:\windows\readreg(9).exe:rarkr (ID = 200)
4:12 PM: c:\windows\mididef(43).exe:udift (ID = 56322)
4:12 PM: c:\windows\msfsetup.ini:ebqcq (ID = 56447)
4:12 PM: c:\windows\readreg(4).exe:rarkr (ID = 200)
4:12 PM: c:\windows\jkqfm.dat:nyjnry (ID = 200)
4:12 PM: c:\windows\msoffice.ini:edahmk (ID = 56451)
4:12 PM: c:\windows\ogzva.log:jathdy (ID = 200)
4:12 PM: c:\windows\mididef(42).exe:udift (ID = 56322)
4:12 PM: c:\windows\readreg(8).exe:rarkr (ID = 200)
4:12 PM: c:\windows\mididef(41).exe:udift (ID = 56322)
4:12 PM: c:\windows\readreg(14).exe:rarkr (ID = 200)
4:12 PM: c:\windows\mididef(40).exe:udift (ID = 56322)
4:12 PM: C:\WINDOWS\iegg\dict.dat (ID = 54050)
4:12 PM: c:\windows\tmupdate.dll:dzmbw (ID = 200)
4:12 PM: c:\windows\mididef(25).exe:udift (ID = 56322)
4:12 PM: c:\windows\mididef(25).exe:ryewe (ID = 200)
4:12 PM: c:\windows\mididef(25).exe:obkkd (ID = 56711)
4:12 PM: c:\windows\mididef(25).exe:gsbtq (ID = 201)
4:12 PM: C:\WINDOWS\winvc\dict.dat (ID = 54050)
4:11 PM: c:\windows\mididef(7).exe:udift (ID = 56322)
4:11 PM: c:\windows\odbc.ini:yoeepc (ID = 201)
4:11 PM: c:\windows\windows update.log:wimex (ID = 53966)
4:11 PM: c:\windows\windows update.log:sgpvj (ID = 201)
4:11 PM: c:\windows\windows update.log:fgbieu (ID = 201)
4:11 PM: c:\windows\tbnpk.log:ftqvig (ID = 201)
4:11 PM: c:\windows\readreg(7).exe:rarkr (ID = 200)
4:11 PM: c:\windows\spupdsvc.log:zdbyna (ID = 200)
4:11 PM: c:\windows\spupdsvc.log:lwagak (ID = 56287)
4:11 PM: c:\windows\spupdsvc.log:jbgkls (ID = 200)
4:11 PM: c:\windows\mididef(18).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(18).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(18).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\visi.ini:wksyl (ID = 56447)
4:11 PM: c:\windows\mididef(19).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(19).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(19).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\vbaddin.ini:dkztq (ID = 56447)
4:11 PM: c:\windows\mididef(20).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(20).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(20).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\kb821557.log:stqlr (ID = 56599)
4:11 PM: c:\windows\kb821557.log:dzrqad (ID = 54093)
4:11 PM: c:\windows\q817472.log:xuwkg (ID = 56599)
4:11 PM: c:\windows\q817472.log:sxrwtx (ID = 201)
4:11 PM: c:\windows\$ntservicepackuninstall$\hh.exe:cosgg (ID = 56447)
4:11 PM: c:\windows\kb841873.log:vnamey (ID = 54051)
4:11 PM: c:\windows\kb841873.log:pwznz (ID = 200)
4:11 PM: c:\windows\kb841873.log:jbxfjt (ID = 54093)
4:11 PM: c:\windows\kb841873.log:dahrg (ID = 56447)
4:11 PM: c:\windows\kb826959.log:klfvby (ID = 201)
4:11 PM: c:\windows\mididef(39).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(21).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(21).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(21).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\mididef(39).exe:udift (ID = 56322)
4:11 PM: C:\WINDOWS\kzmpz.txt (ID = 56717)
4:11 PM: c:\windows\iis6.log:vezsij (ID = 201)
4:11 PM: c:\windows\blue lace 16.bmp:aefcwm (ID = 200)
