Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I hope you can help

Started by kaminikij , Sep 03 2005 10:38 AM

  • This topic is locked This topic is locked
183 replies to this topic

#31 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 13 September 2005 - 09:50 AM

Your log looks clean at this point. Lets wait a few days abd see if everything is ok, If not post back here :)

    Advertisements

Register to Remove

#32 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 13 September 2005 - 09:54 AM

Ok. Tonight I will run my anti spyware in safe mode and see whats happening.

#33 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 14 September 2005 - 12:52 PM

Hi, Im back. Honestly I dont know what to do. I am also wondering if any of my software may corrupted. Cwshredder finds and removes cws.msconfig almost everytime I run it in safe mode.with the exception of trend micro anti spyware nothing else finds anything. added: after this post I ran a trend micro online spyware scan. It found this DIAL_TIBS HKLM|software\microsof\windows\current version\policies\explorer\run. Said it was a dialer. Could there be a connection?

Edited by kaminikij, 14 September 2005 - 01:18 PM.

#34 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 14 September 2005 - 04:23 PM

Download MicroWorld virus scan here >>> Micro World http://www.mwti.net/...e_utilities.asp

To run the virus scan make sure you click the following

memory, registry, startup folders, system folders, services, drive (all drives will be added) then click on scan clean. When the scan is complete hilight all the files in the LOWER box. Then ctrl + c and paste them into the thread ctrl + v.

I warn you the scan will take a long time to run and will not fix anything just identifies bad files.

#35 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 15 September 2005 - 04:24 AM

