1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Sos!

Discussion in 'Windows XP' started by Saloo, Jul 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    Help! My computer is totally infected and i can't figure out what to do. My internet browser is hijacked and i get pop-ups. Here is my logfile. Plz help!


    Logfile of HijackThis v1.99.1
    Scan saved at 12:43:21 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\isnotify.exe
    C:\WINDOWS\system32\issearch.exe
    C:\WINDOWS\system32\ishost.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\ismon.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
    C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
    C:\WINDOWS\system32\833f962d.exe
    C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [Immcheck] immcheck.exe -1
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [SpyQuake2.com] C:\Program Files\SpyQuake2.com\Spy-Quake2.exe /h
    O4 - HKLM\..\Run: [833f962d.exe] C:\WINDOWS\system32\833f962d.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [833f962d.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\833f962d.exe
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g7373156.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
    O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. happyrck

    happyrck

    Joined:
    Feb 17, 2006
    Messages:
    3,202
    lets pre clean the computer with these

    spybot search and destroy...

    http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html

    then get ad-aware here...

    http://www.download.com/3000-2144-10045910.html


    then get CWShredder 2.19 .....here...

    http://www.softpedia.com/progDownload/CWShredder-Download-8114.html

    get these tools and update them...run them in safe mode...if you don't know how then go here for the lowdown...

    http://reviews.cnet.com/5208-6121-0.html?forumID=45&threadID=22053&messageID=274875

    after updateing and starting in safe mode run the tools...have them delete anything they find....

    you can also do free online scans here


    http://www.webroot.com/consumer/downloads/?WRSID=cd9965ab626742570bc638b5528add3f

    write down any names that spysweeper finds...

    then this online scan

    http://housecall.trendmicro.com/


    these tools and online scans should be run before rerunning HJT and reposting the log
    this will speedup the cleaning process for the log pros...
     
  3. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  4. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    Ok i tried following the instructions but my computer is totally whacked out. It wouldn't open the hijack this notepad so I can't even post it on here. And some of the programs don't open. And i am still getting "spyware removal setup" pop up messages. OH and i can't even open control panel :(
     
  5. happyrck

    happyrck

    Joined:
    Feb 17, 2006
    Messages:
    3,202
    try in safe mode
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Post a new hijack log
     
  7. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    Alright i tried it in safe mode and it worked. Thanks. HEre is a new hJT log.



    Logfile of HijackThis v1.99.1
    Scan saved at 1:22:59 PM, on 7/31/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Aware.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\TEMP\win5C.tmp.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\rundll32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\system32\compstuic.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [Immcheck] immcheck.exe -1
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [833f962d.exe] C:\WINDOWS\system32\833f962d.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [833f962d.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\833f962d.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g7373156.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhab32 - C:\WINDOWS\SYSTEM32\winhab32.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download win32delfkil.exe: http://users.telenet.be/marcvn/tools/win32delfkil.exe
    Save it on your desktop.
    Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil
    Close all windows, open the win32delfkil folder and double click on fix.bat.

    The computer will reboot automatically
    =========================

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We’ll get them next step.
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
    =============================

