WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I need help getting rid of winfixer 2005..on windows 98

Started by clueless123 , Nov 01 2005 08:14 AM

This topic is locked

33 replies to this topic

#1 clueless123

Authentic Member

Authentic Member
58 posts

Posted 01 November 2005 - 08:14 AM

I have tried to use Hijack this and I keep getting an error message. Any help would be appreciated.

Advertisements

Register to Remove

#2 clueless123

Authentic Member

Authentic Member
58 posts

Posted 01 November 2005 - 10:08 AM

I finally downloaded the Hijack this log. Here is my log
Logfile of HijackThis v1.99.1
Scan saved at 11:05:03 AM, on 11/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\SURFACCURACY\SACC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\SYSTEM\QLINK32.DLL
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [2iNXA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [rs2g36i] CRYWPROP.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup
O4 - HKLM\..\Run: [NI.UWFX5_0001_N53L1025] "C:\WINDOWS\DOWNLOADED PROGRAM FILES\UWFX5_0001_N53L1025NETINSTALLER.EXE" -nag
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-J3PAI.exe" /REG
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [aBtmRWGmh] CABFAX08.EXE
O4 - HKCU\..\Run: [WinFixer2005] "C:\PROGRAM FILES\WINFIXER_2005\UWFX5.EXE" /min
O4 - HKCU\..\RunServices: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\RunServices: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\RunServices: [aBtmRWGmh] CABFAX08.EXE
O4 - HKCU\..\RunServices: [WinFixer2005] "C:\PROGRAM FILES\WINFIXER_2005\UWFX5.EXE" /min
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...001680_arch.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\SYSTEM\QLINK32.DLL

#3 daparker

Advanced Member

Authentic Member
779 posts

Posted 09 November 2005 - 10:16 AM

Hello and welcome to the forums. Sorry for the delay in responding, but we have been pretty busy here lately. Since your log might have changed since your last posting, I would like to see a new log. If you could please post a new log, I will be glad to review it.

#4 clueless123

Authentic Member

Authentic Member
58 posts

Posted 09 November 2005 - 11:53 AM

No problem with the wait I know you guys are busy. Here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 12:53:06 PM, on 11/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\SYSTEM\QLINK32.DLL (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [2iNXA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [rs2g36i] CRYWPROP.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [aBtmRWGmh] CABFAX08.EXE
O4 - HKCU\..\Run: [WinFixer2005] "C:\PROGRAM FILES\WINFIXER_2005\UWFX5.EXE" /min
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...001680_arch.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\SYSTEM\QLINK32.DLL

#5 daparker

Advanced Member

Authentic Member
779 posts

Posted 15 November 2005 - 05:11 PM

clueless123, I apologize, but I have been having problems with my reply notifications. Can you post a new HJT log for me to review?

#6 clueless123

Authentic Member

Authentic Member
58 posts

Posted 15 November 2005 - 07:37 PM

Here is the new log

Logfile of HijackThis v1.99.1
Scan saved at 8:35:08 PM, on 11/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTBDAEMON.EXE
C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\COREL\OFFICE7\SHARED\PFIT7\PFPPOP70.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\COREL\OFFICE7\DAD7\QUICK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.n....1&bm=ho_search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com...://hp.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...://hp.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\APRPS\CXTPLS.DLL (file missing)
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\PROGRAM FILES\SIDEFIND\SFBHO.DLL (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\SYSTEM\QLINK32.DLL (file missing)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRAM FILES\YAHOO!\COMMON\YIETAGBM.DLL
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM303.DLL (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\EBAYTB.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\VZBB.DLL (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [2iNXA5] "C:\WINDOWS\TEMP\CXTPLS_LOADER.EXE" /PC=CP.IST2 /SHUN /UNAR="/CTUN"
O4 - HKLM\..\Run: [rs2g36i] CRYWPROP.EXE
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\PROGRAM FILES\SPYSPOTTER3\Defender.exe -startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [aBtmRWGmh] CABFAX08.EXE
O4 - HKCU\..\Run: [WinFixer2005] "C:\PROGRAM FILES\WINFIXER_2005\UWFX5.EXE" /min
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan
O4 - Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: PerfectPrint.LNK = C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE
O4 - Startup: Corel Desktop Application Director.LNK = C:\Corel\Office7\Dad7\QUICK.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\PROGRAM FILES\EBAY\EBAY TOOLBAR2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxdm824YYUS
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Wallet - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - C:\WINDOWS\PEOPLEPC\BIN\PAYMEN~1.DLL
O9 - Extra button: Guide - {A6E07A80-436A-11d3-83B6-00902747E82E} - c:\windows\system\shdocvw.dll
O9 - Extra button: PeoplePC - {A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRAM FILES\YAHOO!\COMMON\YIESRVC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.n...tivePreQual.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...001680_arch.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\SYSTEM\QLINK32.DLL

#7 daparker

Advanced Member

Authentic Member
779 posts

Posted 15 November 2005 - 08:09 PM

Ok, let's start with a scan. Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

#8 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 01:08 AM

I tried to run spy sweeper and it was doing good. Then it made my computer shut down then this Error message appeared: SPYSWEEPER caused a general protection fault in module DIBENG.DLL at 0003:00000fa9. Registers: EAX=00000300 CS=0367 EIP=00000fa9 EFLGS=00000206 EBX=00000028 SS=6a07 ESP=0000c484 EBP=0000c4a2 ECX=00000014 DS=69c7 ESI=00000500 FS=6b8f EDX=00000000 ES=2077 EDI=cf2e5800 GS=0000 Bytes at CS:EIP: f3 67 a5 80 d1 00 f3 67 a4 66 03 76 ee 66 03 7e Stack dump: 000085c2 00000000 00000018 00000000 00000000 20578363 cf7d5f18 c4ba0327 03173bcc 58170000 00000800 00000004 6b8f0000 c4d2059f 042f4b5e 58170000