4:11 PM: c:\windows\mididef(5).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(5).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(5).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\xpsp1hfm.log:kurtgw (ID = 201)
4:11 PM: c:\windows\mididef(31).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(31).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(31).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\q817606.log:lhhxtd (ID = 200)
4:11 PM: c:\windows\kb817611.log:hrxee (ID = 489543)
4:11 PM: c:\windows\kb817611.log:gowwpn (ID = 54051)
4:11 PM: c:\windows\mididef(2).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(2).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(2).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\mididef(23).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(23).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(23).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\mididef(23).exe:eumfmd (ID = 54051)
4:11 PM: c:\windows\kb840315.log:uasngd (ID = 201)
4:11 PM: c:\windows\mididef(27).exe:udift (ID = 56322)
4:11 PM: c:\windows\mididef(27).exe:obkkd (ID = 56711)
4:11 PM: c:\windows\mididef(27).exe:gsbtq (ID = 201)
4:11 PM: c:\windows\kb842773.log:oarwyy (ID = 200)
4:11 PM: c:\windows\kb842773.log:eqaesr (ID = 201)
4:10 PM: c:\windows\readreg.exe:rarkr (ID = 200)
4:10 PM: c:\windows\mididef(32).exe:udift (ID = 56322)
4:10 PM: c:\windows\kb825119.log:ssixb (ID = 56447)
4:10 PM: c:\windows\kb825119.log:mdmqf (ID = 56711)
4:10 PM: c:\windows\kb825119.log:aqdtkx (ID = 200)
4:10 PM: c:\windows\kb886185.log:oaltlr (ID = 201)
4:10 PM: C:\WINDOWS\SYSTEM32\lzbpc.txt (ID = 56717)
4:10 PM: c:\windows\kb828028.log:fefdz (ID = 53966)
4:10 PM: c:\windows\kb828028.log:cttcv (ID = 56711)
4:10 PM: c:\windows\kb828028.log:bjaunk (ID = 57119)
4:10 PM: c:\windows\kb835732.log:ztzvy (ID = 489543)
4:10 PM: c:\windows\kb835732.log:vmlqx (ID = 53966)
4:10 PM: c:\windows\kb835732.log:syegk (ID = 489543)
4:10 PM: c:\windows\kb835732.log:nzbpkw (ID = 54051)
4:10 PM: c:\windows\lexstat(2).ini:vyjmay (ID = 54051)
4:10 PM: c:\windows\lexstat(2).ini:rbmhd (ID = 56447)
4:10 PM: c:\windows\lexstat(2).ini:lmgzmd (ID = 54093)
4:10 PM: c:\windows\kb839645.log:nmevr (ID = 56599)
4:10 PM: c:\windows\kb839645.log:gzlumy (ID = 56287)
4:10 PM: c:\windows\vmmreg32.dll:lpita (ID = 56447)
4:10 PM: c:\windows\vmmreg32.dll:lmrzp (ID = 56447)
4:10 PM: c:\windows\mididef(28).exe:udift (ID = 56322)
4:10 PM: c:\windows\mididef(28).exe:obkkd (ID = 56711)
4:10 PM: c:\windows\mididef(28).exe:gsbtq (ID = 201)
4:10 PM: c:\windows\mididef(4).exe:udift (ID = 56322)
4:10 PM: c:\windows\mididef(4).exe:obkkd (ID = 56711)
4:10 PM: c:\windows\mididef(4).exe:gsbtq (ID = 201)
4:10 PM: c:\windows\iaomq.dat:iupdak (ID = 54093)
4:10 PM: c:\windows\kb886185.log:zkvlnj (ID = 56447)
4:10 PM: c:\windows\q329115.log:nnbtse (ID = 54051)
4:10 PM: c:\windows\mididef(6).exe:udift (ID = 56322)
4:10 PM: c:\windows\mididef(6).exe:obkkd (ID = 56711)
4:10 PM: c:\windows\mididef(6).exe:gsbtq (ID = 201)
4:10 PM: c:\windows\kb823182.log:ejlqq (ID = 56711)
4:10 PM: C:\WINDOWS\SYSTEM32\jygpb.log (ID = 56717)
4:10 PM: c:\windows\maxlink.ini:ltjcb (ID = 56447)
