Dear Muppy03,
Thanks for your help. I'm not geting help from any other forum. I don't think I used Avenger at any point (does it come bundled with something else?). I think all I've done (besides your instructions) are Spy Bot and Ad-Aware. Ad-Aware caught some stuff that spybot did not. I'll put the Ad-Aware log at the bottom below the Oldtimer stuff. BTW, the popups seem to have stopped!! They stopped after the Malwarebytes thing I think.
Thanks!
========== FILES ==========
File/Folder c:\documents and settings\peyton vogel\local settings\application data\xsaqstg.exe not found.
File/Folder c:\documents and settings\peyton vogel\local settings\application data\uesiwgq.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\xsaqstg deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uesiwgq deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_1024.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_88c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7329.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF780B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF782D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF79E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7A0A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7AA7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7ACF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7C29.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\W3QQ3N4L\OTMoveIt3[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\UXX0962A\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\HVRESEMV\default[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04112009_220415
Files moved on Reboot...
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_1024.dat not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\Perflib_Perfdata_88c.dat not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7329.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF780B.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF782D.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF79E3.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7A0A.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7AA7.tmp not found!
File C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7ACF.tmp not found!
C:\DOCUME~1\PEYTON~1\LOCALS~1\Temp\~DF7C29.tmp moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\W3QQ3N4L\OTMoveIt3[1].exe moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\UXX0962A\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[1].htm moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\NV6NWK1P\Generic[2].htm moved successfully.
C:\Documents and Settings\Peyton Vogel\Local Settings\Temporary Internet Files\Content.IE5\HVRESEMV\default[1].htm moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_4d4.dat not found!
_______________________________________________________________________________________________________
Here is the Ad-Aware Log Stuff
Logfile created: 4/9/2009 9:42:12
Lavasoft Ad-Aware version: 8.0.3
Extended engine version: 8.1
User performing scan: Peyton Vogel
*********************** Definitions database information ***********************
Lavasoft definition file: 148.7
Extended engine definition file: 8.1
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 141858
Objects detected: 146
Type Detected
==========================
Processes.......: 0
Registry entries: 53
Hostfile entries: 0
Files...........: 25
Folders.........: 2
LSPs............: 0
Cookies.........: 66
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *adbrite* Family Name: Cookies Clean status: Success Item ID: 409218 Family ID: 0
Description: *adlegend* Family Name: Cookies Clean status: Success Item ID: 409170 Family ID: 0
Description: *addynamix* Family Name: Cookies Clean status: Success Item ID: 409026 Family ID: 0
Description: *.bridgetrack* Family Name: Cookies Clean status: Success Item ID: 409095 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Failed Item ID: 408737 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Failed Item ID: 409020 Family ID: 0
Description: *estat* Family Name: Cookies Clean status: Success Item ID: 408873 Family ID: 0
Description: *bizrate.co* Family Name: Cookies Clean status: Success Item ID: 409154 Family ID: 0
Description: *boldchat* Family Name: Cookies Clean status: Success Item ID: 409211 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *dealtime* Family Name: Cookies Clean status: Success Item ID: 409235 Family ID: 0
Description: *omniture* Family Name: Cookies Clean status: Success Item ID: 408835 Family ID: 0
Description: *.stats.esomniture* Family Name: Cookies Clean status: Failed Item ID: 409181 Family ID: 0
Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0
Description: *iwon* Family Name: Cookies Clean status: Success Item ID: 408852 Family ID: 0
Description: *live365* Family Name: Cookies Clean status: Success Item ID: 408844 Family ID: 0
Description: *nextstat* Family Name: Cookies Clean status: Success Item ID: 409229 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *overstock* Family Name: Cookies Clean status: Success Item ID: 409142 Family ID: 0
Description: *overture* Family Name: Cookies Clean status: Success Item ID: 408834 Family ID: 0
Description: *perf.overture* Family Name: Cookies Clean status: Failed Item ID: 408828 Family ID: 0
Description: *pro-market* Family Name: Cookies Clean status: Success Item ID: 408823 Family ID: 0
Description: *searchportal.information* Family Name: Cookies Clean status: Success Item ID: 409134 Family ID: 0
Description: *shareasale* Family Name: Cookies Clean status: Success Item ID: 409322 Family ID: 0
Description: *stat.onestat* Family Name: Cookies Clean status: Failed Item ID: 408967 Family ID: 0
Description: stat.onestat* Family Name: Cookies Clean status: Failed Item ID: 409125 Family ID: 0
Description: *kontera* Family Name: Cookies Clean status: Success Item ID: 409363 Family ID: 0
Description: *tripod* Family Name: Cookies Clean status: Success Item ID: 408784 Family ID: 0
Description: *valueclick* Family Name: Cookies Clean status: Success Item ID: 409175 Family ID: 0