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  9. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    Ok, the Smitfraudfix didn't work. I get an error saying process.exe can not be found. Here is the summary of Spysweeper.
    Logfile of HijackThis v1.99.1
    Scan saved at 7:16:05 PM, on 8/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    c:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Softex\OmniPass\Omniserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Softex\OmniPass\OPXPApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\833f962d.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
    O4 - HKLM\..\Run: [Immcheck] immcheck.exe -1
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [833f962d.exe] C:\WINDOWS\system32\833f962d.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [833f962d.exe] "C:\Documents and Settings\Owner\Local Settings\Application Data\833f962d.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O20 - AppInit_DLLs: winspool.dll C:\WINDOWS\system32\winspool.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhab32 - winhab32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  10. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    Here is the Spy Sweeper file. And i am still getting the spyware wizard setup popups.
    7:13 PM: Removal process completed. Elapsed time 00:00:25
    7:13 PM: Quarantining All Traces: system doctor 2006 fakealert
    7:13 PM: Quarantining All Traces: cws_meup
    7:13 PM: Quarantining All Traces: dialerplatform
    7:13 PM: Quarantining All Traces: winantivirus pro
    7:13 PM: Quarantining All Traces: lopdotcom
    7:13 PM: Quarantining All Traces: security2k hijacker
    7:13 PM: Removal process initiated
    7:12 PM: Traces Found: 27
    7:12 PM: Full Sweep has completed. Elapsed time 00:30:24
    7:12 PM: File Sweep Complete, Elapsed Time: 00:27:03
    7:10 PM: Warning: Failed to access drive F:
    7:10 PM: Warning: Failed to access drive E:
    7:07 PM: Warning: Failed to open file "c:\program files\updates from hp\137903\users\default\data\d0000000.fcs". The operation completed successfully
    7:06 PM: C:\WINDOWS\g5389046.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g1260250.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g2463390.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g3665078.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g178468.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g6673093.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g1378890.dll (ID = 328045)
    7:06 PM: C:\WINDOWS\g3647890.dll (ID = 328045)
    7:04 PM: C:\Documents and Settings\Owner\Application Data\winantiviruspro2006freeinstall[1].exe (ID = 327825)
    7:04 PM: Found Adware: winantivirus pro
    7:04 PM: C:\WINDOWS\temp\win48.tmp.exe (ID = 319862)
    7:04 PM: C:\WINDOWS\cpblpbc26.log (ID = 328045)
    7:04 PM: C:\WINDOWS\system32\compstuic.dll (ID = 328045)
    7:04 PM: C:\WINDOWS\temp\win5C.tmp.exe (ID = 319862)
    6:55 PM: C:\WINDOWS\g1488937.dll (ID = 328045)
    6:52 PM: C:\WINDOWS\g1498687.dll (ID = 328045)
    6:50 PM: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FEBNN84T\srvgka[1].exe (ID = 319862)
    6:50 PM: Found Adware: system doctor 2006 fakealert
    6:49 PM: C:\WINDOWS\g177531.dll (ID = 328045)
    6:48 PM: C:\WINDOWS\cpblpbc25.log (ID = 328045)
    6:47 PM: C:\WINDOWS\g2446468.dll (ID = 328045)
    6:47 PM: C:\WINDOWS\g1245828.dll (ID = 328045)
    6:47 PM: C:\WINDOWS\g167921.dll (ID = 328045)
    6:47 PM: Found Adware: cws_meup
    6:46 PM: C:\!KillBox\joy audio\cdrom win.dll (ID = 466)
    6:46 PM: Found Adware: lopdotcom
    6:46 PM: c:\windows\downloaded program files\gdnus2339.exe (ID = 322697)
    6:46 PM: Found Adware: dialerplatform
    6:45 PM: Starting File Sweep
    6:45 PM: Warning: Failed to access drive A:
    6:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    6:45 PM: Starting Cookie Sweep
    6:45 PM: Registry Sweep Complete, Elapsed Time:00:00:16
    6:45 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1524342)
    6:45 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || ishost.exe (ID = 1513976)
    6:45 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || issearch.exe (ID = 1506013)
    6:45 PM: Starting Registry Sweep
    6:45 PM: Memory Sweep Complete, Elapsed Time: 00:02:49
    6:42 PM: Starting Memory Sweep
    6:42 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || issearch.exe (ID = 1512087)
    6:42 PM: Found Adware: security2k hijacker
    6:42 PM: Sweep initiated using definitions version 731
    6:42 PM: Spy Sweeper 5.0.5.1286 started
    6:42 PM: | Start of Session, Tuesday, August 01, 2006 |
    ********
    6:42 PM: | End of Session, Tuesday, August 01, 2006 |
    6:42 PM: Your spyware definitions have been updated.
    6:41 PM: Deletion from quarantine completed. Elapsed time 00:00:14
    6:41 PM: Processing: tacoda cookie
    6:41 PM: Processing: tacoda cookie
    6:41 PM: Processing: toplist cookie
    6:41 PM: Processing: goclick cookie
    6:41 PM: Processing: statcounter cookie
    6:41 PM: Processing: seeq cookie
    6:41 PM: Processing: bizrate cookie
    6:41 PM: Processing: pesttrap cookie
    6:41 PM: Processing: about cookie
    6:41 PM: Processing: about cookie
    6:41 PM: Processing: about cookie
    6:41 PM: Processing: webtrends cookie
    6:41 PM: Processing: yieldmanager cookie
    6:41 PM: Processing: adknowledge cookie
    6:41 PM: Processing: web-stat cookie
    6:41 PM: Processing: belnk cookie
    6:41 PM: Processing: belnk cookie
    6:41 PM: Processing: burstbeacon cookie
    6:41 PM: Processing: a cookie
    6:41 PM: Processing: atwola cookie
    6:41 PM: Processing: burstnet cookie
    6:41 PM: Processing: burstnet cookie
    6:41 PM: Processing: adultfriendfinder cookie
    6:41 PM: Processing: whenu weathercast
    6:41 PM: Processing: go.com cookie
    6:41 PM: Processing: realmedia cookie
    6:41 PM: Processing: xpehbam dialer
    6:41 PM: Processing: xpehbam dialer
    6:41 PM: Processing: webrebates
    6:41 PM: Processing: webrebates
    6:41 PM: Processing: virtualbouncer
    6:41 PM: Processing: ezula ilookup
    6:41 PM: Processing: ezula ilookup
    6:41 PM: Processing: command
    6:41 PM: Processing: ist powerscan
    6:41 PM: Processing: findthewebsiteyouneed hijack
    6:41 PM: Processing: findthewebsiteyouneed hijack
    6:41 PM: Processing: netpal
    6:41 PM: Processing: netpal
    6:41 PM: Processing: netpal
    6:41 PM: Processing: trojan agent winlogonhook
    6:41 PM: Processing: surfsidekick
    6:41 PM: Processing: surfsidekick
    6:41 PM: Processing: squire webhelper
    6:41 PM: Processing: quicklink search toolbar
    6:41 PM: Processing: quicklink search toolbar
    6:41 PM: Processing: delfin
    6:41 PM: Processing: delfin
    6:41 PM: Processing: adtomi
    6:41 PM: Processing: adtomi
    6:41 PM: Processing: dollarrevenue
    6:41 PM: Processing: dollarrevenue
    6:41 PM: Processing: zquest
    6:41 PM: Processing: purityscan
    6:41 PM: Processing: purityscan
    6:41 PM: Processing: trojan-downloader-zlob
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
     