here it is cws is there along with 84 errors. File C:\WINDOWS\system32\Audiodev.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\Audiodev.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\upnpui.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\PROGRA~1\TRENDM~1\Tmas\sshook.dll Wed Sep 14 22:24:14 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Wed Sep 14 22:24:14 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\Explorer.exe Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\userinit.exe Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\dskquota.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\iedkcs32.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\scecli.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\iedkcs32.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\scecli.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\crypt32.dll Wed Sep 14 22:24:14 2005 => Scanning File C:\WINDOWS\system32\cryptnet.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\igfxsrvc.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\sclgntfy.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll Wed Sep 14 22:24:15 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Wed Sep 14 22:24:15 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Wed Sep 14 22:24:15 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\drwtsn32.exe Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\ntsd.exe Wed Sep 14 22:24:15 2005 => Scanning HKCU\Control Panel\Desktop Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\System32\ssmypics.scr Wed Sep 14 22:24:15 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\inf\unregmp2.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\RunDLL32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\System32\rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\ie4uinit.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\System32\Rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Wed Sep 14 22:24:15 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run Wed Sep 14 22:24:15 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Sep 14 22:24:15 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Wed Sep 14 22:24:16 2005 => Scanning File C:\PROGRA~1\Java\JRE15~2.0_0\bin\jusched.exe Wed Sep 14 22:24:16 2005 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe Wed Sep 14 22:24:16 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe Wed Sep 14 22:24:16 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Sep 14 22:24:16 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Wed Sep 14 22:24:16 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Wed Sep 14 22:24:16 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce Wed Sep 14 22:24:16 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Sep 14 22:24:16 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Sep 14 22:24:16 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx Wed Sep 14 22:24:16 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices Wed Sep 14 22:24:16 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup Wed Sep 14 22:24:16 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Wed Sep 14 22:24:16 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe Wed Sep 14 22:24:16 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce Wed Sep 14 22:24:16 2005 => Scanning HKCR\txtfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\comfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\exefile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\dllfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\batfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\piffile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\scrfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\scrfile\shell\config\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\regfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning HKCR\htmlfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\htafile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\mshta.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\jsfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\jsefile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\vbsfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\vbefile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\wshfile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Wed Sep 14 22:24:16 2005 => Scanning HKCR\wsffile\shell\open\command Wed Sep 14 22:24:16 2005 => Scanning File C:\WINDOWS\System32\WScript.exe Wed Sep 14 22:24:16 2005 => ***** Scanning StartUp Folders ***** Wed Sep 14 22:24:16 2005 => ***** Scanning C:\Documents and Settings\John\Start Menu\Programs\Startup Folder ***** Wed Sep 14 22:24:16 2005 => Scanning Folder: C:\Documents and Settings\John\Start Menu\Programs\Startup\*.* Wed Sep 14 22:24:16 2005 => Scanning File C:\Documents and Settings\John\Start Menu\Programs\Startup\DESKTOP.INI Wed Sep 14 22:24:16 2005 => ***** Scanning C:\Documents and Settings\John\Desktop Folder ***** Wed Sep 14 22:24:16 2005 => Scanning Folder: C:\Documents and Settings\John\Desktop\*.* Wed Sep 14 22:24:16 2005 => Scanning Folder: C:\Documents and Settings\John\Desktop\backups\*.* Wed Sep 14 22:24:16 2005 => Scanning File C:\Documents and Settings\John\Desktop\backups\backup-20050909-163759-131 Wed Sep 14 22:24:16 2005 => Scanning File C:\Documents and Settings\John\Desktop\backups\backup-20050909-163759-152 Wed Sep 14 22:24:16 2005 => Scanning File C:\Documents and Settings\John\Desktop\beautifu.exe Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\CCleaner.lnk Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\cwshredder.exe Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\desktop.ini Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\document Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\HijackThis.exe Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\hijackthis.log Wed Sep 14 22:24:17 2005 => Scanning Folder: C:\Documents and Settings\John\Desktop\hj\*.* Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\hj\hijackthis.log Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\hj\new scan.txt Wed Sep 14 22:24:17 2005 => Scanning Folder: C:\Documents and Settings\John\Desktop\hsfix\*.* Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\hsfix\HSfix.reg Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\mav.log2.txt Wed Sep 14 22:24:17 2005 => Scanning File C:\Documents and Settings\John\Desktop\mwav.exe Wed Sep 14 22:24:21 2005 => Scanning File C:\Documents and Settings\John\Desktop\MWAV.LOG Wed Sep 14 22:24:21 2005 => Scanning Folder: C:\Documents and Settings\John\Desktop\new hj log\*.* Wed Sep 14 22:24:21 2005 => Scanning File C:\Documents and Settings\John\Desktop\new hj log\hijackthis.log Wed Sep 14 22:24:21 2005 => Scanning File C:\Documents and Settings\John\Desktop\Registrar Lite.lnk Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\reglite.exe Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\Spybot - Search & Destroy.lnk Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote.htm Wed Sep 14 22:24:22 2005 => Scanning Folder: C:\Documents and Settings\John\Desktop\tom coyote_files\*.* Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\ads.htm Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\asap2.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\av-6554.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\biggrin.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\bottom_box.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\footer_nav_corner.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\footer_tile.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\ipb_global.js Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\ipb_topic.js Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\left_box.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\left_box_bottom_corner.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\left_box_corner.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\nav.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\nav_m.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\pip.gif Wed Sep 14 22:24:22 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\p_card.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\p_mq_add.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\p_offline.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\p_pm.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\p_quote.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\p_up.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\right_box.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\right_box_bottom_corner.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\right_box_corner.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\show_ads Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\smile.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\spacer.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\Thumbs.db Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\thumbup.