c:\windows\system32\geeby.dll

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
Does anyone know what this is? I keep getting a virus warning from my Norton telling me I am infected with the Vundo Trojan virus n this file, but I cannot find the file. I have searched my computer from the bottom to the top. Norton is no help. It won't let me quarantine or delete the file. When I run their FixVundo program it comes back saying there is no virus to be found. When I called Norton they sent me a really complicated registry fix where I turn off the system restore, follow a path thru the registry looking for a super long number they sent me. It's not there and yet, when I log on the next time their warning window pops up and tells me I'm infected still. I am totally confused as my computer is acting like it does when I've had a virus before...........slow and jerky, you know, like it's painting the windows and maybe a bit confused. But for the life of me I can't seem to locate the little sucker and pin it down.

I've tried all the tricks you guys have taught me in the past to speed up my computer and get it running smoothly again, but nothing seems to work. Any advice/help will be greatly appreciated.

Thanks,
the old Chief
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
Thanks muchly, Jim


Logfile of HijackThis v1.99.1
Scan saved at 4:23:14 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\CDBurnerXP Pro 3\cdbxp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
c:\program files\common files\aol\1121431195\ee\aolsoftware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - blank (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk243DHUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 
Joined
Sep 7, 2004
Messages
49,014
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this
    VundoFix V2.15 by Atri
    By pressing enter you agree that you are using this at your own risk
  • At this point press enter one time.
  • Next you will see:
    Type in the filepath as instructed by the forum staff
    Then Press Enter
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\jkhff.dll
  • Press Enter,
  • Next you will see:
    Please type in the second filepath as instructed by the forum staff
    Then Press Enter,
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\ffhkj.*
    If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\jkhff.dll

      O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

      O20 - Winlogon Notify: pmkjk - C:\WINDOWS\

  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
OK, I did what you said and here are the results. I haven't done anything further and will not until I hear from you again------------thank you much, jimi


Logfile of HijackThis v1.99.1
Scan saved at 7:14:17 AM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm638YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
results from Activescan:


Incident Status Location Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\BAR\2.BIN\MWSOEMON.EXE Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoestb.dll Potentially unwanted tool:application/mywebsearch Not disinfected C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk Potentially unwanted tool:application/mywebsearch Not disinfected C:\WINDOWS\SYSTEM32\f3pssavr.scr Adware:adware/wupd Not disinfected C:\WINDOWS\SYSTEM32\ide21201.vxd Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf Potentially unwanted tool:application/winfixer2005 Not disinfected C:\PROGRAM FILES\COMMON FILES\WinSoftware Potentially unwanted tool:application/zango Not disinfected HKEY_CLASSES_ROOT\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Dialer:dialer generic Not disinfected HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443D-B082-284F960C6D17} Adware:adware/dyfuca Not disinfected Windows Registry Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
the rest of it............

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\vcombs\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\vcombs\Desktop\Unused Desktop Shortcuts\VundoFix\VundoFix\process.exe
Possible Virus. Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\AolCoach.cab[ACHtmfu.dll]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\Cookies\[email protected][2].txt
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temp\ICD1.tmp\MediaGatewayX.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temporary Internet Files\Content.IE5\S1Y7OLUV\CursorManiaFWBInitialSetup1.0.0.15[1].cab[f3initialsetup1.0.0.15.inf]
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\vcombs\Local Settings\Temporary Internet Files\Content.IE5\S1Y7OLUV\CursorManiaFWBInitialSetup1.0.0.15[1].cab[f3Setup1.exe]
Possible Virus. Not disinfected C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\SYSTEM32\f3pssavr.scr
Virus:Bck/Obot.A Disinfected C:\WINDOWS\SYSTEM32\ssttu.dll
 