Description: *webstat* Family Name: Cookies Clean status: Success Item ID: 409228 Family ID: 0
Description: *webtrends* Family Name: Cookies Clean status: Success Item ID: 599640 Family ID: 0
Description:
www.buy* Family Name: Cookies Clean status: Success Item ID: 409113 Family ID: 0
Description: *etracker* Family Name: Cookies Clean status: Success Item ID: 409002 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Failed Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Failed Item ID: 409139 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *pointroll* Family Name: Cookies Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Clean status: Failed Item ID: 408927 Family ID: 0
Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *casalemedia* Family Name: Cookies Clean status: Success Item ID: 409152 Family ID: 0
Description: *trafficmp* Family Name: Cookies Clean status: Success Item ID: 408787 Family ID: 0
Description: *ssion-junction* Family Name: Cookies Clean status: Success Item ID: 408969 Family ID: 0
Description: *coremetrics* Family Name: Cookies Clean status: Success Item ID: 409008 Family ID: 0
Description: *data.coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409220 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
Description: *insightexpressai* Family Name: Cookies Clean status: Success Item ID: 409259 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Clean status: Success Item ID: 409131 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Clean status: Failed Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Clean status: Failed Item ID: 409269 Family ID: 0
Description: *tacoda* Family Name: Cookies Clean status: Success Item ID: 409123 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Clean status: Success Item ID: 408785 Family ID: 0
Description: *wunderloop* Family Name: Cookies Clean status: Success Item ID: 599639 Family ID: 0
Description: C:\Program Files\SweetIM Family Name: SweetIM Clean status: Reboot required Item ID: 59715 Family ID: 1823
Description: c:\Documents and Settings\All Users\Application Data\SweetIM Family Name: SweetIM Clean status: Success Item ID: 59716 Family ID: 1823
Quarantined items:
Description: C:\Program Files\SweetIM\Messenger\SweetIM.exe Family Name: SweetIM Clean status: Success Item ID: 359443 Family ID: 1823
Description: HKLM:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run:SweetIM Family Name: SweetIM Clean status: Success Item ID: 359443 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359438 Family ID: 1823
Description: HKLM:HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 359438 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll Family Name: SweetIM Clean status: Success Item ID: 359446 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll Family Name: SweetIM Clean status: Success Item ID: 359447 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll Family Name: SweetIM Clean status: Success Item ID: 359423 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgArchive.dll Family Name: SweetIM Clean status: Success Item ID: 359424 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgcommunication.dll Family Name: SweetIM Clean status: Success Item ID: 359426 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll Family Name: SweetIM Clean status: Success Item ID: 359428 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mghooking.dll Family Name: SweetIM Clean status: Success Item ID: 359430 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll Family Name: SweetIM Clean status: Success Item ID: 359431 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll Family Name: SweetIM Clean status: Success Item ID: 359433 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll Family Name: SweetIM Clean status: Success Item ID: 359434 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll Family Name: SweetIM Clean status: Success Item ID: 359435 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgSweetIM.dll Family Name: SweetIM Clean status: Success Item ID: 359437 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll Family Name: SweetIM Clean status: Success Item ID: 359439 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll Family Name: SweetIM Clean status: Success Item ID: 359441 Family ID: 1823
Description: C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll Family Name: SweetIM Clean status: Success Item ID: 359442 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe Family Name: SweetIM Clean status: Success Item ID: 359445 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359425 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359427 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll Family Name: SweetIM Clean status: Success Item ID: 359429 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll Family Name: SweetIM Clean status: Success Item ID: 359432 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359436 Family ID: 1823
Description: C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll Family Name: SweetIM Clean status: Reboot required Item ID: 359440 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\explorer\browser helper objects\{eee6c35c-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49771 Family ID: 1823
Description: HKCR:clsid\{82ac53b4-164c-4b07-a016-437a8388b81a}: Family Name: SweetIM Clean status: Success Item ID: 49774 Family ID: 1823
Description: HKCR:clsid\{a4a0cb15-8465-4f58-a7e5-73084ea2a064}: Family Name: SweetIM Clean status: Success Item ID: 49775 Family ID: 1823
Description: HKCR:clsid\{eee6c35b-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49776 Family ID: 1823
Description: HKCR:clsid\{eee6c35c-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49777 Family ID: 1823
Description: HKCR:clsid\{eee6c35d-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49778 Family ID: 1823
Description: HKCR:interface\{a439801c-961d-452c-ab42-7848e9cbd289}: Family Name: SweetIM Clean status: Success Item ID: 49783 Family ID: 1823
Description: HKCR:typelib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}: Family Name: SweetIM Clean status: Success Item ID: 49784 Family ID: 1823