#9 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 02:53 AM

I ran it again and it did fine here is my SESSIONS LOG ******** 2:19 AM: | Start of Session, Wednesday, November 16, 2005 | 2:19 AM: Spy Sweeper started 2:19 AM: Sweep initiated using definitions version 573 2:19 AM: Starting Memory Sweep 2:24 AM: Spy Installation Shield: found: Adware: winantispyware 2005, version 1.0.0.0 -- Execution Denied 2:25 AM: Found Adware: winantispyware 2005 2:25 AM: Detected running threat: C:\Program Files\WinFixer_2005\FxCor.dll (ID = 188360) 2:25 AM: Detected running threat: C:\Program Files\WinFixer_2005\MMFx.dll (ID = 188361) 2:25 AM: Detected running threat: C:\Program Files\WinFixer_2005\FTR.dll (ID = 188365) 2:25 AM: Detected running threat: C:\Program Files\WinFixer_2005\FFWrap.dll (ID = 188362) 2:25 AM: Detected running threat: C:\Program Files\WinFixer_2005\df_fix.dll (ID = 188357) 2:25 AM: Detected running threat: C:\Program Files\WinFixer_2005\compclr.dll (ID = 188363) 2:27 AM: Memory Sweep Complete, Elapsed Time: 00:08:22 2:27 AM: Starting Registry Sweep 2:28 AM: Found Adware: apropos 2:28 AM: HKCR\clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (3 subtraces) (ID = 103710) 2:28 AM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726) 2:28 AM: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729) 2:28 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741) 2:28 AM: HKLM\software\autoloader\ (2 subtraces) (ID = 103742) 2:28 AM: HKLM\software\classes\clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (3 subtraces) (ID = 103748) 2:28 AM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764) 2:28 AM: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767) 2:28 AM: HKLM\software\classes\interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}\ (5 subtraces) (ID = 103772) 2:28 AM: HKLM\software\classes\interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}\ (5 subtraces) (ID = 103773) 2:28 AM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774) 2:28 AM: HKLM\software\envolo\ (10 subtraces) (ID = 103775) 2:28 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (ID = 103778) 2:28 AM: HKLM\software\microsoft\windows\currentversion\uninstall\aproposclient\ (3 subtraces) (ID = 103818) 2:28 AM: HKLM\software\microsoft\windows\currentversion\uninstall\autoupdate\ (1 subtraces) (ID = 103819) 2:28 AM: Found Adware: cws-aboutblank 2:28 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343) 2:29 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907) 2:30 AM: Found Adware: internetoptimizer 2:30 AM: HKU\.default\software\avenue media\ (ID = 128878) 2:30 AM: HKU\.default\software\policies\avenue media\ (ID = 128879) 2:30 AM: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885) 2:30 AM: HKLM\software\avenue media\ (64 subtraces) (ID = 128888) 2:30 AM: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896) 2:30 AM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912) 2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer\ (2 subtraces) (ID = 128921) 2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer active alert\ (3 subtraces) (ID = 128922) 2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924) 2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925) 2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\wsem update\ (2 subtraces) (ID = 128927) 2:30 AM: HKLM\software\policies\avenue media\ (ID = 128929) 2:30 AM: Found Adware: ist software 2:30 AM: HKU\.default\software\ist\ (5 subtraces) (ID = 129052) 2:30 AM: Found Adware: ist istbar 2:30 AM: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129103) 2:30 AM: HKLM\software\istsvc\ (42 subtraces) (ID = 129111) 2:30 AM: HKLM\software\microsoft\windows\currentversion\run\ || ist service (ID = 129146) 2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\istsvc\ (3 subtraces) (ID = 129183) 2:30 AM: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129190) 2:30 AM: Found Adware: linkmaker 2:30 AM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743) 2:30 AM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750) 2:30 AM: Found Adware: moneytree 2:30 AM: HKCR\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ (11 subtraces) (ID = 135167) 2:30 AM: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (11 subtraces) (ID = 135171) 2:30 AM: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185) 2:30 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ (ID = 135211) 2:30 AM: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (9 subtraces) (ID = 135216) 2:31 AM: Found Adware: powerscan 2:31 AM: HKU\.default\software\powerscan\ (1 subtraces) (ID = 136822) 2:31 AM: HKLM\software\powerscan\ (1 subtraces) (ID = 136824) 2:31 AM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826) 2:31 AM: Found Adware: ist sidefind 2:31 AM: HKCR\browserhelperobject.bahelper.1\ (3 subtraces) (ID = 141761) 2:31 AM: HKCR\browserhelperobject.bahelper\ (5 subtraces) (ID = 141762) 2:31 AM: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (15 subtraces) (ID = 141763) 2:31 AM: HKCR\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (11 subtraces) (ID = 141764) 2:31 AM: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141765) 2:31 AM: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141766) 2:31 AM: HKCR\sidefind.finder.1\ (3 subtraces) (ID = 141767) 2:31 AM: HKCR\sidefind.finder\ (5 subtraces) (ID = 141768) 2:31 AM: HKLM\software\classes\browserhelperobject.bahelper\ (5 subtraces) (ID = 141769) 2:31 AM: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (15 subtraces) (ID = 141770) 2:31 AM: HKLM\software\classes\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (11 subtraces) (ID = 141771) 2:31 AM: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141772) 2:31 AM: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141773) 2:31 AM: HKLM\software\classes\sidefind.finder\ (5 subtraces) (ID = 141774) 2:31 AM: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141775) 2:31 AM: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141776) 2:31 AM: HKLM\software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}\ (6 subtraces) (ID = 141779) 2:31 AM: HKLM\software\microsoft\sidefind\ (2 subtraces) (ID = 141780) 2:31 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141781) 2:31 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sidefind\ (2 subtraces) (ID = 141782) 2:31 AM: HKLM\software\sidefind\ (6 subtraces) (ID = 141783) 2:31 AM: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141784) 2:31 AM: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141785) 2:32 AM: Found Adware: ist yoursitebar 2:32 AM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147828) 2:32 AM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 147829) 2:32 AM: HKCR\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ (14 subtraces) (ID = 147831) 2:32 AM: HKCR\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ (8 subtraces) (ID = 147832) 2:32 AM: HKCR\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ (8 subtraces) (ID = 147835) 2:32 AM: HKLM\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ (14 subtraces) (ID = 147837) 2:32 AM: HKLM\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ (8 subtraces) (ID = 147838) 2:32 AM: HKLM\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ (8 subtraces) (ID = 147841) 2:32 AM: HKLM\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (9 subtraces) (ID = 147842) 2:32 AM: HKLM\software\classes\ysb.ysbobj.1\ (3 subtraces) (ID = 147846) 2:32 AM: HKLM\software\classes\ysb.ysbobj\ (5 subtraces) (ID = 147847) 2:32 AM: HKLM\software\classes\ysbactivex.installer\ (3 subtraces) (ID = 147849) 2:32 AM: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (10 subtraces) (ID = 147850) 2:32 AM: HKLM\software\microsoft\internet explorer\toolbar\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147852) 2:32 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854) 2:32 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857) 2:32 AM: HKLM\software\microsoft\windows\currentversion\uninstall\yoursitebar\ (5 subtraces) (ID = 147859) 2:32 AM: HKLM\software\yoursitebar\ (21 subtraces) (ID = 147860) 2:32 AM: HKCR\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (9 subtraces) (ID = 147861) 2:32 AM: HKCR\ysb.ysbobj.1\ (3 subtraces) (ID = 147865) 2:32 AM: HKCR\ysb.ysbobj\ (5 subtraces) (ID = 147866) 2:32 AM: HKCR\ysbactivex.installer\ (3 subtraces) (ID = 147869) 2:32 AM: Found Adware: surf accuracy 2:32 AM: HKLM\software\sacc\ (10 subtraces) (ID = 203068) 2:32 AM: HKLM\software\microsoft\windows\currentversion\run\ || surfaccuracy (ID = 203069) 2:32 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070) 2:32 AM: Found Adware: quicklink search toolbar 2:32 AM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437) 2:32 AM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440) 2:32 AM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448) 2:32 AM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449) 2:32 AM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450) 2:32 AM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451) 2:32 AM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452) 2:32 AM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453) 2:32 AM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454) 2:32 AM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455) 2:32 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (ID = 359456) 2:32 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457) 2:32 AM: HKLM\software\ql\ (4 subtraces) (ID = 359458) 2:32 AM: Found Adware: winad 2:32 AM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857) 2:32 AM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859) 2:32 AM: HKLM\software\avenue media\internet optimizer\ (63 subtraces) (ID = 394594) 2:32 AM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902) 2:32 AM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904) 2:33 AM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328) 2:33 AM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357) 2:33 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026) 2:33 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028) 2:33 AM: HKCR\flfxr.flfixer\ (3 subtraces) (ID = 812689) 2:33 AM: HKCR\appid\compcl.dll\ (1 subtraces) (ID = 812722) 2:33 AM: HKCR\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 812866) 2:33 AM: HKCR\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813030) 2:33 AM: HKLM\software\winfixer2005\ (1 subtraces) (ID = 813086) 2:33 AM: HKLM\software\classes\flfxr.flfixer\ (3 subtraces) (ID = 813191) 2:33 AM: HKLM\software\classes\appid\compcl.dll\ (1 subtraces) (ID = 813224) 2:33 AM: HKLM\software\classes\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 813368) 2:33 AM: HKLM\software\classes\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813532) 