Joined
Sep 7, 2004
Messages
49,014
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
Logfile of HijackThis v1.99.1
Scan saved at 6:31:38 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)
O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm638YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
********
5:09 PM: | Start of Session, Tuesday, January 10, 2006 |
5:09 PM: Spy Sweeper started
5:09 PM: Sweep initiated using definitions version 599
5:09 PM: Starting Memory Sweep
5:14 PM: Memory Sweep Complete, Elapsed Time: 00:04:27
5:14 PM: Starting Registry Sweep
5:14 PM: Found Adware: coolsavings
5:14 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
5:14 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
5:14 PM: Found Adware: winantispyware 2005
5:14 PM: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
5:14 PM: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
5:14 PM: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 812934)
5:14 PM: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
5:14 PM: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
5:14 PM: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
5:14 PM: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 813436)
5:14 PM: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
5:14 PM: Found Adware: winad
5:14 PM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815132)
5:14 PM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815145)
5:14 PM: Found Adware: 180search assistant/zango
5:14 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (9 subtraces) (ID = 832871)
5:14 PM: Found Adware: virtumonde
5:14 PM: HKCR\atldistrib.atldistrib\ (5 subtraces) (ID = 1030533)
5:14 PM: HKCR\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030535)
5:14 PM: HKCR\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030537)
5:14 PM: HKCR\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030539)
5:14 PM: HKCR\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030541)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib\ (5 subtraces) (ID = 1030666)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030668)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030670)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030672)
5:14 PM: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030674)
5:15 PM: Registry Sweep Complete, Elapsed Time:00:00:42
5:15 PM: Starting Cookie Sweep
5:15 PM: Found Spy Cookie: 2o7.net cookie
5:15 PM: [email protected][2].txt (ID = 1957)
5:15 PM: Found Spy Cookie: yieldmanager cookie
5:15 PM: [email protected][2].txt (ID = 3751)
5:15 PM: Found Spy Cookie: adknowledge cookie
5:15 PM: [email protected][1].txt (ID = 2072)
5:15 PM: Found Spy Cookie: specificclick.com cookie
5:15 PM: [email protected][1].txt (ID = 3400)
5:15 PM: Found Spy Cookie: adprofile cookie
5:15 PM: [email protected][2].txt (ID = 2084)
5:15 PM: Found Spy Cookie: adrevolver cookie
5:15 PM: [email protected][1].txt (ID = 2088)
5:15 PM: Found Spy Cookie: addynamix cookie
5:15 PM: [email protected][1].txt (ID = 2062)
5:15 PM: Found Spy Cookie: pointroll cookie
5:15 PM: [email protected][2].txt (ID = 3148)
5:15 PM: Found Spy Cookie: adultfriendfinder cookie
5:15 PM: [email protected][2].txt (ID = 2165)
5:15 PM: Found Spy Cookie: advertising cookie
5:15 PM: [email protected]ng[1].txt (ID = 2175)
5:15 PM: Found Spy Cookie: ask cookie
5:15 PM: [email protected][1].txt (ID = 2245)
5:15 PM: Found Spy Cookie: atlas dmt cookie
5:15 PM: [email protected][2].txt (ID = 2253)
5:15 PM: Found Spy Cookie: atwola cookie
5:15 PM: [email protected][1].txt (ID = 2255)
5:15 PM: Found Spy Cookie: belnk cookie
5:15 PM: [email protected][1].txt (ID = 2292)
5:15 PM: Found Spy Cookie: burstnet cookie
5:15 PM: [email protected][1].txt (ID = 2336)
5:15 PM: Found Spy Cookie: casalemedia cookie
5:15 PM: [email protected][2].txt (ID = 2354)
5:15 PM: [email protected][1].txt (ID = 1958)
5:15 PM: Found Spy Cookie: centrport net cookie
5:15 PM: [email protected][1].txt (ID = 2374)
5:15 PM: [email protected][2].txt (ID = 2293)
5:15 PM: Found Spy Cookie: go.com cookie
5:15 PM: [email protected][1].txt (ID = 2729)
5:15 PM: Found Spy Cookie: exitexchange cookie
5:15 PM: [email protected][2].txt (ID = 2633)
5:15 PM: Found Spy Cookie: fastclick cookie
5:15 PM: [email protected][1].txt (ID = 2651)
5:15 PM: Found Spy Cookie: fortunecity cookie
5:15 PM: [email protected][1].txt (ID = 2686)
5:15 PM: [email protected][2].txt (ID = 2728)
5:15 PM: Found Spy Cookie: linksynergy cookie
5:15 PM: [email protected][1].txt (ID = 2926)
5:15 PM: [email protected][1].txt (ID = 1958)
5:15 PM: Found Spy Cookie: maxserving cookie
5:15 PM: [email protected][2].txt (ID = 2966)
5:15 PM: [email protected][1].txt (ID = 2652)
5:15 PM: Found Spy Cookie: mywebsearch cookie
5:15 PM: [email protected][1].txt (ID = 3051)
5:15 PM: Found Spy Cookie: nextag cookie
5:15 PM: [email protected][2].txt (ID = 5014)
5:15 PM: Found Spy Cookie: questionmarket cookie
5:15 PM: [email protected][1].txt (ID = 3217)
5:15 PM: Found Spy Cookie: realmedia cookie
5:15 PM: [email protected][2].txt (ID = 3235)
5:15 PM: Found Spy Cookie: rn11 cookie
5:15 PM: [email protected][2].txt (ID = 3261)
5:15 PM: [email protected][1].txt (ID = 2729)
5:15 PM: Found Spy Cookie: server.iad.liveperson cookie
5:15 PM: [email protected][1].txt (ID = 3341)
5:15 PM: Found Spy Cookie: serving-sys cookie
5:15 PM: [email protected][2].txt (ID = 3343)
5:15 PM: [email protected][2].txt (ID = 2729)
5:15 PM: Found Spy Cookie: statcounter cookie
5:15 PM: [email protected][1].txt (ID = 3447)
5:15 PM: Found Spy Cookie: reliablestats cookie
5:15 PM: [email protected]ts1.reliablestats[2].txt (ID = 3254)
5:15 PM: Found Spy Cookie: webtrendslive cookie
5:15 PM: [email protected][1].txt (ID = 3667)
5:15 PM: Found Spy Cookie: targetnet cookie
5:15 PM: [email protected][1].txt (ID = 3489)
5:15 PM: Found Spy Cookie: coremetrics cookie
5:15 PM: [email protected][1].txt (ID = 2472)
5:15 PM: Found Spy Cookie: trafficmp cookie
5:15 PM: [email protected][1].txt (ID = 3581)
5:15 PM: Found Spy Cookie: tribalfusion cookie
5:15 PM: [email protected][1].txt (ID = 3589)
5:15 PM: Found Spy Cookie: adserver cookie
5:15 PM: [email protected][1].txt (ID = 2142)
5:15 PM: Found Spy Cookie: zedo cookie
5:15 PM: [email protected][1].txt (ID = 3762)
5:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
5:15 PM: Starting File Sweep
5:15 PM: c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
5:15 PM: dfd.sys (ID = 162513)
5:18 PM: mediagatewayx.dll (ID = 159757)
5:25 PM: setup.exe (ID = 162517)
5:28 PM: winfixer2005setup.exe (ID = 162518)
5:28 PM: Found Adware: apropos
5:28 PM: wingenerics.dll (ID = 50187)
5:40 PM: Found System Monitor: potentially rootkit-masked files
5:40 PM: 00007f96_439de2a2_000a4083 (ID = 0)
5:40 PM: 00007ff5_439de2a2_000ca2dd (ID = 0)
5:40 PM: 00004d06_43bbfcdd_000a7d8c (ID = 0)