Description: HKCR:typelib\{eee6c35e-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49785 Family ID: 1823
Description: HKCR:typelib\{eee6c35f-6118-11dc-9c72-001320c79847}: Family Name: SweetIM Clean status: Success Item ID: 49786 Family ID: 1823
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\microsoft\internet explorer\toolbar\webbrowser:{eee6c35b-6118-11dc-9c72-001320c79847} Family Name: SweetIM Clean status: Success Item ID: 49787 Family ID: 1823
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\microsoft\internet explorer\urlsearchhooks:{eee6c35d-6118-11dc-9c72-001320c79847} Family Name: SweetIM Clean status: Success Item ID: 49788 Family ID: 1823
Description: HKLM:software\microsoft\internet explorer\toolbar:{eee6c35b-6118-11dc-9c72-001320c79847} Family Name: SweetIM Clean status: Success Item ID: 49809 Family ID: 1823
Description: HKCR:sweetie.ietoolbar: Family Name: SweetIM Clean status: Success Item ID: 49755 Family ID: 1823
Description: HKCR:sweetie.ietoolbar.1: Family Name: SweetIM Clean status: Success Item ID: 49756 Family ID: 1823
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\sweetim: Family Name: SweetIM Clean status: Success Item ID: 49763 Family ID: 1823
Description: HKCR:sweetie.sweetie: Family Name: SweetIM Clean status: Success Item ID: 49764 Family ID: 1823
Description: HKCR:sweetie.sweetie.3: Family Name: SweetIM Clean status: Success Item ID: 49765 Family ID: 1823
Description: HKCR:sweetim_urlsearchhook.toolbarurlsearchhook: Family Name: SweetIM Clean status: Success Item ID: 49766 Family ID: 1823
Description: HKCR:sweetim_urlsearchhook.toolbarurlsearchhook.1: Family Name: SweetIM Clean status: Success Item ID: 49767 Family ID: 1823
Description: HKCR:toolbar3.sweetie: Family Name: SweetIM Clean status: Success Item ID: 49768 Family ID: 1823
Description: HKCR:toolbar3.sweetie.1: Family Name: SweetIM Clean status: Success Item ID: 49769 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\app paths\sweetim.exe: Family Name: SweetIM Clean status: Success Item ID: 49770 Family ID: 1823
Description: HKLM:software\sweetim: Family Name: SweetIM Clean status: Success Item ID: 49772 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\run:sweetim Family Name: SweetIM Clean status: Success Item ID: 49773 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\ Family Name: SweetIM Clean status: Success Item ID: 49789 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\ Family Name: SweetIM Clean status: Success Item ID: 49790 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\conf\ Family Name: SweetIM Clean status: Success Item ID: 49791 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\conf\users\ Family Name: SweetIM Clean status: Success Item ID: 49792 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\data\ Family Name: SweetIM Clean status: Success Item ID: 49793 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\data\contentdb\ Family Name: SweetIM Clean status: Success Item ID: 49794 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\logs\ Family Name: SweetIM Clean status: Success Item ID: 49795 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\documents and settings\all users\application data\sweetim\messenger\update\ Family Name: SweetIM Clean status: Success Item ID: 49796 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\ Family Name: SweetIM Clean status: Success Item ID: 49797 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\messenger\ Family Name: SweetIM Clean status: Success Item ID: 49798 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\messenger\resources\ Family Name: SweetIM Clean status: Success Item ID: 49799 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\messenger\resources\images\ Family Name: SweetIM Clean status: Success Item ID: 49800 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\toolbars\ Family Name: SweetIM Clean status: Success Item ID: 49801 Family ID: 1823
Description: HKLM:software\microsoft\windows\currentversion\installer\folders:c:\program files\sweetim\toolbars\internet explorer\ Family Name: SweetIM Clean status: Success Item ID: 49802 Family ID: 1823
Description: HKCR:Interface\{EEE6C358-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49803 Family ID: 1823
Description: HKCR:Interface\{EEE6C359-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49804 Family ID: 1823
Description: HKCR:Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49805 Family ID: 1823
Description: HKCR:Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}: Family Name: SweetIM Clean status: Success Item ID: 49806 Family ID: 1823
Description: HKLM:SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: Family Name: SweetIM Clean status: Success Item ID: 49807 Family ID: 1823
Description: HKCR:Installer\Features\E07FED1969C43B14CBF63379C42EC3CA: Family Name: SweetIM Clean status: Success Item ID: 49810 Family ID: 1823
Description: HKCR:Installer\Features\E98A6D63F93C8EE419181CE3B97C935A: Family Name: SweetIM Clean status: Success Item ID: 49811 Family ID: 1823
Description: HKCR:Installer\Products\E07FED1969C43B14CBF63379C42EC3CA: Family Name: SweetIM Clean status: Success Item ID: 49812 Family ID: 1823
Description: HKCR:Installer\Products\E98A6D63F93C8EE419181CE3B97C935A: Family Name: SweetIM Clean status: Success Item ID: 49813 Family ID: 1823
Description: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP137\A0082703.exe Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 328386 Family ID: 1370
Description: HKLM:software\microsoft\windows\currentversion\app paths\internetgamebox.exe: Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 12805 Family ID: 1370
Description: HKLM:software\igb: Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 48601 Family ID: 1370
Description: HKU:S-1-5-21-3559045073-1558837284-1539967888-1006\software\igb: Family Name: Win32.Adware.InternetGameBox Clean status: Success Item ID: 48602 Family ID: 1370