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\top_box.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\top_corner_bottom.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\top_left_bottom.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\top_left_logo.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\top_nav_bottom.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\top_nav_corner.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\to_post_off.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\t_new.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\t_options.gif Wed Sep 14 22:24:23 2005 => Scanning File C:\Documents and Settings\John\Desktop\tom coyote_files\t_reply.gif Wed Sep 14 22:24:24 2005 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder ***** Wed Sep 14 22:24:24 2005 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.* Wed Sep 14 22:24:24 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI Wed Sep 14 22:24:24 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk Wed Sep 14 22:24:24 2005 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder ***** Wed Sep 14 22:24:24 2005 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.* Wed Sep 14 22:24:24 2005 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\DESKTOP.INI Wed Sep 14 22:24:24 2005 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder ***** Wed Sep 14 22:24:24 2005 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.* Wed Sep 14 22:24:24 2005 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\DESKTOP.INI Wed Sep 14 22:24:24 2005 => ***** Scanning Service Files ***** Wed Sep 14 22:24:24 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\adpu160m.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\drivers\aeaudio.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\drivers\aec.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\agp440.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\agpCPQ.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\aha154x.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\aic78u2.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\aic78xx.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\System32\alg.exe Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\aliide.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\alim1541.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\amdagp.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\amsint.sys Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:24 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asc.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asc3350p.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asc3550.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\System32\Drivers\avg7core.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\System32\Drivers\avg7rsw.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\System32\Drivers\avg7rsxp.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\AVGTDI.SYS Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\BCMSM.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cbidf2k.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys Wed Sep 14 22:24:25 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cmdide.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cpqarray.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\dac2w2k.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\dac960nt.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\dpti2o.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\drvmcdb.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\drivers\drvnddm.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\e100b325.sys Wed Sep 14 22:24:26 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\el90xbc5.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\services.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\EWIDOC~1.EXE Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\hpn.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\i2omp.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\i81xnt5.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wADV01nt.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wADV02NT.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wADV05NT.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys Wed Sep 14 22:24:27 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wATV01nt.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wATV02NT.sys Wed Sep 14 22:24:28 2005 => ERROR!!! Invalid Entry System32\DRIVERS\wATV03nt.sys in SYSTEM\CurrentControlSet\Services\iAimTV2... Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wATV04nt.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ialmnt5.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\System32\imapi.exe Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ini910u.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\intelide.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys Wed Sep 14 22:24:28 2005 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\LEXBCES.EXE Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mraid35x.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\msiexec.exe Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys Wed Sep 14 22:24:29 2005 => Scanning File C:\WINDOWS\system32\netdde.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\netdde.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\omci.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\p3.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\perc2.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\perc2hib.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\services.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\System32\lsass.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys Wed Sep 14 22:24:30 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ql1080.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ql10wnt.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ql12160.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ql1240.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ql1280.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\locator.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\lsass.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys Wed Sep 14 22:24:31 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\sisagp.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\drivers\smwdm.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\sparrow.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\drivers\sscdbhk5.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\drivers\ssrtln.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\symc810.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\symc8xx.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\sym_hi.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\sym_u3.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys Wed Sep 14 22:24:32 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsnboio.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsncofs.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsndrct.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsndres.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsnifs.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsnopio.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsnpool.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsnudf.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\dla\tfsnudfa.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\toside.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ultra.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\wdfmgr.exe Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\System32\ups.exe Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys Wed Sep 14 22:24:33 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\viaagp.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\viaide.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wanatw4.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File c:\PROGRA~1\WINDOW~3\mswmccds.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\PROGRA~1\WINDOW~3\mswmcls.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\drivers\ialmsbw.sys Wed Sep 14 22:24:34 2005 => Scanning File C:\WINDOWS\system32\drivers\ialmkchw.sys Wed Sep 14 22:24:34 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD Wed Sep 14 22:24:34 2005 => ***** Scanning Registry and File system for Adware/Spyware ***** Wed Sep 14 22:24:34 2005 => Loading Spyware Signatures from new External Database (Size: 143636). Wed Sep 14 22:24:52 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. Wed Sep 14 22:25:03 2005 => ***** Scanning Registry for errors created because of Adware/Spyware ***** Wed Sep 14 22:25:03 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken. Wed Sep 14 22:25:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken.