5:40 PM: 00004509_439ddee8_00094c5f (ID = 0)
5:40 PM: 00004d06_439dd736_0000f424 (ID = 0)
5:40 PM: 00000124_439dd532_00094c5f (ID = 0)
5:40 PM: 000039b3_439dd8db_00053ec6 (ID = 0)
5:40 PM: 0000305e_439dd532_000b71b0 (ID = 0)
5:40 PM: 00004db7_439dd736_00057bcf (ID = 0)
5:40 PM: 00002d12_439dd8db_0006ea05 (ID = 0)
5:40 PM: 00003d6c_43b2f208_0001312d (ID = 0)
5:40 PM: 00001649_439dcbf6_000e8b25 (ID = 0)
5:40 PM: 00001238_439ddee8_000a7d8c (ID = 0)
5:40 PM: 00006e5d_439de091_000e4e1c (ID = 0)
5:40 PM: 00007e87_439dd18b_00066ff3 (ID = 0)
5:40 PM: 0000491c_439dd630_000632ea (ID = 0)
5:40 PM: 00000bb3_439dcfeb_000a037a (ID = 0)
5:40 PM: 00005d2b_43984d81_000f0537 (ID = 0)
5:40 PM: 000012e1_439dfadb_0002dc6c (ID = 0)
5:40 PM: 00003a9e_439dee56_00053ec6 (ID = 0)
5:40 PM: 00000120_439de86c_000b34a7 (ID = 0)
5:40 PM: 00007a5a_439dddb1_00090f56 (ID = 0)
5:40 PM: 0000440d_439dd630_0003d090 (ID = 0)
5:40 PM: 00002ea6_439dcfeb_000b71b0 (ID = 0)
5:40 PM: 00003e12_439dec7c_00053ec6 (ID = 0)
5:40 PM: 0000428b_439ddb91_0007de29 (ID = 0)
5:40 PM: 00001547_439dd81f_0001e848 (ID = 0)
5:40 PM: 000054de_439dd81f_0003d090 (ID = 0)
5:40 PM: 0000301c_439de656_0005f5e1 (ID = 0)
5:40 PM: 000026a6_439ddb91_000b34a7 (ID = 0)
5:41 PM: 000063cb_439de1e8_0000f424 (ID = 0)
5:41 PM: 00002213_439de48f_00029f63 (ID = 0)
5:41 PM: 0000767d_439dddb1_000c28cb (ID = 0)
5:41 PM: 00000f3e_439dd3bc_00053ec6 (ID = 0)
5:41 PM: 0000074d_439dd9f7_000ca2dd (ID = 0)
5:41 PM: 00006bfc_439de1ed_00094c5f (ID = 0)
5:41 PM: 0000390c_439dd18b_000f0537 (ID = 0)
5:41 PM: 00004dc8_439dd9f7_000e8b25 (ID = 0)
5:41 PM: 00000099_439dd3bc_000c65d4 (ID = 0)
5:41 PM: 00001ad4_439de092_0007a120 (ID = 0)
5:41 PM: 0000759a_439de86c_000c65d4 (ID = 0)
5:41 PM: 0000260d_439de48f_0004c4b4 (ID = 0)
5:41 PM: 00003b25_439ddf95_0002625a (ID = 0)
5:41 PM: 00000bdb_439de656_0009c671 (ID = 0)
5:41 PM: 0000701f_439ddc84_000ca2dd (ID = 0)
5:41 PM: 00001e1f_439ddf95_000501bd (ID = 0)
5:41 PM: 000001eb_43b6a277_0007270e (ID = 0)
5:41 PM: 0000798b_439dfadb_00057bcf (ID = 0)
5:41 PM: 000012db_439dd0cf_0007270e (ID = 0)
5:41 PM: 00005d03_439ddc84_000e1113 (ID = 0)
5:41 PM: 00001a49_439dec7c_0008583b (ID = 0)
5:41 PM: 0000797d_439dee56_0007a120 (ID = 0)
5:41 PM: 0000357e_43984c62_000baeb9 (ID = 0)
5:41 PM: 0000153c_439dd0cf_000a037a (ID = 0)
5:41 PM: 00004cad_439df17f_000b34a7 (ID = 0)
5:41 PM: 00004ae1_43bff9ad_0005f5e1 (ID = 0)
5:41 PM: 0000314f_439df17f_000c28cb (ID = 0)
5:41 PM: 00004e45_439de3bb_000501bd (ID = 0)
5:41 PM: 00006b36_439debb3_00081b32 (ID = 0)
5:41 PM: 0000323b_439de3bb_00076417 (ID = 0)
5:41 PM: 00006443_439ddaae_0008d24d (ID = 0)
5:41 PM: 000066bb_439ddaae_000baeb9 (ID = 0)
5:41 PM: 00006b89_439de56d_0002dc6c (ID = 0)
5:41 PM: 000013e9_439e04c5_000aba95 (ID = 0)
5:41 PM: dns (ID = 0)
5:41 PM: 00005cfd_439debb3_0009c671 (ID = 0)
5:41 PM: 0000030a_439de56d_0005b8d8 (ID = 0)
5:41 PM: 000058b0_439dfd5c_00053ec6 (ID = 0)
5:41 PM: 00000029_43b2b55f_0005b8d8 (ID = 0)
5:41 PM: 00002350_439de965_0001ab3f (ID = 0)
5:41 PM: 0000440d_43b6a7db_000baeb9 (ID = 0)
5:41 PM: 000022ee_439de965_0002625a (ID = 0)
5:41 PM: 00004080_439e04c6_00003d09 (ID = 0)
5:41 PM: 00003ef6_439df904_000d59f8 (ID = 0)
5:41 PM: 000026ca_439dfd5c_000632ea (ID = 0)
5:41 PM: 000026e9_439dcd9a_00040d99 (ID = 0)
5:41 PM: 00000822_439df905_00003d09 (ID = 0)
5:42 PM: 00000029_43bff943_00007a12 (ID = 0)
5:42 PM: 00003d6c_43bff9ae_0006acfc (ID = 0)
5:42 PM: 00005af1_439dccdf_0005b8d8 (ID = 0)
5:42 PM: 00005f32_439ded73_00022551 (ID = 0)
5:42 PM: 000001eb_439dcd9a_0008d24d (ID = 0)
5:42 PM: 00005f49_439df022_000ca2dd (ID = 0)
5:42 PM: 00003bf6_439ded73_00053ec6 (ID = 0)
5:42 PM: 00000ddc_439df022_000d9701 (ID = 0)
5:42 PM: 00005c67_439e0873_0005b8d8 (ID = 0)
5:42 PM: 00006899_439e032b_000c28cb (ID = 0)
5:42 PM: 00004823_43b2b55f_000baeb9 (ID = 0)
5:42 PM: 0000187e_439e026d_000aba95 (ID = 0)
5:42 PM: 000016c5_439e026d_000d9701 (ID = 0)
5:42 PM: 00003cd6_439e0873_0008583b (ID = 0)
5:42 PM: 000056ae_439de73b_0001e848 (ID = 0)
5:42 PM: 00000732_439de73b_0002dc6c (ID = 0)
5:42 PM: 00005f90_439dcbe0_00000000 (ID = 0)
5:42 PM: 00000029_43b95b22_000ca2dd (ID = 0)
5:42 PM: 00003cd5_439e032c_00000000 (ID = 0)
5:42 PM: 000003fa_43984da1_000c65d4 (ID = 0)
5:42 PM: 00004944_439df34f_000d9701 (ID = 0)
5:42 PM: 00004b40_439deadb_00090f56 (ID = 0)
5:42 PM: 00005878_439deadb_000aba95 (ID = 0)
5:42 PM: 00001649_43b6a1f7_000e8b25 (ID = 0)
5:42 PM: 00002e40_439df350_0001312d (ID = 0)
5:42 PM: 000041bb_439dccdf_000d1cef (ID = 0)
5:42 PM: 00004823_43bff94f_000a037a (ID = 0)
5:42 PM: 000018be_43bff94f_000d9701 (ID = 0)
5:42 PM: 000015a1_439df835_00040d99 (ID = 0)
5:42 PM: 00005422_439df835_0005b8d8 (ID = 0)
5:42 PM: 00006032_439df6ae_000e4e1c (ID = 0)
5:42 PM: 0000366b_439df4f5_000baeb9 (ID = 0)
5:42 PM: 000041bb_43a6cb12_0000f424 (ID = 0)
5:42 PM: 00005e14_439df260_000aba95 (ID = 0)
5:42 PM: 00004df2_439df260_000cdfe6 (ID = 0)
5:42 PM: 00000bb3_43a6ccbf_0007270e (ID = 0)
5:42 PM: 000066c4_439df4f6_0003d090 (ID = 0)
5:42 PM: 00002cd6_43b6a0ec_00031975 (ID = 0)
5:42 PM: 000023c9_439e069d_00089544 (ID = 0)
5:42 PM: 00005db2_439e05cd_000ca2dd (ID = 0)
5:42 PM: 00002cd6_43bff9bf_0000f424 (ID = 0)
5:42 PM: 000072ae_43bff9bf_0005b8d8 (ID = 0)
5:42 PM: 000033ea_439e05ce_00000000 (ID = 0)
5:42 PM: 00002c3b_439df6af_0007a120 (ID = 0)
5:42 PM: 00004230_439df5da_000cdfe6 (ID = 0)
5:42 PM: 0000527f_43984dc1_0008583b (ID = 0)
5:43 PM: 000072ae_43a1f5e2_0008b8ee (ID = 0)
5:43 PM: 00007eb7_439df5db_00053ec6 (ID = 0)
5:43 PM: 00001366_439df411_00081b32 (ID = 0)
5:43 PM: index (ID = 0)
5:43 PM: 000048cc_439e069d_000d9701 (ID = 0)
5:43 PM: 00001cd0_439df411_000aba95 (ID = 0)
5:43 PM: 00000029_43b3ebd3_0008d24d (ID = 0)
5:43 PM: 00005991_439dfa1c_00031975 (ID = 0)
5:43 PM: 0000409d_439dfa1c_0005f5e1 (ID = 0)
5:43 PM: 00005753_439e0776_0009c671 (ID = 0)
5:43 PM: 000060bf_439e0777_000aba95 (ID = 0)
5:43 PM: 00006952_43b6a613_0005f5e1 (ID = 0)
5:43 PM: 00007e87_43b6a64b_00031975 (ID = 0)
5:43 PM: 000072ae_43a569ed_00053ec6 (ID = 0)
5:43 PM: 00007e87_43bd3aa1_00057bcf (ID = 0)
5:43 PM: 00007bb9_439dff55_00066ff3 (ID = 0)
5:43 PM: 0000692c_439e0157_00053ec6 (ID = 0)
5:43 PM: 00001e1f_43bd3b8c_0001ab3f (ID = 0)
5:43 PM: 00005772_439dff55_000bebc2 (ID = 0)
5:43 PM: 00004a80_439e0157_0005f5e1 (ID = 0)
5:43 PM: 0000121f_439dfbe5_000bebc2 (ID = 0)
5:43 PM: 000073da_439dfbe6_00003d09 (ID = 0)
5:43 PM: 00002f14_439e09ea_0006acfc (ID = 0)
5:43 PM: 00004e45_4390b7e5_0003567e (ID = 0)
5:43 PM: 000012db_43b44d78_000e00b4 (ID = 0)
5:43 PM: 0000153c_43b44d79_00028f04 (ID = 0)
5:43 PM: 0000074d_43bd3b2c_000cdfe6 (ID = 0)
5:43 PM: 0000388a_43984f43_0006ea05 (ID = 0)
5:43 PM: 000046a7_43984def_00094c5f (ID = 0)
5:43 PM: 000041bb_43bd3a9c_000f0537 (ID = 0)
5:43 PM: 000072ae_43b44d50_00065f94 (ID = 0)
5:43 PM: 0000305e_438a6ef2_00090f56 (ID = 0)
5:43 PM: 00000e99_43985022_000c28cb (ID = 0)
