1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Spyware or Virus Screwing Up My System, Help please!

Discussion in 'Virus & Other Malware Removal' started by AdmiralZ, Apr 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. AdmiralZ

    AdmiralZ Thread Starter

    Joined:
    Apr 1, 2005
    Messages:
    219
    I've got something on my computer that does the following things:

    Changes my homepage to www.gophersearch.com
    Brings up porn-related pop-ups when I'm using IE
    Slows down my computer to the point where things stop responding.

    I've scanned with McAfee, and Ad-Aware and removed everything found there, but still, the majority of the problem remains, can anyone help? :eek:
     
  2. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    hi, welcome to TSG.

    Download hijack this from the link below.Please do this. Click here:

    http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

    to download HijackThis. Click scan and save a logfile, then post it here so
    we can take a look at it for you. Don't click fix on anything in hijack this
    as most of the files are legitimate.
     
  3. AdmiralZ

    AdmiralZ Thread Starter

    Joined:
    Apr 1, 2005
    Messages:
    219
    Thanks. Here's the logfile:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:10:32, on 17/04/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\runservice.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE
    C:\WINDOWS\System32\ctfmon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
    O4 - HKLM\..\Run: [G3] C:\WINDOWS\System32\GSMedia3.exe
    O4 - HKLM\..\Run: [5sFS3mT] fecntcls.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [aqijfi] c:\windows\system32\xxbwcvi.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [dgrpsetu] C:\WINDOWS\System32\dgrpsetu.exe
    O4 - HKCU\..\Run: [pautoenr] C:\WINDOWS\System32\pautoenr.exe
    O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Dougie_2\Application Data\h??o?.exe
    O4 - HKCU\..\Run: [atiupdate] C:\DOCUME~1\Dougie_2\LOCALS~1\Temp\msshed32.exe
    O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\PlayCenter2\CTNMRUN.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Startup: UCmore XP - The Search Accelerator.lnk = ?
    O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk552YYGB
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: GetMP3 - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\System32\GetMP3 (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.124.130 (HKLM)
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
    O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c10.cab
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,90/mcinsctl.cab
    O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://c.ancestry.com/cab/aft/AncestryFamilyTree.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110069436593
    O16 - DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1047_EN_XP.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://intranet.bedfordschool.org.uk/tsweb/msrdp.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
    O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
    O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
    O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba217.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 80.225.252.58 80.225.252.50
    O17 - HKLM\System\CS1\Services\Tcpip\..\{52DE1572-A4C5-41FC-A905-F04A5B8E67AD}: NameServer = 80.225.252.58 80.225.252.50
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  4. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    you'll need to run the LSPfix to repair winsock.

    http://cexx.org/lspfix.htm


    Launch the application, and click the "I know what I'm doing" checkbox.
    This is the dll in question, newdotnet6_38.dll move it to the right hand pane and hit "finish"



    Download the pocket killbox

    http://www.bleepingcomputer.com/files/killbox.php



    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

    http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129


    * Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits
    o Please UNCHECK Do not Sweep System Restore Folder.
    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.


    After running spysweeper run these scans!



    * Download the trial version of Ewido Security Suite here

    http://www.ewido.net/en/

    * Install ewido.
    * During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the left side of the main screen click update
    * Click on Start and let it update.
    * DO NOT run a scan yet. You will do that later in safe mode.






    * Click here to download ATF Cleaner by Atribune and save it to your desktop.

    http://majorgeeks.com/ATF_Cleaner_d4949.html


    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.
    o If you use Firefox:
    + Click Firefox at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    o If you use Opera:
    + Click Opera at the top and choose: Select All
    + Click the Empty Selected button.
    + NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    * Click Exit on the Main menu to close the program.


    * Click here for info on how to boot to safe mode if you don't already know
    how.

    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam



    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:



    have hijack this fix these entries. close all browsers and programmes before
    clicking FIX.


    O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINDOWS\System32\rlmtcs.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\System32\psoft1.exe
    O4 - HKLM\..\Run: [G3] C:\WINDOWS\System32\GSMedia3.exe
    O4 - HKLM\..\Run: [5sFS3mT] fecntcls.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [aqijfi] c:\windows\system32\xxbwcvi.exe
    O4 - HKLM\..\Run: [ICcontrol] C:\WINDOWS\iccontrol.exe
    O4 - HKCU\..\Run: [dgrpsetu] C:\WINDOWS\System32\dgrpsetu.exe
    O4 - HKCU\..\Run: [pautoenr] C:\WINDOWS\System32\pautoenr.exe
    O4 - HKCU\..\Run: [Ncao] C:\Documents and Settings\Dougie_2\Application Data\h??o?.exe
    O4 - HKCU\..\Run: [atiupdate] C:\DOCUME~1\Dougie_2\LOCALS~1\Temp\msshed32.exe
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: 206.161.124.130 (HKLM)
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
    O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
    O16 - DPF: {11117711-1111-1711-7121-111177111157} - ms-its:mhtml:file://c:\bebe.mht!http://www.alarm-works.com/tx.chm::/ai.exe
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - http://scripts.downloadv3.com/binari...1047_EN_XP.cab
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetupml.cab
    O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
    O16 - DPF: {D35B74F6-E099-4CDD-91E0-9EA7C30059D1} (Main Class) - http://www.dialer-shop.com/webdial/webdial24106.cab
    O16 - DPF: {EEF29D20-9A47-4657-ADF7-283EC2504001} - http://download.bigwebportal.com/toolbar2/winenc32.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
    O16 - DPF: {FAFF0003-0A01-121A-A1C9-08032B23E0CC} - http://uk.global-acces.com/seed/nat3.exe
    O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://static.35mb.com/applet/applet_o.cab
    O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba217.exe
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe



    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
    In the Full Path of File to Delete box, copy and paste each of the following
    lines one at a time then click on the button that has the red circle with the
    X in the middle after you enter each file. It will ask for confirmation to
    delete the file. Click Yes. Continue with that same procedure until you have
    copied and pasted all of these in the Paste Full Path of File to Delete box.



    Note: It is possible that Killbox will tell you that one or more files do not
    exist. If that happens, just continue on with all the files. Be sure you
    don't miss any.


    C:\WINDOWS\System32\rlmtcs.dll
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    C:\Program Files\Viewpoint
    C:\WINDOWS\System32\psoft1.exe
    C:\WINDOWS\System32\GSMedia3.exe
    C:\WINDOWS\System32\fecntcls.exe
    C:\WINDOWS\fecntcls.exe
    c:\windows\system32\xxbwcvi.exe
    C:\WINDOWS\iccontrol.exe
    C:\WINDOWS\System32\dgrpsetu.exe
    C:\Documents and Settings\Dougie_2\Application Data\h??o?.exe
    C:\DOCUME~1\Dougie_2\LOCALS~1\Temp\msshed32.exe
    c:\eied_s7.cab


    * Run Ewido:

    * Click on scanner
    * Click Complete System Scan and the scan will begin.
    * During the scan it will prompt you to clean files, click OK
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop



    reboot to normal mode and run a few online scans!


    Run ActiveScan online virus scan here

    http://www.pandasoftware.com/products/activescan.htm

    When the scan is finished, anything that it cannot clean have it delete it.
    Make a note of the file location of anything that cannot be deleted so you
    can delete it yourself.
    - Save the results from the scan!


    post another hijack this log, the ewido, spysweeper and active scan logs
     
  5. AdmiralZ

    AdmiralZ Thread Starter

    Joined:
    Apr 1, 2005
    Messages:
    219
    Mamma mia. There's a whole lot of crap wrong with my computer!