  11. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    :41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: lopdotcom
    6:41 PM: Processing: security2k hijacker
    6:41 PM: Deletion from quarantine initiated
    6:39 PM: Removal process completed. Elapsed time 00:00:58
    6:38 PM: Quarantining All Traces: whenu weathercast
    6:38 PM: Quarantining All Traces: seeq cookie
    6:38 PM: Quarantining All Traces: pesttrap cookie
    6:38 PM: Quarantining All Traces: burstbeacon cookie
    6:38 PM: Quarantining All Traces: web-stat cookie
    6:38 PM: Quarantining All Traces: toplist cookie
    6:38 PM: Quarantining All Traces: statcounter cookie
    6:38 PM: Quarantining All Traces: realmedia cookie
    6:38 PM: Quarantining All Traces: webtrends cookie
    6:38 PM: Quarantining All Traces: go.com cookie
    6:38 PM: Quarantining All Traces: goclick cookie
    6:38 PM: Quarantining All Traces: burstnet cookie
    6:38 PM: Quarantining All Traces: bizrate cookie
    6:38 PM: Quarantining All Traces: belnk cookie
    6:38 PM: Quarantining All Traces: a cookie
    6:38 PM: Quarantining All Traces: atwola cookie
    6:38 PM: Quarantining All Traces: tacoda cookie
    6:38 PM: Quarantining All Traces: adultfriendfinder cookie
    6:38 PM: Quarantining All Traces: adknowledge cookie
    6:38 PM: Quarantining All Traces: yieldmanager cookie
    6:38 PM: Quarantining All Traces: about cookie
    6:38 PM: Quarantining All Traces: netpal
    6:38 PM: Quarantining All Traces: ezula ilookup
    6:38 PM: Quarantining All Traces: ist powerscan
    6:38 PM: Quarantining All Traces: webrebates
    6:38 PM: Quarantining All Traces: virtualbouncer
    6:38 PM: Quarantining All Traces: xpehbam dialer
    6:38 PM: Quarantining All Traces: command
    6:38 PM: Quarantining All Traces: findthewebsiteyouneed hijack
    6:38 PM: Quarantining All Traces: zquest
    6:38 PM: Quarantining All Traces: squire webhelper
    6:38 PM: Quarantining All Traces: adtomi
    6:38 PM: Quarantining All Traces: surfsidekick
    6:38 PM: Quarantining All Traces: delfin
    6:38 PM: Quarantining All Traces: trojan agent winlogonhook
    6:38 PM: Quarantining All Traces: dollarrevenue
    6:38 PM: Quarantining All Traces: quicklink search toolbar
    6:38 PM: Quarantining All Traces: purityscan
    6:38 PM: Quarantining All Traces: lopdotcom
    6:38 PM: Quarantining All Traces: security2k hijacker
    6:38 PM: Quarantining All Traces: trojan-downloader-zlob
    6:38 PM: Removal process initiated
    6:20 PM: Traces Found: 251
    6:20 PM: Full Sweep has completed. Elapsed time 00:37:20
    6:20 PM: File Sweep Complete, Elapsed Time: 00:34:13
    6:15 PM: Warning: Failed to access drive F:
    6:15 PM: Warning: Failed to access drive E:
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\car rental.url (ID = 66611)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\cancun vacation.url (ID = 66591)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\timeshare.url (ID = 68655)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\skiing.url (ID = 68381)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\family vacation.url (ID = 67061)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\vacation.url (ID = 68761)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\london hotel.url (ID = 67698)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\new york.url (ID = 67872)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\las vegas hotel.url (ID = 67610)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\orlando hotel.url (ID = 67959)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\world travel.url (ID = 68881)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\europe travel.url (ID = 67034)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\hawaii travel.url (ID = 67314)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\hotels.url (ID = 67395)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\resort.url (ID = 68217)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\cruises.url (ID = 66774)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\air travel.url (ID = 66199)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\discount travel.url (ID = 66897)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\travel insurance.url (ID = 68707)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc397\travel agent.url (ID = 68703)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\phone system.url (ID = 68027)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\adjustable bed.url (ID = 66143)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\sleep aids.url (ID = 68390)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\outdoor cooking.url (ID = 67964)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\food nutrition.url (ID = 67161)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\health plan.url (ID = 67320)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\satellite television.url (ID = 68259)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\office space.url (ID = 67905)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\timeshare.url (ID = 68655)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\outdoor furniture.url (ID = 67967)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\interior decorating .url (ID = 67473)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\working from home.url (ID = 68878)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home refinancing.url (ID = 67385)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home improvements.url (ID = 67380)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home security.url (ID = 67387)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc392\home equity loan.url (ID = 67379)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\perfume.url (ID = 68006)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\womens clothing.url (ID = 68873)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\digital cameras.url (ID = 66893)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\dvd players.url (ID = 66972)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\video surveillance.url (ID = 68777)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\dress fashion.url (ID = 66943)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\watches.url (ID = 68802)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\sexy lingerie.url (ID = 68347)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\underwear.url (ID = 68740)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\shoes.url (ID = 68359)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\jewelry.url (ID = 67547)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\wedding gifts.url (ID = 68842)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\gift basket.url (ID = 67257)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\christmas gift.url (ID = 66674)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\birthday gift.url (ID = 66414)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\wine gifts.url (ID = 68854)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\cellular.url (ID = 66656)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\leather jackets.url (ID = 67615)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\smoke shop.url (ID = 68402)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc396\corporate gift.url (ID = 66743)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\pet med.url (ID = 68011)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\doctor.url (ID = 66903)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\consumer consulting.url (ID = 66731)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\pass drug test.url (ID = 67986)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\pharmacy online.url (ID = 68018)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\mexican pharmacy.url (ID = 67788)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy propecia.url (ID = 66536)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy ultram online.url (ID = 66545)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy soma.url (ID = 66539)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy xenical.url (ID = 66551)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy celebrex.url (ID = 66522)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy viagra.url (ID = 66548)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy phentermine.url (ID = 66535)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy tenuate.url (ID = 66542)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy ionamin.url (ID = 66527)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy fidrex.url (ID = 66526)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy meridia .url (ID = 66531)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc395\buy adipex.url (ID = 66519)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\mp3.url (ID = 67830)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\satellite television.url (ID = 68259)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\printer cartridge.url (ID = 68097)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\dating.url (ID = 66821)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\dvd to cd.url (ID = 66975)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\scratch card.url (ID = 68279)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\descrambler.url (ID = 66885)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\online pharmacy.url (ID = 67944)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\video surveillance.url (ID = 68777)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc391\pass drug test.url (ID = 67986)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\community.url (ID = 66710)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\book.url (ID = 66473)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\college.url (ID = 66704)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\adult education.url (ID = 66176)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\school.url (ID = 68271)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\essay.url (ID = 67033)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\education\education.url (ID = 67001)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\jokes.url (ID = 67557)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\spyware.url (ID = 68446)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\flowers.url (ID = 67157)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\firewall.url (ID = 67102)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\newsgroup.url (ID = 67868)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\online gaming.url (ID = 67938)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\free long distance.url (ID = 67223)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\investing money.url (ID = 67525)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\online football games.url (ID = 67934)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\starting a business.url (ID = 68532)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\domain registrations.url (ID = 66924)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\web marketing.url (ID = 68819)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\hosting.url (ID = 67393)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc393\internet business.url (ID = 67510)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\sega dreamcast.url (ID = 68306)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\playstation.url (ID = 68050)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\microsoft.url (ID = 67799)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\gamecube.url (ID = 67244)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\xbox.url (ID = 68886)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\quake.url (ID = 68151)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\games\computer game.url (ID = 66717)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\instant messenger.url (ID = 67467)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\working from home.url (ID = 68878)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\communication technology.url (ID = 66707)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\internet.url (ID = 67497)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\computer programming.url (ID = 66724)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\inkjet cartridge.url (ID = 67435)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\computer jobs .url (ID = 66722)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\domain hosting.url (ID = 66918)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\antivirus.url (ID = 66236)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\dvd.url (ID = 66964)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc398\hosting.url (ID = 67393)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\jackpot.url (ID = 67543)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\sport book.url (ID = 68439)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\gamble.url (ID = 67241)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\time cards.url (ID = 68636)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\black jack poker.url (ID = 66432)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\craps.url (ID = 66749)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\roulette gambling.url (ID = 68240)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\slots.url (ID = 68395)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\sport betting.url (ID = 68436)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\casino online.url (ID = 66635)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc394\bingo.url (ID = 66400)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\dating agency.url (ID = 66825)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\online dating.url (ID = 67931)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\internet dating.url (ID = 67513)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\dating service.url (ID = 66827)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\jewish dating.url (ID = 67549)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dating\christian dating.url (ID = 66672)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\dvd.url (ID = 66964)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\shemale sex.url (ID = 68349)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\fetish.url (ID = 67074)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\photos.url (ID = 68030)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\live video feeds.url (ID = 67673)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\sex toys.url (ID = 68344)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\matchmaking.url (ID = 67744)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\gay.url (ID = 67248)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\viagra.url (ID = 68776)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\adult dvd.url (ID = 66173)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\lesbian.url (ID = 67617)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\hardcore.url (ID = 67309)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc380\sex movies.url (ID = 68342)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\personals.url (ID = 68008)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\adult toys.url (ID = 66182)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\diet pill.url (ID = 66891)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\buy adipex.url (ID = 66519)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\adult personals.url (ID = 66180)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\breast enhancement.url (ID = 66494)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\adult education.url (ID = 66176)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\buy viagra.url (ID = 66548)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc390\penis enlargement.url (ID = 68003)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\dating agency.url (ID = 66825)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\online dating.url (ID = 67931)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\internet dating.url (ID = 67513)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\dating service.url (ID = 66827)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\jewish dating.url (ID = 67549)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dating\christian dating.url (ID = 66672)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\dvd.url (ID = 66964)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\shemale sex.url (ID = 68349)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\fetish.url (ID = 67074)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\photos.url (ID = 68030)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\live video feeds.url (ID = 67673)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\sex toys.url (ID = 68344)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\matchmaking.url (ID = 67744)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\gay.url (ID = 67248)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\viagra.url (ID = 68776)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\adult dvd.url (ID = 66173)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\lesbian.url (ID = 67617)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\hardcore.url (ID = 67309)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc323\sex movies.url (ID = 68342)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\personals.url (ID = 68008)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\adult toys.url (ID = 66182)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\diet pill.url (ID = 66891)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\buy adipex.url (ID = 66519)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\adult personals.url (ID = 66180)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\breast enhancement.url (ID = 66494)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\adult education.url (ID = 66176)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\buy viagra.url (ID = 66548)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc335\penis enlargement.url (ID = 68003)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc417\flyordie games.url (ID = 70890)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc417\big fish games.url (ID = 70885)