5:43 PM: 00006952_43b44d50_000ccf87 (ID = 0)
5:43 PM: 00004db7_43bd3ae7_000d1cef (ID = 0)
5:43 PM: 0000491c_43b44dbd_000790c1 (ID = 0)
5:43 PM: 00001649_43b44d51_000d0c90 (ID = 0)
5:43 PM: 0000139d_439e0046_00000000 (ID = 0)
5:43 PM: 00006952_43bd2ba2_000e1113 (ID = 0)
5:43 PM: 00007049_439e0046_00039387 (ID = 0)
5:43 PM: 00000029_43c028ea_000aba95 (ID = 0)
5:43 PM: 00002213_43bd3bd5_000487ab (ID = 0)
5:44 PM: 00006784_43b0ab3a_0002dc6c (ID = 0)
5:44 PM: 00006d73_43984ca2_000d1cef (ID = 0)
5:44 PM: 00000029_43ab2cb3_0008f0da (ID = 0)
5:44 PM: 0000701f_43bd3b55_000a4083 (ID = 0)
5:44 PM: 000043db_43984d42_0003567e (ID = 0)
5:44 PM: 00000732_43bbfe21_00057bcf (ID = 0)
5:44 PM: 000026e9_43a4e068_000f0537 (ID = 0)
5:44 PM: 00003699_439dfe71_0005b8d8 (ID = 0)
5:44 PM: 00005d03_43bbfd06_0002dc6c (ID = 0)
5:44 PM: 00000902_439dfe71_0006acfc (ID = 0)
5:44 PM: 00001246_43984d62_0001e848 (ID = 0)
5:44 PM: 00001bfc_43984ec2_000c28cb (ID = 0)
5:44 PM: 000075ec_43985181_00090f56 (ID = 0)
5:44 PM: 00000786_43984e01_0007270e (ID = 0)
5:44 PM: 00001649_43a6cb10_00081b32 (ID = 0)
5:44 PM: 00004823_43a1f5de_000787c1 (ID = 0)
5:44 PM: 00006df1_43a6cb10_000a7d8c (ID = 0)
5:44 PM: 000042be_43984f03_00076417 (ID = 0)
5:44 PM: 00001649_439a48d8_00022551 (ID = 0)
5:44 PM: 00001649_43a1f5e4_00009dbc (ID = 0)
5:44 PM: 00001927_439852a0_00003d09 (ID = 0)
5:44 PM: 000072ae_438e2f12_000a4083 (ID = 0)
5:44 PM: 00000d9f_43984f23_000a7d8c (ID = 0)
5:44 PM: 00000f3e_43bbfcd4_00094c5f (ID = 0)
5:44 PM: 000015fd_43984f83_00000000 (ID = 0)
5:44 PM: 00003d6c_43a1f5df_000e71c6 (ID = 0)
5:44 PM: 00006784_43bea148_000d59f8 (ID = 0)
5:44 PM: 00002cd6_43a1f5e2_0001cee9 (ID = 0)
5:44 PM: 00007daa_43984e41_0001e848 (ID = 0)
5:44 PM: 00006df1_439dcbf8_0000f424 (ID = 0)
5:44 PM: 000001eb_43a4e07c_0001312d (ID = 0)
5:44 PM: 00002044_439850a1_000cdfe6 (ID = 0)
5:44 PM: 00001fb4_439850c2_0006ea05 (ID = 0)
5:44 PM: ultl1280.sys (ID = 0)
5:44 PM: 00006784_43a569e9_000ca2dd (ID = 0)
5:44 PM: 00001af6_43984fe2_000baeb9 (ID = 0)
5:44 PM: 0000387c_4398535f_00031975 (ID = 0)
5:44 PM: 000063cb_43985121_000ec82e (ID = 0)
5:44 PM: 000064a0_43984c02_0001e848 (ID = 0)
5:44 PM: 00005410_43985141_000b34a7 (ID = 0)
5:44 PM: 00005173_439851c1_0000f424 (ID = 0)
5:44 PM: 000020a8_43984b82_00066ff3 (ID = 0)
5:44 PM: 00004d59_4398533f_000632ea (ID = 0)
5:44 PM: 0000123b_43984c22_0007a120 (ID = 0)
5:44 PM: 00002f0b_43984ea2_00022551 (ID = 0)
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
5:45 PM: 0000007b_43985003_00000000 (ID = 0)
5:45 PM: 00004b40_43bc0000_0001ab3f (ID = 0)
5:45 PM: 00004f66_439850e2_00081b32 (ID = 0)
5:45 PM: 00007833_43985102_00016e36 (ID = 0)
5:45 PM: 00005f67_4398579e_000a037a (ID = 0)
5:45 PM: 000032c1_4398537f_000487ab (ID = 0)
5:45 PM: 00003d6c_43a569eb_00053ec6 (ID = 0)
5:45 PM: 00005ab0_4398545e_00016e36 (ID = 0)
5:45 PM: 00006ad6_439e09ed_0005f5e1 (ID = 0)
5:45 PM: 00003605_439851e0_000f0537 (ID = 0)
5:45 PM: 00006df1_43a1f5e4_0005dc82 (ID = 0)
5:45 PM: 00004bcd_4398539e_000f0537 (ID = 0)
5:45 PM: 00004823_43a83cd3_0003567e (ID = 0)
5:45 PM: 0000328a_43985f7e_0001e848 (ID = 0)
5:45 PM: 00004531_43985200_000aba95 (ID = 0)
5:45 PM: 000036a1_4398483b_000baeb9 (ID = 0)
5:45 PM: 00002cd6_43a569ed_00022551 (ID = 0)
5:45 PM: 000044aa_43985220_000a7d8c (ID = 0)
5:45 PM: 00007a36_43984b42_000d59f8 (ID = 0)
5:45 PM: 000031d8_439852c0_0002dc6c (ID = 0)
5:45 PM: 00000029_439f6e1d_000af79e (ID = 0)
5:45 PM: 000078fe_43984ba2_0005b8d8 (ID = 0)
5:45 PM: 0000248d_4398547d_000d1cef (ID = 0)
5:45 PM: 00001edc_43984b62_00090f56 (ID = 0)
5:45 PM: 000041bb_43a576c8_0003d090 (ID = 0)
5:45 PM: 00003106_43984c43_0000f424 (ID = 0)
5:45 PM: 000004b0_43985280_0001e848 (ID = 0)
5:45 PM: 00007987_439853be_000d59f8 (ID = 0)
5:45 PM: 00004823_43a0b117_0005b8d8 (ID = 0)
5:45 PM: 000001eb_43a21b8b_000c4c75 (ID = 0)
5:45 PM: 00007a5a_43bbfd06_00098968 (ID = 0)
5:45 PM: 000054de_43bbfce3_0003d090 (ID = 0)
5:45 PM: 00000914_439852df_000f0537 (ID = 0)
5:45 PM: 000013f4_439852ff_000aba95 (ID = 0)
5:45 PM: 00000029_43b88642_000d9701 (ID = 0)
5:45 PM: 00003223_439853de_000b71b0 (ID = 0)
5:45 PM: 00004461_43984aa4_000a7d8c (ID = 0)
5:45 PM: 000058c5_43984ac3_0005f5e1 (ID = 0)
5:45 PM: 0000567e_43985f9e_00000000 (ID = 0)
5:45 PM: 000017b8_439853fe_00094c5f (ID = 0)
5:45 PM: 00001649_43a46c72_000d9701 (ID = 0)
5:45 PM: 00000029_43a8f7be_0001312d (ID = 0)
5:46 PM: 000079d1_43982f4c_000d9701 (ID = 0)
5:46 PM: 000071f2_43984bc2_00029f63 (ID = 0)
5:46 PM: 00006952_43ac9970_000ee480 (ID = 0)
5:46 PM: 00001a49_43bc004d_000aba95 (ID = 0)
5:46 PM: 00005718_43985dbe_000c65d4 (ID = 0)
5:46 PM: runsbmon.exe (ID = 0)
5:46 PM: 00005af1_43bbfca0_00057bcf (ID = 0)
5:46 PM: 0000368e_439e3b53_0004c4b4 (ID = 0)
5:46 PM: 00005f32_43bc004e_000c28cb (ID = 0)
5:46 PM: 00003bf6_43bc004e_000d59f8 (ID = 0)
5:46 PM: 00003a9e_43bc004e_000e8b25 (ID = 0)
5:46 PM: 0000797d_43bc004f_0001ab3f (ID = 0)
5:46 PM: 0000196f_43985fbd_000c28cb (ID = 0)
5:46 PM: 00004987_4398541e_000a4083 (ID = 0)
5:46 PM: 00007871_43984be2_00040d99 (ID = 0)
5:46 PM: 000053d3_43985ffd_00076417 (ID = 0)
5:46 PM: 000072b1_4398551c_00090f56 (ID = 0)
5:46 PM: 00006df1_43a46c73_00040d99 (ID = 0)
5:46 PM: 00004823_43b88643_00057bcf (ID = 0)
5:46 PM: 00004823_43b9bd59_0008d24d (ID = 0)
5:46 PM: 0000797d_4389b91b_000f0537 (ID = 0)
5:46 PM: 00000099_43b6a327_0004c4b4 (ID = 0)
5:46 PM: 00004ae1_43b6a0d6_00057bcf (ID = 0)
5:46 PM: 0000440d_43bbfcdb_000af79e (ID = 0)
5:46 PM: 00002ea6_43b6a2ad_0001e848 (ID = 0)
5:46 PM: loccxpnt.exe (ID = 0)
5:46 PM: 0000153c_43bbfcb3_00039387 (ID = 0)
5:46 PM: 000031ad_4398559c_0007a120 (ID = 0)
5:46 PM: 0000428b_43bbfce9_000e4e1c (ID = 0)
5:46 PM: 00002cd6_43bd2b6a_000ec82e (ID = 0)
5:46 PM: 00002d41_4398577e_000c28cb (ID = 0)
5:46 PM: 00006b89_43bbfdd5_0008583b (ID = 0)
5:46 PM: 00002350_43bbfeba_0002625a (ID = 0)
5:46 PM: 00006e7e_43982dd7_0005b8d8 (ID = 0)
5:46 PM: 000011d5_43985d7f_00031975 (ID = 0)
5:46 PM: 00001547_43bbfcde_000f0537 (ID = 0)
5:46 PM: 00007e87_43bbfcbd_000c28cb (ID = 0)
5:46 PM: 00003d6c_438a6ea3_00094c5f (ID = 0)
5:46 PM: 00001e1f_43bbfd48_00000000 (ID = 0)
5:46 PM: 00006df1_439a48d8_00076417 (ID = 0)
5:46 PM: 00003d6c_438c6371_0007de29 (ID = 0)
5:46 PM: 00006b89_43bd3bd7_0001e848 (ID = 0)
5:46 PM: 0000767d_43bbfd07_0000b71b (ID = 0)
5:46 PM: 000053d1_43985e9e_0005b8d8 (ID = 0)
5:46 PM: 00005f90_43ac9972_000ad6e7 (ID = 0)
5:46 PM: 000041bb_43bbfca0_00081b32 (ID = 0)
5:46 PM: 00000099_43bbfcd5_00003d09 (ID = 0)
5:46 PM: 00004823_43c3ca50_00053ec6 (ID = 0)
5:46 PM: 000026e9_43bbfca0_000e1113 (ID = 0)
5:46 PM: 000072ae_43bd2b6b_000c65d4 (ID = 0)
5:47 PM: 00003ee9_43982dd8_000dd40a (ID = 0)
5:47 PM: 00004db7_43b44df4_000bdb63 (ID = 0)
5:47 PM: 000001eb_43bbfca1_0007de29 (ID = 0)
5:47 PM: 00000bb3_43bbfca1_000baeb9 (ID = 0)
5:47 PM: 00004dc8_43bd3b2e_00007a12 (ID = 0)
5:47 PM: 00002ea6_43bbfca1_000d9701 (ID = 0)