4:10 PM: c:\windows\mididef(29).exe:zfqjqd (ID = 200)
4:10 PM: c:\windows\sdkfz32.dll:faglz (ID = 54432)
4:10 PM: c:\windows\mididef(37).exe:udift (ID = 56322)
4:10 PM: c:\windows\mididef(37).exe:obkkd (ID = 56711)
4:10 PM: c:\windows\mididef(37).exe:gsbtq (ID = 201)
4:10 PM: c:\windows\winnt.bmp:uhwawq (ID = 56287)
4:10 PM: c:\windows\winnt.bmp:ojhtxi (ID = 54093)
4:10 PM: c:\windows\winnt.bmp:crbpn (ID = 53966)
4:10 PM: c:\windows\winnt.bmp:bgwrme (ID = 201)
4:10 PM: c:\windows\runtsckl.exe:obwpey (ID = 54051)
4:10 PM: c:\windows\runtsckl.exe:frayt (ID = 56603)
4:10 PM: c:\windows\mididef(34).exe:udift (ID = 56322)
4:10 PM: c:\windows\mididef(34).exe:obkkd (ID = 56711)
4:10 PM: c:\windows\mididef(34).exe:gsbtq (ID = 201)
4:10 PM: c:\windows\reglocs.old:yfzum (ID = 200)
4:10 PM: c:\windows\reglocs.old:nfdib (ID = 53966)
4:10 PM: c:\windows\atloj32.dll:oxnvi (ID = 200)
4:10 PM: c:\windows\atloj32.dll:hhsig (ID = 56322)
4:10 PM: c:\windows\santa fe stucco.bmp:maoyf (ID = 56451)
4:10 PM: c:\windows\~glc0000.tmp:qpnyxy (ID = 201)
4:09 PM: c:\windows\appmu32(2).dll:sfwrbk (ID = 54093)
4:09 PM: c:\windows\appmu32(2).dll:ihdtte (ID = 200)
4:09 PM: c:\windows\kb841533.log:wqlkqd (ID = 201)
4:09 PM: c:\windows\kb841533.log:roxaav (ID = 201)
4:09 PM: C:\WINDOWS\swrqa.log (ID = 56717)
4:09 PM: c:\windows\kb834707.log:fchxzc (ID = 201)
4:09 PM: C:\WINDOWS\hbvpn.log (ID = 56717)
4:09 PM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:09 PM: c:\windows\kb873376.log:notszi (ID = 56287)
4:09 PM: c:\windows\kb873376.log:jpqncy (ID = 200)
4:09 PM: c:\windows\dtcinstall.log:kwwdt (ID = 201)
4:09 PM: c:\windows\mididef(16).exe:udift (ID = 56322)
4:09 PM: c:\windows\mididef(16).exe:obkkd (ID = 56711)
4:09 PM: c:\windows\mididef(16).exe:gsbtq (ID = 201)
4:09 PM: c:\windows\mididef(32).exe:obkkd (ID = 56711)
4:09 PM: c:\windows\mididef(32).exe:gsbtq (ID = 201)
4:09 PM: c:\windows\readreg(2).exe:rarkr (ID = 200)
4:09 PM: c:\windows\regopt.log:jvgzya (ID = 201)
4:09 PM: c:\windows\river sumida.bmp:tvzfak (ID = 200)
4:09 PM: c:\windows\addkj32(2).dll:qyxuew (ID = 56287)
4:09 PM: c:\windows\combatfs(32).cfg:nswrtb (ID = 201)
4:09 PM: C:\WINDOWS\nrfdf.log (ID = 56717)
4:09 PM: c:\windows\system.tmp:levsi (ID = 56447)
4:09 PM: c:\windows\winnt256.bmp:ztdpkq (ID = 200)
4:09 PM: c:\windows\combatfs(31).cfg:nswrtb (ID = 201)
4:09 PM: c:\windows\mididef(39).exe:gsbtq (ID = 201)
4:09 PM: c:\windows\kb841356.log:wazqvv (ID = 201)
4:09 PM: c:\windows\kb841356.log:nbksan (ID = 200)
4:09 PM: c:\windows\mszn.dll:ghdys (ID = 200)
4:09 PM: c:\windows\apiyw.dll:zwiitp (ID = 201)
4:09 PM: C:\WINDOWS\SYSTEM32\nddmy.log (ID = 56717)
4:09 PM: c:\windows\twunk_32.exe:tflumg (ID = 201)
4:09 PM: c:\windows\q811630.log:lsiyb (ID = 56711)
4:09 PM: c:\windows\q811630.log:ekckia (ID = 201)
4:08 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\646D5598-6D98-4525-B879-46F526\40A444C3-7A70-4420-B04E-75DDBF (ID = 365040)
4:08 PM: c:\windows\oewablog.txt:qppjrm (ID = 200)
4:08 PM: c:\windows\msgsocm.log:mciuki (ID = 56287)
4:08 PM: c:\windows\msdfmap.ini:ycdpx (ID = 53966)
4:08 PM: c:\windows\msdfmap.ini:tcxpqx (ID = 56447)
