Strange Beeps - HELP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Vampira

Thread Starter
Joined
Aug 22, 2005
Messages
8
If i leave my computer alone with nothing running for approx 10 mins, it starts to beep continuously .... when i look at the task manager it says that the CPU is running at 100% although to my knowledge it should be at 0% as nothing is running


HELP PLEASE !
 
Joined
Feb 13, 1999
Messages
8,974
Click the Processes tab and the CPU label twice, and then post the highest usage items, so we can suggest what it is.
 
Joined
Jan 13, 2006
Messages
9
task manager items are system 74 to 85 percent task manager 12 to 14 percent pavfires exe 3 to 7 percent every thing else is just 1 or 00 don`t know why system is doing this could it be a virus. thanks !
 
Joined
Jan 13, 2006
Messages
9
:confused:
Vampira said:
If i leave my computer alone with nothing running for approx 10 mins, it starts to beep continuously .... when i look at the task manager it says that the CPU is running at 100% although to my knowledge it should be at 0% as nothing is running


HELP PLEASE !
 
Joined
Jan 13, 2006
Messages
9
Thanks for all your help, here is the log:




Logfile of HijackThis v1.99.1
Scan saved at 16:08:44, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe microsoftv3.exe
O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - c:\WINDOWS\system32\winsrvs.dll
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180solutions/ie/bridge-c24.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
 
Joined
Sep 7, 2004
Messages
49,014
Fix these with HJT – mark them, close IE, click fix checked

F2 - REG:system.ini: Shell=Explorer.exe microsoftv3.exe

O2 - BHO: BHO - {00000015-A527-34E7-25C2-03A4E313B2E9} - c:\WINDOWS\system32\winsrvs.dll

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/180s...bridge-c24.cab


DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

c:\WINDOWS\system32\winsrvs.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
===========================
Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 
Joined
Jan 13, 2006
Messages
9
Logfile of HijackThis v1.99.1
Scan saved at 4:43:01 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYGB
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

system is still sick . with CPU runing wild
 
Joined
Jan 13, 2006
Messages
9
here is session log thank you
6:34 PM: | Start of Session, Monday, January 16, 2006 |
6:34 PM: Spy Sweeper started
6:34 PM: Sweep initiated using definitions version 601
6:34 PM: Starting Memory Sweep
6:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
6:36 PM: Starting Registry Sweep
6:36 PM: Found Adware: blazefind
6:36 PM: HKLM\software\preview adservice\ (8 subtraces) (ID = 104556)
6:36 PM: Found Adware: ist software
6:36 PM: HKU\.default\software\ist\ (4 subtraces) (ID = 129052)
6:36 PM: Found Adware: screensavers
6:36 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
6:36 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551)
6:36 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
6:36 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556)
6:36 PM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
6:36 PM: HKLM\software\screensavers.com\ (ID = 140569)
6:36 PM: Found Adware: smart-browser
6:36 PM: HKCR\bho.ibho\ (3 subtraces) (ID = 141846)
6:36 PM: HKLM\software\classes\bho.ibho\ (3 subtraces) (ID = 141853)
6:37 PM: Found Adware: ist surf accuracy
6:37 PM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
6:37 PM: Found Adware: winad
6:37 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
6:37 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
6:37 PM: Found Adware: primesoft dialer
6:37 PM: HKLM\software\scom\dialers\ (ID = 941581)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1006\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\scom\dialers\ (1 subtraces) (ID = 941566)
6:37 PM: Found Adware: qsearch
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\program info\ (ID = 1028138)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: Found Adware: 180search assistant/zango
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\salm\ (3 subtraces) (ID = 135792)
6:37 PM: Found Adware: screenscenes
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\screenscenes\ (ID = 723706)
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\salm\ (14 subtraces) (ID = 135792)
6:37 PM: Found Adware: gain - common components
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\gator.com\ (56 subtraces) (ID = 528932)
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\screenscenes\ (15 subtraces) (ID = 723706)
6:37 PM: Found Adware: dashbar
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\microsoft\internet explorer\main\ || search bar (ID = 1027877)
6:37 PM: HKU\S-1-5-18\software\ist\ (4 subtraces) (ID = 129108)
6:37 PM: HKU\S-1-5-18\software\salm\ (11 subtraces) (ID = 135792)
6:37 PM: Registry Sweep Complete, Elapsed Time:00:01:16
6:37 PM: Starting Cookie Sweep
6:37 PM: Found Spy Cookie: 2o7.net cookie
6:37 PM: rachel@2o7[1].txt (ID = 1957)
6:37 PM: Found Spy Cookie: yieldmanager cookie
6:37 PM: rachel@ad.yieldmanager[1].txt (ID = 3751)
6:37 PM: Found Spy Cookie: advertising cookie
6:37 PM: rachel@advertising[2].txt (ID = 2175)
6:37 PM: Found Spy Cookie: falkag cookie
6:37 PM: rachel@as-us.falkag[1].txt (ID = 2650)
6:37 PM: Found Spy Cookie: atlas dmt cookie
6:37 PM: rachel@atdmt[2].txt (ID = 2253)
6:37 PM: Found Spy Cookie: atwola cookie
6:37 PM: rachel@atwola[1].txt (ID = 2255)
6:37 PM: Found Spy Cookie: a cookie
6:37 PM: rachel@a[1].txt (ID = 2027)
6:37 PM: Found Spy Cookie: belnk cookie
6:37 PM: rachel@belnk[1].txt (ID = 2292)
6:37 PM: Found Spy Cookie: bluestreak cookie
6:37 PM: rachel@bluestreak[2].txt (ID = 2314)
6:37 PM: Found Spy Cookie: burstnet cookie
6:37 PM: rachel@burstnet[2].txt (ID = 2336)
6:37 PM: Found Spy Cookie: casalemedia cookie
6:37 PM: rachel@casalemedia[1].txt (ID = 2354)
6:37 PM: rachel@dist.belnk[2].txt (ID = 2293)
6:37 PM: Found Spy Cookie: fastclick cookie
6:37 PM: rachel@fastclick[2].txt (ID = 2651)
6:37 PM: Found Spy Cookie: touchclarity cookie
6:37 PM: rachel@msn.touchclarity[1].txt (ID = 3566)
6:37 PM: Found Spy Cookie: overture cookie
6:37 PM: rachel@perf.overture[1].txt (ID = 3106)
6:37 PM: Found Spy Cookie: questionmarket cookie
6:37 PM: rachel@questionmarket[1].txt (ID = 3217)
6:37 PM: Found Spy Cookie: serving-sys cookie
6:37 PM: rachel@serving-sys[1].txt (ID = 3343)
6:37 PM: Found Spy Cookie: statcounter cookie
6:37 PM: rachel@statcounter[2].txt (ID = 3447)
6:37 PM: Found Spy Cookie: tribalfusion cookie
6:37 PM: rachel@tribalfusion[1].txt (ID = 3589)
6:37 PM: Found Spy Cookie: gator cookie
6:37 PM: rachel@webpdp.gator[1].txt (ID = 2723)
6:37 PM: Found Spy Cookie: burstbeacon cookie
6:37 PM: rachel@www.burstbeacon[1].txt (ID = 2335)
6:37 PM: Found Spy Cookie: adserver cookie
6:37 PM: rachel@z1.adserver[1].txt (ID = 2142)
6:37 PM: Found Spy Cookie: 247realmedia cookie
6:37 PM: tom@247realmedia[2].txt (ID = 1953)
6:37 PM: tom@advertising[1].txt (ID = 2175)
6:37 PM: tom@atdmt[2].txt (ID = 2253)
6:37 PM: tom@a[1].txt (ID = 2027)
6:37 PM: tom@belnk[1].txt (ID = 2292)
6:37 PM: tom@bluestreak[1].txt (ID = 2314)
6:37 PM: tom@casalemedia[2].txt (ID = 2354)
6:37 PM: Found Spy Cookie: ccbill cookie
6:37 PM: tom@ccbill[1].txt (ID = 2369)
6:37 PM: Found Spy Cookie: cnt cookie
6:37 PM: tom@cnt[1].txt (ID = 2422)
6:37 PM: Found Spy Cookie: sextracker cookie
6:37 PM: tom@counter11.sextracker[1].txt (ID = 3362)
6:37 PM: tom@counter14.sextracker[1].txt (ID = 3362)
6:37 PM: tom@counter2.sextracker[1].txt (ID = 3362)
6:37 PM: tom@counter8.sextracker[2].txt (ID = 3362)
6:37 PM: tom@fastclick[1].txt (ID = 2651)
6:37 PM: Found Spy Cookie: humanclick cookie
6:37 PM: tom@hc2.humanclick[2].txt (ID = 2810)
6:37 PM: Found Spy Cookie: moviemonster cookie
6:37 PM: tom@moviemonster[2].txt (ID = 3010)
6:37 PM: Found Spy Cookie: outster cookie
6:37 PM: tom@outster[2].txt (ID = 3103)
6:37 PM: Found Spy Cookie: paycounter cookie
6:37 PM: tom@paycounter[1].txt (ID = 3115)
6:37 PM: Found Spy Cookie: pridebucks cookie
6:37 PM: tom@pridebucks[1].txt (ID = 3187)
6:37 PM: Found Spy Cookie: realmedia cookie
6:37 PM: tom@realmedia[2].txt (ID = 3235)
6:37 PM: Found Spy Cookie: server.iad.liveperson cookie
6:37 PM: tom@server.iad.liveperson[1].txt (ID = 3341)
6:37 PM: tom@serving-sys[1].txt (ID = 3343)
6:37 PM: Found Spy Cookie: sexlist cookie
6:37 PM: tom@sexlist[2].txt (ID = 3353)
6:37 PM: tom@sextracker[1].txt (ID = 3361)
6:37 PM: tom@statcounter[2].txt (ID = 3447)
6:37 PM: Found Spy Cookie: reliablestats cookie
6:37 PM: tom@stats1.reliablestats[2].txt (ID = 3254)
6:37 PM: Found Spy Cookie: tradedoubler cookie
6:37 PM: tom@tradedoubler[1].txt (ID = 3575)
6:37 PM: tom@tribalfusion[1].txt (ID = 3589)
6:37 PM: Found Spy Cookie: tripod cookie
6:37 PM: tom@tripod[1].txt (ID = 3591)
6:37 PM: Found Spy Cookie: realtracker cookie
6:37 PM: tom@web4.realtracker[2].txt (ID = 3242)
6:37 PM: Found Spy Cookie: xiti cookie
6:37 PM: tom@xiti[1].txt (ID = 3717)
6:37 PM: Found Spy Cookie: xren_cj cookie
6:37 PM: tom@xren_cj[1].txt (ID = 3723)
6:37 PM: tom@xren_cj[2].txt (ID = 3723)
6:37 PM: Found Spy Cookie: xxxcounter cookie
6:37 PM: tom@xxxcounter[1].txt (ID = 3733)
6:37 PM: Found Spy Cookie: yadro cookie
6:37 PM: tom@yadro[1].txt (ID = 3743)
6:37 PM: ness@112.2o7[2].txt (ID = 1958)
6:37 PM: ness@2o7[1].txt (ID = 1957)
6:37 PM: ness@ad.yieldmanager[2].txt (ID = 3751)
6:37 PM: Found Spy Cookie: pointroll cookie
6:37 PM: ness@ads.pointroll[2].txt (ID = 3148)
6:37 PM: Found Spy Cookie: adtech cookie
6:37 PM: ness@adtech[2].txt (ID = 2155)
6:37 PM: ness@advertising[1].txt (ID = 2175)
6:37 PM: Found Spy Cookie: adviva cookie
6:37 PM: ness@adviva[2].txt (ID = 2177)
6:37 PM: Found Spy Cookie: apmebf cookie
6:37 PM: ness@apmebf[1].txt (ID = 2229)
6:37 PM: ness@as-eu.falkag[1].txt (ID = 2650)
6:37 PM: ness@atdmt[1].txt (ID = 2253)
6:37 PM: ness@atwola[1].txt (ID = 2255)
6:37 PM: ness@a[1].txt (ID = 2027)
6:37 PM: ness@belnk[1].txt (ID = 2292)
6:37 PM: ness@burstnet[2].txt (ID = 2336)
6:37 PM: ness@casalemedia[1].txt (ID = 2354)
6:38 PM: Found Spy Cookie: cd freaks cookie
6:38 PM: ness@cdfreaks[2].txt (ID = 2370)
6:38 PM: ness@club.cdfreaks[1].txt (ID = 2371)
6:38 PM: Found Spy Cookie: 360i cookie
6:38 PM: ness@ct.360i[2].txt (ID = 1962)
6:38 PM: ness@dist.belnk[2].txt (ID = 2293)
6:38 PM: ness@fastclick[1].txt (ID = 2651)
6:38 PM: Found Spy Cookie: gamespy cookie
6:38 PM: ness@gamespy[1].txt (ID = 2719)
6:38 PM: Found Spy Cookie: starware.com cookie
6:38 PM: ness@h.starware[1].txt (ID = 3442)
6:38 PM: ness@maxis.112.2o7[1].txt (ID = 1958)
6:38 PM: ness@questionmarket[2].txt (ID = 3217)
6:38 PM: ness@realmedia[2].txt (ID = 3235)
6:38 PM: Found Spy Cookie: onestat.com cookie
6:38 PM: ness@stat.onestat[2].txt (ID = 3098)
6:38 PM: ness@statcounter[2].txt (ID = 3447)
6:38 PM: ness@stats1.reliablestats[2].txt (ID = 3254)
6:38 PM: Found Spy Cookie: webtrendslive cookie
6:38 PM: ness@statse.webtrendslive[1].txt (ID = 3667)
6:38 PM: Found Spy Cookie: toplist cookie
6:38 PM: ness@toplist[1].txt (ID = 3557)
6:38 PM: ness@tradedoubler[1].txt (ID = 3575)
6:38 PM: ness@www.burstbeacon[1].txt (ID = 2335)
6:38 PM: ness@www.starware[1].txt (ID = 3442)
6:38 PM: Found Spy Cookie: ask cookie
6:38 PM: dave@ask[1].txt (ID = 2245)
6:38 PM: dave@atdmt[1].txt (ID = 2253)
6:38 PM: Found Spy Cookie: trakkerd.net cookie
6:38 PM: dave@hestia.sextrail.trakkerd[1].txt (ID = 3586)
6:38 PM: dave@sextracker[2].txt (ID = 3361)
6:38 PM: dave@statcounter[2].txt (ID = 3447)
6:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
6:38 PM: Starting File Sweep
6:38 PM: c:\program files\preview adservice (1 subtraces) (ID = -2147477102)
6:38 PM: c:\program files\surfaccuracy (3 subtraces) (ID = -2147478266)
6:38 PM: c:\program files\media gateway (2 subtraces) (ID = -2147477127)
6:38 PM: Found Adware: ist istbar
6:38 PM: a0032475.exe (ID = 107294)
6:38 PM: backup-20060116-170307-446.dll (ID = 199611)
6:38 PM: Found Adware: shopathomeselect
6:38 PM: bundle_cdt1006.exe (ID = 107429)
6:38 PM: iaqljqk7.dll (ID = 75582)
6:39 PM: a0037869.exe (ID = 64496)
6:39 PM: a0037870.exe (ID = 185599)
6:40 PM: a0055047.exe (ID = 193923)
6:41 PM: gatorgaininstaller.log (ID = 61390)
6:41 PM: a0030842.exe (ID = 64496)
6:41 PM: a0030843.exe (ID = 107294)
6:41 PM: info.txt (ID = 90430)
6:42 PM: fca0ivf.exe (ID = 107290)
6:44 PM: istrecover[1].exe (ID = 64496)
6:44 PM: istsvc[1].exe (ID = 107294)
6:44 PM: istdownload[1].exe (ID = 107290)
6:44 PM: update.exe (ID = 75690)
6:45 PM: bundle~1.exe (ID = 107429)
6:46 PM: m8u9hgvs.dll (ID = 75582)
6:49 PM: saccu.exe (ID = 180136)
6:58 PM: mediagateway.exe (ID = 107546)
6:58 PM: Sweep Canceled
6:58 PM: File Sweep Complete, Elapsed Time: 00:20:55
6:58 PM: Traces Found: 305
6:59 PM: Removal process initiated
6:59 PM: Quarantining All Traces: 180search assistant/zango
6:59 PM: Quarantining All Traces: ist istbar
6:59 PM: Quarantining All Traces: qsearch
6:59 PM: Quarantining All Traces: blazefind
6:59 PM: Quarantining All Traces: primesoft dialer
6:59 PM: Quarantining All Traces: winad
6:59 PM: Quarantining All Traces: ist software
6:59 PM: Quarantining All Traces: ist surf accuracy
6:59 PM: Quarantining All Traces: screensavers
6:59 PM: Quarantining All Traces: shopathomeselect
6:59 PM: Quarantining All Traces: smart-browser
6:59 PM: Quarantining All Traces: 247realmedia cookie
6:59 PM: Quarantining All Traces: 2o7.net cookie
6:59 PM: Quarantining All Traces: 360i cookie
6:59 PM: Quarantining All Traces: a cookie
6:59 PM: Quarantining All Traces: adserver cookie
6:59 PM: Quarantining All Traces: adtech cookie
6:59 PM: Quarantining All Traces: advertising cookie
6:59 PM: Quarantining All Traces: adviva cookie
6:59 PM: Quarantining All Traces: apmebf cookie
6:59 PM: Quarantining All Traces: ask cookie
6:59 PM: Quarantining All Traces: atlas dmt cookie
6:59 PM: Quarantining All Traces: atwola cookie
6:59 PM: Quarantining All Traces: belnk cookie
6:59 PM: Quarantining All Traces: bluestreak cookie
6:59 PM: Quarantining All Traces: burstbeacon cookie
6:59 PM: Quarantining All Traces: burstnet cookie
6:59 PM: Quarantining All Traces: casalemedia cookie
6:59 PM: Quarantining All Traces: ccbill cookie
6:59 PM: Quarantining All Traces: cd freaks cookie
6:59 PM: Quarantining All Traces: cnt cookie
6:59 PM: Quarantining All Traces: dashbar
6:59 PM: Quarantining All Traces: falkag cookie
6:59 PM: Quarantining All Traces: fastclick cookie
6:59 PM: Quarantining All Traces: gain - common components
6:59 PM: Quarantining All Traces: gamespy cookie
6:59 PM: Quarantining All Traces: gator cookie
6:59 PM: Quarantining All Traces: humanclick cookie
6:59 PM: Quarantining All Traces: moviemonster cookie
6:59 PM: Quarantining All Traces: onestat.com cookie
6:59 PM: Quarantining All Traces: outster cookie
6:59 PM: Quarantining All Traces: overture cookie
6:59 PM: Quarantining All Traces: paycounter cookie
6:59 PM: Quarantining All Traces: pointroll cookie
6:59 PM: Quarantining All Traces: pridebucks cookie
6:59 PM: Quarantining All Traces: questionmarket cookie
6:59 PM: Quarantining All Traces: realmedia cookie
6:59 PM: Quarantining All Traces: realtracker cookie
6:59 PM: Quarantining All Traces: reliablestats cookie
6:59 PM: Quarantining All Traces: screenscenes
6:59 PM: Quarantining All Traces: server.iad.liveperson cookie
6:59 PM: Quarantining All Traces: serving-sys cookie
6:59 PM: Quarantining All Traces: sexlist cookie
6:59 PM: Quarantining All Traces: sextracker cookie
6:59 PM: Quarantining All Traces: starware.com cookie
6:59 PM: Quarantining All Traces: statcounter cookie
6:59 PM: Quarantining All Traces: toplist cookie
6:59 PM: Quarantining All Traces: touchclarity cookie
6:59 PM: Quarantining All Traces: tradedoubler cookie
6:59 PM: Quarantining All Traces: trakkerd.net cookie
6:59 PM: Quarantining All Traces: tribalfusion cookie
6:59 PM: Quarantining All Traces: tripod cookie
6:59 PM: Quarantining All Traces: webtrendslive cookie
6:59 PM: Quarantining All Traces: xiti cookie
6:59 PM: Quarantining All Traces: xren_cj cookie
6:59 PM: Quarantining All Traces: xxxcounter cookie
6:59 PM: Quarantining All Traces: yadro cookie
6:59 PM: Quarantining All Traces: yieldmanager cookie
7:00 PM: Removal process completed. Elapsed time 00:00:39
7:05 PM: Deletion from quarantine initiated
7:05 PM: Processing: 180search assistant/zango
7:05 PM: Processing: 247realmedia cookie
7:05 PM: Processing: 2o7.net cookie
7:05 PM: Processing: 360i cookie
7:05 PM: Processing: a cookie
7:05 PM: Processing: adserver cookie
7:05 PM: Processing: adtech cookie
7:05 PM: Processing: advertising cookie
7:05 PM: Processing: adviva cookie
7:05 PM: Processing: apmebf cookie
7:05 PM: Processing: ask cookie
7:05 PM: Processing: atlas dmt cookie
7:05 PM: Processing: atwola cookie
7:05 PM: Processing: belnk cookie
7:05 PM: Processing: blazefind
7:05 PM: Processing: bluestreak cookie
7:05 PM: Processing: burstbeacon cookie
7:05 PM: Processing: burstnet cookie
7:05 PM: Processing: casalemedia cookie
7:05 PM: Processing: ccbill cookie
7:05 PM: Processing: cd freaks cookie
7:05 PM: Processing: cnt cookie
7:05 PM: Processing: dashbar
7:05 PM: Processing: falkag cookie
7:05 PM: Processing: fastclick cookie
7:05 PM: Processing: gain - common components
7:05 PM: Processing: gamespy cookie
7:05 PM: Processing: gator cookie
7:05 PM: Processing: humanclick cookie
7:05 PM: Processing: ist istbar
7:05 PM: Processing: ist software
7:05 PM: Processing: ist surf accuracy
7:05 PM: Processing: moviemonster cookie
7:05 PM: Processing: onestat.com cookie
7:05 PM: Processing: outster cookie
7:05 PM: Processing: overture cookie
7:05 PM: Processing: paycounter cookie
7:05 PM: Processing: pointroll cookie
7:05 PM: Processing: pridebucks cookie
7:05 PM: Processing: primesoft dialer
7:05 PM: Processing: qsearch
7:05 PM: Processing: questionmarket cookie
7:05 PM: Processing: realmedia cookie
7:05 PM: Processing: realtracker cookie
7:05 PM: Processing: reliablestats cookie
7:05 PM: Processing: screensavers
7:05 PM: Processing: screenscenes
7:05 PM: Processing: server.iad.liveperson cookie
7:05 PM: Processing: serving-sys cookie
7:05 PM: Processing: sexlist cookie
7:05 PM: Processing: sextracker cookie
7:05 PM: Processing: shopathomeselect
7:05 PM: Processing: smart-browser
7:05 PM: Processing: starware.com cookie
7:05 PM: Processing: statcounter cookie
7:05 PM: Processing: toplist cookie
7:05 PM: Processing: touchclarity cookie
7:05 PM: Processing: tradedoubler cookie
7:05 PM: Processing: trakkerd.net cookie
7:05 PM: Processing: tribalfusion cookie
7:05 PM: Processing: tripod cookie
7:05 PM: Processing: webtrendslive cookie
7:05 PM: Processing: winad
7:05 PM: Processing: xiti cookie
7:05 PM: Processing: xren_cj cookie
7:05 PM: Processing: xxxcounter cookie
7:05 PM: Processing: yadro cookie
7:05 PM: Processing: yieldmanager cookie
7:05 PM: Deletion from quarantine completed. Elapsed time 00:00:39
********
6:28 PM: | Start of Session, Monday, January 16, 2006 |
6:28 PM: Spy Sweeper started
6:29 PM: Your spyware definitions have been updated.
6:34 PM: | End of Session, Monday, January 16, 2006 |
system is still the same and showing the same items on task manager thanks and just to clear things up VAMPIRA is agirl at work who helped me by posting my problem and then i joined that same night sorry for the confusion thanks for your help
 
Joined
Sep 7, 2004
Messages
49,014
pavfires is part of your Panda Firewall

=================
Fix this with HiJack
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

======
http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
 
Joined
Jan 13, 2006
Messages
9
here is th-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 19, 2006 18:07:04
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/01/2006
Kaspersky Anti-Virus database records: 161284
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\dave\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 15503
Number of viruses found: 5
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 2428 sec

Infected Object Name - Virus Name
C:\WINDOWS\Downloaded Program Files\on.exe Infected: Trojan-Downloader.Win32.Small.bqv
C:\WINDOWS\loadnew.exe Infected: Trojan-Downloader.Win32.Small.bct
C:\WINDOWS\system32\.pif Infected: Trojan-Downloader.BAT.Ftp.z
C:\WINDOWS\Temp\istinstall_158604.exe Infected: Trojan-Downloader.Win32.IstBar.is
C:\DOCUME~1\dave\LOCALS~1\Temp\istsv_.exe Infected: Trojan-Downloader.Win32.IstBar.mx

Scan process completed.
e log
 
Joined
Jan 13, 2006
Messages
9
Logfile of HijackThis v1.99.1
Scan saved at 6:11:20 PM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYGB
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
Joined
Sep 7, 2004
Messages
49,014
Fix these with HJT – mark them, close IE, click fix checked

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZUxdm080YYGB

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\Downloaded Program Files\on.exe
C:\WINDOWS\loadnew.exe
C:\WINDOWS\system32\.pif
C:\WINDOWS\Temp\istinstall_158604.exe
C:\DOCUMENTS AND SETTINGS\dave\LOCALS SETTINGS\Temp\istsv_.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 
Joined
Jan 13, 2006
Messages
9
hello there.computer is still buzzing i did everything you surgested when i removed all the programs with killbox it did say program apears not to exist. so i tried to remove it any way ran ********
2:30 PM: | Start of Session, Saturday, January 21, 2006 |
2:30 PM: Spy Sweeper started
2:30 PM: Sweep initiated using definitions version 602
2:31 PM: Starting Memory Sweep
2:33 PM: Memory Sweep Complete, Elapsed Time: 00:02:50
2:33 PM: Starting Registry Sweep
2:37 PM: Registry Sweep Complete, Elapsed Time:00:03:27
2:37 PM: Starting Cookie Sweep
2:37 PM: Found Spy Cookie: yieldmanager cookie
2:37 PM: tom@ad.yieldmanager[1].txt (ID = 3751)
2:37 PM: Found Spy Cookie: hbmediapro cookie
2:37 PM: tom@adopt.hbmediapro[2].txt (ID = 2768)
2:37 PM: Found Spy Cookie: advertising cookie
2:37 PM: tom@advertising[1].txt (ID = 2175)
2:37 PM: Found Spy Cookie: falkag cookie
2:37 PM: tom@as-eu.falkag[1].txt (ID = 2650)
2:37 PM: tom@as-us.falkag[1].txt (ID = 2650)
2:37 PM: Found Spy Cookie: ask cookie
2:37 PM: tom@ask[1].txt (ID = 2245)
2:37 PM: Found Spy Cookie: atlas dmt cookie
2:37 PM: tom@atdmt[2].txt (ID = 2253)
2:37 PM: Found Spy Cookie: belnk cookie
2:37 PM: tom@belnk[1].txt (ID = 2292)
2:37 PM: Found Spy Cookie: ccbill cookie
2:37 PM: tom@ccbill[1].txt (ID = 2369)
2:37 PM: tom@dist.belnk[2].txt (ID = 2293)
2:37 PM: Found Spy Cookie: fastclick cookie
2:37 PM: tom@fastclick[1].txt (ID = 2651)
2:37 PM: Found Spy Cookie: paycounter cookie
2:37 PM: tom@paycounter[1].txt (ID = 3115)
2:37 PM: tom@sel.as-eu.falkag[1].txt (ID = 2650)
2:37 PM: Found Spy Cookie: statcounter cookie
2:37 PM: tom@statcounter[1].txt (ID = 3447)
2:37 PM: Found Spy Cookie: tradedoubler cookie
2:37 PM: tom@tradedoubler[1].txt (ID = 3575)
2:37 PM: Found Spy Cookie: tribalfusion cookie
2:37 PM: tom@tribalfusion[1].txt (ID = 3589)
2:37 PM: Found Spy Cookie: clickzs cookie
2:37 PM: tom@vip.clickzs[2].txt (ID = 2413)
2:37 PM: Found Spy Cookie: xren_cj cookie
2:37 PM: tom@xren_cj[1].txt (ID = 3723)
2:37 PM: Found Spy Cookie: 247realmedia cookie
2:37 PM: ness@247realmedia[1].txt (ID = 1953)
2:37 PM: Found Spy Cookie: 2o7.net cookie
2:37 PM: ness@2o7[2].txt (ID = 1957)
2:37 PM: Found Spy Cookie: about cookie
2:37 PM: ness@about[2].txt (ID = 2037)
2:37 PM: ness@ad.yieldmanager[1].txt (ID = 3751)
2:37 PM: ness@adopt.hbmediapro[2].txt (ID = 2768)
2:37 PM: Found Spy Cookie: adtech cookie
2:37 PM: ness@adtech[2].txt (ID = 2155)
2:37 PM: ness@advertising[1].txt (ID = 2175)
2:37 PM: Found Spy Cookie: adviva cookie
2:37 PM: ness@adviva[2].txt (ID = 2177)
2:37 PM: ness@atdmt[2].txt (ID = 2253)
2:37 PM: Found Spy Cookie: bluestreak cookie
2:37 PM: ness@bluestreak[2].txt (ID = 2314)
2:37 PM: Found Spy Cookie: bravenet cookie
2:37 PM: ness@bravenet[1].txt (ID = 2322)
2:37 PM: Found Spy Cookie: casalemedia cookie
2:37 PM: ness@casalemedia[1].txt (ID = 2354)
2:37 PM: ness@fastclick[1].txt (ID = 2651)
2:37 PM: ness@guitar.about[2].txt (ID = 2038)
2:37 PM: Found Spy Cookie: hotlog cookie
2:37 PM: ness@hotlog[1].txt (ID = 2801)
2:37 PM: Found Spy Cookie: overture cookie
2:37 PM: ness@overture[2].txt (ID = 3105)
2:37 PM: ness@statcounter[1].txt (ID = 3447)
2:37 PM: Found Spy Cookie: webtrendslive cookie
2:37 PM: ness@statse.webtrendslive[2].txt (ID = 3667)
2:37 PM: ness@tribalfusion[1].txt (ID = 3589)
2:37 PM: Found Spy Cookie: yadro cookie
2:37 PM: ness@yadro[1].txt (ID = 3743)
2:37 PM: dave@ask[1].txt (ID = 2245)
2:37 PM: dave@statcounter[1].txt (ID = 3447)
2:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:08
2:37 PM: Starting File Sweep
3:19 PM: File Sweep Complete, Elapsed Time: 00:42:16
3:19 PM: Full Sweep has completed. Elapsed time 00:48:59
3:19 PM: Traces Found: 40
3:21 PM: Removal process initiated
3:21 PM: Quarantining All Traces: about cookie
3:21 PM: Quarantining All Traces: bravenet cookie
3:21 PM: Quarantining All Traces: clickzs cookie
3:21 PM: Quarantining All Traces: hbmediapro cookie
3:21 PM: Quarantining All Traces: hotlog cookie
3:21 PM: Quarantining All Traces: yieldmanager cookie
3:21 PM: Quarantining All Traces: advertising cookie
3:21 PM: Quarantining All Traces: falkag cookie
3:21 PM: Quarantining All Traces: ask cookie
3:21 PM: Quarantining All Traces: atlas dmt cookie
3:21 PM: Quarantining All Traces: belnk cookie
3:21 PM: Quarantining All Traces: ccbill cookie
3:21 PM: Quarantining All Traces: fastclick cookie
3:21 PM: Quarantining All Traces: paycounter cookie
3:21 PM: Quarantining All Traces: statcounter cookie
3:21 PM: Quarantining All Traces: tradedoubler cookie
3:21 PM: Quarantining All Traces: tribalfusion cookie
3:21 PM: Quarantining All Traces: xren_cj cookie
3:21 PM: Quarantining All Traces: 247realmedia cookie
3:21 PM: Quarantining All Traces: 2o7.net cookie
3:21 PM: Quarantining All Traces: adtech cookie
3:21 PM: Quarantining All Traces: adviva cookie
3:21 PM: Quarantining All Traces: bluestreak cookie
3:21 PM: Quarantining All Traces: casalemedia cookie
3:21 PM: Quarantining All Traces: overture cookie
3:21 PM: Quarantining All Traces: webtrendslive cookie
3:21 PM: Quarantining All Traces: yadro cookie
3:21 PM: Removal process completed. Elapsed time 00:00:04
********
1:57 PM: | Start of Session, Saturday, January 21, 2006 |
1:57 PM: Spy Sweeper started
1:57 PM: Sweep initiated using definitions version 602
1:57 PM: Starting Memory Sweep
1:58 PM: Sweep Canceled
1:58 PM: Memory Sweep Complete, Elapsed Time: 00:00:47
1:58 PM: Traces Found: 0
********
6:34 PM: | Start of Session, Monday, January 16, 2006 |
6:34 PM: Spy Sweeper started
6:34 PM: Sweep initiated using definitions version 601
6:34 PM: Starting Memory Sweep
6:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:26
6:36 PM: Starting Registry Sweep
6:36 PM: Found Adware: blazefind
6:36 PM: HKLM\software\preview adservice\ (8 subtraces) (ID = 104556)
6:36 PM: Found Adware: ist software
6:36 PM: HKU\.default\software\ist\ (4 subtraces) (ID = 129052)
6:36 PM: Found Adware: screensavers
6:36 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
6:36 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551)
6:36 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
6:36 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556)
6:36 PM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566)
6:36 PM: HKLM\software\screensavers.com\ (ID = 140569)
6:36 PM: Found Adware: smart-browser
6:36 PM: HKCR\bho.ibho\ (3 subtraces) (ID = 141846)
6:36 PM: HKLM\software\classes\bho.ibho\ (3 subtraces) (ID = 141853)
6:37 PM: Found Adware: ist surf accuracy
6:37 PM: HKLM\software\sacc\ (8 subtraces) (ID = 203068)
6:37 PM: Found Adware: winad
6:37 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
6:37 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
6:37 PM: Found Adware: primesoft dialer
6:37 PM: HKLM\software\scom\dialers\ (ID = 941581)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1006\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\scom\dialers\ (1 subtraces) (ID = 941566)
6:37 PM: Found Adware: qsearch
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1005\software\program info\ (ID = 1028138)
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: Found Adware: 180search assistant/zango
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\salm\ (3 subtraces) (ID = 135792)
6:37 PM: Found Adware: screenscenes
6:37 PM: HKU\WRSS_Profile_S-1-5-21-1229272821-963894560-725345543-1004\software\screenscenes\ (ID = 723706)
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\ist\ (1 subtraces) (ID = 129108)
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\salm\ (14 subtraces) (ID = 135792)
6:37 PM: Found Adware: gain - common components
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\gator.com\ (56 subtraces) (ID = 528932)
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\screenscenes\ (15 subtraces) (ID = 723706)
6:37 PM: Found Adware: dashbar
6:37 PM: HKU\S-1-5-21-1229272821-963894560-725345543-1003\software\microsoft\internet explorer\main\ || search bar (ID = 1027877)
6:37 PM: HKU\S-1-5-18\software\ist\ (4 subtraces) (ID = 129108)
6:37 PM: HKU\S-1-5-18\software\salm\ (11 subtraces) (ID = 135792)
6:37 PM: Registry Sweep Complete, Elapsed Time:00:01:16
6:37 PM: Starting Cookie Sweep
6:37 PM: Found Spy Cookie: 2o7.net cookie
6:37 PM: rachel@2o7[1].txt (ID = 1957)
6:37 PM: Found Spy Cookie: yieldmanager cookie
6:37 PM: rachel@ad.yieldmanager[1].txt (ID = 3751)
6:37 PM: Found Spy Cookie: advertising cookie
6:37 PM: rachel@advertising[2].txt (ID = 2175)
6:37 PM: Found Spy Cookie: falkag cookie
6:37 PM: rachel@as-us.falkag[1].txt (ID = 2650)
6:37 PM: Found Spy Cookie: atlas dmt cookie
6:37 PM: rachel@atdmt[2].txt (ID = 2253)
6:37 PM: Found Spy Cookie: atwola cookie
6:37 PM: rachel@atwola[1].txt (ID = 2255)
6:37 PM: Found Spy Cookie: a cookie
6:37 PM: rachel@a[1].txt (ID = 2027)
6:37 PM: Found Spy Cookie: belnk cookie
6:37 PM: rachel@belnk[1].txt (ID = 2292)
6:37 PM: Found Spy Cookie: bluestreak cookie
6:37 PM: rachel@bluestreak[2].txt (ID = 2314)
6:37 PM: Found Spy Cookie: burstnet cookie
6:37 PM: rachel@burstnet[2].txt (ID = 2336)
6:37 PM: Found Spy Cookie: casalemedia cookie
6:37 PM: rachel@casalemedia[1].txt (ID = 2354)
6:37 PM: rachel@dist.belnk[2].txt (ID = 2293)
6:37 PM: Found Spy Cookie: fastclick cookie
6:37 PM: rachel@fastclick[2].txt (ID = 2651)
6:37 PM: Found Spy Cookie: touchclarity cookie
6:37 PM: rachel@msn.touchclarity[1].txt (ID = 3566)
6:37 PM: Found Spy Cookie: overture cookie
6:37 PM: rachel@perf.overture[1].txt (ID = 3106)
6:37 PM: Found Spy Cookie: questionmarket cookie
6:37 PM: rachel@questionmarket[1].txt (ID = 3217)
6:37 PM: Found Spy Cookie: serving-sys cookie
6:37 PM: rachel@serving-sys[1].txt (ID = 3343)
6:37 PM: Found Spy Cookie: statcounter cookie
6:37 PM: rachel@statcounter[2].txt (ID = 3447)
6:37 PM: Found Spy Cookie: tribalfusion cookie
6:37 PM: rachel@tribalfusion[1].txt (ID = 3589)
6:37 PM: Found Spy Cookie: gator cookie
6:37 PM: rachel@webpdp.gator[1].txt (ID = 2723)
6:37 PM: Found Spy Cookie: burstbeacon cookie
6:37 PM: rachel@www.burstbeacon[1].txt (ID = 2335)
6:37 PM: Found Spy Cookie: adserver cookie
6:37 PM: rachel@z1.adserver[1].txt (ID = 2142)
6:37 PM: Found Spy Cookie: 247realmedia cookie
6:37 PM: tom@247realmedia[2].txt (ID = 1953)
6:37 PM: tom@advertising[1].txt (ID = 2175)
6:37 PM: tom@atdmt[2].txt (ID = 2253)
6:37 PM: tom@a[1].txt (ID = 2027)
6:37 PM: tom@belnk[1].txt (ID = 2292)
6:37 PM: tom@bluestreak[1].txt (ID = 2314)
6:37 PM: tom@casalemedia[2].txt (ID = 2354)
6:37 PM: Found Spy Cookie: ccbill cookie
6:37 PM: tom@ccbill[1].txt (ID = 2369)
6:37 PM: Found Spy Cookie: cnt cookie
6:37 PM: tom@cnt[1].txt (ID = 2422)
6:37 PM: Found Spy Cookie: sextracker cookie
6:37 PM: tom@counter11.sextracker[1].txt (ID = 3362)
6:37 PM: tom@counter14.sextracker[1].txt (ID = 3362)
6:37 PM: tom@counter2.sextracker[1].txt (ID = 3362)
6:37 PM: tom@counter8.sextracker[2].txt (ID = 3362)
6:37 PM: tom@fastclick[1].txt (ID = 2651)
6:37 PM: Found Spy Cookie: humanclick cookie
6:37 PM: tom@hc2.humanclick[2].txt (ID = 2810)
6:37 PM: Found Spy Cookie: moviemonster cookie
6:37 PM: tom@moviemonster[2].txt (ID = 3010)
6:37 PM: Found Spy Cookie: outster cookie
6:37 PM: tom@outster[2].txt (ID = 3103)
6:37 PM: Found Spy Cookie: paycounter cookie
6:37 PM: tom@paycounter[1].txt (ID = 3115)
6:37 PM: Found Spy Cookie: pridebucks cookie
6:37 PM: tom@pridebucks[1].txt (ID = 3187)
6:37 PM: Found Spy Cookie: realmedia cookie
6:37 PM: tom@realmedia[2].txt (ID = 3235)
6:37 PM: Found Spy Cookie: server.iad.liveperson cookie
6:37 PM: tom@server.iad.liveperson[1].txt (ID = 3341)
6:37 PM: tom@serving-sys[1].txt (ID = 3343)
6:37 PM: Found Spy Cookie: sexlist cookie
6:37 PM: tom@sexlist[2].txt (ID = 3353)
6:37 PM: tom@sextracker[1].txt (ID = 3361)
6:37 PM: tom@statcounter[2].txt (ID = 3447)
6:37 PM: Found Spy Cookie: reliablestats cookie
6:37 PM: tom@stats1.reliablestats[2].txt (ID = 3254)
6:37 PM: Found Spy Cookie: tradedoubler cookie
6:37 PM: tom@tradedoubler[1].txt (ID = 3575)
6:37 PM: tom@tribalfusion[1].txt (ID = 3589)
6:37 PM: Found Spy Cookie: tripod cookie
6:37 PM: tom@tripod[1].txt (ID = 3591)
6:37 PM: Found Spy Cookie: realtracker cookie
6:37 PM: tom@web4.realtracker[2].txt (ID = 3242)
6:37 PM: Found Spy Cookie: xiti cookie
6:37 PM: tom@xiti[1].txt (ID = 3717)
6:37 PM: Found Spy Cookie: xren_cj cookie
6:37 PM: tom@xren_cj[1].txt (ID = 3723)
6:37 PM: tom@xren_cj[2].txt (ID = 3723)
6:37 PM: Found Spy Cookie: xxxcounter cookie
6:37 PM: tom@xxxcounter[1].txt (ID = 3733)
6:37 PM: Found Spy Cookie: yadro cookie
6:37 PM: tom@yadro[1].txt (ID = 3743)
6:37 PM: ness@112.2o7[2].txt (ID = 1958)
6:37 PM: ness@2o7[1].txt (ID = 1957)
6:37 PM: ness@ad.yieldmanager[2].txt (ID = 3751)
6:37 PM: Found Spy Cookie: pointroll cookie
6:37 PM: ness@ads.pointroll[2].txt (ID = 3148)
6:37 PM: Found Spy Cookie: adtech cookie
6:37 PM: ness@adtech[2].txt (ID = 2155)
6:37 PM: ness@advertising[1].txt (ID = 2175)
6:37 PM: Found Spy Cookie: adviva cookie
6:37 PM: ness@adviva[2].txt (ID = 2177)
6:37 PM: Found Spy Cookie: apmebf cookie
6:37 PM: ness@apmebf[1].txt (ID = 2229)
6:37 PM: ness@as-eu.falkag[1].txt (ID = 2650)
6:37 PM: ness@atdmt[1].txt (ID = 2253)
6:37 PM: ness@atwola[1].txt (ID = 2255)
6:37 PM: ness@a[1].txt (ID = 2027)
6:37 PM: ness@belnk[1].txt (ID = 2292)
6:37 PM: ness@burstnet[2].txt (ID = 2336)
6:37 PM: ness@casalemedia[1].txt (ID = 2354)
6:38 PM: Found Spy Cookie: cd freaks cookie
6:38 PM: ness@cdfreaks[2].txt (ID = 2370)
6:38 PM: ness@club.cdfreaks[1].txt (ID = 2371)
6:38 PM: Found Spy Cookie: 360i cookie
6:38 PM: ness@ct.360i[2].txt (ID = 1962)
6:38 PM: ness@dist.belnk[2].txt (ID = 2293)
6:38 PM: ness@fastclick[1].txt (ID = 2651)
6:38 PM: Found Spy Cookie: gamespy cookie
6:38 PM: ness@gamespy[1].txt (ID = 2719)
6:38 PM: Found Spy Cookie: starware.com cookie
6:38 PM: ness@h.starware[1].txt (ID = 3442)
6:38 PM: ness@maxis.112.2o7[1].txt (ID = 1958)
6:38 PM: ness@questionmarket[2].txt (ID = 3217)
6:38 PM: ness@realmedia[2].txt (ID = 3235)
6:38 PM: Found Spy Cookie: onestat.com cookie
6:38 PM: ness@stat.onestat[2].txt (ID = 3098)
6:38 PM: ness@statcounter[2].txt (ID = 3447)
6:38 PM: ness@stats1.reliablestats[2].txt (ID = 3254)
6:38 PM: Found Spy Cookie: webtrendslive cookie
6:38 PM: ness@statse.webtrendslive[1].txt (ID = 3667)
6:38 PM: Found Spy Cookie: toplist cookie
6:38 PM: ness@toplist[1].txt (ID = 3557)
6:38 PM: ness@tradedoubler[1].txt (ID = 3575)
6:38 PM: ness@www.burstbeacon[1].txt (ID = 2335)
6:38 PM: ness@www.starware[1].txt (ID = 3442)
6:38 PM: Found Spy Cookie: ask cookie
6:38 PM: dave@ask[1].txt (ID = 2245)
6:38 PM: dave@atdmt[1].txt (ID = 2253)
6:38 PM: Found Spy Cookie: trakkerd.net cookie
6:38 PM: dave@hestia.sextrail.trakkerd[1].txt (ID = 3586)
6:38 PM: dave@sextracker[2].txt (ID = 3361)
6:38 PM: dave@statcounter[2].txt (ID = 3447)
6:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
6:38 PM: Starting File Sweep
6:38 PM: c:\program files\preview adservice (1 subtraces) (ID = -2147477102)
6:38 PM: c:\program files\surfaccuracy (3 subtraces) (ID = -2147478266)
6:38 PM: c:\program files\media gateway (2 subtraces) (ID = -2147477127)
6:38 PM: Found Adware: ist istbar
6:38 PM: a0032475.exe (ID = 107294)
6:38 PM: backup-20060116-170307-446.dll (ID = 199611)
6:38 PM: Found Adware: shopathomeselect
6:38 PM: bundle_cdt1006.exe (ID = 107429)
6:38 PM: iaqljqk7.dll (ID = 75582)
6:39 PM: a0037869.exe (ID = 64496)
6:39 PM: a0037870.exe (ID = 185599)
6:40 PM: a0055047.exe (ID = 193923)
6:41 PM: gatorgaininstaller.log (ID = 61390)
6:41 PM: a0030842.exe (ID = 64496)
6:41 PM: a0030843.exe (ID = 107294)
6:41 PM: info.txt (ID = 90430)
6:42 PM: fca0ivf.exe (ID = 107290)
6:44 PM: istrecover[1].exe (ID = 64496)
6:44 PM: istsvc[1].exe (ID = 107294)
6:44 PM: istdownload[1].exe (ID = 107290)
6:44 PM: update.exe (ID = 75690)
6:45 PM: bundle~1.exe (ID = 107429)
6:46 PM: m8u9hgvs.dll (ID = 75582)
6:49 PM: saccu.exe (ID = 180136)
6:58 PM: mediagateway.exe (ID = 107546)
6:58 PM: Sweep Canceled
6:58 PM: File Sweep Complete, Elapsed Time: 00:20:55
6:58 PM: Traces Found: 305
6:59 PM: Removal process initiated
6:59 PM: Quarantining All Traces: 180search assistant/zango
6:59 PM: Quarantining All Traces: ist istbar
6:59 PM: Quarantining All Traces: qsearch
6:59 PM: Quarantining All Traces: blazefind
6:59 PM: Quarantining All Traces: primesoft dialer
6:59 PM: Quarantining All Traces: winad
6:59 PM: Quarantining All Traces: ist software
6:59 PM: Quarantining All Traces: ist surf accuracy
6:59 PM: Quarantining All Traces: screensavers
6:59 PM: Quarantining All Traces: shopathomeselect
6:59 PM: Quarantining All Traces: smart-browser
6:59 PM: Quarantining All Traces: 247realmedia cookie
6:59 PM: Quarantining All Traces: 2o7.net cookie
6:59 PM: Quarantining All Traces: 360i cookie
6:59 PM: Quarantining All Traces: a cookie
6:59 PM: Quarantining All Traces: adserver cookie
6:59 PM: Quarantining All Traces: adtech cookie
6:59 PM: Quarantining All Traces: advertising cookie
6:59 PM: Quarantining All Traces: adviva cookie
6:59 PM: Quarantining All Traces: apmebf cookie
6:59 PM: Quarantining All Traces: ask cookie
6:59 PM: Quarantining All Traces: atlas dmt cookie
6:59 PM: Quarantining All Traces: atwola cookie
6:59 PM: Quarantining All Traces: belnk cookie
6:59 PM: Quarantining All Traces: bluestreak cookie
6:59 PM: Quarantining All Traces: burstbeacon cookie
6:59 PM: Quarantining All Traces: burstnet cookie
6:59 PM: Quarantining All Traces: casalemedia cookie
6:59 PM: Quarantining All Traces: ccbill cookie
6:59 PM: Quarantining All Traces: cd freaks cookie
6:59 PM: Quarantining All Traces: cnt cookie
6:59 PM: Quarantining All Traces: dashbar
6:59 PM: Quarantining All Traces: falkag cookie
6:59 PM: Quarantining All Traces: fastclick cookie
6:59 PM: Quarantining All Traces: gain - common components
6:59 PM: Quarantining All Traces: gamespy cookie
6:59 PM: Quarantining All Traces: gator cookie
6:59 PM: Quarantining All Traces: humanclick cookie
6:59 PM: Quarantining All Traces: moviemonster cookie
6:59 PM: Quarantining All Traces: onestat.com cookie
6:59 PM: Quarantining All Traces: outster cookie
6:59 PM: Quarantining All Traces: overture cookie
6:59 PM: Quarantining All Traces: paycounter cookie
6:59 PM: Quarantining All Traces: pointroll cookie
6:59 PM: Quarantining All Traces: pridebucks cookie
6:59 PM: Quarantining All Traces: questionmarket cookie
6:59 PM: Quarantining All Traces: realmedia cookie
6:59 PM: Quarantining All Traces: realtracker cookie
6:59 PM: Quarantining All Traces: reliablestats cookie
6:59 PM: Quarantining All Traces: screenscenes
6:59 PM: Quarantining All Traces: server.iad.liveperson cookie
6:59 PM: Quarantining All Traces: serving-sys cookie
6:59 PM: Quarantining All Traces: sexlist cookie
6:59 PM: Quarantining All Traces: sextracker cookie
6:59 PM: Quarantining All Traces: starware.com cookie
6:59 PM: Quarantining All Traces: statcounter cookie
6:59 PM: Quarantining All Traces: toplist cookie
6:59 PM: Quarantining All Traces: touchclarity cookie
6:59 PM: Quarantining All Traces: tradedoubler cookie
6:59 PM: Quarantining All Traces: trakkerd.net cookie
6:59 PM: Quarantining All Traces: tribalfusion cookie
6:59 PM: Quarantining All Traces: tripod cookie
6:59 PM: Quarantining All Traces: webtrendslive cookie
6:59 PM: Quarantining All Traces: xiti cookie
6:59 PM: Quarantining All Traces: xren_cj cookie
6:59 PM: Quarantining All Traces: xxxcounter cookie
6:59 PM: Quarantining All Traces: yadro cookie
6:59 PM: Quarantining All Traces: yieldmanager cookie
7:00 PM: Removal process completed. Elapsed time 00:00:39
7:05 PM: Deletion from quarantine initiated
7:05 PM: Processing: 180search assistant/zango
7:05 PM: Processing: 247realmedia cookie
7:05 PM: Processing: 2o7.net cookie
7:05 PM: Processing: 360i cookie
7:05 PM: Processing: a cookie
7:05 PM: Processing: adserver cookie
7:05 PM: Processing: adtech cookie
7:05 PM: Processing: advertising cookie
7:05 PM: Processing: adviva cookie
7:05 PM: Processing: apmebf cookie
7:05 PM: Processing: ask cookie
7:05 PM: Processing: atlas dmt cookie
7:05 PM: Processing: atwola cookie
7:05 PM: Processing: belnk cookie
7:05 PM: Processing: blazefind
7:05 PM: Processing: bluestreak cookie
7:05 PM: Processing: burstbeacon cookie
7:05 PM: Processing: burstnet cookie
7:05 PM: Processing: casalemedia cookie
7:05 PM: Processing: ccbill cookie
7:05 PM: Processing: cd freaks cookie
7:05 PM: Processing: cnt cookie
7:05 PM: Processing: dashbar
7:05 PM: Processing: falkag cookie
7:05 PM: Processing: fastclick cookie
7:05 PM: Processing: gain - common components
7:05 PM: Processing: gamespy cookie
7:05 PM: Processing: gator cookie
7:05 PM: Processing: humanclick cookie
7:05 PM: Processing: ist istbar
7:05 PM: Processing: ist software
7:05 PM: Processing: ist surf accuracy
7:05 PM: Processing: moviemonster cookie
7:05 PM: Processing: onestat.com cookie
7:05 PM: Processing: outster cookie
7:05 PM: Processing: overture cookie
7:05 PM: Processing: paycounter cookie
7:05 PM: Processing: pointroll cookie
7:05 PM: Processing: pridebucks cookie
7:05 PM: Processing: primesoft dialer
7:05 PM: Processing: qsearch
7:05 PM: Processing: questionmarket cookie
7:05 PM: Processing: realmedia cookie
7:05 PM: Processing: realtracker cookie
7:05 PM: Processing: reliablestats cookie
7:05 PM: Processing: screensavers
7:05 PM: Processing: screenscenes
7:05 PM: Processing: server.iad.liveperson cookie
7:05 PM: Processing: serving-sys cookie
7:05 PM: Processing: sexlist cookie
7:05 PM: Processing: sextracker cookie
7:05 PM: Processing: shopathomeselect
7:05 PM: Processing: smart-browser
7:05 PM: Processing: starware.com cookie
7:05 PM: Processing: statcounter cookie
7:05 PM: Processing: toplist cookie
7:05 PM: Processing: touchclarity cookie
7:05 PM: Processing: tradedoubler cookie
7:05 PM: Processing: trakkerd.net cookie
7:05 PM: Processing: tribalfusion cookie
7:05 PM: Processing: tripod cookie
7:05 PM: Processing: webtrendslive cookie
7:05 PM: Processing: winad
7:05 PM: Processing: xiti cookie
7:05 PM: Processing: xren_cj cookie
7:05 PM: Processing: xxxcounter cookie
7:05 PM: Processing: yadro cookie
7:05 PM: Processing: yieldmanager cookie
7:05 PM: Deletion from quarantine completed. Elapsed time 00:00:39
********
6:28 PM: | Start of Session, Monday, January 16, 2006 |
6:28 PM: Spy Sweeper started
6:29 PM: Your spyware definitions have been updated.
6:34 PM: | End of Session, Monday, January 16, 2006 |
a scan with webroot . i also ran HJTLogfile of HijackThis v1.99.1
Scan saved at 2:26:06 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ask.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB002" /M "Stylus DX3800"
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe /COMPLETECACHE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

may be my computer is runing alittle better task manager says system is runing at 97% but i am only talk ing to you. thanks for your help cheers
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top