5:47 PM: 00005d03_43bd3b5c_000cdfe6 (ID = 0)
5:47 PM: 00004ae1_43c2b014_0002dc6c (ID = 0)
5:47 PM: 0000030a_43bd3bd8_000632ea (ID = 0)
5:47 PM: 00000b93_43985ede_00000000 (ID = 0)
5:47 PM: 0000301c_43bd3bd8_0007270e (ID = 0)
5:47 PM: 000018be_43a0b119_000b71b0 (ID = 0)
5:47 PM: ace.dll (ID = 0)
5:47 PM: 0000153c_43b6a2f7_00031975 (ID = 0)
5:47 PM: 00006e5d_43bbfd5b_0001312d (ID = 0)
5:47 PM: data.bin (ID = 0)
5:47 PM: 00006443_43bd3b2e_00029f63 (ID = 0)
5:47 PM: 00003d6c_4390a5e0_00094c5f (ID = 0)
5:47 PM: 00001547_43bd3afd_000dd40a (ID = 0)
5:47 PM: 00000029_43b6a0d4_00081b32 (ID = 0)
5:47 PM: 00004823_43ac996b_000b50f9 (ID = 0)
5:47 PM: 00004ae1_43c03f58_000501bd (ID = 0)
5:47 PM: 000054de_43bd3aff_0000b71b (ID = 0)
5:47 PM: 000018be_439dcbd6_0002dc6c (ID = 0)
5:47 PM: 00004d06_43b44df4_0007cdca (ID = 0)
5:47 PM: 000001eb_43a6cb80_000a037a (ID = 0)
5:47 PM: 000009b3_43985efd_000c65d4 (ID = 0)
5:47 PM: 00000099_43bd3aa2_000b71b0 (ID = 0)
5:47 PM: 00004823_43bd2b4a_0007a120 (ID = 0)
5:47 PM: 000018be_43bd2b4a_0008d24d (ID = 0)
5:47 PM: 00001649_43bd3a9c_0000f424 (ID = 0)
5:47 PM: 00006784_439dcbd7_0005f5e1 (ID = 0)
5:47 PM: 00006df1_43bd3a9c_00022551 (ID = 0)
5:47 PM: 00000029_43ac996b_00078069 (ID = 0)
5:47 PM: 00004ae1_439dcbd9_0004c4b4 (ID = 0)
5:47 PM: 00005af1_43bd3a9c_000487ab (ID = 0)
5:47 PM: 00000029_43c2a8c8_00076417 (ID = 0)
5:47 PM: 00000bb3_43b44d68_0003fd3a (ID = 0)
5:47 PM: 000039b3_43bd3b0d_000b71b0 (ID = 0)
5:47 PM: 00002d12_43bd3b0e_000dd40a (ID = 0)
5:47 PM: 00007f96_43bd3bac_0008d24d (ID = 0)
5:47 PM: 0000767d_43bd3b78_000d9701 (ID = 0)
5:47 PM: 00000029_43be9416_00081b32 (ID = 0)
5:47 PM: 00004823_43c2a8ca_000501bd (ID = 0)
5:47 PM: 00004509_43bd3b7b_0007a120 (ID = 0)
5:47 PM: 00007ff5_43bd3bbb_0007de29 (ID = 0)
5:47 PM: rdcn87em.exe (ID = 0)
5:47 PM: 00002cd6_439dcbda_00057bcf (ID = 0)
5:47 PM: 00003d6c_43a6cae5_0007de29 (ID = 0)
5:47 PM: 00000029_43b06f86_000a7d8c (ID = 0)
5:47 PM: 00002ea6_438cdd88_000c65d4 (ID = 0)
5:47 PM: 00004ae1_43bbfc61_00094c5f (ID = 0)
5:47 PM: 00004823_43b07060_0002dc6c (ID = 0)
5:48 PM: 00004823_43a8f7c0_0003567e (ID = 0)
5:48 PM: 000018be_43b88643_000d9701 (ID = 0)
5:48 PM: 000072ae_439dcbdc_000d59f8 (ID = 0)
5:48 PM: 00000bb3_43b6a2a6_000af79e (ID = 0)
5:48 PM: 00006784_43a0b11d_000c28cb (ID = 0)
5:48 PM: 000072ae_43a6cae6_00057bcf (ID = 0)
5:48 PM: 00000c95_4398601d_00053ec6 (ID = 0)
5:48 PM: 00001238_43bd3b7b_000baeb9 (ID = 0)
5:48 PM: 000001eb_4389b8a1_0006ea05 (ID = 0)
5:48 PM: 00006784_43bc884c_00053ec6 (ID = 0)
5:48 PM: 00001649_43ac997a_000968b1 (ID = 0)
5:48 PM: 00002753_43985f3e_00044aa2 (ID = 0)
5:48 PM: 00004ae1_43bd2b57_00089544 (ID = 0)
5:48 PM: 00002ea6_438a6ec6_00090f56 (ID = 0)
5:48 PM: 0000390c_43b44d7a_0005e582 (ID = 0)
5:48 PM: 00007e87_43b44d79_000ae73f (ID = 0)
5:48 PM: 00003b25_43bd3b7d_0002dc6c (ID = 0)
5:48 PM: 00005f90_439a48d7_000d9701 (ID = 0)
5:48 PM: 00000124_43bd3aa3_00081b32 (ID = 0)
5:48 PM: 000026e9_43a5770c_00076417 (ID = 0)
5:48 PM: 0000428b_43bd3b2f_000af79e (ID = 0)
5:48 PM: 000039b3_43bbfce6_0000f424 (ID = 0)
5:48 PM: 00006bfc_43bd3b8e_00031975 (ID = 0)
5:48 PM: 000072ae_43b6a0ed_000d59f8 (ID = 0)
5:48 PM: 00001649_43bff9c0_000baeb9 (ID = 0)
5:48 PM: 00000f3e_43b6a326_000c65d4 (ID = 0)
5:48 PM: 00000bb3_4389b8a1_000ca2dd (ID = 0)
5:48 PM: 0000305e_43bd3aa3_00094c5f (ID = 0)
5:48 PM: 00000124_43b6a79e_00076417 (ID = 0)
5:48 PM: 00003d6c_43b44d2d_000a6d2d (ID = 0)
5:48 PM: 0000305e_43b6a7a4_000d59f8 (ID = 0)
5:48 PM: 000066bb_43bbfce8_0006ea05 (ID = 0)
5:48 PM: 00002d12_43bbfce6_00039387 (ID = 0)
5:48 PM: 0000074d_43bbfce6_0007de29 (ID = 0)
5:48 PM: 00003d6c_43bbfc63_0004c4b4 (ID = 0)
5:48 PM: 00004509_43bbfd25_00053ec6 (ID = 0)
5:48 PM: 00001238_43bbfd25_0007de29 (ID = 0)
5:48 PM: 0000301c_43bbfdd5_000d59f8 (ID = 0)
5:48 PM: 0000390c_43b6a64f_000e4e1c (ID = 0)
5:48 PM: 00004823_43b6a0d4_000ec82e (ID = 0)
5:48 PM: 00006df1_43bff9c4_00039387 (ID = 0)
5:48 PM: 00004ae1_43935941_000af79e (ID = 0)
5:48 PM: 00004e45_43bd3bbe_000c65d4 (ID = 0)
5:48 PM: 000026a6_43bd3b32_00031975 (ID = 0)
5:48 PM: 00000bb3_43bd3aa0_0002625a (ID = 0)
5:49 PM: 00002cd6_43a6cae5_000c28cb (ID = 0)
5:49 PM: 00005af1_438a6eb3_00000000 (ID = 0)
5:49 PM: 000072ae_438c6373_00003d09 (ID = 0)
5:49 PM: 00006952_438c6373_000aba95 (ID = 0)
5:49 PM: 00000029_43c3b181_000d59f8 (ID = 0)
5:49 PM: 00006952_43a6cae6_0007270e (ID = 0)
5:49 PM: 000056ae_43bbfdf5_000a4083 (ID = 0)
5:49 PM: 00006952_43b6a104_0005b8d8 (ID = 0)
5:49 PM: 000018be_43b6a60c_0008d24d (ID = 0)
5:49 PM: 000063cb_43bd3b8e_00007a12 (ID = 0)
5:49 PM: 00000bdb_43bd3be9_000a4083 (ID = 0)
5:49 PM: 00003b25_43bbfd26_00007a12 (ID = 0)
5:49 PM: 0000440d_43b44d9a_000ccf87 (ID = 0)
5:49 PM: 00006784_4389b646_00007a12 (ID = 0)
5:49 PM: 000018be_43b0aaf5_000487ab (ID = 0)
5:49 PM: 00006784_43b6a60c_000dd40a (ID = 0)
5:49 PM: 00003d6c_43bc96bc_000c65d4 (ID = 0)
5:49 PM: 00006952_43b88772_000d1cef (ID = 0)
5:49 PM: 00006784_43b6a0d5_000d1cef (ID = 0)
5:49 PM: 00006784_43ac996c_00018a88 (ID = 0)
5:49 PM: 00004ae1_43b6a60d_000ca2dd (ID = 0)
5:49 PM: 00004ae1_43c43e18_000f0537 (ID = 0)
5:49 PM: 00000029_43c01873_00040d99 (ID = 0)
5:49 PM: 0000323b_43bd3bbf_0001e848 (ID = 0)
5:49 PM: 0000440d_43bd3aa4_00022551 (ID = 0)
5:50 PM: 00000029_43bd2b2a_00053ec6 (ID = 0)
5:50 PM: 00001547_438a6f15_00029f63 (ID = 0)
5:50 PM: 0000153c_43bd3aa1_0003d090 (ID = 0)
5:50 PM: 000026a6_43bbfcea_0007de29 (ID = 0)
5:50 PM: 00000120_43bbfeb3_000c28cb (ID = 0)
5:50 PM: 0000390c_43bd3aa1_000baeb9 (ID = 0)
5:50 PM: 00000f3e_43b44d83_0006228b (ID = 0)
5:50 PM: 00004823_43c037a6_00044aa2 (ID = 0)
5:50 PM: 00003d6c_43a46c02_000e1113 (ID = 0)
5:50 PM: 00005af1_439a48d9_0004c4b4 (ID = 0)
5:50 PM: 00000099_43b44d83_000b9e5a (ID = 0)
5:50 PM: 000072ae_43b6a613_0004c4b4 (ID = 0)
5:50 PM: 00004823_43b6b94b_00066ff3 (ID = 0)
5:50 PM: 00006784_43c43e12_000ec82e (ID = 0)
5:50 PM: 00001649_43b6a614_00039387 (ID = 0)
5:50 PM: 00000bdb_43bbfdd5_000e8b25 (ID = 0)
5:50 PM: 00006df1_43b6a614_00044aa2 (ID = 0)
5:50 PM: 000072ae_43c31b3d_00090f56 (ID = 0)
5:50 PM: 00006df1_43c32544_00000000 (ID = 0)
5:50 PM: 00004ae1_43b88644_000e4e1c (ID = 0)
5:50 PM: 000018be_43c037ab_000bebc2 (ID = 0)
5:50 PM: 00000124_43b44d8a_0004774c (ID = 0)
5:50 PM: 00000f3e_43bd3aa2_00031975 (ID = 0)
5:50 PM: 00005f90_43b6a1f7_000aba95 (ID = 0)
5:50 PM: 00000029_43b6b945_000cdfe6 (ID = 0)
5:50 PM: 00006df1_43bbfc81_000e4e1c (ID = 0)
5:50 PM: 00003d6c_43bd2b68_000a037a (ID = 0)
5:50 PM: 00005af1_43b6a1f8_000a4083 (ID = 0)
5:50 PM: 00005af1_43c32545_00007a12 (ID = 0)
5:50 PM: 0000305e_43b44d92_00056b70 (ID = 0)
5:50 PM: 00001649_43c31b56_000aba95 (ID = 0)
5:50 PM: 00006784_43a1f5df_000154d7 (ID = 0)
5:50 PM: 00006952_43a569ef_000a037a (ID = 0)
5:50 PM: 00005f90_43a1f5e3_00087be5 (ID = 0)
5:50 PM: 000018be_43ac996b_000e2d65 (ID = 0)
5:50 PM: 00003d6c_43bea14a_0007270e (ID = 0)
5:50 PM: 00001c75_43984c40_00094c5f (ID = 0)