    Thanks dude.
     
  6. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    you're welcome, happy hunting lol :)
     
  7. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    I had to edit post 4, please refresh your broswer to see the changes!
     
  8. AdmiralZ

    AdmiralZ Thread Starter

    Joined:
    Apr 1, 2005
    Messages:
    219
    Spy Sweeper Log:

    ********
    20:32: | Start of Session, 17 April 2006 |
    20:32: Spy Sweeper started
    20:32: Sweep initiated using definitions version 659
    20:32: Starting Memory Sweep
    20:32: Found Adware: begin2search
    20:32: Detected running threat: C:\WINDOWS\System32\rlmtcs.dll (ID = 273264)
    20:37: Memory Sweep Complete, Elapsed Time: 00:04:25
    20:37: Starting Registry Sweep
    20:37: Found Adware: apropos
    20:37: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
    20:37: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729)
    20:37: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
    20:37: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767)
    20:37: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
    20:37: Found Adware: blazefind
    20:37: HKLM\software\classes\winctladx.installer\ (3 subtraces) (ID = 104503)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/admilliservx.dll\ (2 subtraces) (ID = 104525)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\admilliservx.dll (ID = 104540)
    20:37: HKCR\winctladx.installer\ (3 subtraces) (ID = 104569)
    20:37: Found Adware: blazefind_adman
    20:37: HKLM\software\aaowier\ (ID = 104579)
    20:37: Found Adware: blazefind_adstat
    20:37: HKCR\adstatservx.installer\ (3 subtraces) (ID = 104585)
    20:37: HKLM\software\classes\adstatservx.installer\ (3 subtraces) (ID = 104586)
    20:37: Found Adware: bookedspace
    20:37: HKLM\software\configuration manager\cfgmgr52\ (207 subtraces) (ID = 104873)
    20:37: Found Adware: coolwebsearch (cws)
    20:37: HKLM\software\microsoft\code store database\distribution units\{10000000-1000-0000-1000-000000000000}\ (7 subtraces) (ID = 109814)
    20:37: Found Adware: dealhelper
    20:37: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
    20:37: Found Adware: effective-i toolbar
    20:37: HKLM\software\iemenuextension\ (ID = 125660)
    20:37: Found Adware: ezula ilookup
    20:37: HKLM\software\microsoft\windows\currentversion\uninstall\web offer\ (3 subtraces) (ID = 126299)
    20:37: Found Adware: gophersearch hijack
    20:37: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 126950)
    20:37: Found Adware: ist istbar
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\istactivex.dll (ID = 129174)
    20:37: Found Trojan Horse: kitten free sex dialer
    20:37: HKLM\software\sds software\ (12 subtraces) (ID = 129640)
    20:37: Found Adware: wild media - minigolf
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\ (2 subtraces) (ID = 135052)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\minigolf_affiliate.exe (ID = 135058)
    20:37: Found Trojan Horse: trojan-downloader-pacisoft
    20:37: HKLM\software\microsoft\windows\currentversion\run\ || psoft1 (ID = 136527)
    20:37: Found Adware: purityscan
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
    20:37: Found Adware: elitemediagroup-mediamotor
    20:37: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (25 subtraces) (ID = 140032)
    20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
    20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
    20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
    20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
    20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
    20:37: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
    20:37: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\ (2 subtraces) (ID = 140170)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\m67m.ocx (ID = 140199)
    20:37: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
    20:37: Found Adware: searchrelevancy
    20:37: HKCR\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141290)
    20:37: HKCR\searchrelevant\ (3 subtraces) (ID = 141291)
    20:37: HKLM\software\classes\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\ (8 subtraces) (ID = 141293)
    20:37: HKLM\software\classes\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (9 subtraces) (ID = 141295)
    20:37: HKLM\software\classes\searchrelevant\ (3 subtraces) (ID = 141296)
    20:37: HKLM\software\classes\updater.bho\ (5 subtraces) (ID = 141297)
    20:37: HKLM\software\searchrelevancy\ (3 subtraces) (ID = 141300)
    20:37: HKCR\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\ (9 subtraces) (ID = 141302)
    20:37: HKCR\updater.bho\ (5 subtraces) (ID = 141303)
    20:37: Found Trojan Horse: topconverting downloader
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/loader2.ocx\ (2 subtraces) (ID = 143815)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\loader2.ocx (ID = 143829)
    20:37: Found Trojan Horse: trojan-downloader-updateagent
    20:37: HKLM\software\winsysupdate\ (3 subtraces) (ID = 144817)
    20:37: Found Adware: webdial dialer
    20:37: HKCR\webdial.main\ (5 subtraces) (ID = 146225)
    20:37: HKCR\webdial.main.1\ (3 subtraces) (ID = 146226)
    20:37: HKCR\clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\ (11 subtraces) (ID = 146227)
    20:37: HKCR\typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\ (9 subtraces) (ID = 146228)
    20:37: HKLM\software\classes\webdial.main\ (5 subtraces) (ID = 146229)
    20:37: HKLM\software\classes\webdial.main.1\ (3 subtraces) (ID = 146230)
    20:37: HKLM\software\classes\clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\ (11 subtraces) (ID = 146231)
    20:37: HKLM\software\classes\typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\ (9 subtraces) (ID = 146232)
    20:37: Found Adware: wildmedia
    20:37: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
    20:37: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
    20:37: Found Adware: winad
    20:37: HKCR\mediapassx.installer\ (3 subtraces) (ID = 147160)
    20:37: HKLM\software\classes\mediapassx.installer\ (3 subtraces) (ID = 147174)
    20:37: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediapassx.dll\ (2 subtraces) (ID = 147192)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadservx.dll\ (2 subtraces) (ID = 147195)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediapassx.dll (ID = 147222)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadservx.dll (ID = 147224)
    20:37: Found Adware: ist software
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
    20:37: Found Adware: ist yoursitebar
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
    20:37: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
    20:37: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
    20:37: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
    20:37: HKCR\rlmtcs.amo\ (5 subtraces) (ID = 1221370)
    20:37: HKCR\rlmtcs.amo.1\ (3 subtraces) (ID = 1221375)
    20:37: HKCR\rlmtcs.iiittt\ (5 subtraces) (ID = 1221378)
    20:37: HKCR\rlmtcs.iiittt.1\ (3 subtraces) (ID = 1221383)
    20:37: HKCR\rlmtcs.momo\ (5 subtraces) (ID = 1221386)
    20:37: HKCR\rlmtcs.momo.1\ (3 subtraces) (ID = 1221391)
    20:37: HKCR\rlmtcs.ohb\ (5 subtraces) (ID = 1221394)
    20:37: HKCR\rlmtcs.ohb.1\ (3 subtraces) (ID = 1221399)
    20:37: HKCR\clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\ (22 subtraces) (ID = 1221414)
    20:37: HKCR\clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\ (11 subtraces) (ID = 1221437)
    20:37: HKCR\clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\ (11 subtraces) (ID = 1221461)
    20:37: HKCR\clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\ (11 subtraces) (ID = 1221473)
    20:37: HKCR\typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\ (9 subtraces) (ID = 1221485)
    20:37: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8888041-b24a-4b0b-911b-12b018e43f21}\ (1 subtraces) (ID = 1221520)
    20:37: HKLM\software\classes\rlmtcs.amo\ (5 subtraces) (ID = 1221526)
    20:37: HKLM\software\classes\rlmtcs.amo.1\ (3 subtraces) (ID = 1221531)
    20:37: HKLM\software\classes\rlmtcs.iiittt\ (5 subtraces) (ID = 1221534)
    20:37: HKLM\software\classes\rlmtcs.iiittt.1\ (3 subtraces) (ID = 1221539)
    20:37: HKLM\software\classes\rlmtcs.momo\ (5 subtraces) (ID = 1221542)
    20:37: HKLM\software\classes\rlmtcs.momo.1\ (3 subtraces) (ID = 1221547)
    20:37: HKLM\software\classes\rlmtcs.ohb\ (5 subtraces) (ID = 1221550)
    20:37: HKLM\software\classes\rlmtcs.ohb.1\ (3 subtraces) (ID = 1221555)
    20:37: HKLM\software\classes\clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\ (22 subtraces) (ID = 1221570)
    20:37: HKLM\software\classes\clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\ (11 subtraces) (ID = 1221593)
    20:37: HKLM\software\classes\clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\ (11 subtraces) (ID = 1221617)
    20:37: HKLM\software\classes\clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\ (11 subtraces) (ID = 1221629)
    20:37: HKLM\software\classes\typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\ (9 subtraces) (ID = 1221641)
    20:37: Found Adware: big web portal
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ || mst (ID = 104396)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ || ttttlll (ID = 104397)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ || iiiilll (ID = 104398)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ffffaaa\ (2 subtraces) (ID = 104399)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ssss\ (2 subtraces) (ID = 104400)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\iiii\ (4 subtraces) (ID = 104401)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\pppp\ (2 subtraces) (ID = 104402)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\share_bwp\ (23 subtraces) (ID = 104404)
    20:37: Found Adware: cws-aboutblank
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
    20:37: Found Adware: desktoptraffic
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\eeennn\ (ID = 124993)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\iemenuextension\ (7 subtraces) (ID = 125659)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\ || searchurl (ID = 126947)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search bar (ID = 126948)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search page (ID = 126949)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\search\ || searchassistant (ID = 126951)
    20:37: Found Adware: instant access
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\p2eclient\ (1 subtraces) (ID = 128846)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\psoft1\ (12 subtraces) (ID = 136531)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\windows\currentversion\run\ || ncao (ID = 138536)
    20:37: Found Trojan Horse: trojan-downloader-moneymind
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\windows\currentversion\run\ || atiupdate (ID = 594267)
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
     
