Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Spyware or Virus Screwing Up My System, Help please!

(New)
(!)

AdmiralZ's Avatar
AdmiralZ AdmiralZ is offline
Senior Member with 219 posts.
THREAD STARTER
 
Join Date: Apr 2005
Experience: Intermediate
17-Apr-2006, 07:25 AM #1
Spyware or Virus Screwing Up My System, Help please!
I've got something on my computer that does the following things:

Changes my homepage to www.gophersearch.com
Brings up porn-related pop-ups when I'm using IE
Slows down my computer to the point where things stop responding.

I've scanned with McAfee, and Ad-Aware and removed everything found there, but still, the majority of the problem remains, can anyone help?
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
17-Apr-2006, 08:04 AM #2
hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
AdmiralZ's Avatar
AdmiralZ AdmiralZ is offline
Senior Member with 219 posts.
THREAD STARTER
 
Join Date: Apr 2005
Experience: Intermediate
17-Apr-2006, 08:11 AM #3
Thanks. Here's the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:10:32, on 17/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\runservice.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/u...en/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [G3] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKLM\..\Run: [5sFS3mT] fecntcls.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [aqijfi] c:\windows\system32\xxbwcvi.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [dgrpsetu] C:\WINDOWS\System32\dgrpsetu.exe
O4 - HKCU\..\Run: [pautoenr] C:\WINDOWS\System32\pautoenr.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Dougie_2\Application Data\h??o?.exe
O4 - HKCU\..\Run: [atiupdate] C:\DOCUME~1\Dougie_2\LOCALS~1\Temp\msshed32.exe
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: UCmore XP - The Search Accelerator.lnk = ?
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk552YYGB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/62...bridge-c10.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1110069436593
O16 - DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - http://scripts.downloadv3.com/binari...1047_EN_XP.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/...chsettings.cab
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba217.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 80.225.252.58 80.225.252.50
O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 80.225.252.58 80.225.252.50
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
17-Apr-2006, 08:58 AM #4
you'll need to run the LSPfix to repair winsock.

http://cexx.org/lspfix.htm


Launch the application, and click the "I know what I'm doing" checkbox.
This is the dll in question, newdotnet6_38.dll move it to the right hand pane and hit "finish"



Download the pocket killbox

http://www.bleepingcomputer.com/files/killbox.php



Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

http://www.webroot.com/consumer/prod...de=af1&rc=4129


* Click the Free Trial link under "Downloads/SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits
o Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.


After running spysweeper run these scans!



* Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.






* Click here to download ATF Cleaner by Atribune and save it to your desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html


* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.


* Click here for info on how to boot to safe mode if you don't already know
how.

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam



* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



have hijack this fix these entries. close all browsers and programmes before
clicking FIX.


O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
O4 - HKLM\..\Run: [G3] C:\WINDOWS\System32\GSMedia3.exe
O4 - HKLM\..\Run: [5sFS3mT] fecntcls.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [aqijfi] c:\windows\system32\xxbwcvi.exe
O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
O4 - HKCU\..\Run: [dgrpsetu] C:\WINDOWS\System32\dgrpsetu.exe
O4 - HKCU\..\Run: [pautoenr] C:\WINDOWS\System32\pautoenr.exe
O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Dougie_2\Application Data\h??o?.exe
O4 - HKCU\..\Run: [atiupdate] C:\DOCUME~1\Dougie_2\LOCALS~1\Temp\msshed32.exe
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - http://scripts.downloadv3.com/binari...1047_EN_XP.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab
O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba217.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe



Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.


C:\WINDOWS\System32\rlmtcs.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
C:\Program Files\Viewpoint
C:\WINDOWS\System32\psoft1.exe
C:\WINDOWS\System32\GSMedia3.exe
C:\WINDOWS\System32\fecntcls.exe
C:\WINDOWS\fecntcls.exe
c:\windows\system32\xxbwcvi.exe
C:\WINDOWS\iccontrol.exe
C:\WINDOWS\System32\dgrpsetu.exe
C:\Documents and Settings\Dougie_2\Application Data\h??o?.exe
C:\DOCUME~1\Dougie_2\LOCALS~1\Temp\msshed32.exe
c:\eied_s7.cab


* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop



reboot to normal mode and run a few online scans!


Run ActiveScan online virus scan here

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!


post another hijack this log, the ewido, spysweeper and active scan logs

Last edited by khazars; 17-Apr-2006 at 02:18 PM..
AdmiralZ's Avatar
AdmiralZ AdmiralZ is offline
Senior Member with 219 posts.
THREAD STARTER
 
Join Date: Apr 2005
Experience: Intermediate
17-Apr-2006, 02:15 PM #5
Mamma mia. There's a whole lot of crap wrong with my computer!

Thanks dude.
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
17-Apr-2006, 02:16 PM #6
you're welcome, happy hunting lol
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
17-Apr-2006, 02:18 PM #7
I had to edit post 4, please refresh your broswer to see the changes!
AdmiralZ's Avatar
AdmiralZ AdmiralZ is offline
Senior Member with 219 posts.
THREAD STARTER
 
Join Date: Apr 2005
Experience: Intermediate
17-Apr-2006, 04:23 PM #8
Spy Sweeper Log:

********
20:32: | Start of Session, 17 April 2006 |
20:32: Spy Sweeper started
20:32: Sweep initiated using definitions version 659
20:32: Starting Memory Sweep
20:32: Found Adware: begin2search
20:32: Detected running threat: C:\WINDOWS\System32\rlmtcs.dll (ID = 273264)
20:37: Memory Sweep Complete, Elapsed Time: 00:04:25
20:37: Starting Registry Sweep
20:37: Found Adware: apropos
20:37: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
20:37: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729)
20:37: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
20:37: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767)
20:37: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
20:37: Found Adware: blazefind
20:37: HKLM\software\classes\winctladx.installer\ (3 subtraces) (ID = 104503)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/admilliservx.dll\ (2 subtraces) (ID = 104525)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\admilliservx.dll (ID = 104540)
20:37: HKCR\winctladx.installer\ (3 subtraces) (ID = 104569)
20:37: Found Adware: blazefind_adman
20:37: HKLM\software\aaowier\ (ID = 104579)
20:37: Found Adware: blazefind_adstat
20:37: HKCR\adstatservx.installer\ (3 subtraces) (ID = 104585)
20:37: HKLM\software\classes\adstatservx.installer\ (3 subtraces) (ID = 104586)
20:37: Found Adware: bookedspace
20:37: HKLM\software\configuration manager\cfgmgr52\ (207 subtraces) (ID = 104873)
20:37: Found Adware: coolwebsearch (cws)
20:37: HKLM\software\microsoft\code store database\distribution units\{10000000-1000-0000-1000-000000000000}\ (7 subtraces) (ID = 109814)
20:37: Found Adware: dealhelper
20:37: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
20:37: Found Adware: effective-i toolbar
20:37: HKLM\software\iemenuextension\ (ID = 125660)
20:37: Found Adware: ezula ilookup
20:37: HKLM\software\microsoft\windows\currentversion\uninstall\web offer\ (3 subtraces) (ID = 126299)
20:37: Found Adware: gophersearch hijack
20:37: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 126950)
20:37: Found Adware: ist istbar
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\istactivex.dll (ID = 129174)
20:37: Found Trojan Horse: kitten free sex dialer
20:37: HKLM\software\sds software\ (12 subtraces) (ID = 129640)
20:37: Found Adware: wild media - minigolf
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (2 subtraces) (ID = 135052)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058)
20:37: Found Trojan Horse: trojan-downloader-pacisoft
20:37: HKLM\software\microsoft\windows\currentversion\run\ || psoft1 (ID = 136527)
20:37: Found Adware: purityscan
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
20:37: Found Adware: elitemediagroup-mediamotor
20:37: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (25 subtraces) (ID = 140032)
20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
20:37: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\ (2 subtraces) (ID = 140170)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 140199)
20:37: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
20:37: Found Adware: searchrelevancy
20:37: HKCR\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141290)
20:37: HKCR\searchrelevant\ (3 subtraces) (ID = 141291)
20:37: HKLM\software\classes\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141293)
20:37: HKLM\software\classes\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (9 subtraces) (ID = 141295)
20:37: HKLM\software\classes\searchrelevant\ (3 subtraces) (ID = 141296)
20:37: HKLM\software\classes\updater.bho\ (5 subtraces) (ID = 141297)
20:37: HKLM\software\searchrelevancy\ (3 subtraces) (ID = 141300)
20:37: HKCR\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (9 subtraces) (ID = 141302)
20:37: HKCR\updater.bho\ (5 subtraces) (ID = 141303)
20:37: Found Trojan Horse: topconverting downloader
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/loader2.ocx\ (2 subtraces) (ID = 143815)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\loader2.ocx (ID = 143829)
20:37: Found Trojan Horse: trojan-downloader-updateagent
20:37: HKLM\software\winsysupdate\ (3 subtraces) (ID = 144817)
20:37: Found Adware: webdial dialer
20:37: HKCR\webdial.main\ (5 subtraces) (ID = 146225)
20:37: HKCR\webdial.main.1\ (3 subtraces) (ID = 146226)
20:37: HKCR\clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\ (11 subtraces) (ID = 146227)
20:37: HKCR\typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\ (9 subtraces) (ID = 146228)
20:37: HKLM\software\classes\webdial.main\ (5 subtraces) (ID = 146229)
20:37: HKLM\software\classes\webdial.main.1\ (3 subtraces) (ID = 146230)
20:37: HKLM\software\classes\clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\ (11 subtraces) (ID = 146231)
20:37: HKLM\software\classes\typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\ (9 subtraces) (ID = 146232)
20:37: Found Adware: wildmedia
20:37: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
20:37: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
20:37: Found Adware: winad
20:37: HKCR\mediapassx.installer\ (3 subtraces) (ID = 147160)
20:37: HKLM\software\classes\mediapassx.installer\ (3 subtraces) (ID = 147174)
20:37: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediapassx.dll\ (2 subtraces) (ID = 147192)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadservx.dll\ (2 subtraces) (ID = 147195)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediapassx.dll (ID = 147222)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadservx.dll (ID = 147224)
20:37: Found Adware: ist software
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
20:37: Found Adware: ist yoursitebar
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
20:37: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
20:37: HKCR\rlmtcs.amo\ (5 subtraces) (ID = 1221370)
20:37: HKCR\rlmtcs.amo.1\ (3 subtraces) (ID = 1221375)
20:37: HKCR\rlmtcs.iiittt\ (5 subtraces) (ID = 1221378)
20:37: HKCR\rlmtcs.iiittt.1\ (3 subtraces) (ID = 1221383)
20:37: HKCR\rlmtcs.momo\ (5 subtraces) (ID = 1221386)
20:37: HKCR\rlmtcs.momo.1\ (3 subtraces) (ID = 1221391)
20:37: HKCR\rlmtcs.ohb\ (5 subtraces) (ID = 1221394)
20:37: HKCR\rlmtcs.ohb.1\ (3 subtraces) (ID = 1221399)
20:37: HKCR\clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\ (22 subtraces) (ID = 1221414)
20:37: HKCR\clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\ (11 subtraces) (ID = 1221437)
20:37: HKCR\clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\ (11 subtraces) (ID = 1221461)
20:37: HKCR\clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\ (11 subtraces) (ID = 1221473)
20:37: HKCR\typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\ (9 subtraces) (ID = 1221485)
20:37: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8888041-b24a-4b0b-911b-12b018e43f21}\ (1 subtraces) (ID = 1221520)
20:37: HKLM\software\classes\rlmtcs.amo\ (5 subtraces) (ID = 1221526)
20:37: HKLM\software\classes\rlmtcs.amo.1\ (3 subtraces) (ID = 1221531)
20:37: HKLM\software\classes\rlmtcs.iiittt\ (5 subtraces) (ID = 1221534)
20:37: HKLM\software\classes\rlmtcs.iiittt.1\ (3 subtraces) (ID = 1221539)
20:37: HKLM\software\classes\rlmtcs.momo\ (5 subtraces) (ID = 1221542)
20:37: HKLM\software\classes\rlmtcs.momo.1\ (3 subtraces) (ID = 1221547)
20:37: HKLM\software\classes\rlmtcs.ohb\ (5 subtraces) (ID = 1221550)
20:37: HKLM\software\classes\rlmtcs.ohb.1\ (3 subtraces) (ID = 1221555)
20:37: HKLM\software\classes\clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\ (22 subtraces) (ID = 1221570)
20:37: HKLM\software\classes\clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\ (11 subtraces) (ID = 1221593)
20:37: HKLM\software\classes\clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\ (11 subtraces) (ID = 1221617)
20:37: HKLM\software\classes\clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\ (11 subtraces) (ID = 1221629)
20:37: HKLM\software\classes\typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\ (9 subtraces) (ID = 1221641)
20:37: Found Adware: big web portal
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ || mst (ID = 104396)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ || ttttlll (ID = 104397)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ || iiiilll (ID = 104398)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ffffaaa\ (2 subtraces) (ID = 104399)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ssss\ (2 subtraces) (ID = 104400)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\iiii\ (4 subtraces) (ID = 104401)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\pppp\ (2 subtraces) (ID = 104402)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ (23 subtraces) (ID = 104404)
20:37: Found Adware: cws-aboutblank
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
20:37: Found Adware: desktoptraffic
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\eeennn\ (ID = 124993)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\iemenuextension\ (7 subtraces) (ID = 125659)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\ || searchurl (ID = 126947)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search bar (ID = 126948)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search page (ID = 126949)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\search\ || searchassistant (ID = 126951)
20:37: Found Adware: instant access
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\p2eclient\ (1 subtraces) (ID = 128846)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\psoft1\ (12 subtraces) (ID = 136531)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\windows\currentversion\run\ || ncao (ID = 138536)
20:37: Found Trojan Horse: trojan-downloader-moneymind
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\windows\currentversion\run\ || atiupdate (ID = 594267)
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
AdmiralZ's Avatar
AdmiralZ AdmiralZ is offline
Senior Member with 219 posts.
THREAD STARTER
 