5:50 PM: ai_04-01-2006.log (ID = 0)
5:50 PM: ai_06-01-2006.log (ID = 0)
5:50 PM: ai_05-01-2006.log (ID = 0)
5:50 PM: 00006784_43b2b55f_000f0537 (ID = 0)
5:50 PM: 000018be_43b2b55f_000d9701 (ID = 0)
5:50 PM: 00004ae1_43b2b561_0007270e (ID = 0)
5:50 PM: 000054be_43984d00_0009c671 (ID = 0)
5:51 PM: 0000008c_43984c60_000ec82e (ID = 0)
5:51 PM: ai_10-01-2006.log (ID = 0)
5:51 PM: 00005478_43984ca0_000ec82e (ID = 0)
5:51 PM: 00000a87_43984c80_000b71b0 (ID = 0)
5:51 PM: ai_08-01-2006.log (ID = 0)
5:51 PM: 000018be_43a83ea5_00089544 (ID = 0)
5:51 PM: ai_07-01-2006.log (ID = 0)
5:51 PM: 00004823_43b6a60b_00044aa2 (ID = 0)
5:51 PM: 00000fbf_439e09ea_0003d090 (ID = 0)
5:51 PM: 000048e6_439851df_0000b71b (ID = 0)
5:51 PM: 0000422d_439e09ed_000c65d4 (ID = 0)
5:51 PM: 0000047e_439e09ed_00090f56 (ID = 0)
5:51 PM: 00004823_43a3166a_0001312d (ID = 0)
5:51 PM: 00000029_43a44fe2_0001e848 (ID = 0)
5:51 PM: 00007954_43984dff_00053ec6 (ID = 0)
5:51 PM: 00000029_43a569e8_00003d09 (ID = 0)
5:51 PM: 0000084d_43984cc0_000ca2dd (ID = 0)
5:51 PM: ai_09-01-2006.log (ID = 0)
5:51 PM: 000018be_43a8f7f4_0007de29 (ID = 0)
5:51 PM: 00004823_43bc8847_000af79e (ID = 0)
5:51 PM: 000067d0_43984ce0_0008d24d (ID = 0)
5:51 PM: 00005841_43984d80_0001e848 (ID = 0)
5:51 PM: 00005882_43984d20_000632ea (ID = 0)
5:51 PM: 000066be_43984d40_0002625a (ID = 0)
5:51 PM: 000057c2_43984d60_0002dc6c (ID = 0)
5:51 PM: 00004823_43c01875_000501bd (ID = 0)
5:51 PM: 00005f90_43a56a0c_000c28cb (ID = 0)
5:51 PM: 00000af0_43984deb_00022551 (ID = 0)
5:51 PM: 00004823_43a569e8_00098968 (ID = 0)
5:51 PM: 0000638c_43984d9f_000e8b25 (ID = 0)
5:51 PM: 000018be_43a569e9_00007a12 (ID = 0)
5:51 PM: 00006f30_43984dbf_000bebc2 (ID = 0)
5:51 PM: 00004ae1_43a569ea_00039387 (ID = 0)
5:51 PM: 00005a70_43984ddf_0007de29 (ID = 0)
5:51 PM: 00004f5b_43984e5f_0002625a (ID = 0)
5:51 PM: 00007613_43984e9f_00044aa2 (ID = 0)
5:51 PM: 0000038f_43985f1b_000d1cef (ID = 0)
5:51 PM: 00002332_43984e1f_00076417 (ID = 0)
5:51 PM: 00006784_43c03f57_00044aa2 (ID = 0)
5:51 PM: 00006784_43a8f825_00057bcf (ID = 0)
5:51 PM: 00001295_43984e3f_00044aa2 (ID = 0)
5:51 PM: 00002568_43984e7f_0006ea05 (ID = 0)
5:51 PM: 0000183a_439850bf_000ca2dd (ID = 0)
5:51 PM: 000058e6_43984ec0_00022551 (ID = 0)
5:51 PM: 00001649_43a56a0c_000d59f8 (ID = 0)
5:51 PM: 00006df1_43a56a19_0005b8d8 (ID = 0)
5:51 PM: 00000a41_43984f61_00066ff3 (ID = 0)
5:51 PM: 000013f5_43984ee0_000b71b0 (ID = 0)
5:51 PM: 00000bb3_43a4e07c_000c28cb (ID = 0)
5:51 PM: 00001eca_43984f01_000a037a (ID = 0)
5:51 PM: 00006784_43bd2b4f_000af79e (ID = 0)
5:51 PM: 0000737d_43984f21_00076417 (ID = 0)
5:51 PM: 00007389_43984f41_000a037a (ID = 0)
5:51 PM: 00005af1_43a56d6f_000e1113 (ID = 0)
5:52 PM: 00006f68_43984fe0_000e4e1c (ID = 0)
5:52 PM: 0000641b_43984f81_00039387 (ID = 0)
5:52 PM: 00007cb8_43984fa1_00000000 (ID = 0)
5:52 PM: 0000634f_43984fc1_00029f63 (ID = 0)
5:52 PM: 000033cd_43985040_000b71b0 (ID = 0)
5:52 PM: 00003a72_43985000_000b34a7 (ID = 0)
5:52 PM: 00006014_43985020_000f0537 (ID = 0)
5:52 PM: 000027d3_43985060_00098968 (ID = 0)
5:52 PM: 00007f0d_43985080_00053ec6 (ID = 0)
5:52 PM: 000004f0_439850a0_0000f424 (ID = 0)
5:52 PM: 000052a1_4398513f_000e1113 (ID = 0)
5:52 PM: 000013a6_439850e0_00076417 (ID = 0)
5:52 PM: 00007153_43985100_00044aa2 (ID = 0)
5:52 PM: 0000190b_43985120_00016e36 (ID = 0)
5:52 PM: 0000134c_439851bf_000501bd (ID = 0)
5:52 PM: 0000745e_4398515f_000aba95 (ID = 0)
5:52 PM: 00004ae1_43bc93d2_0006ea05 (ID = 0)
5:52 PM: 000018be_43c2a8d0_000ec82e (ID = 0)
5:52 PM: 00006784_43c2a8d1_000d9701 (ID = 0)
5:52 PM: 00003a4c_4398517f_000b34a7 (ID = 0)
5:52 PM: 00005503_4398519f_0008d24d (ID = 0)
5:52 PM: 00004a0e_4398521e_000a4083 (ID = 0)
5:52 PM: 00005f90_43c31b55_0001312d (ID = 0)
5:52 PM: 000078b4_439851fe_000e8b25 (ID = 0)
5:52 PM: 000065ca_4398529e_0001ab3f (ID = 0)
5:52 PM: 000020ad_4398523e_000a4083 (ID = 0)
5:52 PM: 000032cf_4398525e_00081b32 (ID = 0)
5:52 PM: 00002cd5_4398527e_0004c4b4 (ID = 0)
5:52 PM: 00005279_4398531d_000a7d8c (ID = 0)
5:52 PM: 000008ff_439852be_00007a12 (ID = 0)
5:52 PM: 00004b9d_439852de_00029f63 (ID = 0)
5:52 PM: 0000194d_439852fd_000ec82e (ID = 0)
5:52 PM: 00006af8_4398539d_0003d090 (ID = 0)
5:52 PM: 00003a27_4398533d_0008583b (ID = 0)
5:52 PM: 00005942_4398535d_0005b8d8 (ID = 0)
5:52 PM: 00006df1_43b6a1f8_00029f63 (ID = 0)
5:52 PM: 0000579c_4398537d_0002dc6c (ID = 0)
5:52 PM: 0000390c_43b6a326_000501bd (ID = 0)
5:52 PM: 0000198c_439853bc_000ec82e (ID = 0)
5:52 PM: 00007020_439853dc_000d1cef (ID = 0)
5:52 PM: 00007e64_439853fc_000baeb9 (ID = 0)
5:52 PM: 0000065a_4398547c_0000f424 (ID = 0)
5:52 PM: 000072a6_4398541c_0008d24d (ID = 0)
5:52 PM: 00003895_4398543c_0009c671 (ID = 0)
5:52 PM: 0000504c_4398545c_00057bcf (ID = 0)
5:52 PM: 000041bb_43b6a1f8_000c28cb (ID = 0)
5:52 PM: 00005ae7_439854fb_00022551 (ID = 0)
5:52 PM: 000026e9_43b6a1f8_000d59f8 (ID = 0)
5:52 PM: 0000214e_4398549b_000dd40a (ID = 0)
5:53 PM: 0000342d_439854bb_000a037a (ID = 0)
5:53 PM: 00007299_439854db_0005f5e1 (ID = 0)
5:53 PM: 000073b1_4398557a_00031975 (ID = 0)
5:53 PM: 00005f90_43b44d50_000e3dbd (ID = 0)
5:53 PM: 00005d3d_4398551a_000d1cef (ID = 0)
5:53 PM: 00003260_4398553a_0008d24d (ID = 0)
5:53 PM: 000041bb_43bff9f0_000a4083 (ID = 0)
5:53 PM: 000032de_4398555a_0005f5e1 (ID = 0)
5:53 PM: 00002780_4398559a_000501bd (ID = 0)
5:53 PM: 00004908_4398577c_0004c4b4 (ID = 0)
5:53 PM: 00005de9_4398579c_000b34a7 (ID = 0)
5:53 PM: 00005e41_439857bc_000bebc2 (ID = 0)
5:53 PM: 0000749f_43985ddc_000c65d4 (ID = 0)
5:53 PM: 00005ea5_43985d7c_000baeb9 (ID = 0)
5:53 PM: 0000199f_43985d9d_00016e36 (ID = 0)
5:53 PM: 000022e4_43985dbc_000e4e1c (ID = 0)
5:53 PM: 00005f90_43bd3a9b_00089544 (ID = 0)
5:53 PM: 00007426_43985e5c_0007a120 (ID = 0)
5:53 PM: 00002f15_43985dfd_0000b71b (ID = 0)
5:53 PM: 000026e9_43bd3a9e_000b34a7 (ID = 0)
5:53 PM: 000001eb_43bd3a9f_00007a12 (ID = 0)
5:53 PM: 00002ea6_43bd3aa0_0006ea05 (ID = 0)
5:53 PM: 000012db_43bd3aa0_00098968 (ID = 0)
5:53 PM: 0000260d_43bd3bd5_000632ea (ID = 0)
5:53 PM: 00004242_43985e1c_000c28cb (ID = 0)
5:53 PM: 00000e00_43985e3c_00094c5f (ID = 0)
5:53 PM: 00005804_43985edc_0002625a (ID = 0)
5:53 PM: 000019fe_43985e7c_0003d090 (ID = 0)
5:53 PM: 0000424c_43985e9c_00057bcf (ID = 0)
5:53 PM: 00003821_43985ebc_0005b8d8 (ID = 0)
5:53 PM: 000054de_43b44df5_0004f15e (ID = 0)
5:53 PM: 00001547_43b44df5_0003461f (ID = 0)
5:53 PM: 000039b3_43b44df6_00052e67 (ID = 0)
5:53 PM: 00000a2f_43985efc_00000000 (ID = 0)
5:53 PM: 00004d06_43bd3ad9_000ec82e (ID = 0)
5:53 PM: 0000491c_43bd3aca_000ec82e (ID = 0)
5:53 PM: 00007a5a_43bd3b6e_00000000 (ID = 0)
5:53 PM: 000012e1_4394906e_0001ab3f (ID = 0)
5:53 PM: 00002d73_43985f3b_000e8b25 (ID = 0)
5:53 PM: 00005cca_43985fbb_000ec82e (ID = 0)
5:53 PM: 00005940_43985f5c_00044aa2 (ID = 0)
5:53 PM: 00001243_43985f7c_0003d090 (ID = 0)
5:53 PM: 000066bb_43bd3b2f_00029f63 (ID = 0)