#36 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 16 September 2005 - 04:15 AM

would you suggest I purchase this software? Would it also correct the errors if I did?

#37 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 18 September 2005 - 02:26 PM

Please try the about:buster scan again, make sure that you update it, run it twice in safe mode and then post the log it produces please.

#38 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 18 September 2005 - 04:00 PM

Im so glad your still with me . Thought you closed my thread. Things are progressively getting worse. Im having a bad time with firefox too. I downloaded about buster but could not do so thru your link ( Tho I previously could) "page can not be found" I was able to dowload it from the geeks to go website but I am unable to update it. "an error has occured while trying to update" Again I can not find a logfile, maybe you can help me there but it found nothing. After the scan I recieved a pop up " component comctl32.ocx is not registered or a file is missing. While in safe mode I again ran cwshredder and again it removed cws.msconfig. I am ready to hang it up. Everything just keeps getting worse. My computer froze twice trying to get here and I had to close it down manually. And more and more page cant be displayed. Or I go to a site and just get knocked offline. P.s. I just got off yhe phone with my sister and she suggested I may have added this thing to firefox because I exported my bookmarks & settings from IE.

Edited by kaminikij, 18 September 2005 - 04:25 PM.

#39 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 19 September 2005 - 04:37 PM

I purchased the software and it removed the cws. thereal search and the errors. Actually ran it twice to be sure. Now the problem is cw shredder still detects and removes cws.msconfig. But hopefully this is a start. Still feels very sluggish but no longer feels as if something is downloading. Mon Sep 19 18:23:45 2005 => ********************************************************** Mon Sep 19 18:23:45 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Mon Sep 19 18:23:45 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Mon Sep 19 18:23:45 2005 => ********************************************************** Mon Sep 19 18:23:45 2005 => Version 7.1.4 (C:\DOCUME~1\John\LOCALS~1\Temp\mwavscan.com) Mon Sep 19 18:23:45 2005 => Log File: C:\DOCUME~1\John\LOCALS~1\Temp\MWAV.LOG Mon Sep 19 18:23:45 2005 => Last Scan Date and Time: 19.09.2005 16:19:29 Mon Sep 19 18:23:45 2005 => MWAV Registered: TRUE. Mon Sep 19 18:23:45 2005 => MWAV Mode: Scan and Clean files. Mon Sep 19 18:23:46 2005 => Latest Date of files inside MWAV: 09 Sep 2005 08:02:44. Mon Sep 19 18:23:47 2005 => AV Library Loaded... Mon Sep 19 18:23:47 2005 => MWAV doing self scanning... Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavss.exe Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\Getvlist.exe Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavss.dll Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavssdi.dll Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavssi.dll Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavvlg.dll Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\msvlclnt.dll Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\ipc.dll Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\main.avi Mon Sep 19 18:23:47 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\virus.avi Mon Sep 19 18:23:47 2005 => MWAV files are clean. Mon Sep 19 18:23:55 2005 => Virus Database Date: 2005/09/09 Mon Sep 19 18:23:55 2005 => Virus Database Count: 148428 Mon Sep 19 18:24:01 2005 => AV Library Unloaded (3)... Mon Sep 19 18:35:41 2005 => ********************************************************** Mon Sep 19 18:35:41 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility. Mon Sep 19 18:35:41 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc. Mon Sep 19 18:35:41 2005 => ********************************************************** Mon Sep 19 18:35:41 2005 => Version 7.1.4 (C:\DOCUME~1\John\LOCALS~1\Temp\mwavscan.com) Mon Sep 19 18:35:41 2005 => Log File: C:\DOCUME~1\John\LOCALS~1\Temp\MWAV.LOG Mon Sep 19 18:35:41 2005 => Last Scan Date and Time: 19.09.2005 16:19:29 Mon Sep 19 18:35:41 2005 => MWAV Registered: TRUE. Mon Sep 19 18:35:41 2005 => MWAV Mode: Scan and Clean files. Mon Sep 19 18:35:41 2005 => Latest Date of files inside MWAV: 09 Sep 2005 08:02:44. Mon Sep 19 18:35:43 2005 => AV Library Loaded... Mon Sep 19 18:35:43 2005 => MWAV doing self scanning... Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavss.exe Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\Getvlist.exe Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavss.dll Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavssdi.dll Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavssi.dll Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavvlg.dll Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\msvlclnt.dll Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\ipc.dll Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\main.avi Mon Sep 19 18:35:43 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\virus.avi Mon Sep 19 18:35:43 2005 => MWAV files are clean. Mon Sep 19 18:35:57 2005 => Virus Database Date: 2005/09/09 Mon Sep 19 18:35:57 2005 => Virus Database Count: 148428

Edited by kaminikij, 19 September 2005 - 05:07 PM.