2:33 AM: HKLM\software\microsoft\windows\currentversion\uninstall\uwfx5_is1\ (14 subtraces) (ID = 813553) 2:33 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\fcrxml.dll (ID = 819066) 2:33 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\prcheck.dll (ID = 819067) 2:33 AM: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 920458) 2:33 AM: HKCR\df_fixer.fix.1\ (3 subtraces) (ID = 970172) 2:33 AM: HKCR\df_fixer.fix\ (5 subtraces) (ID = 970176) 2:33 AM: HKCR\fixcor.mmfixcor.1\ (3 subtraces) (ID = 970192) 2:33 AM: HKCR\fixcor.mmfixcor\ (5 subtraces) (ID = 970196) 2:33 AM: HKCR\mmfx.cofixengin.1\ (3 subtraces) (ID = 970202) 2:33 AM: HKCR\mmfx.cofixengin\ (5 subtraces) (ID = 970206) 2:33 AM: HKCR\ffwrap.ffenginwrape.1\ (3 subtraces) (ID = 970212) 2:33 AM: HKCR\ffwrap.ffenginwrape\ (5 subtraces) (ID = 970216) 2:33 AM: HKCR\uwfxpcheck.uwfxpcheck.1\ (3 subtraces) (ID = 970282) 2:33 AM: HKCR\uwfxpcheck.uwfxpcheck\ (5 subtraces) (ID = 970286) 2:33 AM: HKCR\clsid\{1fbbc0b6-ac2a-468f-80b3-1edf649fba66}\ (12 subtraces) (ID = 970293) 2:33 AM: HKCR\clsid\{1d146204-5226-45dc-be9a-36b1c76d3bc1}\ (4 subtraces) (ID = 970319) 2:33 AM: HKCR\clsid\{bf15c0e3-dd2f-453f-9461-8fb8ba311753}\ (12 subtraces) (ID = 970324) 2:33 AM: HKCR\clsid\{6adc47f3-9670-4771-a89c-b7516a3f78ce}\ (4 subtraces) (ID = 970337) 2:33 AM: HKCR\clsid\{6eb57351-498d-4e70-92b1-e1a29cefe972}\ (21 subtraces) (ID = 970342) 2:33 AM: HKCR\clsid\{6275c07b-d390-402d-b38a-54d301a246f9}\ (4 subtraces) (ID = 970364) 2:33 AM: HKCR\clsid\{00e894c0-f4ec-4129-9321-f73ea0ad1eca}\ (21 subtraces) (ID = 970369) 2:33 AM: HKCR\clsid\{a3bdf108-91d9-4764-a564-8f9441da2938}\ (12 subtraces) (ID = 970391) 2:33 AM: HKCR\clsid\{34491c49-06dd-46a1-926a-a71dbe35f0da}\ (12 subtraces) (ID = 970404) 2:33 AM: HKCR\clsid\{f915030e-1f82-4368-92ec-f782a36d9e76}\ (12 subtraces) (ID = 970417) 2:33 AM: HKCR\clsid\{11ae85fb-f48e-4c15-beee-8bc945472d83}\ (12 subtraces) (ID = 970430) 2:33 AM: HKCR\clsid\{90d29529-5923-4eaf-b946-07bc5da11c0a}\ (12 subtraces) (ID = 970443) 2:33 AM: HKCR\clsid\{693e85bf-0a75-4250-bfcc-87bd34703e5d}\ (12 subtraces) (ID = 970456) 2:33 AM: HKCR\clsid\{4f3f122c-7950-4ae9-b2f1-5ab59e8294f0}\ (4 subtraces) (ID = 970469) 2:33 AM: HKCR\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (14 subtraces) (ID = 970474) 2:33 AM: HKCR\typelib\{9091d048-b037-4d7d-a40a-65f5fe9de61f}\ (9 subtraces) (ID = 970491) 2:33 AM: HKCR\typelib\{1a955b68-7c64-4193-840a-2f4979643173}\ (9 subtraces) (ID = 970511) 2:33 AM: HKCR\typelib\{f110a1da-d25e-44cd-8cfd-e19671b26f6f}\ (9 subtraces) (ID = 970521) 2:33 AM: HKCR\typelib\{512558be-0df4-4d52-89ab-7aea8353c4ab}\ (9 subtraces) (ID = 970531) 2:33 AM: HKCR\typelib\{18ac54bb-5f98-44bd-be0e-ed31145849b2}\ (9 subtraces) (ID = 970541) 2:33 AM: HKCR\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (9 subtraces) (ID = 970551) 2:33 AM: HKCR\appid\{6f9da798-4e32-4b96-848a-682ef26492a4}\ (1 subtraces) (ID = 970563) 2:33 AM: HKCR\appid\fxcor.dll\ (1 subtraces) (ID = 970565) 2:33 AM: HKCR\appid\{866e8004-1bdb-40d7-a3e7-15ac1d8de89b}\ (1 subtraces) (ID = 970567) 2:33 AM: HKCR\appid\mmfx.dll\ (1 subtraces) (ID = 970569) 2:33 AM: HKCR\appid\{40c70063-68a3-4e74-8947-1d813cb20087}\ (1 subtraces) (ID = 970571) 2:33 AM: HKCR\appid\ffwrap.dll\ (1 subtraces) (ID = 970573) 2:33 AM: HKCR\appid\{a025cbcb-2551-41e0-a76c-c3c815180876}\ (1 subtraces) (ID = 970575) 2:33 AM: HKLM\software\classes\df_fixer.fix.1\ (3 subtraces) (ID = 970600) 2:33 AM: HKLM\software\classes\df_fixer.fix\ (5 subtraces) (ID = 970604) 2:33 AM: HKLM\software\classes\fixcor.mmfixcor.1\ (3 subtraces) (ID = 970620) 2:33 AM: HKLM\software\classes\fixcor.mmfixcor\ (5 subtraces) (ID = 970624) 2:33 AM: HKLM\software\classes\mmfx.cofixengin.1\ (3 subtraces) (ID = 970630) 2:33 AM: HKLM\software\classes\mmfx.cofixengin\ (5 subtraces) (ID = 970634) 2:33 AM: HKLM\software\classes\ffwrap.ffenginwrape.1\ (3 subtraces) (ID = 970640) 2:33 AM: HKLM\software\classes\ffwrap.ffenginwrape.1\clsid\ (1 subtraces) (ID = 970642) 2:33 AM: HKLM\software\classes\ffwrap.ffenginwrape\ (5 subtraces) (ID = 970644) 2:33 AM: HKLM\software\classes\ffwrap.ffenginwrape\clsid\ (1 subtraces) (ID = 970646) 2:33 AM: HKLM\software\classes\uwfxpcheck.uwfxpcheck.1\ (3 subtraces) (ID = 970710) 2:33 AM: HKLM\software\classes\uwfxpcheck.uwfxpcheck\ (5 subtraces) (ID = 970714) 2:33 AM: HKLM\software\classes\clsid\{1fbbc0b6-ac2a-468f-80b3-1edf649fba66}\ (12 subtraces) (ID = 970721) 2:33 AM: HKLM\software\classes\clsid\{1d146204-5226-45dc-be9a-36b1c76d3bc1}\ (4 subtraces) (ID = 970747) 2:33 AM: HKLM\software\winfixer_2005\ (4 subtraces) (ID = 970753) 2:33 AM: HKLM\software\classes\clsid\{bf15c0e3-dd2f-453f-9461-8fb8ba311753}\ (12 subtraces) (ID = 970759) 2:33 AM: HKLM\software\classes\clsid\{6adc47f3-9670-4771-a89c-b7516a3f78ce}\ (4 subtraces) (ID = 970772) 2:33 AM: HKLM\software\classes\clsid\{6eb57351-498d-4e70-92b1-e1a29cefe972}\ (21 subtraces) (ID = 970777) 2:33 AM: HKLM\software\classes\clsid\{6275c07b-d390-402d-b38a-54d301a246f9}\ (4 subtraces) (ID = 970799) 2:33 AM: HKLM\software\classes\clsid\{00e894c0-f4ec-4129-9321-f73ea0ad1eca}\ (21 subtraces) (ID = 970804) 2:33 AM: HKLM\software\classes\clsid\{a3bdf108-91d9-4764-a564-8f9441da2938}\ (12 subtraces) (ID = 970826) 2:33 AM: HKLM\software\classes\clsid\{34491c49-06dd-46a1-926a-a71dbe35f0da}\ (12 subtraces) (ID = 970839) 2:33 AM: HKLM\software\classes\clsid\{f915030e-1f82-4368-92ec-f782a36d9e76}\ (12 subtraces) (ID = 970852) 2:33 AM: HKLM\software\classes\clsid\{11ae85fb-f48e-4c15-beee-8bc945472d83}\ (12 subtraces) (ID = 970865) 2:33 AM: HKLM\software\classes\clsid\{90d29529-5923-4eaf-b946-07bc5da11c0a}\ (12 subtraces) (ID = 970878) 2:33 AM: HKLM\software\classes\clsid\{693e85bf-0a75-4250-bfcc-87bd34703e5d}\ (12 subtraces) (ID = 970891) 2:33 AM: HKLM\software\classes\clsid\{4f3f122c-7950-4ae9-b2f1-5ab59e8294f0}\ (4 subtraces) (ID = 970904) 2:33 AM: HKLM\software\classes\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (14 subtraces) (ID = 970909) 2:33 AM: HKLM\software\classes\typelib\{9091d048-b037-4d7d-a40a-65f5fe9de61f}\ (9 subtraces) (ID = 970926) 2:33 AM: HKLM\software\classes\typelib\{1a955b68-7c64-4193-840a-2f4979643173}\ (9 subtraces) (ID = 970946) 2:33 AM: HKLM\software\classes\typelib\{f110a1da-d25e-44cd-8cfd-e19671b26f6f}\ (9 subtraces) (ID = 970956) 2:33 AM: HKLM\software\classes\typelib\{512558be-0df4-4d52-89ab-7aea8353c4ab}\ (9 subtraces) (ID = 970966) 2:33 AM: HKLM\software\classes\typelib\{18ac54bb-5f98-44bd-be0e-ed31145849b2}\ (9 subtraces) (ID = 970976) 2:33 AM: HKLM\software\classes\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (9 subtraces) (ID = 970986) 2:33 AM: HKLM\software\classes\appid\{6f9da798-4e32-4b96-848a-682ef26492a4}\ (1 subtraces) (ID = 970998) 2:33 AM: HKLM\software\classes\appid\fxcor.dll\ (1 subtraces) (ID = 971000) 2:33 AM: HKLM\software\classes\appid\{866e8004-1bdb-40d7-a3e7-15ac1d8de89b}\ (1 subtraces) (ID = 971002) 2:33 AM: HKLM\software\classes\appid\mmfx.dll\ (1 subtraces) (ID = 971004) 2:33 AM: HKLM\software\classes\appid\{40c70063-68a3-4e74-8947-1d813cb20087}\ (1 subtraces) (ID = 971006) 2:33 AM: HKLM\software\classes\appid\ffwrap.dll\ (1 subtraces) (ID = 971008) 2:33 AM: HKLM\software\classes\appid\{a025cbcb-2551-41e0-a76c-c3c815180876}\ (1 subtraces) (ID = 971010) 2:33 AM: HKU\.DEFAULT\software\aprps\ (7 subtraces) (ID = 103740) 2:33 AM: HKU\.DEFAULT\software\avenue media\ (ID = 128887) 2:33 AM: HKU\.DEFAULT\software\policies\avenue media\ (ID = 128928) 2:33 AM: HKU\.DEFAULT\software\ist\ (5 subtraces) (ID = 129108) 2:33 AM: HKU\.DEFAULT\software\powerscan\ (1 subtraces) (ID = 136823) 2:33 AM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778) 2:33 AM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser\ || {86227d9c-0efe-4f8a-aa55-30386a3f5686} (ID = 147853) 2:33 AM: HKU\.DEFAULT\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042) 2:33 AM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || winfixer2005 (ID = 813065) 2:34 AM: HKU\.DEFAULT\software\winfixer_2005\ (18 subtraces) (ID = 970577) 2:34 AM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || winfixer_2005 (ID = 970594) 2:34 AM: HKU\.DEFAULT\software\winfixer_2005\settings\ (17 subtraces) (ID = 971336) 2:34 AM: Registry Sweep Complete, Elapsed Time:00:06:25 2:34 AM: Starting Cookie Sweep 2:34 AM: Found Spy Cookie: go2net.com cookie 2:34 AM: hp authorized customer@go2net[2].txt (ID = 2730) 2:34 AM: Found Spy Cookie: about cookie 2:34 AM: hp authorized customer@ibscrohns.about[1].txt (ID = 2038) 2:34 AM: Found Spy Cookie: go.com cookie 2:34 AM: hp authorized customer@tvplex.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@about[2].txt (ID = 2037) 2:34 AM: Found Spy Cookie: gorillanation cookie 2:34 AM: hp authorized customer@ads.gorillanation[1].txt (ID = 2744) 2:34 AM: Found Spy Cookie: banner cookie 2:34 AM: mark simmons@banner[1].txt (ID = 2276) 2:34 AM: Found Spy Cookie: adultfriendfinder cookie 2:34 AM: mark simmons@adultfriendfinder[1].txt (ID = 2165) 2:34 AM: Found Spy Cookie: revenue.net cookie 2:34 AM: mark simmons@revenue[2].txt (ID = 3257) 2:34 AM: Found Spy Cookie: questionmarket cookie 2:34 AM: mark simmons@questionmarket[1].txt (ID = 3217) 2:34 AM: Found Spy Cookie: adminder cookie 2:34 AM: hp authorized customer@www.adminder[1].txt (ID = 2079) 2:34 AM: Found Spy Cookie: yieldmanager cookie 2:34 AM: mark simmons@ad.yieldmanager[2].txt (ID = 3751) 2:34 AM: Found Spy Cookie: mashka cookie 2:34 AM: mark simmons@mashka[1].txt (ID = 2949) 2:34 AM: Found Spy Cookie: affiliatefuel.com cookie 2:34 AM: hp authorized customer@www.affiliatefuel[2].txt (ID = 2202) 2:34 AM: hp authorized customer@onelifetolive.about[1].txt (ID = 2038) 2:34 AM: Found Spy Cookie: tradedoubler cookie 2:34 AM: mark simmons@tradedoubler[1].txt (ID = 3575) 2:34 AM: Found Spy Cookie: web-stat cookie 2:34 AM: hp authorized customer@www.web-stat[1].txt (ID = 3649) 2:34 AM: Found Spy Cookie: atwola cookie 2:34 AM: hp authorized customer@atwola[1].txt (ID = 2255) 2:34 AM: Found Spy Cookie: dealtime cookie 2:34 AM: hp authorized customer@dealtime[1].txt (ID = 2505) 2:34 AM: Found Spy Cookie: tribalfusion cookie 2:34 AM: mark simmons@tribalfusion[1].txt (ID = 3589) 2:34 AM: Found Spy Cookie: adrevolver cookie 2:34 AM: mark simmons@adrevolver[1].txt (ID = 2088) 2:34 AM: hp authorized customer@boards.go[1].txt (ID = 2729) 2:34 AM: Found Spy Cookie: specificpop cookie 2:34 AM: hp authorized customer@specificpop[1].txt (ID = 3401) 2:34 AM: Found Spy Cookie: atlas dmt cookie 2:34 AM: mark simmons@atdmt[1].txt (ID = 2253) 2:34 AM: Found Spy Cookie: kount cookie 2:34 AM: hp authorized customer@kount[2].txt (ID = 2911) 2:34 AM: Found Spy Cookie: adserver cookie 2:34 AM: mark simmons@z1.adserver[1].txt (ID = 2142) 2:34 AM: Found Spy Cookie: ask cookie 2:34 AM: mark