Join Date: Apr 2005
Experience: Intermediate
17-Apr-2006, 04:24 PM #9
20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || start page (ID = 1221662)
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\share_bwp\ (2 subtraces) (ID = 104404)
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\iemenuextension\ (5 subtraces) (ID = 125659)
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {6b95678d-30a4-4ff8-a72f-4208340c1f7f} (ID = 125667)
20:37: Found Adware: 180search assistant/zango
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\180ax\ (3 subtraces) (ID = 135615)
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\saap\ (10 subtraces) (ID = 135784)
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\salm\ (3 subtraces) (ID = 135792)
20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\psoft1\ (2 subtraces) (ID = 136531)
20:37: Registry Sweep Complete, Elapsed Time:00:00:29
20:37: Starting Cookie Sweep
20:37: Found Spy Cookie: 2o7.net cookie
20:37: dougie_2@112.2o7[1].txt (ID = 1958)
20:37: dougie_2@122.2o7[1].txt (ID = 1958)
20:37: Found Spy Cookie: 3 cookie
20:37: dougie_2@207.36.3[2].txt (ID = 1960)
20:37: dougie_2@3[1].txt (ID = 1959)
20:37: dougie_2@3[2].txt (ID = 1959)
20:37: dougie_2@3[3].txt (ID = 1959)
20:37: Found Spy Cookie: 5 cookie
20:37: dougie_2@5[1].txt (ID = 1979)
20:37: Found Spy Cookie: 64.62.232 cookie
20:37: dougie_2@64.62.232[1].txt (ID = 1987)
20:37: dougie_2@64.62.232[2].txt (ID = 1987)
20:37: dougie_2@64.62.232[3].txt (ID = 1987)
20:37: dougie_2@64.62.232[4].txt (ID = 1987)
20:37: dougie_2@64.62.232[5].txt (ID = 1987)
20:37: Found Spy Cookie: 66.70.21 cookie
20:37: dougie_2@66.70.21[1].txt (ID = 1999)
20:37: Found Spy Cookie: 888 cookie
20:37: dougie_2@888[2].txt (ID = 2019)
20:37: dougie_2@888[3].txt (ID = 2019)
20:37: Found Spy Cookie: websponsors cookie
20:37: dougie_2@a.websponsors[1].txt (ID = 3665)
20:37: Found Spy Cookie: about cookie
20:37: dougie_2@about[2].txt (ID = 2037)
20:37: Found Spy Cookie: yieldmanager cookie
20:37: dougie_2@ad.yieldmanager[2].txt (ID = 3751)
20:37: Found Spy Cookie: adecn cookie
20:37: dougie_2@adecn[2].txt (ID = 2063)
20:37: Found Spy Cookie: adknowledge cookie
20:37: dougie_2@adknowledge[2].txt (ID = 2072)
20:37: Found Spy Cookie: adlegend cookie
20:37: dougie_2@adlegend[2].txt (ID = 2074)
20:37: Found Spy Cookie: hbmediapro cookie
20:37: dougie_2@adopt.hbmediapro[2].txt (ID = 2768)
20:37: Found Spy Cookie: hotbar cookie
20:37: dougie_2@adopt.hotbar[2].txt (ID = 4207)
20:37: Found Spy Cookie: precisead cookie
20:37: dougie_2@adopt.precisead[2].txt (ID = 3182)
20:37: Found Spy Cookie: specificclick.com cookie
20:37: dougie_2@adopt.specificclick[2].txt (ID = 3400)
20:37: Found Spy Cookie: adorigin cookie
20:37: dougie_2@adorigin[1].txt (ID = 2082)
20:37: Found Spy Cookie: adprofile cookie
20:37: dougie_2@adprofile[2].txt (ID = 2084)
20:37: Found Spy Cookie: cc214142 cookie
20:37: dougie_2@ads.cc214142[1].txt (ID = 2367)
20:37: Found Spy Cookie: inet-traffic.com cookie
20:37: dougie_2@ads.inet-traffic[2].txt (ID = 2856)
20:37: Found Spy Cookie: bpath cookie
20:37: dougie_2@ads49.bpath[1].txt (ID = 2321)
20:37: Found Spy Cookie: adtech cookie
20:37: dougie_2@adtech[2].txt (ID = 2155)
20:37: Found Spy Cookie: adultfriendfinder cookie
20:37: dougie_2@adultfriendfinder[2].txt (ID = 2165)
20:37: Found Spy Cookie: adultrevenueservice cookie
20:37: dougie_2@adultrevenueservice[2].txt (ID = 2167)
20:37: Found Spy Cookie: advertising cookie
20:37: dougie_2@advertising[2].txt (ID = 2175)
20:37: Found Spy Cookie: angelfire cookie
20:37: dougie_2@angelfire[1].txt (ID = 2221)
20:37: dougie_2@animatedtv.about[2].txt (ID = 2038)
20:37: Found Spy Cookie: associated new media cookie
20:37: dougie_2@anm.co[1].txt (ID = 2223)
20:37: Found Spy Cookie: askmen cookie
20:37: dougie_2@askmen[2].txt (ID = 2247)
20:37: Found Spy Cookie: ask cookie
20:37: dougie_2@ask[1].txt (ID = 2245)
20:37: Found Spy Cookie: atlas dmt cookie
20:37: dougie_2@atdmt[2].txt (ID = 2253)
20:37: Found Spy Cookie: belnk cookie
20:37: dougie_2@ath.belnk[1].txt (ID = 2293)
20:37: Found Spy Cookie: atwola cookie
20:37: dougie_2@atwola[1].txt (ID = 2255)
20:37: Found Spy Cookie: azjmp cookie
20:37: dougie_2@azjmp[2].txt (ID = 2270)
20:37: Found Spy Cookie: a cookie
20:37: dougie_2@a[1].txt (ID = 2027)
20:37: Found Spy Cookie: casalemedia cookie
20:37: dougie_2@b.casalemedia[1].txt (ID = 2355)
20:37: Found Spy Cookie: banners cookie
20:37: dougie_2@banners[1].txt (ID = 2282)
20:37: dougie_2@belnk[1].txt (ID = 2292)
20:37: Found Spy Cookie: bizrate cookie
20:37: dougie_2@bizrate[1].txt (ID = 2308)
20:37: Found Spy Cookie: bravenet cookie
20:37: dougie_2@bravenet[1].txt (ID = 2322)
20:37: Found Spy Cookie: touchclarity cookie
20:37: dougie_2@btow.touchclarity[1].txt (ID = 3566)
20:37: Found Spy Cookie: burstnet cookie
20:37: dougie_2@burstnet[2].txt (ID = 2336)
20:37: Found Spy Cookie: enhance cookie
20:37: dougie_2@c.enhance[1].txt (ID = 2614)
20:37: Found Spy Cookie: goclick cookie
20:37: dougie_2@c.goclick[2].txt (ID = 2733)
20:37: Found Spy Cookie: gostats cookie
20:37: dougie_2@c2.gostats[1].txt (ID = 2748)
20:37: dougie_2@c3.gostats[2].txt (ID = 2748)
20:37: dougie_2@c4.gostats[2].txt (ID = 2748)
20:37: Found Spy Cookie: cassava cookie
20:37: dougie_2@cassava[1].txt (ID = 2362)
20:37: Found Spy Cookie: tripod cookie
20:37: dougie_2@celebrities2000.tripod[1].txt (ID = 3592)
20:37: Found Spy Cookie: commission junction cookie
20:37: dougie_2@cj[2].txt (ID = 2453)
20:37: dougie_2@classictv.about[1].txt (ID = 2038)
20:37: dougie_2@cnn.122.2o7[1].txt (ID = 1958)
20:37: dougie_2@compsimgames.about[1].txt (ID = 2038)
20:37: Found Spy Cookie: clickzs cookie