4:08 PM: C:\WINDOWS\SYSTEM32\thlws.log (ID = 56717)
4:08 PM: c:\windows\q331060.log:semwfp (ID = 200)
4:08 PM: C:\WINDOWS\n_djjrfl.log (ID = 200)
4:08 PM: c:\windows\msck.dll:vfanw (ID = 201)
4:08 PM: c:\windows\mididef.exe:udift (ID = 56322)
4:08 PM: c:\windows\mididef.exe:obkkd (ID = 56711)
4:08 PM: c:\windows\mididef.exe:gsbtq (ID = 201)
4:08 PM: c:\windows\javaty.dll:rdzsew (ID = 201)
4:08 PM: c:\windows\javaty.dll:mdftol (ID = 201)
4:08 PM: c:\windows\twunk_16.exe:wxyva (ID = 56447)
4:08 PM: c:\windows\mididef(38).exe:obkkd (ID = 56711)
4:08 PM: c:\windows\crwh32.dll:xbrfbw (ID = 56447)
4:08 PM: c:\windows\mididef(38).exe:gsbtq (ID = 201)
4:08 PM: c:\windows\kb834707-ie6sp1-20040929.091901.log:ocseo (ID = 53966)
4:08 PM: c:\windows\kb834707-ie6sp1-20040929.091901.log:bbatr (ID = 81628)
4:08 PM: c:\windows\bmhac.log:izlhcx (ID = 56287)
4:08 PM: c:\windows\ipnj.dll:xchpog (ID = 54051)
4:08 PM: C:\WINDOWS\klwji.txt (ID = 56717)
4:08 PM: c:\windows\vmuninst.log:vzmpvp (ID = 201)
4:08 PM: c:\windows\ieft32.dll:vyajw (ID = 200)
4:08 PM: c:\windows\kb885250.log:bjpwkd (ID = 57119)
4:08 PM: c:\windows\appxw.dll:bpwym (ID = 201)
4:08 PM: c:\windows\appxw.dll:bbjcea (ID = 56452)
4:08 PM: c:\windows\appxw.dll:abkdic (ID = 201)
4:08 PM: c:\windows\kb888113.log:kmayas (ID = 200)
4:08 PM: c:\windows\kb888113.log:dntduc (ID = 200)
4:07 PM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:07 PM: c:\windows\q828026.log:rppcnc (ID = 200)
4:07 PM: c:\windows\calera.ini:trusix (ID = 201)
4:07 PM: c:\windows\slrundll(2).exe:olonoo (ID = 200)
4:07 PM: c:\windows\slrundll(2).exe:hcjlky (ID = 201)
4:07 PM: c:\windows\kb840987.log:xvgie (ID = 201)
4:07 PM: c:\windows\atlgm.dll:ewcpg (ID = 201)
4:07 PM: c:\windows\appku32.dll:sxbnnz (ID = 200)
4:07 PM: c:\windows\appku32.dll:fzneod (ID = 56447)
4:07 PM: C:\Program Files\rfbtz.dll (ID = 56603)
4:07 PM: c:\windows\q816982.log:zoxpkr (ID = 201)
4:07 PM: c:\windows\q816982.log:sgpkra (ID = 201)
4:07 PM: c:\windows\q816982.log:puewr (ID = 81628)
4:07 PM: Found Adware: tvmedia
4:07 PM: c:\windows\q816982.log:nnciea (ID = 56451)
4:07 PM: c:\windows\clock.avi:vpeyea (ID = 56287)
4:07 PM: C:\Program Files\Microsoft AntiSpyware\Quarantine\28F8EE5B-B5CF-4000-9331-6B4865\4C82AA73-8557-42B7-A871-9364F7 (ID = 365040)
4:07 PM: c:\windows\slrundll.exe:tvibya (ID = 56447)
4:07 PM: c:\windows\slrundll.exe:olonoo (ID = 200)
4:07 PM: c:\windows\kzmpz.txt:ppponc (ID = 200)
4:07 PM: c:\windows\mididef(38).exe:udift (ID = 56322)
4:07 PM: c:\windows\kb828741.log:cmyidj (ID = 200)
4:07 PM: c:\windows\djbdrv.log:oxazy (ID = 489543)
4:07 PM: c:\windows\djbdrv.log:mjcws (ID = 53966)
4:07 PM: c:\windows\prairie wind.bmp:zgmqyz (ID = 56287)
4:07 PM: c:\windows\prairie wind.bmp:lkqtu (ID = 56711)
4:07 PM: Warning: DoTerm :\Device\HarddiskVolume2\WINDOWS\SYSTEM32\csrss.exe
4:07 PM: C:\WINDOWS\SYSTEM32\arzcy.txt (ID = 56717)
4:07 PM: C:\WINDOWS\SYSTEM32\mnaqc.log (ID = 56717)
4:06 PM: Starting File Sweep
4:06 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
4:06 PM: c:\documents and settings\josh\cookies\josh@www3.tendollars[1].txt (ID = 6367)
4:06 PM: Found Spy Cookie: tendollars cookie