  9. AdmiralZ

    AdmiralZ Thread Starter

    Joined:
    Apr 1, 2005
    Messages:
    219
    20:37: HKU\S-1-5-21-1967298908-2851811609-1981617496-1009\software\microsoft\internet explorer\main\ || start page (ID = 1221662)
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\share_bwp\ (2 subtraces) (ID = 104404)
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\iemenuextension\ (5 subtraces) (ID = 125659)
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {6b95678d-30a4-4ff8-a72f-4208340c1f7f} (ID = 125667)
    20:37: Found Adware: 180search assistant/zango
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\180ax\ (3 subtraces) (ID = 135615)
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\saap\ (10 subtraces) (ID = 135784)
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\salm\ (3 subtraces) (ID = 135792)
    20:37: HKU\WRSS_Profile_S-1-5-21-1967298908-2851811609-1981617496-1008\software\psoft1\ (2 subtraces) (ID = 136531)
    20:37: Registry Sweep Complete, Elapsed Time:00:00:29
    20:37: Starting Cookie Sweep
    20:37: Found Spy Cookie: 2o7.net cookie
    20:37: [email protected][1].txt (ID = 1958)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: Found Spy Cookie: 3 cookie
    20:37: [email protected][2].txt (ID = 1960)
    20:37: dougie_2@3[1].txt (ID = 1959)
    20:37: dougie_2@3[2].txt (ID = 1959)
    20:37: dougie_2@3[3].txt (ID = 1959)
    20:37: Found Spy Cookie: 5 cookie
    20:37: dougie_2@5[1].txt (ID = 1979)
    20:37: Found Spy Cookie: 64.62.232 cookie
    20:37: [email protected][1].txt (ID = 1987)
    20:37: [email protected][2].txt (ID = 1987)
    20:37: [email protected][3].txt (ID = 1987)
    20:37: [email protected][4].txt (ID = 1987)
    20:37: [email protected][5].txt (ID = 1987)
    20:37: Found Spy Cookie: 66.70.21 cookie
    20:37: [email protected][1].txt (ID = 1999)
    20:37: Found Spy Cookie: 888 cookie
    20:37: dougie_2@888[2].txt (ID = 2019)
    20:37: dougie_2@888[3].txt (ID = 2019)
    20:37: Found Spy Cookie: websponsors cookie
    20:37: [email protected][1].txt (ID = 3665)
    20:37: Found Spy Cookie: about cookie
    20:37: dougie_2@about[2].txt (ID = 2037)
    20:37: Found Spy Cookie: yieldmanager cookie
    20:37: [email protected][2].txt (ID = 3751)
    20:37: Found Spy Cookie: adecn cookie
    20:37: dougie_2@adecn[2].txt (ID = 2063)
    20:37: Found Spy Cookie: adknowledge cookie
    20:37: dougie_2@adknowledge[2].txt (ID = 2072)
    20:37: Found Spy Cookie: adlegend cookie
    20:37: dougie_2@adlegend[2].txt (ID = 2074)
    20:37: Found Spy Cookie: hbmediapro cookie
    20:37: [email protected][2].txt (ID = 2768)
    20:37: Found Spy Cookie: hotbar cookie
    20:37: [email protected][2].txt (ID = 4207)
    20:37: Found Spy Cookie: precisead cookie
    20:37: [email protected][2].txt (ID = 3182)
    20:37: Found Spy Cookie: specificclick.com cookie
    20:37: [email protected][2].txt (ID = 3400)
    20:37: Found Spy Cookie: adorigin cookie
    20:37: dougie_2@adorigin[1].txt (ID = 2082)
    20:37: Found Spy Cookie: adprofile cookie
    20:37: dougie_2@adprofile[2].txt (ID = 2084)
    20:37: Found Spy Cookie: cc214142 cookie
    20:37: [email protected][1].txt (ID = 2367)
    20:37: Found Spy Cookie: inet-traffic.com cookie
    20:37: [email protected][2].txt (ID = 2856)
    20:37: Found Spy Cookie: bpath cookie
    20:37: [email protected][1].txt (ID = 2321)
    20:37: Found Spy Cookie: adtech cookie
    20:37: dougie_2@adtech[2].txt (ID = 2155)
    20:37: Found Spy Cookie: adultfriendfinder cookie
    20:37: dougie_2@adultfriendfinder[2].txt (ID = 2165)
    20:37: Found Spy Cookie: adultrevenueservice cookie
    20:37: dougie_2@adultrevenueservice[2].txt (ID = 2167)
    20:37: Found Spy Cookie: advertising cookie
    20:37: dougie_2@advertising[2].txt (ID = 2175)
    20:37: Found Spy Cookie: angelfire cookie
    20:37: dougie_2@angelfire[1].txt (ID = 2221)
    20:37: [email protected][2].txt (ID = 2038)
    20:37: Found Spy Cookie: associated new media cookie
    20:37: [email protected][1].txt (ID = 2223)
    20:37: Found Spy Cookie: askmen cookie
    20:37: dougie_2@askmen[2].txt (ID = 2247)
    20:37: Found Spy Cookie: ask cookie
    20:37: dougie_2@ask[1].txt (ID = 2245)
    20:37: Found Spy Cookie: atlas dmt cookie
    20:37: dougie_2@atdmt[2].txt (ID = 2253)
    20:37: Found Spy Cookie: belnk cookie
    20:37: [email protected][1].txt (ID = 2293)
    20:37: Found Spy Cookie: atwola cookie
    20:37: dougie_2@atwola[1].txt (ID = 2255)
    20:37: Found Spy Cookie: azjmp cookie
    20:37: dougie_2@azjmp[2].txt (ID = 2270)
    20:37: Found Spy Cookie: a cookie
    20:37: dougie_2@a[1].txt (ID = 2027)
    20:37: Found Spy Cookie: casalemedia cookie
    20:37: [email protected][1].txt (ID = 2355)
    20:37: Found Spy Cookie: banners cookie
    20:37: dougie_2@banners[1].txt (ID = 2282)
    20:37: dougie_2@belnk[1].txt (ID = 2292)
    20:37: Found Spy Cookie: bizrate cookie
    20:37: dougie_2@bizrate[1].txt (ID = 2308)
    20:37: Found Spy Cookie: bravenet cookie
    20:37: dougie_2@bravenet[1].txt (ID = 2322)
    20:37: Found Spy Cookie: touchclarity cookie
    20:37: [email protected][1].txt (ID = 3566)
    20:37: Found Spy Cookie: burstnet cookie
    20:37: dougie_2@burstnet[2].txt (ID = 2336)
    20:37: Found Spy Cookie: enhance cookie
    20:37: [email protected][1].txt (ID = 2614)
    20:37: Found Spy Cookie: goclick cookie
    20:37: [email protected][2].txt (ID = 2733)
    20:37: Found Spy Cookie: gostats cookie
    20:37: [email protected][1].txt (ID = 2748)
    20:37: [email protected][2].txt (ID = 2748)
    20:37: [email protected][2].txt (ID = 2748)
    20:37: Found Spy Cookie: cassava cookie
    20:37: dougie_2@cassava[1].txt (ID = 2362)
    20:37: Found Spy Cookie: tripod cookie
    20:37: [email protected][1].txt (ID = 3592)
    20:37: Found Spy Cookie: commission junction cookie
    20:37: dougie_2@cj[2].txt (ID = 2453)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: Found Spy Cookie: clickzs cookie