20:37: dougie_2@cz3.clickzs[2].txt (ID = 2413)
20:37: dougie_2@cz4.clickzs[2].txt (ID = 2413)
20:37: dougie_2@cz5.clickzs[1].txt (ID = 2413)
20:37: dougie_2@cz6.clickzs[2].txt (ID = 2413)
20:37: dougie_2@cz7.clickzs[2].txt (ID = 2413)
20:37: dougie_2@cz8.clickzs[2].txt (ID = 2413)
20:37: dougie_2@cz9.clickzs[2].txt (ID = 2413)
20:37: Found Spy Cookie: overture cookie
20:37: dougie_2@data2.perf.overture[1].txt (ID = 3106)
20:37: Found Spy Cookie: dealhelper cookie
20:37: dougie_2@dealhelper[1].txt (ID = 2503)
20:37: Found Spy Cookie: dealtime cookie
20:37: dougie_2@dealtime[2].txt (ID = 2505)
20:37: dougie_2@depression.about[1].txt (ID = 2038)
20:37: Found Spy Cookie: did-it cookie
20:37: dougie_2@did-it[1].txt (ID = 2523)
20:37: dougie_2@dist.belnk[2].txt (ID = 2293)
20:37: Found Spy Cookie: dist cookie
20:37: dougie_2@dist[2].txt (ID = 4648)
20:37: dougie_2@easyjet.touchclarity[1].txt (ID = 3566)
20:37: Found Spy Cookie: howstuffworks cookie
20:37: dougie_2@electronics.howstuffworks[1].txt (ID = 2806)
20:37: Found Spy Cookie: go.com cookie
20:37: dougie_2@espn.go[2].txt (ID = 2729)
20:37: Found Spy Cookie: exitexchange cookie
20:37: dougie_2@exitexchange[1].txt (ID = 2633)
20:37: Found Spy Cookie: fe.lea.lycos.com cookie
20:37: dougie_2@fe.lea.lycos[1].txt (ID = 2660)
20:37: dougie_2@firstdirect.touchclarity[1].txt (ID = 3566)
20:37: dougie_2@frenchfood.about[1].txt (ID = 2038)
20:37: Found Spy Cookie: gamespy cookie
20:37: dougie_2@gamespy[2].txt (ID = 2719)
20:37: dougie_2@gettyimages.122.2o7[1].txt (ID = 1958)
20:37: dougie_2@gm.touchclarity[1].txt (ID = 3566)
20:37: Found Spy Cookie: go2net.com cookie
20:37: dougie_2@go2net[1].txt (ID = 2730)
20:37: Found Spy Cookie: goldenpalace cookie
20:37: dougie_2@goldenpalace[2].txt (ID = 2734)
20:37: dougie_2@gostats[1].txt (ID = 2747)
20:37: dougie_2@go[2].txt (ID = 2728)
20:37: Found Spy Cookie: starware.com cookie
20:37: dougie_2@h.starware[2].txt (ID = 3442)
20:37: dougie_2@hertz.122.2o7[1].txt (ID = 1958)
20:37: Found Spy Cookie: clickandtrack cookie
20:37: dougie_2@hits.clickandtrack[2].txt (ID = 2397)
20:37: dougie_2@howstuffworks[1].txt (ID = 2805)
20:37: dougie_2@htmlgear.tripod[2].txt (ID = 3592)
20:37: Found Spy Cookie: screensavers.com cookie
20:37: dougie_2@i.screensavers[2].txt (ID = 3298)
20:37: Found Spy Cookie: ic-live cookie
20:37: dougie_2@ic-live[1].txt (ID = 2821)
20:37: Found Spy Cookie: imlive.com cookie
20:37: dougie_2@imlive[1].txt (ID = 2843)
20:37: Found Spy Cookie: infospace cookie
20:37: dougie_2@infospace[2].txt (ID = 2865)
20:37: Found Spy Cookie: kmpads cookie
20:37: dougie_2@kmpads[2].txt (ID = 2909)
20:37: Found Spy Cookie: kount cookie
20:37: dougie_2@kount[1].txt (ID = 2911)
20:37: dougie_2@losangeles.about[1].txt (ID = 2038)
20:37: dougie_2@marksandspencer.122.2o7[1].txt (ID = 1958)
20:37: Found Spy Cookie: top-banners cookie
20:37: dougie_2@media.top-banners[1].txt (ID = 3548)
20:37: Found Spy Cookie: ugo cookie
20:37: dougie_2@mediamgr.ugo[2].txt (ID = 3609)
20:37: Found Spy Cookie: mp3downloadhq cookie
20:37: dougie_2@mp3downloadhq[1].txt (ID = 3014)
20:37: Found Spy Cookie: mrskin cookie
20:37: dougie_2@mrskin[1].txt (ID = 3020)
20:37: dougie_2@msn.touchclarity[1].txt (ID = 3566)
20:37: Found Spy Cookie: mywebsearch cookie
20:37: dougie_2@mywebsearch[1].txt (ID = 3051)
20:37: Found Spy Cookie: nextag cookie
20:37: dougie_2@nextag[1].txt (ID = 5014)
20:37: Found Spy Cookie: nuker cookie
20:37: dougie_2@nuker[2].txt (ID = 3085)
20:37: Found Spy Cookie: offeroptimizer cookie
20:37: dougie_2@offeroptimizer[1].txt (ID = 3087)
20:37: Found Spy Cookie: one-time-offer cookie
20:37: dougie_2@one-time-offer[2].txt (ID = 3095)
20:37: dougie_2@overture[2].txt (ID = 3105)
20:37: dougie_2@partygaming.122.2o7[1].txt (ID = 1958)
20:37: Found Spy Cookie: partypoker cookie
20:37: dougie_2@partypoker[2].txt (ID = 3111)
20:37: Found Spy Cookie: passion cookie
20:37: dougie_2@passion[2].txt (ID = 3113)
20:37: Found Spy Cookie: paypopup cookie
20:37: dougie_2@paypopup[1].txt (ID = 3119)
20:37: dougie_2@pc.gamespy[1].txt (ID = 2719)
20:37: Found Spy Cookie: pricegrabber cookie
20:37: dougie_2@pricegrabber[1].txt (ID = 3185)
20:37: Found Spy Cookie: rednova cookie
20:37: dougie_2@rednova[2].txt (ID = 3245)
20:37: Found Spy Cookie: revenue.net cookie
20:37: dougie_2@revenue[2].txt (ID = 3257)
20:37: Found Spy Cookie: directtrack cookie
20:37: dougie_2@ridemg.directtrack[2].txt (ID = 2528)
20:37: Found Spy Cookie: adjuggler cookie
20:37: dougie_2@rotator.adjuggler[1].txt (ID = 2071)
20:37: Found Spy Cookie: co cookie
20:37: dougie_2@rs0.co[1].txt (ID = 2430)
20:37: dougie_2@rsi.espn.go[1].txt (ID = 2729)
20:37: Found Spy Cookie: tvguide cookie
20:37: dougie_2@rsi.tvguide[1].txt (ID = 3600)
20:37: dougie_2@science.howstuffworks[1].txt (ID = 2806)
20:37: dougie_2@scifi.about[1].txt (ID = 2038)
20:37: dougie_2@sdc.tvguide[1].txt (ID = 3600)
20:37: Found Spy Cookie: web-stat cookie
20:37: dougie_2@server3.web-stat[1].txt (ID = 3649)
20:37: Found Spy Cookie: servlet cookie
20:37: dougie_2@servlet[2].txt (ID = 3345)
20:37: dougie_2@sideshow.directtrack[1].txt (ID = 2528)
20:37: dougie_2@southernfood.about[1].txt (ID = 2038)
20:37: dougie_2@spanish.about[2].txt (ID = 2038)
20:37: dougie_2@sports.espn.go[2].txt (ID = 2729)
20:37: dougie_2@stat.dealtime[2].txt (ID = 2506)
20:37: Found Spy Cookie: statcounter cookie
20:37: dougie_2@statcounter[1].txt (ID = 3447)
20:37: Found Spy Cookie: reliablestats cookie
20:37: dougie_2@stats1.reliablestats[2].txt (ID = 3254)
20:37: Found Spy Cookie: stlyrics cookie
20:37: dougie_2@stlyrics[2].txt (ID = 3461)
20:37: Found Spy Cookie: tacoda cookie
20:37: dougie_2@tacoda[1].txt (ID = 6444)