simmons@ask[1].txt (ID = 2245) 2:34 AM: Found Spy Cookie: directtrack cookie 2:34 AM: hp authorized customer@directtrack[1].txt (ID = 2527) 2:34 AM: hp authorized customer@offersquest.directtrack[2].txt (ID = 2528) 2:34 AM: Found Spy Cookie: netratingsselect cookie 2:34 AM: hp authorized customer@nnselect[2].txt (ID = 3065) 2:34 AM: Found Spy Cookie: adknowledge cookie 2:34 AM: mark simmons@adknowledge[2].txt (ID = 2072) 2:34 AM: Found Spy Cookie: nextag cookie 2:34 AM: hp authorized customer@www.nextag[1].txt (ID = 5015) 2:34 AM: hp authorized customer@stat.dealtime[2].txt (ID = 2506) 2:34 AM: mark simmons@adrevolver[2].txt (ID = 2088) 2:34 AM: Found Spy Cookie: ru4 cookie 2:34 AM: mark simmons@edge.ru4[1].txt (ID = 3269) 2:34 AM: Found Spy Cookie: 66.70.21 cookie 2:34 AM: hp authorized customer@66.70.21[2].txt (ID = 1999) 2:34 AM: Found Spy Cookie: casalemedia cookie 2:34 AM: mark simmons@casalemedia[1].txt (ID = 2354) 2:34 AM: Found Spy Cookie: specificclick.com cookie 2:34 AM: hp authorized customer@ads.specificclick[2].txt (ID = 3400) 2:34 AM: Found Spy Cookie: azjmp cookie 2:34 AM: hp authorized customer@azjmp[2].txt (ID = 2270) 2:34 AM: Found Spy Cookie: fastclick cookie 2:34 AM: mark simmons@fastclick[1].txt (ID = 2651) 2:34 AM: Found Spy Cookie: trafficmp cookie 2:34 AM: mark simmons@trafficmp[2].txt (ID = 3581) 2:34 AM: Found Spy Cookie: metareward.com cookie 2:34 AM: hp authorized customer@metareward[1].txt (ID = 2990) 2:34 AM: Found Spy Cookie: servedby advertising cookie 2:34 AM: mark simmons@servedby.advertising[2].txt (ID = 3335) 2:34 AM: Found Spy Cookie: bizrate cookie 2:34 AM: hp authorized customer@bizrate[1].txt (ID = 2308) 2:34 AM: Found Spy Cookie: adtech cookie 2:34 AM: mark simmons@adtech[2].txt (ID = 2155) 2:34 AM: Found Spy Cookie: myaffiliateprogram.com cookie 2:34 AM: mark simmons@www.myaffiliateprogram[2].txt (ID = 3032) 2:34 AM: Found Spy Cookie: gostats cookie 2:34 AM: hp authorized customer@gostats[2].txt (ID = 2747) 2:34 AM: mark simmons@media.fastclick[1].txt (ID = 2652) 2:34 AM: Found Spy Cookie: addynamix cookie 2:34 AM: mark simmons@ads.addynamix[2].txt (ID = 2062) 2:34 AM: Found Spy Cookie: stats.klsoft.com cookie 2:34 AM: hp authorized customer@stats.klsoft[1].txt (ID = 3451) 2:34 AM: Found Spy Cookie: pricegrabber cookie 2:34 AM: hp authorized customer@pricegrabber[2].txt (ID = 3185) 2:34 AM: Found Spy Cookie: belnk cookie 2:34 AM: mark simmons@belnk[1].txt (ID = 2292) 2:34 AM: Found Spy Cookie: yadro cookie 2:34 AM: hp authorized customer@yadro[2].txt (ID = 3743) 2:34 AM: mark simmons@dist.belnk[2].txt (ID = 2293) 2:34 AM: Found Spy Cookie: pointroll cookie 2:34 AM: mark simmons@ads.pointroll[2].txt (ID = 3148) 2:34 AM: Found Spy Cookie: realmedia cookie 2:34 AM: mark simmons@realmedia[2].txt (ID = 3235) 2:34 AM: hp authorized customer@espn.go[2].txt (ID = 2729) 2:34 AM: Found Spy Cookie: buzztone cookie 2:34 AM: hp authorized customer@www.buzztone[1].txt (ID = 2339) 2:34 AM: Found Spy Cookie: burstbeacon cookie 2:34 AM: hp authorized customer@www.burstbeacon[1].txt (ID = 2335) 2:34 AM: Found Spy Cookie: hitslink cookie 2:34 AM: mark simmons@counter.hitslink[2].txt (ID = 2790) 2:34 AM: Found Spy Cookie: did-it cookie 2:34 AM: hp authorized customer@did-it[2].txt (ID = 2523) 2:34 AM: hp authorized customer@go[2].txt (ID = 2728) 2:34 AM: Found Spy Cookie: infospace cookie 2:34 AM: hp authorized customer@infospace[2].txt (ID = 2865) 2:34 AM: hp authorized customer@msn.espn.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@sports.espn.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@go[1].txt (ID = 2728) 2:34 AM: hp authorized customer@go2net[3].txt (ID = 2730) 2:34 AM: mark simmons@counter2.hitslink[2].txt (ID = 2790) 2:34 AM: hp authorized customer@abc.go[2].txt (ID = 2729) 2:34 AM: hp authorized customer@msn.espn.go[2].txt (ID = 2729) 2:34 AM: hp authorized customer@ads.gorillanation[2].txt (ID = 2744) 2:34 AM: Found Spy Cookie: advertising cookie 2:34 AM: mark simmons@advertising[1].txt (ID = 2175) 2:34 AM: hp authorized customer@atwola[3].txt (ID = 2255) 2:34 AM: hp authorized customer@boards.abc.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@romanticmovies.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@kount[1].txt (ID = 2911) 2:34 AM: hp authorized customer@primetimetv.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@register.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@boards.go[3].txt (ID = 2729) 2:34 AM: hp authorized customer@espn.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@sports.espn.go[2].txt (ID = 2729) 2:34 AM: hp authorized customer@heavy.etv.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@nnselect[3].txt (ID = 3065) 2:34 AM: Found Spy Cookie: ugo cookie 2:34 AM: hp authorized customer@mediamgr.ugo[2].txt (ID = 3609) 2:34 AM: hp authorized customer@atheism.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@about[3].txt (ID = 2037) 2:34 AM: hp authorized customer@bipolar.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@home.about[2].txt (ID = 2038) 2:34 AM: Found Spy Cookie: bannerspace cookie 2:34 AM: hp authorized customer@bannerspace[2].txt (ID = 2284) 2:34 AM: Found Spy Cookie: adscpm cookie 2:34 AM: hp authorized customer@servedby.adscpm[1].txt (ID = 2137) 2:34 AM: Found Spy Cookie: abetterinternet cookie 2:34 AM: hp authorized customer@abetterinternet[1].txt (ID = 2035) 2:34 AM: hp authorized customer@infospace[3].txt (ID = 2865) 2:34 AM: hp authorized customer@www.myaffiliateprogram[1].txt (ID = 3032) 2:34 AM: hp authorized customer@search.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@teenwriting.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@scrapbooking.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@fishing.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@poetry.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@dying.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@retireplan.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@classicfilm.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@www.burstbeacon[3].txt (ID = 2335) 2:34 AM: Found Spy Cookie: hypertracker.com cookie 2:34 AM: hp authorized customer@hypertracker[1].txt (ID = 2817) 2:34 AM: Found Spy Cookie: rightmedia cookie 2:34 AM: hp authorized customer@rightmedia[1].txt (ID = 3259) 2:34 AM: Found Spy Cookie: trb.com cookie 2:34 AM: hp authorized customer@wb4.trb[1].txt (ID = 3588) 2:34 AM: hp authorized customer@urbanlegends.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@forums.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@espn.go[3].txt (ID = 2729) 2:34 AM: hp authorized customer@metareward[3].txt (ID = 2990) 2:34 AM: hp authorized customer@specificpop[3].txt (ID = 3401) 2:34 AM: hp authorized customer@couponing.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@rightmedia[3].txt (ID = 3259) 2:34 AM: hp authorized customer@kount[3].txt (ID = 2911) 2:34 AM: Found Spy Cookie: sb01 cookie 2:34 AM: hp authorized customer@jp1.sb01[2].txt (ID = 3288) 2:34 AM: Found Spy Cookie: customer cookie 2:34 AM: hp authorized customer@customer[1].txt (ID = 2481) 2:34 AM: hp authorized customer@football.about[1].txt (ID = 2038) 2:34 AM: Found Spy Cookie: counter cookie 2:34 AM: hp authorized customer@counter[1].txt (ID = 2477) 2:34 AM: hp authorized customer@dealtime[2].txt (ID = 2505) 2:34 AM: hp authorized customer@beauty.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@nextag[1].txt (ID = 5014) 2:34 AM: hp authorized customer@classiclit.about[1].txt (ID = 2038) 2:34 AM: Found Spy Cookie: cliks cookie 2:34 AM: hp authorized customer@cliks[2].txt (ID = 2414) 2:34 AM: Found Spy Cookie: fastcompany cookie 2:34 AM: hp authorized customer@fastcompany[2].txt (ID = 2655) 2:34 AM: hp authorized customer@www.fastcompany[1].txt (ID = 2657) 2:34 AM: hp authorized customer@ypng.infospace[1].txt (ID = 2866) 2:34 AM: Found Spy Cookie: servlet cookie 2:34 AM: hp authorized customer@servlet[1].txt (ID = 3345) 2:34 AM: hp authorized customer@about[4].txt (ID = 2037) 2:34 AM: Found Spy Cookie: adprofile cookie 2:34 AM: hp authorized customer@adprofile[1].txt (ID = 2084) 2:34 AM: hp authorized customer@ask[1].txt (ID = 2245) 2:34 AM: hp authorized customer@sports.espn.go[3].txt (ID = 2729) 2:34 AM: hp authorized customer@rsi.espn.go[1].txt (ID = 2729) 2:34 AM: hp authorized customer@abc.go[3].txt (ID = 2729) 2:34 AM: hp authorized customer@inventors.about[1].txt (ID = 2038) 2:34 AM: Found Spy Cookie: ebates cookie 2:34 AM: hp authorized customer@www.ebates[1].txt (ID = 2558) 2:34 AM: hp authorized customer@www2.nextag[1].txt (ID = 5015) 2:34 AM: Found Spy Cookie: uproar cookie 2:34 AM: hp authorized customer@uproar[1].txt (ID = 3612) 2:34 AM: hp authorized customer@fox59.trb[2].txt (ID = 3588) 2:34 AM: hp authorized customer@trb[2].txt (ID = 3587) 2:34 AM: Found Spy Cookie: a cookie 2:34 AM: hp authorized customer@a[1].txt (ID = 2027) 2:34 AM: Found Spy Cookie: reunion cookie 2:34 AM: hp authorized customer@reunion[1].txt (ID = 3255) 2:34 AM: hp authorized customer@www.myaffiliateprogram[2].txt (ID = 3032) 2:34 AM: hp authorized customer@atwola[4].txt (ID = 2255) 2:34 AM: hp authorized customer@www.buzztone[2].txt (ID = 2339) 2:34 AM: Found Spy Cookie: enhance cookie 2:34 AM: hp authorized customer@c.enhance[1].txt (ID = 2614) 2:34 AM: hp authorized customer@ad.reunion[1].txt (ID = 3256) 2:34 AM: Found Spy Cookie: hit-counter cookie 2:34 AM: hp authorized customer@dog.hit-counter.udub[1].txt (ID = 2780) 2:34 AM: hp authorized customer@hypertracker[2].txt (ID = 2817) 2:34 AM: Found Spy Cookie: megago cookie 2:34 AM: hp authorized customer@www.nintendo64games.freeservers[2].txt (ID = 2983) 2:34 AM: hp authorized customer@infospace[1].txt (ID = 2865) 2:34 AM: Found Spy Cookie: adlegend cookie 2:34 AM: hp authorized customer@adlegend[1].txt (ID = 2074) 2:34 AM: hp authorized customer@abcnews.go[2].txt (ID = 2729) 2:34 AM: Found Spy Cookie: tracking cookie 2:34 AM: hp authorized customer@tracking[2].txt (ID = 3571) 2:34 AM: hp authorized customer@magic.about[2].txt (ID = 2038) 2:34 AM: hp authorized customer@adopt.specificclick[2].txt (ID = 3400) 2:34 AM: Found Spy Cookie: banners cookie 2:34 AM: hp authorized customer@banners[1].txt (ID = 2282) 2:34 AM: hp authorized customer@tracking[3].txt (ID = 3571) 2:34 AM: hp authorized customer@autism.about[1].txt (ID = 2038) 2:34 AM: hp authorized customer@uproar[2].txt (ID = 3612) 2:34 AM: hp authorized customer@rightmedia[4].txt (ID = 3259) 2:34 AM: hp authorized customer@uproar[4].txt (ID = 3612) 2:34 AM: hp authorized customer@www2.nextag[2].txt (ID = 5015) 2:34 AM: hp authorized customer@atwola[5].txt (ID = 2255) 2:34 AM: hp authorized customer@pricegrabber[3].txt (ID = 3185) 2:34 AM: hp authorized customer@stat.dealtime[1].txt (ID = 2506) 2:35 AM: Starting File Sweep