    20:37: [email protected][2].txt (ID = 2413)
    20:37: [email protected][2].txt (ID = 2413)
    20:37: [email protected][1].txt (ID = 2413)
    20:37: [email protected][2].txt (ID = 2413)
    20:37: [email protected][2].txt (ID = 2413)
    20:37: [email protected][2].txt (ID = 2413)
    20:37: [email protected][2].txt (ID = 2413)
    20:37: Found Spy Cookie: overture cookie
    20:37: [email protected][1].txt (ID = 3106)
    20:37: Found Spy Cookie: dealhelper cookie
    20:37: dougie_2@dealhelper[1].txt (ID = 2503)
    20:37: Found Spy Cookie: dealtime cookie
    20:37: dougie_2@dealtime[2].txt (ID = 2505)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: Found Spy Cookie: did-it cookie
    20:37: dougie_2@did-it[1].txt (ID = 2523)
    20:37: [email protected][2].txt (ID = 2293)
    20:37: Found Spy Cookie: dist cookie
    20:37: dougie_2@dist[2].txt (ID = 4648)
    20:37: [email protected][1].txt (ID = 3566)
    20:37: Found Spy Cookie: howstuffworks cookie
    20:37: [email protected][1].txt (ID = 2806)
    20:37: Found Spy Cookie: go.com cookie
    20:37: [email protected][2].txt (ID = 2729)
    20:37: Found Spy Cookie: exitexchange cookie
    20:37: dougie_2@exitexchange[1].txt (ID = 2633)
    20:37: Found Spy Cookie: fe.lea.lycos.com cookie
    20:37: [email protected][1].txt (ID = 2660)
    20:37: [email protected][1].txt (ID = 3566)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: Found Spy Cookie: gamespy cookie
    20:37: dougie_2@gamespy[2].txt (ID = 2719)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: [email protected][1].txt (ID = 3566)
    20:37: Found Spy Cookie: go2net.com cookie
    20:37: dougie_2@go2net[1].txt (ID = 2730)
    20:37: Found Spy Cookie: goldenpalace cookie
    20:37: dougie_2@goldenpalace[2].txt (ID = 2734)
    20:37: dougie_2@gostats[1].txt (ID = 2747)
    20:37: dougie_2@go[2].txt (ID = 2728)
    20:37: Found Spy Cookie: starware.com cookie
    20:37: [email protected][2].txt (ID = 3442)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: Found Spy Cookie: clickandtrack cookie
    20:37: [email protected][2].txt (ID = 2397)
    20:37: dougie_2@howstuffworks[1].txt (ID = 2805)
    20:37: [email protected][2].txt (ID = 3592)
    20:37: Found Spy Cookie: screensavers.com cookie
    20:37: [email protected][2].txt (ID = 3298)
    20:37: Found Spy Cookie: ic-live cookie
    20:37: dougie_2@ic-live[1].txt (ID = 2821)
    20:37: Found Spy Cookie: imlive.com cookie
    20:37: dougie_2@imlive[1].txt (ID = 2843)
    20:37: Found Spy Cookie: infospace cookie
    20:37: dougie_2@infospace[2].txt (ID = 2865)
    20:37: Found Spy Cookie: kmpads cookie
    20:37: dougie_2@kmpads[2].txt (ID = 2909)
    20:37: Found Spy Cookie: kount cookie
    20:37: dougie_2@kount[1].txt (ID = 2911)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: Found Spy Cookie: top-banners cookie
    20:37: [email protected][1].txt (ID = 3548)
    20:37: Found Spy Cookie: ugo cookie
    20:37: [email protected][2].txt (ID = 3609)
    20:37: Found Spy Cookie: mp3downloadhq cookie
    20:37: dougie_2@mp3downloadhq[1].txt (ID = 3014)
    20:37: Found Spy Cookie: mrskin cookie
    20:37: dougie_2@mrskin[1].txt (ID = 3020)
    20:37: [email protected][1].txt (ID = 3566)
    20:37: Found Spy Cookie: mywebsearch cookie
    20:37: dougie_2@mywebsearch[1].txt (ID = 3051)
    20:37: Found Spy Cookie: nextag cookie
    20:37: dougie_2@nextag[1].txt (ID = 5014)
    20:37: Found Spy Cookie: nuker cookie
    20:37: dougie_2@nuker[2].txt (ID = 3085)
    20:37: Found Spy Cookie: offeroptimizer cookie
    20:37: dougie_2@offeroptimizer[1].txt (ID = 3087)
    20:37: Found Spy Cookie: one-time-offer cookie
    20:37: dougie_2@one-time-offer[2].txt (ID = 3095)
    20:37: dougie_2@overture[2].txt (ID = 3105)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: Found Spy Cookie: partypoker cookie
    20:37: dougie_2@partypoker[2].txt (ID = 3111)
    20:37: Found Spy Cookie: passion cookie
    20:37: dougie_2@passion[2].txt (ID = 3113)
    20:37: Found Spy Cookie: paypopup cookie
    20:37: dougie_2@paypopup[1].txt (ID = 3119)
    20:37: [email protected][1].txt (ID = 2719)
    20:37: Found Spy Cookie: pricegrabber cookie
    20:37: dougie_2@pricegrabber[1].txt (ID = 3185)
    20:37: Found Spy Cookie: rednova cookie
    20:37: dougie_2@rednova[2].txt (ID = 3245)
    20:37: Found Spy Cookie: revenue.net cookie
    20:37: dougie_2@revenue[2].txt (ID = 3257)
    20:37: Found Spy Cookie: directtrack cookie
    20:37: [email protected][2].txt (ID = 2528)
    20:37: Found Spy Cookie: adjuggler cookie
    20:37: [email protected][1].txt (ID = 2071)
    20:37: Found Spy Cookie: co cookie
    20:37: [email protected][1].txt (ID = 2430)
    20:37: [email protected][1].txt (ID = 2729)
    20:37: Found Spy Cookie: tvguide cookie
    20:37: [email protected][1].txt (ID = 3600)
    20:37: [email protected][1].txt (ID = 2806)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: [email protected][1].txt (ID = 3600)
    20:37: Found Spy Cookie: web-stat cookie
    20:37: [email protected][1].txt (ID = 3649)
    20:37: Found Spy Cookie: servlet cookie
    20:37: dougie_2@servlet[2].txt (ID = 3345)
    20:37: [email protected][1].txt (ID = 2528)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: [email protected][2].txt (ID = 2038)
    20:37: [email protected][2].txt (ID = 2729)
    20:37: [email protected][2].txt (ID = 2506)
    20:37: Found Spy Cookie: statcounter cookie
    20:37: dougie_2@statcounter[1].txt (ID = 3447)
    20:37: Found Spy Cookie: reliablestats cookie
    20:37: [email protected][2].txt (ID = 3254)
    20:37: Found Spy Cookie: stlyrics cookie
    20:37: dougie_2@stlyrics[2].txt (ID = 3461)
    20:37: Found Spy Cookie: tacoda cookie
    20:37: dougie_2@tacoda[1].txt (ID = 6444)
    20:37: [email protected][1].txt (ID = 2038)
    20:37: [email protected][1].txt (ID = 3566)
    20:37: [email protected][1].txt (ID = 1958)