5:53 PM: 000008af_43985f9c_0001e848 (ID = 0)
5:53 PM: 000018be_4391b54b_00098968 (ID = 0)
5:53 PM: 000058d5_43985fdb_000bebc2 (ID = 0)
5:53 PM: 000045ce_4398603b_0004c4b4 (ID = 0)
5:53 PM: 00006e5d_43bd3b8d_00066ff3 (ID = 0)
5:53 PM: 00001ad4_43bd3b8d_000aba95 (ID = 0)
5:54 PM: 00004ecf_43985ffb_000a7d8c (ID = 0)
5:54 PM: 000045a1_4398601b_0006ea05 (ID = 0)
5:54 PM: 00000732_43bd3bef_0002dc6c (ID = 0)
5:54 PM: 000056ae_43bd3bea_00003d09 (ID = 0)
5:54 PM: 00000120_43bd3bef_0003d090 (ID = 0)
5:54 PM: 00004823_43be9417_0004c4b4 (ID = 0)
5:54 PM: 000018be_43be941c_0007de29 (ID = 0)
5:54 PM: 00000124_43bbfcd5_000f0537 (ID = 0)
5:54 PM: 00007e87_43b6a2fa_000f0537 (ID = 0)
5:54 PM: 00005f90_43a46c48_00003d09 (ID = 0)
5:54 PM: 00004ae1_43a46bfd_000cdfe6 (ID = 0)
5:54 PM: 00000099_43b6a79e_00040d99 (ID = 0)
5:54 PM: 00000029_43a1f5dd_000c897e (ID = 0)
5:54 PM: 00000029_43a01832_000aba95 (ID = 0)
5:54 PM: 00004ae1_43bea149_000dd40a (ID = 0)
5:54 PM: 00006952_43bff9c0_00039387 (ID = 0)
5:54 PM: 000072ae_43b88771_00098968 (ID = 0)
5:54 PM: 00006784_43b9e77c_000b34a7 (ID = 0)
5:54 PM: 00006784_43bff956_0006ea05 (ID = 0)
5:54 PM: 00005f90_43bff9c0_0005f5e1 (ID = 0)
5:54 PM: 00005af1_43bff9c6_00029f63 (ID = 0)
5:54 PM: 0000314f_4389b91d_0002dc6c (ID = 0)
5:54 PM: 00000029_43b13279_000baeb9 (ID = 0)
5:54 PM: 00000029_43c3ca4d_000baeb9 (ID = 0)
5:54 PM: 00004ae1_43b9e788_0005b8d8 (ID = 0)
5:54 PM: 00002cd6_43b88664_000d59f8 (ID = 0)
5:54 PM: 00005f90_43b8889e_000cdfe6 (ID = 0)
5:54 PM: 00006784_43b88643_000e8b25 (ID = 0)
5:54 PM: 00003d6c_43b88646_000632ea (ID = 0)
5:54 PM: 00001649_43b888a1_00031975 (ID = 0)
5:54 PM: 00000029_439dcbd4_00053ec6 (ID = 0)
5:54 PM: 000026e9_438a6ec5_000dd40a (ID = 0)
5:54 PM: 00004823_439dcbd5_0007270e (ID = 0)
5:54 PM: 00003d6c_439dcbd9_00066ff3 (ID = 0)
5:54 PM: 00006952_439dcbdf_000a7d8c (ID = 0)
5:54 PM: 00006df1_43908dc6_000a4083 (ID = 0)
5:54 PM: 00005af1_43a6cb10_000e8b25 (ID = 0)
5:54 PM: 000026e9_43a6cb65_0008d24d (ID = 0)
5:54 PM: 00004d06_438a6ef2_000c65d4 (ID = 0)
5:55 PM: 000072ae_439a48d7_00089544 (ID = 0)
5:55 PM: 00000029_4390cfd7_00003d09 (ID = 0)
5:55 PM: 00002ea6_439a48dc_000aba95 (ID = 0)
5:55 PM: 000018be_43b9bd5b_000d9701 (ID = 0)
5:55 PM: 00006952_43a1f5e3_0000dac5 (ID = 0)
5:55 PM: 000018be_43a1f5de_000b1b48 (ID = 0)
5:55 PM: 00005af1_43a1f710_000191e0 (ID = 0)
5:55 PM: 00004ae1_43a1f5df_0006939d (ID = 0)
5:55 PM: 000041bb_43a1fa96_0003f43a (ID = 0)
5:55 PM: 000026e9_43a1fe1c_0008f5f7 (ID = 0)
5:55 PM: 00000029_43a31668_000a7d8c (ID = 0)
5:55 PM: 000018be_43a3166a_00031975 (ID = 0)
5:55 PM: 00007e87_438cdd89_00094c5f (ID = 0)
5:55 PM: 000018be_43bbfc57_000af79e (ID = 0)
5:55 PM: 00004ae1_43ac996c_000cfc38 (ID = 0)
5:55 PM: 00003d6c_43ac996d_0000595b (ID = 0)
5:55 PM: 0000390c_43bbfcc0_0001312d (ID = 0)
5:55 PM: 00002cd6_43ac996e_000cbf2f (ID = 0)
5:55 PM: 000072ae_43ac996e_000ee480 (ID = 0)
5:55 PM: 0000491c_43bbfcdc_0009c671 (ID = 0)
5:55 PM: 0000305e_43bbfcdb_0002625a (ID = 0)
5:55 PM: 00004db7_43bbfcdd_000bebc2 (ID = 0)
5:55 PM: 00004dc8_43bbfce7_000af79e (ID = 0)
5:55 PM: 00006443_43bbfce7_000e8b25 (ID = 0)
5:55 PM: 0000701f_43bbfd06_0000b71b (ID = 0)
5:55 PM: 00007514_439849af_0005f5e1 (ID = 0)
5:55 PM: 0000030a_43bbfdd5_00094c5f (ID = 0)
5:55 PM: 00003305_439849ce_00029f63 (ID = 0)
5:55 PM: 00003765_439849ec_000ec82e (ID = 0)
5:55 PM: 0000791b_43984a0b_000bebc2 (ID = 0)
5:55 PM: 0000008e_43984b21_00007a12 (ID = 0)
5:55 PM: 00006b28_43984aa2_000ca2dd (ID = 0)
5:55 PM: 00006bc9_43984ac2_0007de29 (ID = 0)
5:55 PM: 000032e7_43984ae1_0005b8d8 (ID = 0)
5:55 PM: 0000212c_43984b01_00022551 (ID = 0)
5:55 PM: 00004346_43984b40_000d9701 (ID = 0)
5:55 PM: 00003308_43984b60_000c28cb (ID = 0)
5:55 PM: 00004af3_43984b80_0008d24d (ID = 0)
5:55 PM: 0000759a_43bbfeb9_000e8b25 (ID = 0)
5:55 PM: 000022ee_43bbffff_000d9701 (ID = 0)
5:55 PM: 0000578d_43984ba0_00066ff3 (ID = 0)
5:55 PM: 000037be_43984bc0_0005b8d8 (ID = 0)
5:55 PM: 000000eb_43984be0_0002625a (ID = 0)
5:55 PM: 00004cff_43984c00_00040d99 (ID = 0)
5:55 PM: 000049d0_43984c20_00022551 (ID = 0)
5:57 PM: File Sweep Complete, Elapsed Time: 00:42:36
5:57 PM: Full Sweep has completed. Elapsed time 00:47:58
5:57 PM: Traces Found: 890
6:22 PM: Removal process initiated
6:22 PM: Quarantining All Traces: 180search assistant/zango
6:22 PM: Quarantining All Traces: virtumonde
6:22 PM: Quarantining All Traces: apropos
6:22 PM: apropos is in use. It will be removed on reboot.
6:22 PM: wingenerics.dll is in use. It will be removed on reboot.
6:22 PM: Quarantining All Traces: winad
6:22 PM: Quarantining All Traces: coolsavings
6:22 PM: Quarantining All Traces: 2o7.net cookie
6:22 PM: Quarantining All Traces: addynamix cookie
6:22 PM: Quarantining All Traces: adknowledge cookie
6:22 PM: Quarantining All Traces: adprofile cookie
6:22 PM: Quarantining All Traces: adrevolver cookie
6:22 PM: Quarantining All Traces: adserver cookie
6:22 PM: Quarantining All Traces: adultfriendfinder cookie
6:22 PM: Quarantining All Traces: advertising cookie
6:22 PM: Quarantining All Traces: ask cookie
6:22 PM: Quarantining All Traces: atlas dmt cookie
6:22 PM: Quarantining All Traces: atwola cookie
6:22 PM: Quarantining All Traces: belnk cookie
6:22 PM: Quarantining All Traces: burstnet cookie
6:22 PM: Quarantining All Traces: casalemedia cookie
6:22 PM: Quarantining All Traces: centrport net cookie
6:22 PM: Quarantining All Traces: coremetrics cookie
6:22 PM: Quarantining All Traces: exitexchange cookie
6:22 PM: Quarantining All Traces: fastclick cookie
6:22 PM: Quarantining All Traces: fortunecity cookie
6:22 PM: Quarantining All Traces: go.com cookie
6:22 PM: Quarantining All Traces: linksynergy cookie
6:22 PM: Quarantining All Traces: maxserving cookie
6:22 PM: Quarantining All Traces: nextag cookie
6:22 PM: Quarantining All Traces: pointroll cookie
6:22 PM: Quarantining All Traces: questionmarket cookie
6:23 PM: Quarantining All Traces: realmedia cookie
6:23 PM: Quarantining All Traces: reliablestats cookie
6:23 PM: Quarantining All Traces: rn11 cookie
6:23 PM: Quarantining All Traces: server.iad.liveperson cookie
6:23 PM: Quarantining All Traces: serving-sys cookie
6:23 PM: Quarantining All Traces: specificclick.com cookie
6:23 PM: Quarantining All Traces: statcounter cookie
6:23 PM: Quarantining All Traces: targetnet cookie
6:23 PM: Quarantining All Traces: trafficmp cookie
6:23 PM: Quarantining All Traces: tribalfusion cookie
6:23 PM: Quarantining All Traces: webtrendslive cookie
6:23 PM: Quarantining All Traces: winantispyware 2005
6:23 PM: Quarantining All Traces: yieldmanager cookie
6:23 PM: Quarantining All Traces: zedo cookie
6:23 PM: Removal process completed. Elapsed time 00:00:31
********
5:06 PM: | Start of Session, Tuesday, January 10, 2006 |
5:06 PM: Spy Sweeper started
5:07 PM: Your spyware definitions have been updated.
5:09 PM: | End of Session, Tuesday, January 10, 2006 |