4:06 PM: c:\documents and settings\josh\cookies\josh@go[2].txt (ID = 2728)
4:06 PM: Found Spy Cookie: go.com cookie
4:06 PM: Starting Cookie Sweep
4:06 PM: Registry Sweep Complete, Elapsed Time:00:00:18
4:06 PM: HKCR\typelib\{85a886b2-29bb-4189-8046-a66733b242e9}\ (ID = 143755)
4:06 PM: HKLM\software\classes\typelib\{85a886b2-29bb-4189-8046-a66733b242e9}\ (ID = 143725)
4:06 PM: Found Adware: tibs dialer
4:06 PM: HKLM\software\classes\clsid\{e3943a24-2f83-4505-9ae5-f705e81b50cb}\ (ID = 128748)
4:06 PM: HKCR\clsid\{e3943a24-2f83-4505-9ae5-f705e81b50cb}\ (ID = 128695)
4:06 PM: Found Adware: instant access
4:06 PM: HKLM\software\classes\clsid\{0ecebd98-802f-9b4d-7308-c983a18edbec}\ (ID = 124047)
4:06 PM: HKCR\clsid\{286ece71-3f17-089b-f6bd-0e16d255ae8a}\ (ID = 123907)
4:06 PM: HKCR\clsid\{0ecebd98-802f-9b4d-7308-c983a18edbec}\ (ID = 123811)
4:06 PM: Found Adware: cws_tiny0
4:06 PM: HKLM\software\classes\clsid\{fbcf6e0d-1af5-d96f-b349-56d9edaa0913}\ (ID = 121255)
4:06 PM: HKLM\software\classes\clsid\{eab9c89c-a224-b071-97dc-24a78995dd29}\ (ID = 121116)
4:06 PM: HKLM\software\classes\clsid\{dca0b256-63c0-f318-9897-b6010d790655}\ (ID = 121006)
4:06 PM: HKLM\software\classes\clsid\{a692ff9a-5879-5c99-6791-53a31ca19934}\ (ID = 120615)
4:06 PM: HKLM\software\classes\clsid\{587707a9-fc34-782e-821d-ee35d04d6f9d}\ (ID = 120489)
4:06 PM: HKLM\software\classes\clsid\{6327d790-4626-130d-8171-e0e6ab10b53b}\ (ID = 120362)
4:06 PM: HKLM\software\classes\clsid\{226f74f7-94a2-fe96-7b23-b01dd29fd1e8}\ (ID = 120196)
4:06 PM: HKLM\software\classes\clsid\{205df8d3-61f8-8a69-ef22-b24bfd28ceac}\ (ID = 120191)
4:06 PM: HKLM\software\classes\clsid\{83cbe2fb-4038-4351-9b1c-e69bf75962aa}\ (ID = 120135)
4:06 PM: HKLM\software\classes\clsid\{57db0f9c-95aa-f3db-a422-df9cc22b2876}\ (ID = 120067)
4:06 PM: HKLM\software\classes\clsid\{57cebaad-4565-c660-5faf-624e13dbe3b7}\ (ID = 120066)
4:06 PM: HKLM\software\classes\clsid\{32fbce5b-436d-3987-125b-379933c8f470}\ (ID = 120002)
4:06 PM: HKLM\software\classes\clsid\{9e146d60-4062-8c7c-d33b-14cdcd0418ae}\ (ID = 119937)
4:06 PM: HKLM\software\classes\clsid\{7abc8ca3-1c8b-1c2f-d77d-56540fc9babd}\ (ID = 119838)
4:06 PM: HKLM\software\classes\clsid\{2ac39adf-29e6-5c76-a2e4-8ec2005d0652}\ (ID = 119619)
4:06 PM: HKCR\clsid\{fbcf6e0d-1af5-d96f-b349-56d9edaa0913}\ (ID = 119430)
4:06 PM: HKCR\clsid\{eab9c89c-a224-b071-97dc-24a78995dd29}\ (ID = 119284)
4:06 PM: HKCR\clsid\{dca0b256-63c0-f318-9897-b6010d790655}\ (ID = 119170)
4:06 PM: HKCR\clsid\{a692ff9a-5879-5c99-6791-53a31ca19934}\ (ID = 118776)
4:06 PM: HKCR\clsid\{587707a9-fc34-782e-821d-ee35d04d6f9d}\ (ID = 118642)
4:06 PM: HKCR\clsid\{6327d790-4626-130d-8171-e0e6ab10b53b}\ (ID = 118514)
4:06 PM: HKCR\clsid\{226f74f7-94a2-fe96-7b23-b01dd29fd1e8}\ (ID = 118343)
4:06 PM: HKCR\clsid\{205df8d3-61f8-8a69-ef22-b24bfd28ceac}\ (ID = 118338)
4:06 PM: HKCR\clsid\{83cbe2fb-4038-4351-9b1c-e69bf75962aa}\ (ID = 118279)
4:06 PM: HKCR\clsid\{57db0f9c-95aa-f3db-a422-df9cc22b2876}\ (ID = 118210)
4:06 PM: HKCR\clsid\{57cebaad-4565-c660-5faf-624e13dbe3b7}\ (ID = 118209)
4:06 PM: HKCR\clsid\{32fbce5b-436d-3987-125b-379933c8f470}\ (ID = 118133)