#40 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 19 September 2005 - 05:09 PM

i also found this on the cw chronicle site. Dont really understand it Variant 31: - CWS.Msconfig Approx date first sighted: February 5, 2004 Symptoms: IE pages being hijacked to www.31234.com on system startup and when changing homepage back, continuous errors about an invalid Registry script in temp2.txt, extra item in right-click menu of webpages named '??????' Cleverness: 2/10 Manual removal difficulty: Involves a process killer, some Registry editing and restoring a Windows system file from CD This variant uses the filename msconfig.exe which overwrites the real Windows file in Windows 98/98SE/ME. The temp2.txt file it drops is actually a Registry script, but since it's in the wrong format, Windows 9x/ME will throw up an error about an invalid Registry script. Windows 2000/XP will import it without complaining, creating the '??????' item in the IE right-click menu. The msconfig.exe file will always stay in memory, reinstalling the hijack every 5 seconds. Killing the process, deleting the file and restoring the IE homepages/search pages fixes this hijack. The real Windows file msconfig.exe can be download here, if you can't restore it from your Windows Setup CD for some reason.

    Advertisements

Register to Remove

#41 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 20 September 2005 - 08:13 PM

Step#1:Restore Deleted System Files

Now we need to see if we need to restore some deleted files:Please check for the following files using the Windows Search Engine:
  • control.exe
  • rundll32.exe
  • wmplayer.exe
  • msconfig.exe
  • notepad.exe
  • shell.dll
  • SDHelper.dll
If any are missing or not working properly then you can download new copies from
Merijn's Files and following the instructions at that site to have them where they belong for your OS.
  • If you are having any difficulty with Notepad, please go to Merijn's Files and choose 'Windows Files' from the menu on the left hand side of the page. Then choose 'Notepad' from the list and download it to C:\Windows and C:\Windows\System32
  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • This infection often deletes some system files that need to be replaced. The most frequent one it deletes is shell.dll in Win2K or XP. In XP there are two copies of this file, one in Windows (WINNT) and one in Windows\System32. It does not delete the one in Windows\System so it does not affect Win9x/ME. If you find it missing, please copy the shell.dll from c:\windows\system32\dllcache into both \Windows (WINNT) and Windows\System32 .
  • The other system file which is most frequently deleted is control.exe. Please check to make sure that you have this file and it is the correct size. If not Please check for the existence of this file by going to to Merijn's Files (sdhelper) and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to the information at this website. The control.exe is more often deleted in Win9x/ME.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
Step#2:Download CCleaner
  • Download Ccleaner to clean temp files from your computer.
  • Double click on Ccleaner to install the program, with its default settings, selecting language and agreeing to the license agreement.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Click Options > Advanced and uncheck "Only delete files in Windows Temp folders older than 48 hours".



    Step#3:Complete An Online AntiVirus Scan

    Run an online antivirus scan at:

    Trend Micro-Housecall Online AV

    Reboot



    Step#4:Find the Infected Files On Your Hard Drive
    [list]
  • Navigate to C:\Windows
  • look for files that were created at the approximate time and date as the infection occurred.
  • look for those that end in exe, DAT and DLL and if found, right click on the file and check properties. Legitimate files should be copyrighted by Microsoft
  • if you determine they are bad files, right click on them and choose delete
  • Navigate to C:\Windows\System or C:\Windows\System32 (depending on the OS) and repeat each of the above steps to check for those ending in exe, DAT and/or DLL
  • if the above files will not delete, then make a new folder on your desktop by right clicking on the desktop and choosing New > Folder. Name the folder CWS Files.
  • Move the files from C:\Windows or C:\Windows\System or C:\Windows\system32
    to the new folder CWS Files.
Step#5:Using your Windows CD to replace System Files