I hope I'm doing this right!!
 
Joined
Sep 7, 2004
Messages
49,014
Add remove programs – remove if present MyWeb Search

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {00a6faf6-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Burn4Free Toolbar Helper - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - blank (file missing)

O3 - Toolbar: Burn4Free Toolbar - {70DE7956-479D-4eb7-8641-2B45774C350E} - blank (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm638YYUS

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\MyWebSearch

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
Pocket Killbox version 2.0.0.588
Running on Windows XP as vcombs(Administrator)
was started @ Wednesday, January 11, 2006, 12:14 PM

# 1 [Files to Delete]
Path = C:\Program Files\MyWebSearch
*File Was Deleted

Killbox Closed(Exit) @ 12:18:33 PM
__________________________________________________
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
Pocket Killbox version 2.0.0.588
Running on Windows XP as vcombs(Administrator)
was started @ Wednesday, January 11, 2006, 12:14 PM

# 1 [Files to Delete]
Path = C:\Program Files\MyWebSearch
*File Was Deleted

Killbox Closed(Exit) @ 12:18:33 PM
__________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 12:31:09 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\program files\common files\aol\1121431195\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1121431195\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/CursorManiaFWBInitialSetup1.0.0.15.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://pictures.aolcdn.com/ap/Resources/1.1.0.31/cab/aolpPlugins.10.1.0.0.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098225166390
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 

jimiiii

Thread Starter
Joined
Sep 26, 2002
Messages
120
I can't understand it but when I rebooted my system after running the last hijack and killbox.........my norton made a sweep and I still have the Trojan Vundo in some windows\system 32\geeby.dll file...........and I still can't find that file



other than that it's about the same
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top