4:06 PM: HKCR\clsid\{9e146d60-4062-8c7c-d33b-14cdcd0418ae}\ (ID = 118065)
4:06 PM: HKCR\clsid\{7abc8ca3-1c8b-1c2f-d77d-56540fc9babd}\ (ID = 117964)
4:06 PM: HKCR\clsid\{2ac39adf-29e6-5c76-a2e4-8ec2005d0652}\ (ID = 117743)
4:06 PM: Found Adware: cws_ns3
4:06 PM: HKLM\software\classes\clsid\{bb35fd19-38f4-89dc-fa76-ba6507a5c6d7}\ (ID = 115510)
4:06 PM: HKLM\software\classes\clsid\{06039b55-db4e-4d9c-8e0e-05c2fbf1df99}\ (ID = 114430)
4:06 PM: HKCR\clsid\{bb35fd19-38f4-89dc-fa76-ba6507a5c6d7}\ (ID = 113942)
4:06 PM: HKCR\clsid\{06039b55-db4e-4d9c-8e0e-05c2fbf1df99}\ (ID = 112846)
4:06 PM: Found Adware: cws-aboutblank
4:06 PM: HKLM\software\classes\clsid\{d46a242b-6194-e7d0-7207-4cc5ffb11ade}\ (ID = 109529)
4:06 PM: HKLM\software\classes\clsid\{a1bd0d9e-655b-cb60-6f75-1dfc720aeab9}\ (ID = 109269)
4:06 PM: HKLM\software\classes\clsid\{1993427b-a8f4-d25a-a94f-564b286cdf6c}\ (ID = 109220)
4:06 PM: HKLM\software\classes\clsid\{26df6f6c-68c1-432e-7845-1cbfef199116}\ (ID = 108814)
4:06 PM: HKLM\software\classes\clsid\{25adeb1c-223c-2a7d-d3ad-712f742abdb1}\ (ID = 108813)
4:06 PM: HKLM\software\classes\clsid\{5e35fc42-405a-366b-fbc7-92e4fb34278a}\ (ID = 108656)
4:06 PM: HKLM\software\classes\clsid\{5aeda511-0157-5f17-ac3d-a3d8d05dfe0c}\ (ID = 108642)
4:06 PM: HKLM\software\classes\clsid\{0cde1393-0654-19dd-97b4-cfd118be169a}\ (ID = 108439)
4:06 PM: HKCR\clsid\{d46a242b-6194-e7d0-7207-4cc5ffb11ade}\ (ID = 108146)
4:06 PM: HKCR\clsid\{a1bd0d9e-655b-cb60-6f75-1dfc720aeab9}\ (ID = 107886)
4:06 PM: HKCR\clsid\{1993427b-a8f4-d25a-a94f-564b286cdf6c}\ (ID = 107836)
4:06 PM: HKCR\clsid\{26df6f6c-68c1-432e-7845-1cbfef199116}\ (ID = 107427)
4:06 PM: HKCR\clsid\{25adeb1c-223c-2a7d-d3ad-712f742abdb1}\ (ID = 107426)
4:06 PM: HKCR\clsid\{5e35fc42-405a-366b-fbc7-92e4fb34278a}\ (ID = 107268)
4:06 PM: HKCR\clsid\{5aeda511-0157-5f17-ac3d-a3d8d05dfe0c}\ (ID = 107254)
4:06 PM: HKCR\clsid\{0cde1393-0654-19dd-97b4-cfd118be169a}\ (ID = 107049)
4:06 PM: Found Adware: coolwebsearch (cws)
4:06 PM: HKLM\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (ID = 103347)
4:06 PM: HKCR\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (ID = 103338)
4:06 PM: Found Trojan Horse: agent.ay downloader
4:06 PM: Starting Registry Sweep
4:06 PM: Memory Sweep Complete, Elapsed Time: 00:03:22
4:03 PM: Starting Memory Sweep
4:03 PM: Start Full Sweep
4:03 PM: Sweep initiated using definitions version 941
4:02 PM: Your definitions are up to date.
4:01 PM: Your definitions are up to date.
4:01 PM: BHO Shield: found: -- BHO installation allowed at user request
4:00 PM: Warning: no filename sent to VerifyFileSignature
Keylogger: Off
4:00 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
4:00 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:59 PM: Shield States
3:59 PM: Warning: DoInject :\Device\HarddiskVolume2\Program Files\Spyware Doctor\sdhelp.exe
3:59 PM: License Check Status (0): Success
3:59 PM: Warning: DoInject :\Device\HarddiskVolume2\Program Files\Spyware Doctor\sdhelp.exe
3:58 PM: Spyware Definitions: 923
3:57 PM: Spy Sweeper 5.5.1.3356 started
3:57 PM: Spy Sweeper 5.5.1.3356 started
3:57 PM: | Start of Session, Monday, July 02, 2007