** In cases where many system files are missing you have no alternative but to have them insert their Windows OS disk and run sfc /scannow from the Run box if able or from Recovery Console if not able to get into windows[/b]



Step#6:Scan And Post a New HijackThis Log

1. Scan again with HijackThis

2. POST your log file using Add Reply to see what is left to fix.

#42 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 21 September 2005 - 12:36 PM

seems the files you asked to look for are there when I search. (all the exe files are lacated in c /windows prefetch) is that were they should be? I located waol.exe in the registry and deleted that. I am going to again go thru my files etc but havent found anything so far. Cwshredder again finds and removes cws.msconfig. Not sure if this might say something but I will post the trendmicro log --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Thu Sep 15 20:03:20 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Fri Sep 16 08:43:50 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Fri Sep 16 16:33:47 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Fri Sep 16 18:12:44 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Fri Sep 16 20:28:26 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Scanning is stopping... Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 06:54:41 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 08:33:06 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 09:50:49 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 10:16:33 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 10:27:26 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning CoolWebSearch Variants (CWShredder) Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 10:31:55 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 13:31:58 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 13:37:58 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) CoolWebSearch Variants (CWShredder): Found 'CWS.MSConfig' in '' Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning CoolWebSearch Variants (CWShredder): Cleaned 'CWS.MSConfig' in '' Finished Cleaning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 14:10:38 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 14:57:37 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 15:26:03 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 21:58:51 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 22:33:34 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 22:36:03 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sat Sep 17 22:46:01 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning CoolWebSearch Variants (CWShredder) Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 06:56:35 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 07:09:26 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 07:12:46 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 08:32:03 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 08:47:44 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies Internet Cookies: Found 'roia.biz' in 'Internet Explorer Cache' CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning Internet Cookies: Cleaned 'roia.biz' in 'Internet Explorer Cache' Finished Cleaning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 08:56:43 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 13:42:35 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 14:34:54 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 14:51:49 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies Internet Cookies: Found '2o7.net' in 'Internet Explorer Cache' Internet Cookies: Cleaned 'atwola.com' in 'Internet Explorer Cache' Internet Cookies: Found 'roia.biz' in 'Internet Explorer Cache' Internet Cookies: Found 'perf.overture.com' in 'Internet Explorer Cache' Internet Cookies: Found 'questionmarket.com' in 'Internet Explorer Cache' CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning Internet Cookies: Cleaned '2o7.net' in 'Internet Explorer Cache' Internet Cookies: Cleaned 'roia.biz' in 'Internet Explorer Cache' Internet Cookies: Cleaned 'perf.overture.com' in 'Internet Explorer Cache' Internet Cookies: Cleaned 'questionmarket.com' in 'Internet Explorer Cache' Finished Cleaning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 15:04:26 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 16:03:06 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 16:12:25 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 16:53:47 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 16:59:13 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 17:12:19 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 17:14:46 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning CoolWebSearch Variants (CWShredder) Finished Scanning Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 17:38:59 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 18:10:19 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 19:02:43 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 19:10:23 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 19:13:03 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 19:15:35 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 20:19:53 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Sun Sep 18 20:29:16 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 06:09:01 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 08:29:28 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 08:32:42 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 09:48:24 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 09:59:32 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 10:02:26 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 10:08:26 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies Internet Cookies: Cleaned 'atdmt.com' in 'Internet Explorer Cache' Internet Cookies: Cleaned 'tribalfusion.com' in 'Internet Explorer Cache' CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows common dialog recently used file list Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in '' Windows Search History Delete History Items on Startup: Cleaned 'Windows Search History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Windows Document History Delete History Items on Startup: Cleaned 'Windows Document History' in '' Windows Run History Delete History Items on Startup: Cleaned 'Windows Run History' in '' Recycle Bin Delete History Items on Startup: Cleaned 'Recycle Bin' in '' Start Menu