Scan and cleaning complete: Finished correctly after 3608 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Apr 08 23:00:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Apr 08 23:00:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: DCNH86C1
Processor name: AMD Turion(tm) 64 Mobile Technology MK-36
Processor identifier: x86 Family 15 Model 76 Stepping 2
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 19458, number of processors 1
Physical memory available: 406732800 bytes
Physical memory total: 937467904 bytes
Virtual memory available: 1998516224 bytes
Virtual memory total: 2147352576 bytes
Memory load: 56%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 1212 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1260 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1288 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1332 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1344 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1536 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1640 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1680 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1724 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1940 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 432 name: C:\WINDOWS\Explorer.EXE owner: Peyton Vogel domain: DCNH86C1
PID: 476 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 488 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT AUTHORITY
PID: 600 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 740 name: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 764 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 816 name: C:\WINDOWS\eHome\ehRecvr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 860 name: C:\WINDOWS\eHome\ehSched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 892 name: C:\Program Files\Windows Live\Family Safety\fsssvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1024 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 1060 name: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2916 name: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2976 name: C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3124 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3188 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3244 name: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3300 name: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3364 name: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3508 name: C:\WINDOWS\ehome\mcrdsvc.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 256 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 420 name: C:\WINDOWS\system32\dllhost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3952 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 164 name: C:\WINDOWS\ehome\ehtray.exe owner: Peyton Vogel domain: DCNH86C1
PID: 5000 name: C:\WINDOWS\system32\ctfmon.exe owner: Peyton Vogel domain: DCNH86C1
PID: 5660 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 972 name: C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2084 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1804 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\WINDOWS\system32\wscntfy.exe owner: Peyton Vogel domain: DCNH86C1
PID: 2256 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Peyton Vogel domain: DCNH86C1
PID: 4912 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4280 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: ehTray
imagepath: C:\WINDOWS\ehome\ehtray.exe
Name: ATICCC
imagepath: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: Dell QuickSet
imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
Name: Broadcom Wireless Manager UI
imagepath: C:\WINDOWS\system32\WLTRAY.exe
Name: SigmatelSysTrayApp
imagepath: stsystra.exe
Name: DVDLauncher
imagepath: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
Name: pccguide.exe
imagepath: "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
Name: Google Desktop Search
imagepath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Name: DellHelp
imagepath: C:\Dell\DellHelp\DellHelp.exe /c
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\qttask.exe" -atboottime
Name: EPSON Stylus C62 Series
imagepath: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
Name: fssui
imagepath: "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: SweetIM
imagepath: C:\Program Files\SweetIM\Messenger\SweetIM.exe
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
imagepath: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
imagepath: C:\Program Files\Digital Line Detect\DLG.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
imagepath: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Name:
imagepath: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AOL ACS
displayname: AOL Connectivity Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: Bonjour Service
displayname: Bonjour Service
Name: COMSysApp
displayname: COM+ System Application
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ehRecvr
displayname: Media Center Receiver Service
Name: ehSched
displayname: Media Center Scheduler Service
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: fsssvc
displayname: Windows Live OneCare Family Safety
Name: helpsvc
displayname: Help and Support
Name: iPod Service
displayname: iPod Service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: McrdSvc
displayname: Media Center Extender Service
Name: MDM
displayname: Machine Debug Manager
Name: MSSQL$MICROSOFTSMLBIZ
displayname: MSSQL$MICROSOFTSMLBIZ
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PcCtlCom
displayname: Trend Micro Central Control Component
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RDFLabel
displayname: RDFLabel
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: Tmntsrv
displayname: Trend Micro Real-time Service
Name: TmPfw
displayname: Trend Micro Personal Firewall
Name: tmproxy
displayname: Trend Micro Proxy Service
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wltrysvc
displayname: Dell Wireless WLAN Tray Service
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
_______________________________________________________________________________________________________