#10 daparker

Advanced Member

Authentic Member
779 posts

Posted 16 November 2005 - 09:52 AM

Looks like the log got cut off. Can you post the rest? It may take a couple of posts to get the whole log in.

Advertisements

Register to Remove

#11 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 02:03 PM

********Here is the new spy sweeper session. Sorry it is so long. And thanks for your patience and kindness. 1:35 PM: | Start of Session, Wednesday, November 16, 2005 | 1:35 PM: Spy Sweeper started 1:35 PM: Sweep initiated using definitions version 573 1:35 PM: Starting Memory Sweep 1:42 PM: Memory Sweep Complete, Elapsed Time: 00:07:48 1:42 PM: Starting Registry Sweep 1:43 PM: Found Adware: apropos 1:43 PM: HKCR\clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (3 subtraces) (ID = 103710) 1:43 PM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726) 1:43 PM: HKCR\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103729) 1:43 PM: HKLM\software\aprps\ (8 subtraces) (ID = 103741) 1:43 PM: HKLM\software\autoloader\ (2 subtraces) (ID = 103742) 1:43 PM: HKLM\software\classes\clsid\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (3 subtraces) (ID = 103748) 1:43 PM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764) 1:43 PM: HKLM\software\classes\clsid\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (4 subtraces) (ID = 103767) 1:43 PM: HKLM\software\classes\interface\{b99a727f-0782-4a71-bcc2-6e1e66414904}\ (5 subtraces) (ID = 103772) 1:43 PM: HKLM\software\classes\interface\{b548b7d8-3d03-4aed-a6a1-4251fad00c10}\ (5 subtraces) (ID = 103773) 1:43 PM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774) 1:43 PM: HKLM\software\envolo\ (10 subtraces) (ID = 103775) 1:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{016235be-59d4-4ceb-add5-e2378282a1d9}\ (ID = 103778) 1:43 PM: HKLM\software\microsoft\windows\currentversion\uninstall\aproposclient\ (3 subtraces) (ID = 103818) 1:43 PM: HKLM\software\microsoft\windows\currentversion\uninstall\autoupdate\ (1 subtraces) (ID = 103819) 1:44 PM: Found Adware: cws-aboutblank 1:44 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343) 1:44 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907) 1:45 PM: Found Adware: internetoptimizer 1:45 PM: HKU\.default\software\avenue media\ (ID = 128878) 1:45 PM: HKU\.default\software\policies\avenue media\ (ID = 128879) 1:45 PM: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885) 1:45 PM: HKLM\software\avenue media\ (64 subtraces) (ID = 128888) 1:45 PM: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896) 1:45 PM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer\ (2 subtraces) (ID = 128921) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer active alert\ (3 subtraces) (ID = 128922) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wsem update\ (2 subtraces) (ID = 128927) 1:45 PM: HKLM\software\policies\avenue media\ (ID = 128929) 1:45 PM: Found Adware: ist software 1:45 PM: HKU\.default\software\ist\ (5 subtraces) (ID = 129052) 1:45 PM: Found Adware: ist istbar 1:45 PM: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129103) 1:45 PM: HKLM\software\istsvc\ (42 subtraces) (ID = 129111) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\istsvc\ (3 subtraces) (ID = 129183) 1:45 PM: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129190) 1:45 PM: Found Adware: linkmaker 1:45 PM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743) 1:45 PM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750) 1:45 PM: Found Adware: moneytree 1:45 PM: HKCR\clsid\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ (11 subtraces) (ID = 135167) 1:45 PM: HKCR\clsid\{cea206e8-8057-4a04-ace9-ff0d69a92297}\ (11 subtraces) (ID = 135171) 1:45 PM: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185) 1:45 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8f4e5661-f99e-4b3e-8d85-0ea71c0748e4}\ (ID = 135211) 1:45 PM: HKCR\typelib\{0be10b0d-b4db-4693-9b1f-9aead54d17dc}\ (9 subtraces) (ID = 135216) 1:45 PM: Found Adware: powerscan 1:45 PM: HKU\.default\software\powerscan\ (1 subtraces) (ID = 136822) 1:45 PM: HKLM\software\powerscan\ (1 subtraces) (ID = 136824) 1:45 PM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826) 1:46 PM: Found Adware: ist sidefind 1:46 PM: HKCR\browserhelperobject.bahelper.1\ (3 subtraces) (ID = 141761) 1:46 PM: HKCR\browserhelperobject.bahelper\ (5 subtraces) (ID = 141762) 1:46 PM: HKCR\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (15 subtraces) (ID = 141763) 1:46 PM: HKCR\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (11 subtraces) (ID = 141764) 1:46 PM: HKCR\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141765) 1:46 PM: HKCR\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141766) 1:46 PM: HKCR\sidefind.finder.1\ (3 subtraces) (ID = 141767) 1:46 PM: HKCR\sidefind.finder\ (5 subtraces) (ID = 141768) 1:46 PM: HKLM\software\classes\browserhelperobject.bahelper\ (5 subtraces) (ID = 141769) 1:46 PM: HKLM\software\classes\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (15 subtraces) (ID = 141770) 1:46 PM: HKLM\software\classes\clsid\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (11 subtraces) (ID = 141771) 1:46 PM: HKLM\software\classes\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}\ (8 subtraces) (ID = 141772) 1:46 PM: HKLM\software\classes\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}\ (8 subtraces) (ID = 141773) 1:46 PM: HKLM\software\classes\sidefind.finder\ (5 subtraces) (ID = 141774) 1:46 PM: HKLM\software\classes\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141775) 1:46 PM: HKLM\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141776) 1:46 PM: HKLM\software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}\ (6 subtraces) (ID = 141779) 1:46 PM: HKLM\software\microsoft\sidefind\ (2 subtraces) (ID = 141780) 1:46 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{a3fdd654-a057-4971-9844-4ed8e67dbbb8}\ (ID = 141781) 1:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sidefind\ (2 subtraces) (ID = 141782) 1:46 PM: HKLM\software\sidefind\ (6 subtraces) (ID = 141783) 1:46 PM: HKCR\typelib\{58634367-d62b-4c2c-86be-5aac45cdb671}\ (9 subtraces) (ID = 141784) 1:46 PM: HKCR\typelib\{d0288a41-9855-4a9b-8316-babe243648da}\ (9 subtraces) (ID = 141785) 1:46 PM: Found Adware: ist yoursitebar 1:46 PM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 147829) 1:46 PM: HKCR\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ (14 subtraces) (ID = 147831) 1:46 PM: HKCR\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ (8 subtraces) (ID = 147832) 1:46 PM: HKCR\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ (8 subtraces) (ID = 147835) 1:46 PM: HKLM\software\classes\clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}\ (14 subtraces) (ID = 147837) 1:46 PM: HKLM\software\classes\interface\{03b800f9-2536-4441-8cda-2a3e6d15b4f8}\ (8 subtraces) (ID = 147838) 1:46 PM: HKLM\software\classes\interface\{dfbcc1eb-b149-487e-80c1-cc1562021542}\ (8 subtraces) (ID = 147841) 1:46 PM: HKLM\software\classes\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (9 subtraces) (ID = 147842) 1:46 PM: HKLM\software\classes\ysb.ysbobj.1\ (3 subtraces) (ID = 147846) 1:46 PM: HKLM\software\classes\ysb.ysbobj\ (5 subtraces) (ID = 147847) 1:46 PM: HKLM\software\classes\ysbactivex.installer\ (3 subtraces) (ID = 147849) 1:46 PM: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (10 subtraces) (ID = 147850) 1:46 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854) 1:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\yoursitebar\ (5 subtraces) (ID = 147859) 1:46 PM: HKLM\software\yoursitebar\ (21 subtraces) (ID = 147860) 1:46 PM: HKCR\typelib\{4ee12b71-aa5e-45ec-8666-2db3ad3fdf44}\ (9 subtraces) (ID = 147861) 1:46 PM: HKCR\ysb.ysbobj.1\ (3 subtraces) (ID = 147865) 1:46 PM: HKCR\ysb.ysbobj\ (5 subtraces) (ID = 147866) 1:46 PM: HKCR\ysbactivex.installer\ (3 subtraces) (ID = 147869) 1:46 PM: Found Adware: surf accuracy 1:46 PM: HKLM\software\sacc\ (10 subtraces) (ID = 203068) 1:46 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070) 1:46 PM: Found Adware: quicklink search toolbar 1:46 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437) 1:46 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440) 1:47 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448) 1:47 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449) 1:47 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450) 1:47 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451) 1:47 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452) 1:47 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453) 1:47 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454) 1:47 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455) 1:47 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (ID = 359456) 1:47 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)

Edited by clueless123, 16 November 2005 - 02:15 PM.

#12 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 02:05 PM

=1:47 PM: HKLM\software\ql\ (4 subtraces) (ID = 359458) 1:47 PM: Found Adware: winad 1:47 PM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857) 1:47 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859) 1:47 PM: HKLM\software\avenue media\internet optimizer\ (63 subtraces) (ID = 394594) 1:47 PM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902) 1:47 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904) 1:47 PM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328) 1:47 PM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357) 1:47 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026) 1:47 PM: Found Adware: winantispyware 2005 1:47 PM: HKCR\flfxr.flfixer\ (3 subtraces) (ID = 812689) 1:47 PM: HKCR\appid\compcl.dll\ (1 subtraces) (ID = 812722) 1:47 PM: HKCR\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 812866) 1:47 PM: HKCR\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813030) 1:47 PM: HKLM\software\winfixer2005\ (1 subtraces) (ID = 813086) 1:47 PM: HKLM\software\classes\flfxr.flfixer\ (3 subtraces) (ID = 813191) 1:47 PM: HKLM\software\classes\appid\compcl.dll\ (1 subtraces) (ID = 813224) 1:47 PM: HKLM\software\classes\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 813368) 1:47 PM: HKLM\software\classes\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813532) 1:47 PM: HKLM\software\microsoft\windows\currentversion\uninstall\uwfx5_is1\ (14 subtraces) (ID = 813553) 1:47 PM: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 920458) 1:47 PM: HKCR\df_fixer.fix.1\ (3 subtraces) (ID = 970172) 1:47 PM: HKCR\df_fixer.fix\ (5 subtraces) (ID = 970176) 1:47 PM: HKCR\fixcor.mmfixcor.1\ (3 subtraces) (ID = 970192) 1:47 PM: HKCR\fixcor.mmfixcor\ (5 subtraces) (ID = 970196) 1:47 PM: HKCR\mmfx.cofixengin.1\ (3 subtraces) (ID = 970202) 1:47 PM: HKCR\mmfx.cofixengin\ (5 subtraces) (ID = 970206) 1:47 PM: HKCR\ffwrap.ffenginwrape.1\ (3 subtraces) (ID = 970212) 1:47 PM: HKCR\ffwrap.ffenginwrape\ (5 subtraces) (ID = 970216) 1:47 PM: HKCR\uwfxpcheck.uwfxpcheck.1\ (3 subtraces) (ID = 970282) 1:47 PM: HKCR\uwfxpcheck.uwfxpcheck\ (5 subtraces) (ID = 970286) 1:47 PM: HKCR\clsid\{1fbbc0b6-ac2a-468f-80b3-1edf649fba66}\ (12 subtraces) (ID = 970293) 1:47 PM: HKCR\clsid\{1d146204-5226-45dc-be9a-36b1c76d3bc1}\ (4 subtraces) (ID = 970319) 1:47 PM: HKCR\clsid\{bf15c0e3-dd2f-453f-9461-8fb8ba311753}\ (12 subtraces) (ID = 970324) 1:47 PM: HKCR\clsid\{6adc47f3-9670-4771-a89c-b7516a3f78ce}\ (4 subtraces) (ID = 970337) 1:47 PM: HKCR\clsid\{6eb57351-498d-4e70-92b1-e1a29cefe972}\ (21 subtraces) (ID = 970342) 1:47 PM: HKCR\clsid\{6275c07b-d390-402d-b38a-54d301a246f9}\ (4 subtraces) (ID = 970364) 1:47 PM: HKCR\clsid\{00e894c0-f4ec-4129-9321-f73ea0ad1eca}\ (21 subtraces) (ID = 970369) 1:47 PM: HKCR\clsid\{a3bdf108-91d9-4764-a564-8f9441da2938}\ (12 subtraces) (ID = 970391) 1:47 PM: HKCR\clsid\{34491c49-06dd-46a1-926a-a71dbe35f0da}\ (12 subtraces) (ID = 970404) 1:47 PM: HKCR\clsid\{f915030e-1f82-4368-92ec-f782a36d9e76}\ (12 subtraces) (ID = 970417) 1:47 PM: HKCR\clsid\{11ae85fb-f48e-4c15-beee-8bc945472d83}\ (12 subtraces) (ID = 970430) 1:47 PM: HKCR\clsid\{90d29529-5923-4eaf-b946-07bc5da11c0a}\ (12 subtraces) (ID = 970443) 1:47 PM: HKCR\clsid\{693e85bf-0a75-4250-bfcc-87bd34703e5d}\ (12 subtraces) (ID = 970456) 1:47 PM: HKCR\clsid\{4f3f122c-7950-4ae9-b2f1-5ab59e8294f0}\ (4 subtraces) (ID = 970469) 1:47 PM: HKCR\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (14 subtraces) (ID = 970474) 1:47 PM: HKCR\typelib\{9091d048-b037-4d7d-a40a-65f5fe9de61f}\ (9 subtraces) (ID = 970491) 1:47 PM: HKCR\typelib\{1a955b68-7c64-4193-840a-2f4979643173}\ (9 subtraces) (ID = 970511) 1:47 PM: HKCR\typelib\{f110a1da-d25e-44cd-8cfd-e19671b26f6f}\ (9 subtraces) (ID = 970521) 1:47 PM: HKCR\typelib\{512558be-0df4-4d52-89ab-7aea8353c4ab}\ (9 subtraces) (ID = 970531) 1:47 PM: HKCR\typelib\{18ac54bb-5f98-44bd-be0e-ed31145849b2}\ (9 subtraces) (ID = 970541) 1:47 PM: HKCR\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (9 subtraces) (ID = 970551) 1:47 PM: HKCR\appid\{6f9da798-4e32-4b96-848a-682ef26492a4}\ (1 subtraces) (ID = 970563) 1:47 PM: HKCR\appid\fxcor.dll\ (1 subtraces) (ID = 970565) 1:47 PM: HKCR\appid\{866e8004-1bdb-40d7-a3e7-15ac1d8de89b}\ (1 subtraces) (ID = 970567) 1:47 PM: HKCR\appid\mmfx.dll\ (1 subtraces) (ID = 970569) 1:47 PM: HKCR\appid\{40c70063-68a3-4e74-8947-1d813cb20087}\ (1 subtraces) (ID=

#13 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 02:07 PM

970571) 1:47 PM: HKCR\appid\ffwrap.dll\ (1 subtraces) (ID = 970573) 1:47 PM: HKCR\appid\{a025cbcb-2551-41e0-a76c-c3c815180876}\ (1 subtraces) (ID = 970575) 1:47 PM: HKLM\software\classes\df_fixer.fix.1\ (3 subtraces) (ID = 970600) 1:47 PM: HKLM\software\classes\df_fixer.fix\ (5 subtraces) (ID = 970604) 1:47 PM: HKLM\software\classes\fixcor.mmfixcor.1\ (3 subtraces) (ID = 970620) 1:47 PM: HKLM\software\classes\fixcor.mmfixcor\ (5 subtraces) (ID = 970624) 1:47 PM: HKLM\software\classes\mmfx.cofixengin.1\ (3 subtraces) (ID = 970630) 1:47 PM: HKLM\software\classes\mmfx.cofixengin\ (5 subtraces) (ID = 970634) 1:47 PM: HKLM\software\classes\ffwrap.ffenginwrape.1\ (3 subtraces) (ID = 970640) 1:47 PM: HKLM\software\classes\ffwrap.ffenginwrape.1\clsid\ (1 subtraces) (ID = 970642) 1:47 PM: HKLM\software\classes\ffwrap.ffenginwrape\ (5 subtraces) (ID = 970644) 1:47 PM: HKLM\software\classes\ffwrap.ffenginwrape\clsid\ (1 subtraces) (ID = 970646) 1:47 PM: HKLM\software\classes\uwfxpcheck.uwfxpcheck.1\ (3 subtraces) (ID = 970710) 1:47 PM: HKLM\software\classes\uwfxpcheck.uwfxpcheck\ (5 subtraces) (ID = 970714) 1:47 PM: HKLM\software\classes\clsid\{1fbbc0b6-ac2a-468f-80b3-1edf649fba66}\ (12 subtraces) (ID = 970721) 1:47 PM: HKLM\software\classes\clsid\{1d146204-5226-45dc-be9a-36b1c76d3bc1}\ (4 subtraces) (ID = 970747) 1:47 PM: HKLM\software\winfixer_2005\ (4 subtraces) (ID = 970753) 1:47 PM: HKLM\software\classes\clsid\{bf15c0e3-dd2f-453f-9461-8fb8ba311753}\ (12 subtraces) (ID = 970759) 1:47 PM: HKLM\software\classes\clsid\{6adc47f3-9670-4771-a89c-b7516a3f78ce}\ (4 subtraces) (ID = 970772) 1:47 PM: HKLM\software\classes\clsid\{6eb57351-498d-4e70-92b1-e1a29cefe972}\ (21 subtraces) (ID = 970777) 1:47 PM: HKLM\software\classes\clsid\{6275c07b-d390-402d-b38a-54d301a246f9}\ (4 subtraces) (ID = 970799) 1:47 PM: HKLM\software\classes\clsid\{00e894c0-f4ec-4129-9321-f73ea0ad1eca}\ (21 subtraces) (ID = 970804) 1:47 PM: HKLM\software\classes\clsid\{a3bdf108-91d9-4764-a564-8f9441da2938}\ (12 subtraces) (ID = 970826) 1:47 PM: HKLM\software\classes\clsid\{34491c49-06dd-46a1-926a-a71dbe35f0da}\ (12 subtraces) (ID = 970839) 1:47 PM: HKLM\software\classes\clsid\{f915030e-1f82-4368-92ec-f782a36d9e76}\ (12 subtraces) (ID = 970852) 1:47 PM: HKLM\software\classes\clsid\{11ae85fb-f48e-4c15-beee-8bc945472d83}\ (12 subtraces) (ID = 970865) 1:47 PM: HKLM\software\classes\clsid\{90d29529-5923-4eaf-b946-07bc5da11c0a}\ (12 subtraces) (ID = 970878) 1:47 PM: HKLM\software\classes\clsid\{693e85bf-0a75-4250-bfcc-87bd34703e5d}\ (12 subtraces) (ID = 970891) 1:47 PM: HKLM\software\classes\clsid\{4f3f122c-7950-4ae9-b2f1-5ab59e8294f0}\ (4 subtraces) (ID = 970904) 1:47 PM: HKLM\software\classes\clsid\{6e53e70c-9089-494a-9f51-abc499636dae}\ (14 subtraces) (ID = 970909) 1:47 PM: HKLM\software\classes\typelib\{9091d048-b037-4d7d-a40a-65f5fe9de61f}\ (9 subtraces) (ID = 970926) 1:47 PM: HKLM\software\classes\typelib\{1a955b68-7c64-4193-840a-2f4979643173}\ (9 subtraces) (ID = 970946) 1:47 PM: HKLM\software\classes\typelib\{f110a1da-d25e-44cd-8cfd-e19671b26f6f}\ (9 subtraces) (ID = 970956) 1:47 PM: HKLM\software\classes\typelib\{512558be-0df4-4d52-89ab-7aea8353c4ab}\ (9 subtraces) (ID = 970966) 1:47 PM: HKLM\software\classes\typelib\{18ac54bb-5f98-44bd-be0e-ed31145849b2}\ (9 subtraces) (ID = 970976) 1:47 PM: HKLM\software\classes\typelib\{c2ae9e5b-3ebd-49fd-9ab4-36c1a1e4af39}\ (9 subtraces) (ID = 970986) 1:47 PM: HKLM\software\classes\appid\{6f9da798-4e32-4b96-848a-682ef26492a4}\ (1 subtraces) (ID = 970998) 1:47 PM: HKLM\software\classes\appid\fxcor.dll\ (1 subtraces) (ID = 971000) 1:47 PM: HKLM\software\classes\appid\{866e8004-1bdb-40d7-a3e7-15ac1d8de89b}\ (1 subtraces) (ID = 971002) 1:47 PM: HKLM\software\classes\appid\mmfx.dll\ (1 subtraces) (ID = 971004) 1:47 PM: HKLM\software\classes\appid\{40c70063-68a3-4e74-8947-1d813cb20087}\ (1 subtraces) (ID = 971006) 1:47 PM: HKLM\software\classes\appid\ffwrap.dll\ (1 subtraces) (ID = 971008) 1:47 PM: HKLM\software\classes\appid\{a025cbcb-2551-41e0-a76c-c3c815180876}\ (1 subtraces) (ID = 971010) 1:47 PM: HKU\.DEFAULT\software\aprps\ (7 subtraces) (ID = 103740) 1:47 PM: HKU\.DEFAULT\software\avenue media\ (ID = 128887) 1:47 PM: HKU\.DEFAULT\software\policies\avenue media\ (ID = 128928) 1:47 PM: HKU\.DEFAULT\software\ist\ (5 subtraces) (ID = 129108) 1:48 PM: HKU\.DEFAULT\software\powerscan\ (1 subtraces) (ID = 136823) 1:48 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778) 1:48 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042) 1:48 PM: HKU\.DEFAULT\software\winfixer_2005\ (18 subtraces) (ID = 970577) 1:48 PM: HKU\.DEFAULT\software\winfixer_2005\settings\ (17 subtraces) (ID = 971336) 1:48 PM: Registry Sweep Complete, Elapsed Time:00:05:06 1:48 PM: Starting Cookie Sweep 1:48 PM: Found Spy Cookie: go2net.com cookie 1:48 PM: hp authorized customer@go2net[2].txt (ID = 2730) 1:48 PM: Found Spy Cookie: about cookie 1:48 PM: hp authorized customer@ibscrohns.about[1].txt (ID = 2038) 1:48 PM: Found Spy Cookie: go.com cookie 1:48 PM: hp authorized customer@tvplex.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@about[2].txt (ID = 2037)

#14 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 02:09 PM

1:48 PM: Found Spy Cookie: gorillanation cookie 1:48 PM: hp authorized customer@ads.gorillanation[1].txt (ID = 2744) 1:48 PM: Found Spy Cookie: banner cookie 1:48 PM: mark simmons@banner[1].txt (ID = 2276) 1:48 PM: Found Spy Cookie: adultfriendfinder cookie 1:48 PM: mark simmons@adultfriendfinder[1].txt (ID = 2165) 1:48 PM: Found Spy Cookie: revenue.net cookie 1:48 PM: mark simmons@revenue[2].txt (ID = 3257) 1:48 PM: Found Spy Cookie: questionmarket cookie 1:48 PM: mark simmons@questionmarket[1].txt (ID = 3217) 1:48 PM: Found Spy Cookie: adminder cookie 1:48 PM: hp authorized customer@www.adminder[1].txt (ID = 2079) 1:48 PM: Found Spy Cookie: mashka cookie 1:48 PM: mark simmons@mashka[1].txt (ID = 2949) 1:48 PM: Found Spy Cookie: affiliatefuel.com cookie 1:48 PM: hp authorized customer@www.affiliatefuel[2].txt (ID = 2202) 1:48 PM: hp authorized customer@onelifetolive.about[1].txt (ID = 2038) 1:48 PM: Found Spy Cookie: tradedoubler cookie 1:48 PM: mark simmons@tradedoubler[1].txt (ID = 3575) 1:48 PM: Found Spy Cookie: web-stat cookie 1:48 PM: hp authorized customer@www.web-stat[1].txt (ID = 3649) 1:48 PM: Found Spy Cookie: atwola cookie 1:48 PM: hp authorized customer@atwola[1].txt (ID = 2255) 1:48 PM: Found Spy Cookie: dealtime cookie 1:48 PM: hp authorized customer@dealtime[1].txt (ID = 2505) 1:48 PM: Found Spy Cookie: tribalfusion cookie 1:48 PM: mark simmons@tribalfusion[1].txt (ID = 3589) 1:48 PM: Found Spy Cookie: adrevolver cookie 1:48 PM: mark simmons@adrevolver[1].txt (ID = 2088) 1:48 PM: hp authorized customer@boards.go[1].txt (ID = 2729) 1:48 PM: Found Spy Cookie: specificpop cookie 1:48 PM: hp authorized customer@specificpop[1].txt (ID = 3401) 1:48 PM: Found Spy Cookie: atlas dmt cookie 1:48 PM: mark simmons@atdmt[1].txt (ID = 2253) 1:48 PM: Found Spy Cookie: kount cookie 1:48 PM: hp authorized customer@kount[2].txt (ID = 2911) 1:48 PM: Found Spy Cookie: adserver cookie 1:48 PM: mark simmons@z1.adserver[1].txt (ID = 2142) 1:48 PM: Found Spy Cookie: ask cookie 1:48 PM: mark simmons@ask[1].txt (ID = 2245) 1:48 PM: Found Spy Cookie: directtrack cookie 1:48 PM: hp authorized customer@directtrack[1].txt (ID = 2527) 1:48 PM: hp authorized customer@offersquest.directtrack[2].txt (ID = 2528) 1:48 PM: Found Spy Cookie: netratingsselect cookie 1:48 PM: hp authorized customer@nnselect[2].txt (ID = 3065) 1:48 PM: Found Spy Cookie: adknowledge cookie 1:48 PM: mark simmons@adknowledge[2].txt (ID = 2072) 1:48 PM: Found Spy Cookie: nextag cookie 1:48 PM: hp authorized customer@www.nextag[1].txt (ID = 5015) 1:48 PM: hp authorized customer@stat.dealtime[2].txt (ID = 2506) 1:48 PM: mark simmons@adrevolver[2].txt (ID = 2088) 1:48 PM: Found Spy Cookie: angelfire cookie 1:48 PM: mark simmons@angelfire[1].txt (ID = 2221) 1:48 PM: Found Spy Cookie: 66.70.21 cookie 1:48 PM: hp authorized customer@66.70.21[2].txt (ID = 1999) 1:48 PM: Found Spy Cookie: casalemedia cookie 1:48 PM: mark simmons@casalemedia[1].txt (ID = 2354) 1:48 PM: Found Spy Cookie: specificclick.com cookie 1:48 PM: hp authorized customer@ads.specificclick[2].txt (ID = 3400) 1:48 PM: Found Spy Cookie: azjmp cookie 1:48 PM: hp authorized customer@azjmp[2].txt (ID = 2270) 1:48 PM: Found Spy Cookie: metareward.com cookie 1:48 PM: hp authorized customer@metareward[1].txt (ID = 2990) 1:48 PM: Found Spy Cookie: servedby advertising cookie 1:48 PM: mark simmons@servedby.advertising[2].txt (ID = 3335) 1:48 PM: Found Spy Cookie: bizrate cookie 1:48 PM: hp authorized customer@bizrate[1].txt (ID = 2308) 1:48 PM: Found Spy Cookie: adtech cookie 1:48 PM: mark simmons@adtech[2].txt (ID = 2155) 1:48 PM: Found Spy Cookie: myaffiliateprogram.com cookie 1:48 PM: mark simmons@www.myaffiliateprogram[2].txt (ID = 3032) 1:48 PM: Found Spy Cookie: gostats cookie 1:48 PM: hp authorized customer@gostats[2].txt (ID = 2747) 1:48 PM: Found Spy Cookie: advertising cookie 1:48 PM: mark simmons@advertising[1].txt (ID = 2175) 1:48 PM: Found Spy Cookie: addynamix cookie 1:48 PM: mark simmons@ads.addynamix[2].txt (ID = 2062) 1:48 PM: Found Spy Cookie: stats.klsoft.com cookie 1:48 PM: hp authorized customer@stats.klsoft[1].txt (ID = 3451) 1:48 PM: Found Spy Cookie: pricegrabber cookie 1:48 PM: hp authorized customer@pricegrabber[2].txt (ID = 3185) 1:48 PM: Found Spy Cookie: belnk cookie 1:48 PM: mark simmons@belnk[1].txt (ID = 2292) 1:48 PM: Found Spy Cookie: yadro cookie 1:48 PM: hp authorized customer@yadro[2].txt (ID = 3743) 1:48 PM: mark simmons@dist.belnk[2].txt (ID = 2293) 1:48 PM: Found Spy Cookie: pointroll cookie 1:48 PM: mark simmons@ads.pointroll[2].txt (ID = 3148) 1:48 PM: Found Spy Cookie: zedo cookie 1:48 PM: mark simmons@zedo[1].txt (ID = 3762) 1:48 PM: hp authorized customer@espn.go[2].txt (ID = 2729) 1:48 PM: Found Spy Cookie: buzztone cookie 1:48 PM: hp authorized customer@www.buzztone[1].txt (ID = 2339) 1:48 PM: Found Spy Cookie: burstbeacon cookie 1:48 PM: hp authorized customer@www.burstbeacon[1].txt (ID = 2335) 1:48 PM: Found Spy Cookie: hitslink cookie 1:48 PM: mark simmons@counter.hitslink[2].txt (ID = 2790) 1:48 PM: Found Spy Cookie: did-it cookie 1:48 PM: hp authorized customer@did-it[2].txt (ID = 2523) 1:48 PM: hp authorized customer@go[2].txt (ID = 2728) 1:48 PM: Found Spy Cookie: infospace cookie 1:48 PM: hp authorized customer@infospace[2].txt (ID = 2865) 1:48 PM: hp authorized customer@msn.espn.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@sports.espn.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@go[1].txt (ID = 2728) 1:48 PM: hp authorized customer@go2net[3].txt (ID = 2730) 1:48 PM: mark simmons@counter2.hitslink[2].txt (ID = 2790) 1:48 PM: hp authorized customer@abc.go[2].txt (ID = 2729) 1:48 PM: hp authorized customer@msn.espn.go[2].txt (ID = 2729) 1:48 PM: hp authorized customer@ads.gorillanation[2].txt (ID = 2744) 1:48 PM: hp authorized customer@atwola[3].txt (ID = 2255) 1:48 PM: hp authorized customer@boards.abc.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@romanticmovies.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@kount[1].txt (ID = 2911) 1:48 PM: hp authorized customer@primetimetv.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@register.go[1].txt (ID = 2729) 1:48 PM: Found Spy Cookie: linksynergy cookie 1:48 PM: mark simmons@linksynergy[2].txt (ID = 2926) 1:48 PM: Found Spy Cookie: yieldmanager cookie 1:48 PM: mark simmons@ad.yieldmanager[2].txt (ID = 3751) 1:48 PM: hp authorized customer@boards.go[3].txt (ID = 2729) 1:48 PM: hp authorized customer@espn.go[1].txt (ID = 2729) 1:48 PM: Found Spy Cookie: realmedia cookie 1:48 PM: mark simmons@realmedia[2].txt (ID = 3235) 1:48 PM: Found Spy Cookie: clickandtrack cookie 1:48 PM: mark simmons@hits.clickandtrack[2].txt (ID = 2397) 1:48 PM: Found Spy Cookie: trafficmp cookie 1:48 PM: mark simmons@trafficmp[1].txt (ID = 3581) 1:48 PM: hp authorized customer@sports.espn.go[2].txt (ID = 2729) 1:48 PM: Found Spy Cookie: websponsors cookie 1:48 PM: mark simmons@a.websponsors[2].txt (ID = 3665) 1:48 PM: Found Spy Cookie: ru4 cookie 1:48 PM: mark simmons@edge.ru4[2].txt (ID = 3269) 1:48 PM: Found Spy Cookie: fastclick cookie 1:48 PM: mark simmons@fastclick[1].txt (ID = 2651)

#15 clueless123

Authentic Member

Authentic Member
58 posts

Posted 16 November 2005 - 02:10 PM

1:48 PM: hp authorized customer@heavy.etv.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@nnselect[3].txt (ID = 3065) 1:48 PM: Found Spy Cookie: ugo cookie 1:48 PM: hp authorized customer@mediamgr.ugo[2].txt (ID = 3609) 1:48 PM: hp authorized customer@atheism.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@about[3].txt (ID = 2037) 1:48 PM: hp authorized customer@bipolar.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@home.about[2].txt (ID = 2038) 1:48 PM: Found Spy Cookie: bannerspace cookie 1:48 PM: hp authorized customer@bannerspace[2].txt (ID = 2284) 1:48 PM: Found Spy Cookie: adscpm cookie 1:48 PM: hp authorized customer@servedby.adscpm[1].txt (ID = 2137) 1:48 PM: Found Spy Cookie: abetterinternet cookie 1:48 PM: hp authorized customer@abetterinternet[1].txt (ID = 2035) 1:48 PM: hp authorized customer@infospace[3].txt (ID = 2865) 1:48 PM: hp authorized customer@www.myaffiliateprogram[1].txt (ID = 3032) 1:48 PM: hp authorized customer@search.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@teenwriting.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@scrapbooking.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@fishing.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@poetry.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@dying.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@retireplan.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@classicfilm.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@www.burstbeacon[3].txt (ID = 2335) 1:48 PM: Found Spy Cookie: hypertracker.com cookie 1:48 PM: hp authorized customer@hypertracker[1].txt (ID = 2817) 1:48 PM: Found Spy Cookie: rightmedia cookie 1:48 PM: hp authorized customer@rightmedia[1].txt (ID = 3259) 1:48 PM: Found Spy Cookie: trb.com cookie 1:48 PM: hp authorized customer@wb4.trb[1].txt (ID = 3588) 1:48 PM: hp authorized customer@urbanlegends.about[1].txt (ID = 2038) 1:48 PM: hp authorized customer@forums.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@espn.go[3].txt (ID = 2729) 1:48 PM: hp authorized customer@metareward[3].txt (ID = 2990) 1:48 PM: hp authorized customer@specificpop[3].txt (ID = 3401) 1:48 PM: hp authorized customer@couponing.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@rightmedia[3].txt (ID = 3259) 1:48 PM: hp authorized customer@kount[3].txt (ID = 2911) 1:48 PM: Found Spy Cookie: sb01 cookie 1:48 PM: hp authorized customer@jp1.sb01[2].txt (ID = 3288) 1:48 PM: Found Spy Cookie: customer cookie 1:48 PM: hp authorized customer@customer[1].txt (ID = 2481) 1:48 PM: hp authorized customer@football.about[1].txt (ID = 2038) 1:48 PM: Found Spy Cookie: counter cookie 1:48 PM: hp authorized customer@counter[1].txt (ID = 2477) 1:48 PM: hp authorized customer@dealtime[2].txt (ID = 2505) 1:48 PM: hp authorized customer@beauty.about[2].txt (ID = 2038) 1:48 PM: hp authorized customer@nextag[1].txt (ID = 5014) 1:48 PM: hp authorized customer@classiclit.about[1].txt (ID = 2038) 1:48 PM: Found Spy Cookie: cliks cookie 1:48 PM: hp authorized customer@cliks[2].txt (ID = 2414) 1:48 PM: Found Spy Cookie: fastcompany cookie 1:48 PM: hp authorized customer@fastcompany[2].txt (ID = 2655) 1:48 PM: hp authorized customer@www.fastcompany[1].txt (ID = 2657) 1:48 PM: hp authorized customer@ypng.infospace[1].txt (ID = 2866) 1:48 PM: Found Spy Cookie: servlet cookie 1:48 PM: hp authorized customer@servlet[1].txt (ID = 3345) 1:48 PM: hp authorized customer@about[4].txt (ID = 2037) 1:48 PM: Found Spy Cookie: adprofile cookie 1:48 PM: hp authorized customer@adprofile[1].txt (ID = 2084) 1:48 PM: hp authorized customer@ask[1].txt (ID = 2245) 1:48 PM: hp authorized customer@sports.espn.go[3].txt (ID = 2729) 1:48 PM: hp authorized customer@rsi.espn.go[1].txt (ID = 2729) 1:48 PM: hp authorized customer@abc.go[3].txt (ID = 2729) 1:48 PM: hp authorized customer@inventors.about[1].txt (ID = 2038) 1:48 PM: Found Spy Cookie: ebates cookie 1:48 PM: hp authorized customer@www.ebates[1].txt (ID = 2558) 1:48 PM: hp authorized customer@www2.nextag[1].txt (ID = 5015) 1:48 PM: Found Spy Cookie: uproar cookie 1:48 PM: hp authorized customer@uproar[1].txt (ID = 3612) 1:48 PM: hp authorized customer@fox59.trb[2].txt (ID = 3588) 1:48 PM: hp authorized customer@trb[2].txt (ID = 3587) 1:48 PM: Found Spy Cookie: a cookie 1:48 PM: hp authorized customer@a[1].txt (ID = 2027) 1:48 PM: Found Spy Cookie: reunion cookie 1:48 PM: hp authorized customer@reunion[1].txt (ID = 3255) 1:48 PM: hp authorized customer@www.myaffiliateprogram[2].txt (ID = 3032) 1:48 PM: hp authorized customer@atwola[4].txt (ID = 2255) 1:48 PM: hp authorized customer@www.buzztone[2].txt (ID = 2339) 1:48 PM: Found Spy Cookie: enhance cookie 1:48 PM: hp authorized customer@c.enhance[1].txt (ID = 2614) 1:48 PM: hp authorized customer@ad.reunion[1].txt (ID = 3256) 1:48 PM: Found Spy Cookie: hit-counter cookie 1:48 PM: hp authorized customer@dog.hit-counter.udub[1].txt (ID = 2780) 1:48 PM: hp authorized customer@hypertracker[2].txt (ID = 2817) 1:48 PM: Found Spy Cookie: megago cookie 1:48 PM: hp authorized customer@www.nintendo64games.freeservers[2].txt (ID = 2983) 1:48 PM: hp authorized customer@infospace[1].txt (ID = 2865) 1:48 PM: Found Spy Cookie: adlegend cookie

Body Background

skin color theme