Thanks, Steven

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 03 July 2007 - 11:19 AM

Hello Steven,

SpySweeper is just a trial, so you did just fine with what you downloaded. :flowers: It did a fine job too....your computer was loaded.

Did you notice this?

4:27 PM: Quarantining All Traces: tvmedia
4:27 PM: Quarantining All Traces: instant access
4:27 PM: Quarantining All Traces: tibs dialer


Those are more than just simple adware, and while the main part may not be active now, they were at one time. The kids need to know that that dialer could have cost you hundreds, if not thousands of dollars in phone bills. :thumbsup: I also noticed that there were things in there that have been there a long while, so this can't be a new problem for you.

Can you tell me if any of your scans are picking those 2 programs up now, and how it's running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 03 July 2007 - 01:34 PM

Hello Tea,
I was unaware that I had all this stuff still on my system. I'll research here to check on tvdialer, instant access, tibs dialer.The CWS stuff is how I found this site in the beginning. I thought it was removed a long time ago.
I was online last night + thought my system was still running way slow. I'm also getting a "Unable to connect to", or "error on page" when I try to go to a few of my favorites pages.
I was trying to access MyVerizon account. I gave up after an hour.
Because I have dial up + all my M.S. + Dell updaters are on; it's hard to tell when my system is slow. It's not unusual for the updates to take 30- 60 minutes.
Now, for some advice:
I'm not renewing my Spyware Doc. I'm going to buy SpySweeper. I'm going to uninstall Spysubtract + Spyware Doc. when I install Spysweeper because it seems to be useless at finding these bugs.
What's your opinion on SUPERAntiSpyware? Are there any known conflicts between Spybot, SuperAntiSpyware, Spysweeper?
Is the upgraded version of Spysweeper superior to the trial version. I'd like to have something that monitors the Registry and any rootkit changes. I'd be happy with a Keylogger program too.
I ran Spysweeper + SuperAntiSpyware again and only found cookies.
Thanks for your time and have a Happy Fourth of July!
Steven

Edited by steven, 03 July 2007 - 10:22 PM.


#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 04 July 2007 - 12:40 PM

Hello Steven,

Can you tell me if you're still having the problems you mentioned, like with Verizon?

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

What's your opinion on SUPERAntiSpyware?

If you like it, keep it. Not every program gets every little thing, but this is a good program. :thumbsup:

Are there any known conflicts between Spybot, SuperAntiSpyware, Spysweeper?

Not that I know of, but don't overdo with the realtime shields that these employ. Those use resources. My suggestion would be to use realtime shields with SpySweeper and run scans with the other 2 every so often, but leave their shields off.

Everything else still all right?

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 05 July 2007 - 01:03 AM

Hello Tea,
I did as you asked. Did another Sweep, no bugs found.
Tonight I tried searching for a site from the MSN search bar, and was redirected to the Netster search engine. Tried searching from the Google bar, with Netster taking over.
I had to manually go to Google's site + search from there.
I've ran all my sweepers + found nothing. But, I know someting isn't right because of Netster + my website not found / page expired warnings for some of my sites from My Favorites.
After I sign off, I'll do all my sweeps again. (That'll take most of 90 minutes.)
Have a Good Evening, and Thanks for your Help!
Steven

Decided to edit the post.
I thoght I was in big trouble! I couldn't open Websweeper, spysubtract. Couldn't restart system, or even shut down. Cont. Alt.Del. wouldn't even work. Did an emergency shut down and that fixed all that.
I forgot to mention when I first started this thread that I cannot restart in safe mode. I still can't restart in safe mode. I get this warning: IRQL_NOT_LESS_OR_EQUAL. Any ideas on this?

Edited by steven, 05 July 2007 - 01:55 PM.


#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 06 July 2007 - 11:52 AM

Hi Steven,

Oy Vay!! :thumbsup:

Let's get some more armor in place and we'll take care of safe mode when you're clean. Keep the kiddos off the computer until we take care of this part, please.

Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing "Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf
Save the file to the desktop. Then go to the desktop, right click on DelDomains.inf, and choose Install. You may not see any noticeable changes or prompts; this is normal. Then please restart your computer.

Look in Add/Remove Programs and remove Netster, if it's there. Reboot after. If it's not there,using Windows Explorer, do a search for Netster and delete anything to do with it. Reboot and see what your scans say after.

Let me know how that goes, and what problems you're having now, besides safe mode. We'll deal with that in a bit. Also, PLEASE keep the kids off the computer for now. As I said at first, no matter how good your protection is, it won't stop anything that is let in willingly.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 08 July 2007 - 01:12 AM

Hello Teacup.
Oy Vey?
I don't like the sound of that! That's probably what the passengers said on the Titanic., just before they had that sinking feeling.
OK, the only kid that has been on the computer the last 5 days is my Daughter. The only thing she does, is go to Disney's web sites and IM's her friends. I know all her friends and my computer is right off from my kitchen, open to plain view. The only places I go to are; my favorites - like Ebay, 4 wheel drive sites, + a couple of yahoo groups.
Spybot caught Netster after her IM session and I haven't seen it since. (Cleaned with Spybot.)
Now; to the meat and potato's!
I had a dickens of a time downloading Hostxpert. It simply would not install - period. I finally got it to download to My Doc's. folder. It also did not show the exact way to install, as you suggested. So I did the following:
Only option in the upper left hand corner, was a padlock symbol- unlocked - locked. I clicked on the unlocked part. Clicked Make Read Only, Clicked Backup - yes- Restore backup. Clicked Restore MS Hosts File. Closed.
Was this OK? I really have no way to tell if I was effective in my assumptions. How will I know if the file has been restored?
The next task was easily done, with just a quick page blink, then back to normal.
Did all scans - nothing. The closest I have in Add / Remove is, NetActive Launcher and Net Waiting.
I know this is a lot to digest, but I hope it helps in your diagnosis of my maladies.
Have a Great Weekend, Steven

Edit: I don't IM, so I have no clue as to how that stuff works. Is there any way to scan the IM stuff to see if maybe she clicked on infected emoticon, or some other infected symbols that float around on her page?

Edited by steven, 08 July 2007 - 09:49 PM.


#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:50 PM

Posted 09 July 2007 - 10:59 AM

Hi Steven,

Still having problems with Netster? No Titanic implications in that comment. :thumbsup: Just meant that with everything we've looked at and done you should be clean now. Sounds like HostsXpert ended up all right, so no biggie there.. :flowers:

I'm not entirely sure about how McAfee works, but with other AVs you should be able to right click on just about anything and scan it.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 steven

steven
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:11:50 PM

Posted 09 July 2007 - 04:43 PM

Hi Teacup.
I think Spybot got rid of Netster.
I think there is something installing itself from my son's page. My daughter watched a movie on his page - no online kiddo activity - + after scanning Spybot found MYWebSearch. I have done this same procedure before, scan, click fix, get warning that all found not be fixed - restart - scan - it's gone. So I think. Mywebsearch keeps coming back! It registers under HKEY_Users-Mywebsearch + under IE\SearchScopes + under CurrentVersion\Ext\Stats.
Will any spyware show up in Task Manager - processes- when the system is running? I have some things running that I have questions about.
Sometimes I can be simply reading something online + all of a sudden my computer starts processing a lot of info, like when it auto updates, but I have all that turned off at this time.
What about restarting in safe mode? Can I try it again?
I went to TrendMicro's page to do an online scan; left the system on - online - for 5 hours + I still couldn't scan. I think the scan was being blocked.
Would you advise downloading some dialer / port scanners? I'm curious to see if anythings just listening for my connection?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users