20:37: dougie_2@teentvmovies.about[1].txt (ID = 2038)
20:37: dougie_2@theaa.touchclarity[1].txt (ID = 3566)
20:37: dougie_2@thomascook.122.2o7[1].txt (ID = 1958)
20:37: Found Spy Cookie: tracking cookie
20:37: dougie_2@tracking[1].txt (ID = 3571)
20:37: Found Spy Cookie: trb.com cookie
20:37: dougie_2@trb[1].txt (ID = 3587)
20:37: dougie_2@tvguide[2].txt (ID = 3599)
20:37: dougie_2@ugo[1].txt (ID = 3608)
20:37: dougie_2@ugo[3].txt (ID = 3608)
20:37: Found Spy Cookie: upspiral cookie
20:37: dougie_2@upspiral[1].txt (ID = 3614)
20:37: Found Spy Cookie: videodome cookie
20:37: dougie_2@videodome[2].txt (ID = 3638)
20:37: dougie_2@vip.clickzs[1].txt (ID = 2413)
20:37: dougie_2@vip2.clickzs[2].txt (ID = 2413)
20:37: dougie_2@web-stat[2].txt (ID = 3648)
20:37: Found Spy Cookie: megago cookie
20:37: dougie_2@www.3xtreme.freeservers[1].txt (ID = 2983)
20:37: dougie_2@www.888[2].txt (ID = 2020)
20:37: Found Spy Cookie: burstbeacon cookie
20:37: dougie_2@www.burstbeacon[1].txt (ID = 2335)
20:37: Found Spy Cookie: buzztone cookie
20:37: dougie_2@www.buzztone[1].txt (ID = 2339)
20:38: Found Spy Cookie: clickads cookie
20:38: dougie_2@www.clickads[1].txt (ID = 4643)
20:38: dougie_2@www.freeservers[2].txt (ID = 2983)
20:38: Found Spy Cookie: hermoment.com cookie
20:38: dougie_2@www.hermoment[1].txt (ID = 2774)
20:38: Found Spy Cookie: hitboss.com cookie
20:38: dougie_2@www.hitboss[1].txt (ID = 2782)
20:38: dougie_2@www.howstuffworks[1].txt (ID = 2806)
20:38: Found Spy Cookie: myaffiliateprogram.com cookie
20:38: dougie_2@www.myaffiliateprogram[1].txt (ID = 3032)
20:38: dougie_2@www.screensavers[1].txt (ID = 3298)
20:38: Found Spy Cookie: seeq cookie
20:38: dougie_2@www.seeq[1].txt (ID = 3332)
20:38: Found Spy Cookie: starpulse cookie
20:38: dougie_2@www.starpulse[1].txt (ID = 3440)
20:38: dougie_2@www.stlyrics[1].txt (ID = 3462)
20:38: Found Spy Cookie: thecoolbar cookie
20:38: dougie_2@www.thecoolbar[2].txt (ID = 3522)
20:38: Found Spy Cookie: traffic2cash cookie
20:38: dougie_2@www.traffic2cash[1].txt (ID = 3580)
20:38: dougie_2@www.upspiral[2].txt (ID = 3615)
20:38: dougie_2@www.web-stat[2].txt (ID = 3649)
20:38: Found Spy Cookie: claxonmedia cookie
20:38: dougie_2@www1.claxonmedia[2].txt (ID = 2388)
20:38: dougie_2@www2.claxonmedia[1].txt (ID = 2389)
20:38: dougie_2@www3.claxonmedia[2].txt (ID = 2387)
20:38: dougie_2@www48.seeq[1].txt (ID = 3332)
20:38: Found Spy Cookie: xiti cookie
20:38: dougie_2@xiti[1].txt (ID = 3717)
20:38: Found Spy Cookie: xren_cj cookie
20:38: dougie_2@xren_cj[1].txt (ID = 3723)
20:38: Found Spy Cookie: yadro cookie
20:38: dougie_2@yadro[2].txt (ID = 3743)
20:38: dougie_2@yieldmanager[2].txt (ID = 3749)
20:38: dougie@112.2o7[1].txt (ID = 1958)
20:38: dougie@ask[1].txt (ID = 2245)
20:38: dougie@a[1].txt (ID = 2027)
20:38: dougie@banners[1].txt (ID = 2282)
20:38: dougie@web.ask[1].txt (ID = 2246)
20:38: dougie@www.ask[1].txt (ID = 2246)
20:38: dougie@xiti[1].txt (ID = 3717)
20:38: Cookie Sweep Complete, Elapsed Time: 00:00:29
20:38: Starting File Sweep
20:38: c:\program files\windows controlad (ID = -2147481365)
20:38: Found Adware: shopathomeselect
20:38: c:\windows\system32\sahimages (9 subtraces) (ID = -2147480329)
20:38: c:\documents and settings\dougie_2\local settings\temp\fleok (ID = -2147480558)
20:38: c:\windows\bsx32 (6 subtraces) (ID = -2147481346)
20:38: c:\windows\cfgmgr52 (1 subtraces) (ID = -2147479590)
20:41: button_small.gif (ID = 60415)
20:43: Found Adware: clearsearch
20:43: 71915796.bin (ID = 52544)
20:45: 72152304.bin (ID = 52519)
20:45: 38222285.bin (ID = 52532)
20:46: akdvsvk1.xml (ID = 57647)
20:50: Found Adware: daosearch
20:50: 32977698.txt (ID = 57424)
20:52: akdvsvk2.xml (ID = 57648)
20:52: rwdrop.exe (ID = 51551)
20:53: Found Adware: errorsafe
20:53: a0141111.dll (ID = 278941)
20:53: a0141110.exe (ID = 278870)
20:54: 4299676.bin (ID = 57421)
20:54: 2632758.bin (ID = 52529)
20:54: 41415928.bin (ID = 52539)
20:59: saap.log (ID = 70593)
21:01: saap_gdf.dat (ID = 70595)
21:08: akdvsvk.xml (ID = 57646)
21:11: Found Adware: exact cashback/bargain buddy
21:11: package8029_cdt3.exe (ID = 50800)
21:16: saapau.dat (ID = 70594)
21:19: a0141108.exe (ID = 278936)
21:20: tmlpcert2005 (ID = 63918)
21:21: uers_0001_n68m1801netinstaller.exe (ID = 278873)
21:21: rw.ico (ID = 51557)
21:22: Found Adware: ie driver
21:22: setup1025.exe (ID = 186011)
21:22: akdvsvu.xml (ID = 57649)
21:23: akdvsvu1.xml (ID = 57650)
21:24: rlmtcs.dll (ID = 273264)
21:32: akdvsvu2.xml (ID = 57651)
21:33: a0141109.exe (ID = 278872)
21:35: a0141249.exe (ID = 278937)
21:37: saap_kyf.dat (ID = 70596)
21:37: woinstall.exe (ID = 60701)
21:40: errorsafescannersetup.exe (ID = 278858)
21:43: Found Trojan Horse: sdbot
21:43: adiras.ini (ID = 74768)
21:43: Found Adware: nvdialer
21:43: games.inf (ID = 71265)
21:43: Found Trojan Horse: trojan-downloader-gloogle
21:43: counter.inf (ID = 61782)
21:43: egauth.inf (ID = 189919)
21:43: 97003600.dat (ID = 52512)
21:43: 10031805.bin (ID = 57422)
21:43: 5021727.txt (ID = 52531)
21:43: 47753640.txt (ID = 52517)
21:43: 52405610.bin (ID = 52523)
21:43: 80274852.txt (ID = 52536)
21:43: 36255175.txt (ID = 52520)
21:43: 49928410.bin (ID = 57426)
21:43: 21209487.dat (ID = 57423)
21:43: 49810696.dat (ID = 52541)
21:43: games.inf (ID = 71265)
21:45: Found Adware: directrevenue-abetterinternet
21:45: banner.inf (ID = 83145)
21:45: Found Adware: matrix dialer
21:45: msa64chk.inf (ID = 69281)
21:45: webdial.inf (ID = 83776)
21:45: akdvsvdk.xml (ID = 57645)
21:45: fellymedia1002.sah (ID = 75733)
21:49: Warning: Unhandled Archive Type
21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Invalid Stream
21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