    6:12 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc417\gamehouse games.url (ID = 70891)
    6:12 PM: Found Adware: netpal
    6:12 PM: C:\WINDOWS\dh.ini (ID = 238253)
    6:12 PM: Found Adware: zquest
    6:12 PM: C:\Program Files\Yahoo!\browser\Content\temp.mht (ID = 90855)
    6:12 PM: C:\!KillBox\drsmartload.dat (ID = 198788)
    6:12 PM: C:\!KillBox\VCClient\VCClient.exe.config (ID = 212358)
    6:11 PM: Warning: Failed to open file "c:\program files\updates from hp\137903\users\default\data\d0000000.fcs". The operation completed successfully
    6:11 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc324\about earn.lnk (ID = 111342)
    6:11 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc324\earn website.url (ID = 60442)
    6:11 PM: Found Adware: ezula ilookup
    6:07 PM: C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr4523 (ID = 301199)
    6:06 PM: C:\WINDOWS\system32\margo2a.exe (ID = 49359)
    6:03 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc362\websearch.inf (ID = 83972)
    5:57 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc414\power scan.lnk (ID = 72676)
    5:57 PM: Found Adware: ist powerscan
    5:57 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc227\purityscan.lnk (ID = 73235)
    5:57 PM: Found Adware: purityscan
    5:57 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc358\m.dat (ID = 76825)
    5:57 PM: Found Adware: squire webhelper
    5:56 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc361\webrebates.inf (ID = 83933)
    5:56 PM: Found Adware: webrebates
    5:56 PM: C:\WINDOWS\system32\regsvrac32.exe (ID = 49357)
    5:56 PM: Found Adware: adtomi
    5:55 PM: c:\recycler\s-1-5-21-75093085-71043077-1381280363-1003\dc161\weathercast.lnk (ID = 130071)
    5:55 PM: Found Adware: whenu weathercast
    5:53 PM: C:\!KillBox\remove_tools.html (ID = 57781)
    5:52 PM: C:\!KillBox\Exit film\tpcywsnw.exe (ID = 67968)
    5:52 PM: Found Adware: lopdotcom
    5:49 PM: C:\!KillBox\VCClient\VCUpdate.exe.config (ID = 212361)
    5:49 PM: Found Adware: surfsidekick
    5:49 PM: C:\!KillBox\BundleOuter1211031201.EXE (ID = 82795)
    5:49 PM: Found Adware: virtualbouncer
    5:49 PM: C:\Program Files\Yahoo!\browser\Content\LaunchOffline.mht (ID = 90855)
    5:49 PM: Found Adware: xpehbam dialer
    5:46 PM: C:\WINDOWS\system32\pcs (1 subtraces) (ID = 2147486175)
    5:46 PM: Found Adware: delfin
    5:46 PM: Starting File Sweep
    5:46 PM: Warning: Failed to access drive A:
    5:46 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3332)
    5:46 PM: Found Spy Cookie: seeq cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6462)
    5:46 PM: Found Spy Cookie: pesttrap cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2337)
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2335)
    5:46 PM: Found Spy Cookie: burstbeacon cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3648)
    5:46 PM: Found Spy Cookie: web-stat cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3557)
    5:46 PM: Found Spy Cookie: toplist cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6444)
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3447)
    5:46 PM: Found Spy Cookie: statcounter cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3235)
    5:46 PM: Found Spy Cookie: realmedia cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3669)
    5:46 PM: Found Spy Cookie: webtrends cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2038)
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2728)
    5:46 PM: Found Spy Cookie: go.com cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2038)
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2293)
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2733)
    5:46 PM: Found Spy Cookie: goclick cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2336)
    5:46 PM: Found Spy Cookie: burstnet cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2308)
    5:46 PM: Found Spy Cookie: bizrate cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2292)
    5:46 PM: Found Spy Cookie: belnk cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2027)
    5:46 PM: Found Spy Cookie: a cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2255)
    5:46 PM: Found Spy Cookie: atwola cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6445)
    5:46 PM: Found Spy Cookie: tacoda cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2165)
    5:46 PM: Found Spy Cookie: adultfriendfinder cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2072)
    5:46 PM: Found Spy Cookie: adknowledge cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3751)
    5:46 PM: Found Spy Cookie: yieldmanager cookie
    5:46 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2037)
    5:46 PM: Found Spy Cookie: about cookie
    5:46 PM: Starting Cookie Sweep
    5:46 PM: Registry Sweep Complete, Elapsed Time:00:00:16
    5:46 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    5:46 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (ID = 1016072)
    5:46 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (ID = 1016064)
    5:46 PM: Found Adware: command
    5:46 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    5:46 PM: Found Trojan Horse: trojan agent winlogonhook
    5:46 PM: HKLM\software\microsoft\drsmartload\ (ID = 916795)
    5:46 PM: Found Adware: dollarrevenue
     