    20:37: Found Spy Cookie: tracking cookie
    20:37: dougie_2@tracking[1].txt (ID = 3571)
    20:37: Found Spy Cookie: trb.com cookie
    20:37: dougie_2@trb[1].txt (ID = 3587)
    20:37: dougie_2@tvguide[2].txt (ID = 3599)
    20:37: dougie_2@ugo[1].txt (ID = 3608)
    20:37: dougie_2@ugo[3].txt (ID = 3608)
    20:37: Found Spy Cookie: upspiral cookie
    20:37: dougie_2@upspiral[1].txt (ID = 3614)
    20:37: Found Spy Cookie: videodome cookie
    20:37: dougie_2@videodome[2].txt (ID = 3638)
    20:37: [email protected][1].txt (ID = 2413)
    20:37: [email protected][2].txt (ID = 2413)
    20:37: dougie_2@web-stat[2].txt (ID = 3648)
    20:37: Found Spy Cookie: megago cookie
    20:37: [email protected][1].txt (ID = 2983)
    20:37: [email protected][2].txt (ID = 2020)
    20:37: Found Spy Cookie: burstbeacon cookie
    20:37: [email protected][1].txt (ID = 2335)
    20:37: Found Spy Cookie: buzztone cookie
    20:37: [email protected][1].txt (ID = 2339)
    20:38: Found Spy Cookie: clickads cookie
    20:38: [email protected][1].txt (ID = 4643)
    20:38: [email protected][2].txt (ID = 2983)
    20:38: Found Spy Cookie: hermoment.com cookie
    20:38: [email protected][1].txt (ID = 2774)
    20:38: Found Spy Cookie: hitboss.com cookie
    20:38: [email protected][1].txt (ID = 2782)
    20:38: [email protected][1].txt (ID = 2806)
    20:38: Found Spy Cookie: myaffiliateprogram.com cookie
    20:38: [email protected][1].txt (ID = 3032)
    20:38: [email protected][1].txt (ID = 3298)
    20:38: Found Spy Cookie: seeq cookie
    20:38: [email protected][1].txt (ID = 3332)
    20:38: Found Spy Cookie: starpulse cookie
    20:38: [email protected][1].txt (ID = 3440)
    20:38: [email protected][1].txt (ID = 3462)
    20:38: Found Spy Cookie: thecoolbar cookie
    20:38: [email protected][2].txt (ID = 3522)
    20:38: Found Spy Cookie: traffic2cash cookie
    20:38: [email protected][1].txt (ID = 3580)
    20:38: [email protected][2].txt (ID = 3615)
    20:38: [email protected][2].txt (ID = 3649)
    20:38: Found Spy Cookie: claxonmedia cookie
    20:38: dougie_2@www1.claxonmedia[2].txt (ID = 2388)
    20:38: dougie_2@www2.claxonmedia[1].txt (ID = 2389)
    20:38: dougie_2@www3.claxonmedia[2].txt (ID = 2387)
    20:38: dougie_2@www48.seeq[1].txt (ID = 3332)
    20:38: Found Spy Cookie: xiti cookie
    20:38: dougie_2@xiti[1].txt (ID = 3717)
    20:38: Found Spy Cookie: xren_cj cookie
    20:38: dougie_2@xren_cj[1].txt (ID = 3723)
    20:38: Found Spy Cookie: yadro cookie
    20:38: dougie_2@yadro[2].txt (ID = 3743)
    20:38: dougie_2@yieldmanager[2].txt (ID = 3749)
    20:38: dougie@112.2o7[1].txt (ID = 1958)
    20:38: dougie@ask[1].txt (ID = 2245)
    20:38: dougie@a[1].txt (ID = 2027)
    20:38: dougie@banners[1].txt (ID = 2282)
    20:38: dougie@web.ask[1].txt (ID = 2246)
    20:38: dougie@www.ask[1].txt (ID = 2246)
    20:38: dougie@xiti[1].txt (ID = 3717)
    20:38: Cookie Sweep Complete, Elapsed Time: 00:00:29
    20:38: Starting File Sweep
    20:38: c:\program files\windows controlad (ID = -2147481365)
    20:38: Found Adware: shopathomeselect
    20:38: c:\windows\system32\sahimages (9 subtraces) (ID = -2147480329)
    20:38: c:\documents and settings\dougie_2\local settings\temp\fleok (ID = -2147480558)
    20:38: c:\windows\bsx32 (6 subtraces) (ID = -2147481346)
    20:38: c:\windows\cfgmgr52 (1 subtraces) (ID = -2147479590)
    20:41: button_small.gif (ID = 60415)
    20:43: Found Adware: clearsearch
    20:43: 71915796.bin (ID = 52544)
    20:45: 72152304.bin (ID = 52519)
    20:45: 38222285.bin (ID = 52532)
    20:46: akdvsvk1.xml (ID = 57647)
    20:50: Found Adware: daosearch
    20:50: 32977698.txt (ID = 57424)
    20:52: akdvsvk2.xml (ID = 57648)
    20:52: rwdrop.exe (ID = 51551)
    20:53: Found Adware: errorsafe
    20:53: a0141111.dll (ID = 278941)
    20:53: a0141110.exe (ID = 278870)
    20:54: 4299676.bin (ID = 57421)
    20:54: 2632758.bin (ID = 52529)
    20:54: 41415928.bin (ID = 52539)
    20:59: saap.log (ID = 70593)
    21:01: saap_gdf.dat (ID = 70595)
    21:08: akdvsvk.xml (ID = 57646)
    21:11: Found Adware: exact cashback/bargain buddy
    21:11: package8029_cdt3.exe (ID = 50800)
    21:16: saapau.dat (ID = 70594)
    21:19: a0141108.exe (ID = 278936)
    21:20: tmlpcert2005 (ID = 63918)
    21:21: uers_0001_n68m1801netinstaller.exe (ID = 278873)
    21:21: rw.ico (ID = 51557)
    21:22: Found Adware: ie driver
    21:22: setup1025.exe (ID = 186011)
    21:22: akdvsvu.xml (ID = 57649)
    21:23: akdvsvu1.xml (ID = 57650)
    21:24: rlmtcs.dll (ID = 273264)
    21:32: akdvsvu2.xml (ID = 57651)
    21:33: a0141109.exe (ID = 278872)
    21:35: a0141249.exe (ID = 278937)
    21:37: saap_kyf.dat (ID = 70596)
    21:37: woinstall.exe (ID = 60701)
    21:40: errorsafescannersetup.exe (ID = 278858)
    21:43: Found Trojan Horse: sdbot
    21:43: adiras.ini (ID = 74768)
    21:43: Found Adware: nvdialer
    21:43: games.inf (ID = 71265)
    21:43: Found Trojan Horse: trojan-downloader-gloogle
    21:43: counter.inf (ID = 61782)
    21:43: egauth.inf (ID = 189919)
    21:43: 97003600.dat (ID = 52512)
    21:43: 10031805.bin (ID = 57422)
    21:43: 5021727.txt (ID = 52531)
    21:43: 47753640.txt (ID = 52517)
    21:43: 52405610.bin (ID = 52523)
    21:43: 80274852.txt (ID = 52536)
    21:43: 36255175.txt (ID = 52520)
    21:43: 49928410.bin (ID = 57426)
    21:43: 21209487.dat (ID = 57423)
    21:43: 49810696.dat (ID = 52541)
    21:43: games.inf (ID = 71265)
    21:45: Found Adware: directrevenue-abetterinternet
    21:45: banner.inf (ID = 83145)
    21:45: Found Adware: matrix dialer
    21:45: msa64chk.inf (ID = 69281)
    21:45: webdial.inf (ID = 83776)
    21:45: akdvsvdk.xml (ID = 57645)
    21:45: fellymedia1002.sah (ID = 75733)
    21:49: Warning: Unhandled Archive Type
    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Invalid Stream
    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Unable to sweep compressed file: System Error. Code: 1455.

    21:51: Warning: Out of memory
    21:51: Warning: Out of memory
    21:52: File Sweep Complete, Elapsed Time: 01:13:59
    21:52: Full Sweep has completed. Elapsed time 01:19:30
    21:52: Traces Found: 1151
    21:55: Removal process initiated
    21:56: Quarantining All Traces: 180search assistant/zango
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Error: lzma: LZMA_Init failed.
    21:56: Failed to quarantine 180search assistant/zango
    21:56: Failed to quarantine saap.log
    21:56: Failed to quarantine saap_gdf.dat
    21:56: Failed to quarantine saapau.dat
    21:56: Failed to quarantine saap_kyf.dat
    21:56: Quarantining All Traces: clearsearch
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine clearsearch
    21:56: Failed to quarantine 71915796.bin
    21:56: Failed to quarantine 72152304.bin
    21:56: Failed to quarantine 38222285.bin
    21:56: Failed to quarantine 2632758.bin
    21:56: Failed to quarantine 41415928.bin
    21:56: Failed to quarantine 97003600.dat
    21:56: Failed to quarantine 5021727.txt
    21:56: Failed to quarantine 47753640.txt
    21:56: Failed to quarantine 52405610.bin
    21:56: Failed to quarantine 80274852.txt
    21:56: Failed to quarantine 36255175.txt
     
  10. AdmiralZ

    AdmiralZ Thread Starter

    Joined:
    Apr 1, 2005
    Messages:
    219
    21:56: Failed to quarantine 49810696.dat
    21:56: Quarantining All Traces: cws-aboutblank
    21:56: Quarantining All Traces: daosearch
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine daosearch
    21:56: Failed to quarantine 32977698.txt
    21:56: Failed to quarantine 4299676.bin
    21:56: Failed to quarantine 10031805.bin
    21:56: Failed to quarantine 49928410.bin
    21:56: Failed to quarantine 21209487.dat
    21:56: Quarantining All Traces: directrevenue-abetterinternet
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine directrevenue-abetterinternet
    21:56: Failed to quarantine banner.inf
    21:56: Quarantining All Traces: ie driver
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine ie driver
    21:56: Failed to quarantine setup1025.exe
    21:56: Quarantining All Traces: ist istbar
    21:56: Quarantining All Traces: kitten free sex dialer
    21:56: Warning: Failed to export "HKEY_LOCAL_MACHINE\software\sds software\":
    21:56: Failed to quarantine kitten free sex dialer
    21:56: Failed to quarantine HKLM: software\sds software\
    21:56: Quarantining All Traces: purityscan
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine purityscan
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\
    21:56: Quarantining All Traces: sdbot
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine sdbot
    21:56: Failed to quarantine adiras.ini
    21:56: Quarantining All Traces: trojan-downloader-moneymind
    21:56: Quarantining All Traces: wildmedia
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine wildmedia
    21:56: Failed to quarantine interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\
    21:56: Failed to quarantine HKLM: software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\
    21:56: Quarantining All Traces: apropos
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine apropos
    21:56: Failed to quarantine clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\
    21:56: Failed to quarantine clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\
    21:56: Failed to quarantine HKLM: software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\
    21:56: Quarantining All Traces: begin2search
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine begin2search
    21:56: Failed to quarantine rlmtcs.dll
    21:56: Failed to quarantine rlmtcs.amo\
    21:56: Failed to quarantine rlmtcs.amo.1\
    21:56: Failed to quarantine rlmtcs.iiittt\
    21:56: Failed to quarantine rlmtcs.iiittt.1\
    21:56: Failed to quarantine rlmtcs.momo\
    21:56: Failed to quarantine rlmtcs.momo.1\
    21:56: Failed to quarantine rlmtcs.ohb\
    21:56: Failed to quarantine rlmtcs.ohb.1\
    21:56: Failed to quarantine clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\
    21:56: Failed to quarantine clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\
    21:56: Failed to quarantine clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\
    21:56: Failed to quarantine clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\
    21:56: Failed to quarantine typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{e8888041-b24a-4b0b-911b-12b018e43f21}\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.amo\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.amo.1\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.iiittt\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.iiittt.1\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.momo\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.momo.1\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.ohb\
    21:56: Failed to quarantine HKLM: software\classes\rlmtcs.ohb.1\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{294c0052-39dc-47e8-8dff-4c5bc0100301}\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{e8888041-b24a-4b0b-911b-12b018e43f21}\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{f5dcb1f3-bf38-4966-9689-23c3dfccbe17}\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{fecc0ca7-d772-458a-b8a5-55e5aa8c1aa9}\
    21:56: Failed to quarantine HKLM: software\classes\typelib\{1ab449ab-1c29-402e-a5e7-26af81b0d6f7}\
    21:56: Failed to quarantine C:\WINDOWS\System32\rlmtcs.dll
    21:56: Quarantining All Traces: blazefind
    21:56: Error: lzma: LZMA_Init failed.
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine blazefind
    21:56: Failed to quarantine HKLM: software\classes\winctladx.installer\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/admilliservx.dll\
    21:56: Failed to quarantine winctladx.installer\
    21:56: Quarantining All Traces: coolwebsearch (cws)
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine coolwebsearch (cws)
    21:56: Failed to quarantine HKLM: software\microsoft\code store database\distribution units\{10000000-1000-0000-1000-000000000000}\
    21:56: Quarantining All Traces: elitemediagroup-mediamotor
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine elitemediagroup-mediamotor
    21:56: Failed to quarantine clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\
    21:56: Failed to quarantine HKLM: software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/m67m.ocx\
    21:56: Failed to quarantine typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\
    21:56: Quarantining All Traces: topconverting downloader
    21:56: Warning: Out of memory
    21:56: Failed to quarantine topconverting downloader
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/loader2.ocx\
    21:56: Quarantining All Traces: trojan-downloader-gloogle
    21:56: Warning: Out of memory
    21:56: Failed to quarantine trojan-downloader-gloogle
    21:56: Failed to quarantine counter.inf
    21:56: Quarantining All Traces: trojan-downloader-pacisoft
    21:56: Quarantining All Traces: trojan-downloader-updateagent
    21:56: Warning: Out of memory
    21:56: Failed to quarantine trojan-downloader-updateagent
    21:56: Failed to quarantine HKLM: software\winsysupdate\
    21:56: Quarantining All Traces: winad
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine winad
    21:56: Failed to quarantine mediapassx.installer\
    21:56: Failed to quarantine HKLM: software\classes\mediapassx.installer\
    21:56: Failed to quarantine HKLM: software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediapassx.dll\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/winadservx.dll\
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\
    21:56: Quarantining All Traces: big web portal
    21:56: Quarantining All Traces: blazefind_adman
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine blazefind_adman
    21:56: Failed to quarantine rwdrop.exe
    21:56: Failed to quarantine rw.ico
    21:56: Failed to quarantine HKLM: software\aaowier\
    21:56: Quarantining All Traces: blazefind_adstat
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine blazefind_adstat
    21:56: Failed to quarantine adstatservx.installer\
    21:56: Failed to quarantine HKLM: software\classes\adstatservx.installer\
    21:56: Quarantining All Traces: bookedspace
    21:56: Error: Out of memory.
    21:56: Error: Out of memory.
    21:56: Warning: Out of memory
    21:56: Failed to quarantine bookedspace
    21:56: Failed to quarantine HKLM: software\configuration manager\cfgmgr52\
    21:56: Quarantining All Traces: dealhelper
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine dealhelper
    21:56: Failed to quarantine akdvsvk1.xml
    21:56: Failed to quarantine akdvsvk2.xml
    21:56: Failed to quarantine akdvsvk.xml
    21:56: Failed to quarantine akdvsvu.xml
    21:56: Failed to quarantine akdvsvu1.xml
    21:56: Failed to quarantine akdvsvu2.xml
    21:56: Failed to quarantine akdvsvdk.xml
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\windh\
    21:56: Failed to quarantine HKLM: software\ddate\
    21:56: Quarantining All Traces: desktoptraffic
    21:56: Quarantining All Traces: effective-i toolbar
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine effective-i toolbar
    21:56: Failed to quarantine HKLM: software\iemenuextension\
    21:56: Quarantining All Traces: exact cashback/bargain buddy
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine exact cashback/bargain buddy
    21:56: Failed to quarantine package8029_cdt3.exe
    21:56: Quarantining All Traces: ezula ilookup
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine ezula ilookup
    21:56: Failed to quarantine button_small.gif
    21:56: Failed to quarantine woinstall.exe
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\web offer\
    21:56: Quarantining All Traces: gophersearch hijack
    21:56: Quarantining All Traces: instant access
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine instant access
    21:56: Failed to quarantine tmlpcert2005
    21:56: Failed to quarantine egauth.inf
    21:56: Quarantining All Traces: ist software
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine ist software
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\
    21:56: Quarantining All Traces: ist yoursitebar
    21:56: Quarantining All Traces: matrix dialer
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine matrix dialer
    21:56: Failed to quarantine msa64chk.inf
    21:56: Quarantining All Traces: nvdialer
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine nvdialer
    21:56: Failed to quarantine games.inf
    21:56: Failed to quarantine games.inf
    21:56: Quarantining All Traces: searchrelevancy
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine searchrelevancy
    21:56: Failed to quarantine interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\
    21:56: Failed to quarantine searchrelevant\
    21:56: Failed to quarantine HKLM: software\classes\interface\{300fa067-9b94-45cf-a30b-cb5221eeb0c3}\
    21:56: Failed to quarantine HKLM: software\classes\typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\
    21:56: Failed to quarantine HKLM: software\classes\searchrelevant\
    21:56: Failed to quarantine HKLM: software\classes\updater.bho\
    21:56: Failed to quarantine HKLM: software\searchrelevancy\
    21:56: Failed to quarantine typelib\{65a6bb6d-78d0-4e0a-824d-2de1e0d154af}\
    21:56: Failed to quarantine updater.bho\
    21:56: Quarantining All Traces: shopathomeselect
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Error: lzma: LZMA_Init failed.
    21:56: Failed to quarantine shopathomeselect
    21:56: Failed to quarantine fellymedia1002.sah
    21:56: Quarantining All Traces: webdial dialer
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine webdial dialer
    21:56: Failed to quarantine webdial.inf
    21:56: Failed to quarantine webdial.main\
    21:56: Failed to quarantine webdial.main.1\
    21:56: Failed to quarantine clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\
    21:56: Failed to quarantine typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\
    21:56: Failed to quarantine HKLM: software\classes\webdial.main\
    21:56: Failed to quarantine HKLM: software\classes\webdial.main.1\
    21:56: Failed to quarantine HKLM: software\classes\clsid\{d35b74f6-e099-4cdd-91e0-9ea7c30059d1}\
    21:56: Failed to quarantine HKLM: software\classes\typelib\{fd754b61-07db-4e5f-8019-d3da718ce0c5}\
    21:56: Quarantining All Traces: wild media - minigolf
    21:56: Warning: Out of memory
    21:56: Failed to quarantine wild media - minigolf
    21:56: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/minigolf_affiliate.exe\
    21:56: Quarantining All Traces: 2o7.net cookie
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine 2o7.net cookie
    21:56: Failed to quarantine dougie_2@112.2o7[1].txt
    21:56: Failed to quarantine dougie_2@122.2o7[1].txt
    21:56: Failed to quarantine dougie_2@cnn.122.2o7[1].txt
    21:56: Failed to quarantine dougie_2@gettyimages.122.2o7[1].txt
    21:56: Failed to quarantine dougie_2@hertz.122.2o7[1].txt
    21:56: Failed to quarantine dougie_2@marksandspencer.122.2o7[1].txt
    21:56: Failed to quarantine dougie_2@partygaming.122.2o7[1].txt
    21:56: Failed to quarantine dougie_2@thomascook.122.2o7[1].txt
    21:56: Failed to quarantine dougie@112.2o7[1].txt
    21:56: Quarantining All Traces: 3 cookie
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Failed to quarantine 3 cookie
    21:56: Failed to quarantine dougie_2@207.36.3[2].txt
    21:56: Failed to quarantine dougie_2@3[1].txt
    21:56: Failed to quarantine dougie_2@3[2].txt
    21:56: Failed to quarantine dougie_2@3[3].txt
    21:56: Quarantining All Traces: 5 cookie
    21:56: Warning: Out of memory
    21:56: Failed to quarantine 5 cookie
    21:56: Failed to quarantine dougie_2@5[1].txt
    21:56: Quarantining All Traces: 64.62.232 cookie
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine 64.62.232 cookie
    21:56: Failed to quarantine dougie_2@64.62.232[1].txt
    21:56: Failed to quarantine dougie_2@64.62.232[2].txt
    21:56: Failed to quarantine dougie_2@64.62.232[3].txt
    21:56: Failed to quarantine dougie_2@64.62.232[4].txt
    21:56: Failed to quarantine dougie_2@64.62.232[5].txt
    21:56: Quarantining All Traces: 66.70.21 cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine 66.70.21 cookie
    21:56: Failed to quarantine dougie_2@66.70.21[1].txt
    21:56: Quarantining All Traces: 888 cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine 888 cookie
    21:56: Failed to quarantine dougie_2@888[2].txt
    21:56: Failed to quarantine dougie_2@888[3].txt
    21:56: Failed to quarantine dougie_2@www.888[2].txt
    21:56: Quarantining All Traces: a cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine a cookie
    21:56: Failed to quarantine dougie_2@a[1].txt
    21:56: Failed to quarantine dougie@a[1].txt
    21:56: Quarantining All Traces: about cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine about cookie
    21:56: Failed to quarantine dougie_2@about[2].txt
    21:56: Failed to quarantine dougie_2@animatedtv.about[2].txt
    21:56: Failed to quarantine dougie_2@classictv.about[1].txt
    21:56: Failed to quarantine dougie_2@compsimgames.about[1].txt
    21:56: Failed to quarantine dougie_2@depression.about[1].txt
    21:56: Failed to quarantine dougie_2@frenchfood.about[1].txt
    21:56: Failed to quarantine dougie_2@losangeles.about[1].txt
    21:56: Failed to quarantine dougie_2@scifi.about[1].txt
    21:56: Failed to quarantine dougie_2@southernfood.about[1].txt
    21:56: Failed to quarantine dougie_2@spanish.about[2].txt
    21:56: Failed to quarantine dougie_2@teentvmovies.about[1].txt
    21:56: Quarantining All Traces: adecn cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adecn cookie
    21:56: Failed to quarantine dougie_2@adecn[2].txt
    21:56: Quarantining All Traces: adjuggler cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adjuggler cookie
    21:56: Failed to quarantine dougie_2@rotator.adjuggler[1].txt
    21:56: Quarantining All Traces: adknowledge cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adknowledge cookie
    21:56: Failed to quarantine dougie_2@adknowledge[2].txt
    21:56: Quarantining All Traces: adlegend cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adlegend cookie
    21:56: Failed to quarantine dougie_2@adlegend[2].txt
    21:56: Quarantining All Traces: adorigin cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adorigin cookie
    21:56: Failed to quarantine dougie_2@adorigin[1].txt
    21:56: Quarantining All Traces: adprofile cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adprofile cookie
    21:56: Failed to quarantine dougie_2@adprofile[2].txt
    21:56: Quarantining All Traces: adtech cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adtech cookie
    21:56: Failed to quarantine dougie_2@adtech[2].txt
    21:56: Quarantining All Traces: adultfriendfinder cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adultfriendfinder cookie
    21:56: Failed to quarantine dougie_2@adultfriendfinder[2].txt
    21:56: Quarantining All Traces: adultrevenueservice cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine adultrevenueservice cookie
    21:56: Failed to quarantine dougie_2@adultrevenueservice[2].txt
    21:56: Quarantining All Traces: advertising cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine advertising cookie
    21:56: Failed to quarantine dougie_2@advertising[2].txt
    21:56: Quarantining All Traces: angelfire cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine angelfire cookie
    21:56: Failed to quarantine dougie_2@angelfire[1].txt
    21:56: Quarantining All Traces: ask cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine ask cookie
    21:56: Failed to quarantine dougie_2@ask[1].txt
    21:56: Failed to quarantine dougie@ask[1].txt
    21:56: Failed to quarantine dougie@web.ask[1].txt
    21:56: Failed to quarantine dougie@www.ask[1].txt
    21:56: Quarantining All Traces: askmen cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine askmen cookie
    21:56: Failed to quarantine dougie_2@askmen[2].txt
    21:56: Quarantining All Traces: associated new media cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine associated new media cookie
    21:56: Failed to quarantine dougie_2@anm.co[1].txt
    21:56: Quarantining All Traces: atlas dmt cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine atlas dmt cookie
    21:56: Failed to quarantine dougie_2@atdmt[2].txt
    21:56: Quarantining All Traces: atwola cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine atwola cookie
    21:56: Failed to quarantine dougie_2@atwola[1].txt
    21:56: Quarantining All Traces: azjmp cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine azjmp cookie
    21:56: Failed to quarantine dougie_2@azjmp[2].txt
    21:56: Quarantining All Traces: banners cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine banners cookie
    21:56: Failed to quarantine dougie_2@banners[1].txt
    21:56: Failed to quarantine dougie@banners[1].txt
    21:56: Quarantining All Traces: belnk cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine belnk cookie
    21:56: Failed to quarantine dougie_2@ath.belnk[1].txt
    21:56: Failed to quarantine dougie_2@belnk[1].txt
    21:56: Failed to quarantine dougie_2@dist.belnk[2].txt
    21:56: Quarantining All Traces: bizrate cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine bizrate cookie
    21:56: Failed to quarantine dougie_2@bizrate[1].txt
    21:56: Quarantining All Traces: bpath cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine bpath cookie
    21:56: Failed to quarantine dougie_2@ads49.bpath[1].txt
    21:56: Quarantining All Traces: bravenet cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine bravenet cookie
    21:56: Failed to quarantine dougie_2@bravenet[1].txt
    21:56: Quarantining All Traces: burstbeacon cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine burstbeacon cookie
    21:56: Failed to quarantine dougie_2@www.burstbeacon[1].txt
    21:56: Quarantining All Traces: burstnet cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine burstnet cookie
    21:56: Failed to quarantine dougie_2@burstnet[2].txt
    21:56: Quarantining All Traces: buzztone cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine buzztone cookie
    21:56: Failed to quarantine dougie_2@www.buzztone[1].txt
    21:56: Quarantining All Traces: casalemedia cookie
    21:56: Warning: lzma: LZMA_Init failed
    21:56: Failed to quarantine casalemedia cookie
    21:56: Failed to quarantine dougie_2@b.casalemedia[1].txt
    21:56: Quarantining All Traces: cassava cookie
    21:56: Warning: Out of memory
    21:56: Failed to quarantine cassava cookie
    21:56: Failed to quarantine dougie_2@cassava[1].txt
    21:56: Quarantining All Traces: cc214142 cookie
    21:56: Warning: Out of memory
    21:56: Failed to quarantine cc214142 cookie
    21:56: Failed to quarantine dougie_2@ads.cc214142[1].txt
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory while expanding memory stream
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Warning: Out of memory
    21:56: Error: Thread creation error: .
    21:56: Removal process completed. Elapsed time 00:01:26
    21:56: Error: Thread creation error: The paging file is too small for this operation to complete.
    22:12: Processing Internet Explorer Favorites Alerts
    22:12: Removed IE Favorite: You're Approved!!
    22:12: Removed IE Favorite: Meet Someone Special
    22:12: Removed IE Favorite: Get out of Debt!
    22:12: Removed IE Favorite: Advance Your Career
    ********
    20:27: | Start of Session, 17 April 2006 |
    20:27: Spy Sweeper started
    20:28: Your spyware definitions have been updated.
    20:32: | End of Session, 17 April 2006 |
     
  11. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,291
    A heavily infected computer!

    can you post the rest of the logs?
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/459813