21:51: Warning: Out of memory
21:51: Warning: Out of memory
21:52: File Sweep Complete, Elapsed Time: 01:13:59
21:52: Full Sweep has completed. Elapsed time 01:19:30
21:52: Traces Found: 1151
21:55: Removal process initiated
21:56: Quarantining All Traces: 180search assistant/zango
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: lzma: LZMA_Init failed
21:56: Error: lzma: LZMA_Init failed.
21:56: Failed to quarantine 180search assistant/zango
21:56: Failed to quarantine saap.log
21:56: Failed to quarantine saap_gdf.dat
21:56: Failed to quarantine saapau.dat
21:56: Failed to quarantine saap_kyf.dat
21:56: Quarantining All Traces: clearsearch
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine clearsearch
21:56: Failed to quarantine 71915796.bin
21:56: Failed to quarantine 72152304.bin
21:56: Failed to quarantine 38222285.bin
21:56: Failed to quarantine 2632758.bin
21:56: Failed to quarantine 41415928.bin
21:56: Failed to quarantine 97003600.dat
21:56: Failed to quarantine 5021727.txt
21:56: Failed to quarantine 47753640.txt
21:56: Failed to quarantine 52405610.bin
21:56: Failed to quarantine 80274852.txt
21:56: Failed to quarantine 36255175.txt
AdmiralZ's Avatar
AdmiralZ AdmiralZ is offline
Senior Member with 219 posts.
THREAD STARTER
 
Join Date: Apr 2005
Experience: Intermediate
17-Apr-2006, 04:24 PM #10
21:56: Failed to quarantine 49810696.dat
21:56: Quarantining All Traces: cws-aboutblank
21:56: Quarantining All Traces: daosearch
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine daosearch
21:56: Failed to quarantine 32977698.txt
21:56: Failed to quarantine 4299676.bin
21:56: Failed to quarantine 10031805.bin
21:56: Failed to quarantine 49928410.bin
21:56: Failed to quarantine 21209487.dat
21:56: Quarantining All Traces: directrevenue-abetterinternet
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine directrevenue-abetterinternet
21:56: Failed to quarantine banner.inf
21:56: Quarantining All Traces: ie driver
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine ie driver
21:56: Failed to quarantine setup1025.exe
21:56: Quarantining All Traces: ist istbar
21:56: Quarantining All Traces: kitten free sex dialer
21:56: Warning: Failed to export "HKEY_LOCAL_MACHINE\software\sds software\":
21:56: Failed to quarantine kitten free sex dialer
21:56: Failed to quarantine HKLM: software\sds software\
21:56: Quarantining All Traces: purityscan
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine purityscan
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\
21:56: Quarantining All Traces: sdbot
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine sdbot
21:56: Failed to quarantine adiras.ini
21:56: Quarantining All Traces: trojan-downloader-moneymind
21:56: Quarantining All Traces: wildmedia
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine wildmedia
21:56: Failed to quarantine interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\
21:56: Failed to quarantine HKLM: software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\
21:56: Quarantining All Traces: apropos
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine apropos
21:56: Failed to quarantine clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\
21:56: Failed to quarantine clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\
21:56: Failed to quarantine HKLM: software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\
21:56: Failed to quarantine HKLM: software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\
21:56: Failed to quarantine HKLM: software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\
21:56: Quarantining All Traces: begin2search
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine begin2search
21:56: Failed to quarantine rlmtcs.dll
21:56: Failed to quarantine rlmtcs.amo\
21:56: Failed to quarantine rlmtcs.amo.1\
21:56: Failed to quarantine rlmtcs.iiittt\
21:56: Failed to quarantine rlmtcs.iiittt.1\
21:56: Failed to quarantine rlmtcs.momo\
21:56: Failed to quarantine rlmtcs.momo.1\
21:56: Failed to quarantine rlmtcs.ohb\
21:56: Failed to quarantine rlmtcs.ohb.1\
21:56: Failed to quarantine clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\
21:56: Failed to quarantine clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\
21:56: Failed to quarantine clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\
21:56: Failed to quarantine clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\
21:56: Failed to quarantine typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{e8888041-b24a-4b0b-911b-12b018e43f21}\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.amo\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.amo.1\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.iiittt\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.iiittt.1\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.momo\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.momo.1\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.ohb\
21:56: Failed to quarantine HKLM: software\classes\rlmtcs.ohb.1\
21:56: Failed to quarantine HKLM: software\classes\clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\
21:56: Failed to quarantine HKLM: software\classes\clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\
21:56: Failed to quarantine HKLM: software\classes\clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\
21:56: Failed to quarantine HKLM: software\classes\clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\
21:56: Failed to quarantine HKLM: software\classes\typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\
21:56: Failed to quarantine C:\WINDOWS\System32\rlmtcs.dll
21:56: Quarantining All Traces: blazefind
21:56: Error: lzma: LZMA_Init failed.
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine blazefind
21:56: Failed to quarantine HKLM: software\classes\winctladx.installer\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/admilliservx.dll\
21:56: Failed to quarantine winctladx.installer\
21:56: Quarantining All Traces: coolwebsearch (cws)
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine coolwebsearch (cws)
21:56: Failed to quarantine HKLM: software\microsoft\code store database\distribution units\{10000000-1000-0000-1000-000000000000}\
21:56: Quarantining All Traces: elitemediagroup-mediamotor
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine elitemediagroup-mediamotor
21:56: Failed to quarantine clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\
21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\
21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\
21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\
21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\
21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\
21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\
21:56: Failed to quarantine HKLM: software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\
21:56: Failed to quarantine typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\
21:56: Quarantining All Traces: topconverting downloader
21:56: Warning: Out of memory
21:56: Failed to quarantine topconverting downloader
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/loader2.ocx\
21:56: Quarantining All Traces: trojan-downloader-gloogle
21:56: Warning: Out of memory
21:56: Failed to quarantine trojan-downloader-gloogle
21:56: Failed to quarantine counter.inf
21:56: Quarantining All Traces: trojan-downloader-pacisoft
21:56: Quarantining All Traces: trojan-downloader-updateagent
21:56: Warning: Out of memory
21:56: Failed to quarantine trojan-downloader-updateagent
21:56: Failed to quarantine HKLM: software\winsysupdate\
21:56: Quarantining All Traces: winad
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine winad
21:56: Failed to quarantine mediapassx.installer\
21:56: Failed to quarantine HKLM: software\classes\mediapassx.installer\
21:56: Failed to quarantine HKLM: software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediapassx.dll\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadservx.dll\
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\
21:56: Quarantining All Traces: big web portal
21:56: Quarantining All Traces: blazefind_adman
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine blazefind_adman
21:56: Failed to quarantine rwdrop.exe
21:56: Failed to quarantine rw.ico
21:56: Failed to quarantine HKLM: software\aaowier\
21:56: Quarantining All Traces: blazefind_adstat
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine blazefind_adstat
21:56: Failed to quarantine adstatservx.installer\
21:56: Failed to quarantine HKLM: software\classes\adstatservx.installer\
21:56: Quarantining All Traces: bookedspace
21:56: Error: Out of memory.
21:56: Error: Out of memory.
21:56: Warning: Out of memory
21:56: Failed to quarantine bookedspace
21:56: Failed to quarantine HKLM: software\configuration manager\cfgmgr52\
21:56: Quarantining All Traces: dealhelper
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine dealhelper
21:56: Failed to quarantine akdvsvk1.xml
21:56: Failed to quarantine akdvsvk2.xml
21:56: Failed to quarantine akdvsvk.xml
21:56: Failed to quarantine akdvsvu.xml
21:56: Failed to quarantine akdvsvu1.xml
21:56: Failed to quarantine akdvsvu2.xml
21:56: Failed to quarantine akdvsvdk.xml
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\windh\
21:56: Failed to quarantine HKLM: software\ddate\
21:56: Quarantining All Traces: desktoptraffic
21:56: Quarantining All Traces: effective-i toolbar
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine effective-i toolbar
21:56: Failed to quarantine HKLM: software\iemenuextension\
21:56: Quarantining All Traces: exact cashback/bargain buddy
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine exact cashback/bargain buddy
21:56: Failed to quarantine package8029_cdt3.exe
21:56: Quarantining All Traces: ezula ilookup
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine ezula ilookup
21:56: Failed to quarantine button_small.gif
21:56: Failed to quarantine woinstall.exe
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\web offer\
21:56: Quarantining All Traces: gophersearch hijack
21:56: Quarantining All Traces: instant access
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine instant access
21:56: Failed to quarantine tmlpcert2005
21:56: Failed to quarantine egauth.inf
21:56: Quarantining All Traces: ist software
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine ist software
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\
21:56: Quarantining All Traces: ist yoursitebar
21:56: Quarantining All Traces: matrix dialer
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine matrix dialer
21:56: Failed to quarantine msa64chk.inf
21:56: Quarantining All Traces: nvdialer
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine nvdialer
21:56: Failed to quarantine games.inf
21:56: Failed to quarantine games.inf
21:56: Quarantining All Traces: searchrelevancy
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine searchrelevancy
21:56: Failed to quarantine interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\
21:56: Failed to quarantine searchrelevant\
21:56: Failed to quarantine HKLM: software\classes\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\
21:56: Failed to quarantine HKLM: software\classes\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\
21:56: Failed to quarantine HKLM: software\classes\searchrelevant\
21:56: Failed to quarantine HKLM: software\classes\updater.bho\
21:56: Failed to quarantine HKLM: software\searchrelevancy\
21:56: Failed to quarantine typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\
21:56: Failed to quarantine updater.bho\
21:56: Quarantining All Traces: shopathomeselect
21:56: Warning: lzma: LZMA_Init failed
21:56: Error: lzma: LZMA_Init failed.
21:56: Failed to quarantine shopathomeselect
21:56: Failed to quarantine fellymedia1002.sah
21:56: Quarantining All Traces: webdial dialer
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine webdial dialer
21:56: Failed to quarantine webdial.inf
21:56: Failed to quarantine webdial.main\
21:56: Failed to quarantine webdial.main.1\
21:56: Failed to quarantine clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\
21:56: Failed to quarantine typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\
21:56: Failed to quarantine HKLM: software\classes\webdial.main\
21:56: Failed to quarantine HKLM: software\classes\webdial.main.1\
21:56: Failed to quarantine HKLM: software\classes\clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\
21:56: Failed to quarantine HKLM: software\classes\typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\
21:56: Quarantining All Traces: wild media - minigolf
21:56: Warning: Out of memory
21:56: Failed to quarantine wild media - minigolf
21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\
21:56: Quarantining All Traces: 2o7.net cookie
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine 2o7.net cookie
21:56: Failed to quarantine dougie_2@112.2o7[1].txt
21:56: Failed to quarantine dougie_2@122.2o7[1].txt
21:56: Failed to quarantine dougie_2@cnn.122.2o7[1].txt
21:56: Failed to quarantine dougie_2@gettyimages.122.2o7[1].txt
21:56: Failed to quarantine dougie_2@hertz.122.2o7[1].txt
21:56: Failed to quarantine dougie_2@marksandspencer.122.2o7[1].txt
21:56: Failed to quarantine dougie_2@partygaming.122.2o7[1].txt
21:56: Failed to quarantine dougie_2@thomascook.122.2o7[1].txt
21:56: Failed to quarantine dougie@112.2o7[1].txt
21:56: Quarantining All Traces: 3 cookie
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Failed to quarantine 3 cookie
21:56: Failed to quarantine dougie_2@207.36.3[2].txt
21:56: Failed to quarantine dougie_2@3[1].txt
21:56: Failed to quarantine dougie_2@3[2].txt
21:56: Failed to quarantine dougie_2@3[3].txt
21:56: Quarantining All Traces: 5 cookie
21:56: Warning: Out of memory
21:56: Failed to quarantine 5 cookie
21:56: Failed to quarantine dougie_2@5[1].txt
21:56: Quarantining All Traces: 64.62.232 cookie
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine 64.62.232 cookie
21:56: Failed to quarantine dougie_2@64.62.232[1].txt
21:56: Failed to quarantine dougie_2@64.62.232[2].txt
21:56: Failed to quarantine dougie_2@64.62.232[3].txt
21:56: Failed to quarantine dougie_2@64.62.232[4].txt
21:56: Failed to quarantine dougie_2@64.62.232[5].txt
21:56: Quarantining All Traces: 66.70.21 cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine 66.70.21 cookie
21:56: Failed to quarantine dougie_2@66.70.21[1].txt
21:56: Quarantining All Traces: 888 cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine 888 cookie
21:56: Failed to quarantine dougie_2@888[2].txt
21:56: Failed to quarantine dougie_2@888[3].txt
21:56: Failed to quarantine dougie_2@www.888[2].txt
21:56: Quarantining All Traces: a cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine a cookie
21:56: Failed to quarantine dougie_2@a[1].txt
21:56: Failed to quarantine dougie@a[1].txt
21:56: Quarantining All Traces: about cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine about cookie
21:56: Failed to quarantine dougie_2@about[2].txt
21:56: Failed to quarantine dougie_2@animatedtv.about[2].txt
21:56: Failed to quarantine dougie_2@classictv.about[1].txt
21:56: Failed to quarantine dougie_2@compsimgames.about[1].txt
21:56: Failed to quarantine dougie_2@depression.about[1].txt
21:56: Failed to quarantine dougie_2@frenchfood.about[1].txt
21:56: Failed to quarantine dougie_2@losangeles.about[1].txt
21:56: Failed to quarantine dougie_2@scifi.about[1].txt
21:56: Failed to quarantine dougie_2@southernfood.about[1].txt
21:56: Failed to quarantine dougie_2@spanish.about[2].txt
21:56: Failed to quarantine dougie_2@teentvmovies.about[1].txt
21:56: Quarantining All Traces: adecn cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adecn cookie
21:56: Failed to quarantine dougie_2@adecn[2].txt
21:56: Quarantining All Traces: adjuggler cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adjuggler cookie
21:56: Failed to quarantine dougie_2@rotator.adjuggler[1].txt
21:56: Quarantining All Traces: adknowledge cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adknowledge cookie
21:56: Failed to quarantine dougie_2@adknowledge[2].txt
21:56: Quarantining All Traces: adlegend cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adlegend cookie
21:56: Failed to quarantine dougie_2@adlegend[2].txt
21:56: Quarantining All Traces: adorigin cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adorigin cookie
21:56: Failed to quarantine dougie_2@adorigin[1].txt
21:56: Quarantining All Traces: adprofile cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adprofile cookie
21:56: Failed to quarantine dougie_2@adprofile[2].txt
21:56: Quarantining All Traces: adtech cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adtech cookie
21:56: Failed to quarantine dougie_2@adtech[2].txt
21:56: Quarantining All Traces: adultfriendfinder cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adultfriendfinder cookie
21:56: Failed to quarantine dougie_2@adultfriendfinder[2].txt
21:56: Quarantining All Traces: adultrevenueservice cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine adultrevenueservice cookie
21:56: Failed to quarantine dougie_2@adultrevenueservice[2].txt
21:56: Quarantining All Traces: advertising cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine advertising cookie
21:56: Failed to quarantine dougie_2@advertising[2].txt
21:56: Quarantining All Traces: angelfire cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine angelfire cookie
21:56: Failed to quarantine dougie_2@angelfire[1].txt
21:56: Quarantining All Traces: ask cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine ask cookie
21:56: Failed to quarantine dougie_2@ask[1].txt
21:56: Failed to quarantine dougie@ask[1].txt
21:56: Failed to quarantine dougie@web.ask[1].txt
21:56: Failed to quarantine dougie@www.ask[1].txt
21:56: Quarantining All Traces: askmen cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine askmen cookie
21:56: Failed to quarantine dougie_2@askmen[2].txt
21:56: Quarantining All Traces: associated new media cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine associated new media cookie
21:56: Failed to quarantine dougie_2@anm.co[1].txt
21:56: Quarantining All Traces: atlas dmt cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine atlas dmt cookie
21:56: Failed to quarantine dougie_2@atdmt[2].txt
21:56: Quarantining All Traces: atwola cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine atwola cookie
21:56: Failed to quarantine dougie_2@atwola[1].txt
21:56: Quarantining All Traces: azjmp cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine azjmp cookie
21:56: Failed to quarantine dougie_2@azjmp[2].txt
21:56: Quarantining All Traces: banners cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine banners cookie
21:56: Failed to quarantine dougie_2@banners[1].txt
21:56: Failed to quarantine dougie@banners[1].txt
21:56: Quarantining All Traces: belnk cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine belnk cookie
21:56: Failed to quarantine dougie_2@ath.belnk[1].txt
21:56: Failed to quarantine dougie_2@belnk[1].txt
21:56: Failed to quarantine dougie_2@dist.belnk[2].txt
21:56: Quarantining All Traces: bizrate cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine bizrate cookie
21:56: Failed to quarantine dougie_2@bizrate[1].txt
21:56: Quarantining All Traces: bpath cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine bpath cookie
21:56: Failed to quarantine dougie_2@ads49.bpath[1].txt
21:56: Quarantining All Traces: bravenet cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine bravenet cookie
21:56: Failed to quarantine dougie_2@bravenet[1].txt
21:56: Quarantining All Traces: burstbeacon cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine burstbeacon cookie
21:56: Failed to quarantine dougie_2@www.burstbeacon[1].txt
21:56: Quarantining All Traces: burstnet cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine burstnet cookie
21:56: Failed to quarantine dougie_2@burstnet[2].txt
21:56: Quarantining All Traces: buzztone cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine buzztone cookie
21:56: Failed to quarantine dougie_2@www.buzztone[1].txt
21:56: Quarantining All Traces: casalemedia cookie
21:56: Warning: lzma: LZMA_Init failed
21:56: Failed to quarantine casalemedia cookie
21:56: Failed to quarantine dougie_2@b.casalemedia[1].txt
21:56: Quarantining All Traces: cassava cookie
21:56: Warning: Out of memory
21:56: Failed to quarantine cassava cookie
21:56: Failed to quarantine dougie_2@cassava[1].txt
21:56: Quarantining All Traces: cc214142 cookie
21:56: Warning: Out of memory
21:56: Failed to quarantine cc214142 cookie
21:56: Failed to quarantine dougie_2@ads.cc214142[1].txt
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory while expanding memory stream
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Warning: Out of memory
21:56: Error: Thread creation error: .
21:56: Removal process completed. Elapsed time 00:01:26
21:56: Error: Thread creation error: The paging file is too small for this operation to complete.
22:12: Processing Internet Explorer Favorites Alerts
22:12: Removed IE Favorite: You're Approved!!
22:12: Removed IE Favorite: Meet Someone Special
22:12: Removed IE Favorite: Get out of Debt!
22:12: Removed IE Favorite: Advance Your Career
********
20:27: | Start of Session, 17 April 2006 |
20:27: Spy Sweeper started
20:28: Your spyware definitions have been updated.
20:32: | End of Session, 17 April 2006 |
khazars's Avatar
Member with 12,290 posts.
 
Join Date: Feb 2004
Location: Glasgow, Scotland
17-Apr-2006, 04:39 PM #11
A heavily infected computer!

can you post the rest of the logs?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