  12. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    5:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (ID = 909558)
    5:46 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
    5:46 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (ID = 735573)
    5:46 PM: Found Adware: security2k hijacker
    5:46 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
    5:46 PM: Found Adware: findthewebsiteyouneed hijack
    5:46 PM: HKLM\software\ql\ (ID = 359458)
    5:46 PM: Found Adware: quicklink search toolbar
    5:45 PM: Starting Registry Sweep
    5:45 PM: Memory Sweep Complete, Elapsed Time: 00:02:40
    5:43 PM: Starting Memory Sweep
    5:43 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
    5:43 PM: Found Trojan Horse: trojan-downloader-zlob
    5:43 PM: Sweep initiated using definitions version 691
    5:41 PM: None
    5:41 PM: Traces Found: 1
    5:40 PM: Sweep Canceled
    5:40 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 1052560)
    5:40 PM: Found Trojan Horse: trojan-downloader-zlob
    5:40 PM: Sweep initiated using definitions version 6
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    5:40 PM: Shield States
    5:40 PM: Spyware Definitions: 691
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You did not extract all o fthe smitfraud files to a folder - redo the process and make sure you extract them to a folder and the execute from the folder

    Also run spysweeper again as you were very infected

    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries


    empty the recycle bin
     
  14. Saloo

    Saloo Thread Starter

    Joined:
    Sep 12, 2005
    Messages:
    27
    SmitFraudFix v2.79

    Scan done at 12:09:58.78, Wed 08/02/2006
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\drsmartloadb1.dat FOUND !
    C:\WINDOWS\timessquare1.dat FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\components\flx?.dll FOUND !
    C:\WINDOWS\system32\components\flx??.dll FOUND !
    C:\WINDOWS\system32\components\flx???.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://us.f2.yahoofs.com/users/417aa36dz13fe7f9c/784b/__sr_/aa07.jpg?phHmBZDBNsJp9Smk"
    "SubscribedURL"="http://us.f2.yahoofs.com/users/417aa36dz13fe7f9c/784b/__sr_/aa07.jpg?phHmBZDBNsJp9Smk"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483978

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice