Hi,
Ran sweeper successfully. Here is the log :
********
8:23 PM: | Start of Session, Friday, December 09, 2005 |
8:23 PM: Spy Sweeper started
8:23 PM: Sweep initiated using definitions version 582
8:23 PM: Starting Memory Sweep
8:24 PM: Found Adware: clkoptimizer
8:24 PM: Detected running threat: C:\WINDOWS\system32\wuauclt.dll (ID = 143665)
8:24 PM: Memory Sweep Complete, Elapsed Time: 00:01:02
8:24 PM: Starting Registry Sweep
8:24 PM: Found Adware: apropos
8:24 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
8:24 PM: Found Adware: begin2search
8:24 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
8:24 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
8:24 PM: Found Adware: hotsearchbar toolbar
8:24 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
8:24 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
8:24 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
8:24 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
8:24 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
8:24 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
8:24 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
8:24 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
8:24 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
8:24 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
8:24 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
8:24 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
8:24 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
8:24 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
8:24 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
8:24 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
8:24 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
8:24 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
8:24 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
8:24 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
8:24 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
8:24 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
8:24 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
8:24 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
8:24 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
8:24 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
8:24 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
8:24 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
8:24 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
8:24 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
8:24 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
8:24 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
8:24 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
8:24 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
8:24 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
8:24 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
8:24 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
8:24 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
8:24 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
8:24 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
8:24 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
8:24 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
8:24 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
8:24 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
8:24 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
8:24 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
8:24 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
8:24 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
8:24 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
8:24 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
8:24 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
8:24 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
8:24 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
8:24 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
8:25 PM: Found Adware: bookedspace
8:25 PM: HKLM\software\configuration manager\cfgmgr52\ (120 subtraces) (ID = 104873)
8:25 PM: HKCR\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 105953)
8:25 PM: HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106021)
8:25 PM: HKLM\software\classes\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 106049)
8:25 PM: HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106116)
8:25 PM: Found Adware: delfin
8:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\displayutility\ (2 subtraces) (ID = 124879)
8:25 PM: HKLM\software\mvu\ (5 subtraces) (ID = 124885)
8:25 PM: HKLM\software\vidctrl\ (2 subtraces) (ID = 124897)
8:25 PM: Found Adware: networkessentials
8:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\cdm\ (2 subtraces) (ID = 136172)
8:25 PM: HKLM\software\novo\ (3 subtraces) (ID = 136175)
8:25 PM: HKLM\software\np\ (2 subtraces) (ID = 136176)
8:25 PM: Found Adware: surfsidekick
8:25 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
8:25 PM: Found Adware: icannnews
8:25 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
8:25 PM: HKCR\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169451)
8:25 PM: HKCR\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169452)
8:25 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
8:25 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
8:25 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
8:25 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
8:25 PM: HKLM\software\classes\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}\ (3 subtraces) (ID = 169458)
8:25 PM: HKLM\software\classes\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}\ (21 subtraces) (ID = 169459)
8:25 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
8:25 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
8:25 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
8:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsync (ID = 601545)
8:25 PM: HKLM\software\microsoft\internet explorer\extensions\{9e248641-0e24-4ddb-9a1f-705087832ad6}\ (2 subtraces) (ID = 753449)
8:25 PM: Found Adware: browseraid
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
8:25 PM: Found Adware: clearsearch
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\microsoft\internet explorer\new windows\allow\ || 69.28.210.175 (ID = 105744)
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\mvu\ (4 subtraces) (ID = 124884)
8:25 PM: Found Adware: drsnsrch.com hijack
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
8:25 PM: Found Trojan Horse: trojan-downloader-pacisoft
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\psof1\ (17 subtraces) (ID = 136530)
8:25 PM: Found Adware: searchtoolbar
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
8:25 PM: HKU\S-1-5-21-79099320-3589331423-903540309-500\software\surfsidekick3\ (3 subtraces) (ID = 143412)
8:25 PM: Registry Sweep Complete, Elapsed Time:00:00:12
8:25 PM: Starting Cookie Sweep
8:25 PM: Found Spy Cookie: websponsors cookie
8:25 PM:
administrator@a.websponsors[2].txt (ID = 3665)
8:25 PM: Found Spy Cookie: yieldmanager cookie
8:25 PM:
administrator@ad.yieldmanager[1].txt (ID = 3751)
8:25 PM: Found Spy Cookie: adecn cookie
8:25 PM: administrator@adecn[1].txt (ID = 2063)
8:25 PM: Found Spy Cookie: adknowledge cookie
8:25 PM: administrator@adknowledge[1].txt (ID = 2072)
8:25 PM: Found Spy Cookie: hbmediapro cookie
8:25 PM:
administrator@adopt.hbmediapro[2].txt (ID = 2768)
8:25 PM: Found Spy Cookie: hotbar cookie
8:25 PM:
administrator@adopt.hotbar[2].txt (ID = 4207)
8:25 PM: Found Spy Cookie: specificclick.com cookie
8:25 PM:
administrator@adopt.specificclick[2].txt (ID = 3400)
8:25 PM: Found Spy Cookie: adrevolver cookie
8:25 PM: administrator@adrevolver[1].txt (ID = 2088)
8:25 PM: administrator@adrevolver[2].txt (ID = 2088)
8:25 PM: Found Spy Cookie: addynamix cookie
8:25 PM:
administrator@ads.addynamix[1].txt (ID = 2062)
8:25 PM: Found Spy Cookie: pointroll cookie
8:25 PM:
administrator@ads.pointroll[1].txt (ID = 3148)
8:25 PM: Found Spy Cookie: advertising cookie
8:25 PM: administrator@advertising[2].txt (ID = 2175)
8:25 PM: Found Spy Cookie: falkag cookie
8:25 PM:
administrator@as-eu.falkag[1].txt (ID = 2650)
8:25 PM:
administrator@as-us.falkag[1].txt (ID = 2650)
8:25 PM:
administrator@as1.falkag[2].txt (ID = 2650)
8:25 PM: Found Spy Cookie: ask cookie
8:25 PM: administrator@ask[1].txt (ID = 2245)
8:25 PM: Found Spy Cookie: atlas dmt cookie
8:25 PM: administrator@atdmt[2].txt (ID = 2253)
8:25 PM: Found Spy Cookie: azjmp cookie
8:25 PM: administrator@azjmp[2].txt (ID = 2270)
8:25 PM: Found Spy Cookie: belnk cookie
8:25 PM: administrator@belnk[1].txt (ID = 2292)
8:25 PM: Found Spy Cookie: bs.serving-sys cookie
8:25 PM:
administrator@bs.serving-sys[2].txt (ID = 2330)
8:25 PM: Found Spy Cookie: burstnet cookie
8:25 PM: administrator@burstnet[1].txt (ID = 2336)
8:25 PM: Found Spy Cookie: zedo cookie
8:25 PM:
administrator@c5.zedo[1].txt (ID = 3763)
8:25 PM: Found Spy Cookie: casalemedia cookie
8:25 PM: administrator@casalemedia[2].txt (ID = 2354)
8:25 PM: Found Spy Cookie: centrport net cookie
8:25 PM: administrator@centrport[1].txt (ID = 2374)
8:25 PM: Found Spy Cookie: overture cookie
8:25 PM:
administrator@data1.perf.overture[1].txt (ID = 3106)
8:25 PM:
administrator@data4.perf.overture[2].txt (ID = 3106)
8:25 PM:
administrator@dist.belnk[2].txt (ID = 2293)
8:25 PM: Found Spy Cookie: ru4 cookie
8:25 PM:
administrator@edge.ru4[2].txt (ID = 3269)
8:25 PM: Found Spy Cookie: 2o7.net cookie
8:25 PM: administrator@entrepreneur.122.2o7[1].txt (ID = 1958)
8:25 PM: Found Spy Cookie: exitexchange cookie
8:25 PM: administrator@exitexchange[1].txt (ID = 2633)
8:25 PM: Found Spy Cookie: fastclick cookie
8:25 PM: administrator@fastclick[2].txt (ID = 2651)
8:25 PM: Found Spy Cookie: clickandtrack cookie
8:25 PM:
administrator@hits.clickandtrack[2].txt (ID = 2397)
8:25 PM: Found Spy Cookie: linksynergy cookie
8:25 PM: administrator@linksynergy[1].txt (ID = 2926)
8:25 PM: Found Spy Cookie: maxserving cookie
8:25 PM: administrator@maxserving[2].txt (ID = 2966)
8:25 PM:
administrator@media.fastclick[2].txt (ID = 2652)
8:25 PM: Found Spy Cookie: nextag cookie
8:25 PM: administrator@nextag[1].txt (ID = 5014)
8:25 PM: Found Spy Cookie: partypoker cookie
8:25 PM: administrator@partypoker[2].txt (ID = 3111)
8:25 PM:
administrator@perf.overture[1].txt (ID = 3106)
8:25 PM: Found Spy Cookie: questionmarket cookie
8:25 PM: administrator@questionmarket[2].txt (ID = 3217)
8:25 PM: Found Spy Cookie: realmedia cookie
8:25 PM: administrator@realmedia[2].txt (ID = 3235)
8:25 PM: Found Spy Cookie: rn11 cookie
8:25 PM: administrator@rn11[2].txt (ID = 3261)
8:25 PM: Found Spy Cookie: serving-sys cookie
8:25 PM: administrator@serving-sys[2].txt (ID = 3343)
8:25 PM: Found Spy Cookie: reliablestats cookie
8:25 PM:
administrator@stats1.reliablestats[1].txt (ID = 3254)
8:25 PM: Found Spy Cookie: targetnet cookie
8:25 PM: administrator@targetnet[1].txt (ID = 3489)
8:25 PM: Found Spy Cookie: trafficmp cookie
8:25 PM: administrator@trafficmp[2].txt (ID = 3581)
8:25 PM: Found Spy Cookie: tribalfusion cookie
8:25 PM: administrator@tribalfusion[2].txt (ID = 3589)
8:25 PM: Found Spy Cookie: coremetrics cookie
8:25 PM:
administrator@twci.coremetrics[1].txt (ID = 2472)
8:25 PM: Found Spy Cookie: burstbeacon cookie
8:25 PM:
administrator@www.burstbeacon[1].txt (ID = 2335)
8:25 PM: administrator@yieldmanager[1].txt (ID = 3749)
8:25 PM: Found Spy Cookie: adserver cookie
8:25 PM:
administrator@z1.adserver[1].txt (ID = 2142)
8:25 PM: administrator@zedo[1].txt (ID = 3762)
8:25 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
8:25 PM: Starting File Sweep
8:25 PM: c:\windows\cfgmgr52 (28 subtraces) (ID = -2147479590)
8:25 PM: Found Adware: elitebar
8:25 PM: c:\windows\etb (1 subtraces) (ID = -2147476235)
8:25 PM: c:\windows\system32\upd (ID = -2147480530)
8:25 PM: c:\windows\system32\vidctrl (ID = -2147481117)
8:25 PM: c:\documents and settings\all users\application data\vidctrl (ID = -2147477475)
8:25 PM: c:\program files\aprps (8 subtraces) (ID = -2147481420)
8:26 PM: bsva-egihsg52.exe (ID = 95082)
8:26 PM: Found Adware: weirdontheweb
8:26 PM: weirdontheweb_ventura.exe (ID = 87900)
8:27 PM: wuauclt.dll (ID = 143665)
8:28 PM: vgactl.cpl (ID = 143664)
8:28 PM: sskknwrd.dll (ID = 77733)
8:28 PM: activex.ocx (ID = 93701)
8:30 PM: dice23.ico (ID = 51024)
8:31 PM: Found Trojan Horse: trojan-downloader-mainstreamdollars
8:31 PM: btnetw3_venturahot_246765.exe (ID = 80728)
8:31 PM: Found Trojan Horse: trojan-downloader-traf34
8:31 PM: gsm3-0511.exe (ID = 81005)
8:33 PM: uninstaller.exe (ID = 50178)
8:33 PM: cxtpls.exe (ID = 50095)
8:33 PM: stlb2.xml (ID = 51947)
8:34 PM: wingenerics.dll (ID = 50187)
8:35 PM: weirdontheweb.url (ID = 87896)
8:35 PM: sskcwrd.dll (ID = 77712)
8:35 PM: Found Adware: exact cashback/bargain buddy
8:35 PM: backup-20050623-200253-642.inf (ID = 50858)
8:39 PM: File Sweep Complete, Elapsed Time: 00:14:41
8:39 PM: Full Sweep has completed. Elapsed time 00:16:05
8:39 PM: Traces Found: 951
8:40 PM: Removal process initiated
8:41 PM: Quarantining All Traces: clearsearch
8:41 PM: Quarantining All Traces: clkoptimizer
8:41 PM: clkoptimizer is in use. It will be removed on reboot.
8:41 PM: C:\WINDOWS\system32\wuauclt.dll is in use. It will be removed on reboot.
8:41 PM: Quarantining All Traces: elitebar
8:41 PM: Quarantining All Traces: icannnews
8:41 PM: Quarantining All Traces: apropos
8:41 PM: Quarantining All Traces: begin2search
8:41 PM: Quarantining All Traces: delfin
8:41 PM: Quarantining All Traces: surfsidekick
8:41 PM: Quarantining All Traces: trojan-downloader-mainstreamdollars
8:41 PM: Quarantining All Traces: trojan-downloader-pacisoft
8:41 PM: Quarantining All Traces: trojan-downloader-traf34
8:41 PM: Quarantining All Traces: bookedspace
8:41 PM: Quarantining All Traces: browseraid
8:41 PM: Quarantining All Traces: drsnsrch.com hijack
8:41 PM: Quarantining All Traces: exact cashback/bargain buddy
8:41 PM: Quarantining All Traces: hotsearchbar toolbar
8:41 PM: Quarantining All Traces: networkessentials
8:41 PM: Quarantining All Traces: searchtoolbar
8:41 PM: Quarantining All Traces: weirdontheweb
8:41 PM: Quarantining All Traces: 2o7.net cookie
8:41 PM: Quarantining All Traces: addynamix cookie
8:41 PM: Quarantining All Traces: adecn cookie
8:41 PM: Quarantining All Traces: adknowledge cookie
8:41 PM: Quarantining All Traces: adrevolver cookie
8:41 PM: Quarantining All Traces: adserver cookie
8:41 PM: Quarantining All Traces: advertising cookie
8:41 PM: Quarantining All Traces: ask cookie
8:41 PM: Quarantining All Traces: atlas dmt cookie
8:41 PM: Quarantining All Traces: azjmp cookie
8:41 PM: Quarantining All Traces: belnk cookie
8:41 PM: Quarantining All Traces: bs.serving-sys cookie
8:41 PM: Quarantining All Traces: burstbeacon cookie
8:41 PM: Quarantining All Traces: burstnet cookie
8:41 PM: Quarantining All Traces: casalemedia cookie
8:41 PM: Quarantining All Traces: centrport net cookie
8:41 PM: Quarantining All Traces: clickandtrack cookie
8:41 PM: Quarantining All Traces: coremetrics cookie
8:41 PM: Quarantining All Traces: exitexchange cookie
8:41 PM: Quarantining All Traces: falkag cookie
8:41 PM: Quarantining All Traces: fastclick cookie
8:41 PM: Quarantining All Traces: hbmediapro cookie
8:41 PM: Quarantining All Traces: hotbar cookie
8:41 PM: Quarantining All Traces: linksynergy cookie
8:41 PM: Quarantining All Traces: maxserving cookie
8:41 PM: Quarantining All Traces: nextag cookie
8:41 PM: Quarantining All Traces: overture cookie
8:41 PM: Quarantining All Traces: partypoker cookie
8:41 PM: Quarantining All Traces: pointroll cookie
8:41 PM: Quarantining All Traces: questionmarket cookie
8:41 PM: Quarantining All Traces: realmedia cookie
8:41 PM: Quarantining All Traces: reliablestats cookie
8:41 PM: Quarantining All Traces: rn11 cookie
8:41 PM: Quarantining All Traces: ru4 cookie
8:41 PM: Quarantining All Traces: serving-sys cookie
8:41 PM: Quarantining All Traces: specificclick.com cookie
8:41 PM: Quarantining All Traces: targetnet cookie
8:41 PM: Quarantining All Traces: trafficmp cookie
8:41 PM: Quarantining All Traces: tribalfusion cookie
8:41 PM: Quarantining All Traces: websponsors cookie
8:41 PM: Quarantining All Traces: yieldmanager cookie
8:41 PM: Quarantining All Traces: zedo cookie
8:42 PM: Removal process completed. Elapsed time 00:01:51
********
8:13 PM: | Start of Session, Friday, December 09, 2005 |
8:13 PM: Spy Sweeper started
8:14 PM: Your spyware definitions have been updated.
and the Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 8:49:05 PM, on 12/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
E:\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CA\eTrust\InoculateIT\realmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.248.208.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\iacrcw.exe reg_run
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\InoculateIT\realmon.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://hindi.india-today.com/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} -
http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by10fd.bay10.hotmail.msn.com/res ... nPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgallery.com/downloads/B ... ofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Filter hijack: text/xml - (no CLSID) - (no file)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust InoculateIT RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRpc.exe
O23 - Service: eTrust InoculateIT Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoRT.exe
O23 - Service: eTrust InoculateIT Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust\InoculateIT\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Thanks,