Order/Click History Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in '' MS Download Temp Directory Delete History Items on Startup: Cleaned 'MS Download Temp Directory' in '' Google Search History Delete History Items on Startup: Cleaned 'Google Search History' in '' Adobe Acrobat recent file list Delete History Items on Startup: Cleaned 'Adobe Acrobat recent file list' in '' Microsoft Word recent file list Delete History Items on Startup: Cleaned 'Microsoft Word recent file list' in '' Jasc Paint Shop Pro History Delete History Items on Startup: Cleaned 'Jasc Paint Shop Pro History' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 10:17:19 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 18:05:17 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 18:14:43 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 18:18:33 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 20:01:37 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 20:57:36 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Mon Sep 19 21:25:47 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 05:52:36 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 07:46:40 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 07:53:36 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 08:52:20 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 09:10:22 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Scanning is stopping... Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 10:15:12 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 16:44:38 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Scanning is stopping... Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Media Player history Delete History Items on Startup: Cleaned 'Media Player history' in '' RealPlayer History Delete History Items on Startup: Cleaned 'RealPlayer History' in '' Windows common dialog recently used file list Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in '' Windows Search History Delete History Items on Startup: Cleaned 'Windows Search History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Windows Document History Delete History Items on Startup: Cleaned 'Windows Document History' in '' Windows Run History Delete History Items on Startup: Cleaned 'Windows Run History' in '' Start Menu Order/Click History Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in '' Google Search History Delete History Items on Startup: Cleaned 'Google Search History' in '' Winzip Recent File List Delete History Items on Startup: Cleaned 'Winzip Recent File List' in '' Microsoft Word recent file list Delete History Items on Startup: Cleaned 'Microsoft Word recent file list' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 16:48:08 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 19:12:18 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 19:34:02 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 19:34:14 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning CoolWebSearch Variants (CWShredder) Finished Scanning Program Startup Areas: Found 'RegistryMechanic' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' IE Downloaded Program Files: Found 'CKAVWebScan Object' in 'C:\WINDOWS\Downloaded Program Files\kavwebscan.inf' --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 20:40:30 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Tue Sep 20 20:41:17 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Media Player history Delete History Items on Startup: Cleaned 'Media Player history' in '' RealPlayer History Delete History Items on Startup: Cleaned 'RealPlayer History' in '' Windows common dialog recently used file list Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in '' Windows Search History Delete History Items on Startup: Cleaned 'Windows Search History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Windows Document History Delete History Items on Startup: Cleaned 'Windows Document History' in '' Windows Run History Delete History Items on Startup: Cleaned 'Windows Run History' in '' Recycle Bin Delete History Items on Startup: Cleaned 'Recycle Bin' in '' Start Menu Order/Click History Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in '' MS Download Temp Directory Delete History Items on Startup: Cleaned 'MS Download Temp Directory' in '' Google Search History Delete History Items on Startup: Cleaned 'Google Search History' in '' Winzip Recent File List Delete History Items on Startup: Cleaned 'Winzip Recent File List' in '' Microsoft Word recent file list Delete History Items on Startup: Cleaned 'Microsoft Word recent file list' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Wed Sep 21 05:49:16 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Wed Sep 21 08:38:07 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session ended --------------------------------- --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Wed Sep 21 09:59:01 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Wed Sep 21 10:01:54 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) CoolWebSearch Variants (CWShredder): Found 'CWS.MSConfig' in '' Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning CoolWebSearch Variants (CWShredder): Cleaned 'CWS.MSConfig' in '' Finished Cleaning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Media Player history Delete History Items on Startup: Cleaned 'Media Player history' in '' RealPlayer History Delete History Items on Startup: Cleaned 'RealPlayer History' in '' Windows common dialog recently used file list Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in '' Windows Search History Delete History Items on Startup: Cleaned 'Windows Search History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Windows Document History Delete History Items on Startup: Cleaned 'Windows Document History' in '' Windows Run History Delete History Items on Startup: Cleaned 'Windows Run History' in '' Recycle Bin Delete History Items on Startup: Cleaned 'Recycle Bin' in '' Start Menu Order/Click History Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in '' MS Download Temp Directory Delete History Items on Startup: Cleaned 'MS Download Temp Directory' in '' Google Search History Delete History Items on Startup: Cleaned 'Google Search History' in '' Winzip Recent File List Delete History Items on Startup: Cleaned 'Winzip Recent File List' in '' Microsoft Word recent file list Delete History Items on Startup: Cleaned 'Microsoft Word recent file list' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning

#43 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 21 September 2005 - 02:31 PM

trend micro online removed 2 spyware cookies. Other than that it came up clean.
I dont see any other files but then again Im not sure .There is one thing that sounded funny but I left in windows 1386."ataboot.sy". Here is a new HJ log

Logfile of HijackThis v1.99.1
Scan saved at 4:14:19 PM, on 9/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = adelphia.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Thanks.

#44 kaminikij

kaminikij

    Authentic Member

  • Authentic Member
  • PipPip
  • 111 posts

Posted 22 September 2005 - 08:17 AM

here is my latest development from this morning. This is from trend micro anti spyware Machine=DHWSSV31 Time=Thu Sep 22 10:00:42 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Internet Cookies CoolWebSearch Variants (CWShredder) Programs in Memory Windows Registry Windows Registry: Found '' in 'CLSID\{52C01A76-19E2-4A50-AE8A-38FFBCCF9182}' Windows Registry: Found '' in 'CLSID\{EC22770D-3343-4C56-8A8D-3E560475F655}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{52C01A76-19E2-4A50-AE8A-38FFBCCF9182}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{C406F816-318D-4F7D-81CB-BA93CA7B70D5}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{EC22770D-3343-4C56-8A8D-3E560475F655}' Windows Registry: Found '' in 'CLSID\{3DCD2BC5-8489-48AE-891F-90C8B2F19F56}' Windows Registry: Found '' in 'CLSID\{A506EF88-9EFC-4522-BFE1-A8E886A64D80}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{3DCD2BC5-8489-48AE-891F-90C8B2F19F56}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{A506EF88-9EFC-4522-BFE1-A8E886A64D80}' Windows Registry: Found '' in 'CLSID\{3831331E-0D11-4716-871D-68F3B11D23C9}' Windows Registry: Found '' in 'CLSID\{D502D4A3-03E6-4EAE-A14E-69606CA63430}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{3831331E-0D11-4716-871D-68F3B11D23C9}' Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{D502D4A3-03E6-4EAE-A14E-69606CA63430}' Windows Registry: Found '' in 'CLSID\{762EC429-1A5D-4AB8-844A-9A552E1241DA}' Windows Registry: Found '' in 'CLSID\{BBC73C94-337C-43CC-B52C-31EB9FA34013}' Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning Windows Registry: Cleaned '' in 'CLSID\{52C01A76-19E2-4A50-AE8A-38FFBCCF9182}' Windows Registry: Cleaned '' in 'CLSID\{EC22770D-3343-4C56-8A8D-3E560475F655}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{52C01A76-19E2-4A50-AE8A-38FFBCCF9182}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{C406F816-318D-4F7D-81CB-BA93CA7B70D5}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{EC22770D-3343-4C56-8A8D-3E560475F655}' Windows Registry: Cleaned '' in 'CLSID\{3DCD2BC5-8489-48AE-891F-90C8B2F19F56}' Windows Registry: Cleaned '' in 'CLSID\{A506EF88-9EFC-4522-BFE1-A8E886A64D80}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{3DCD2BC5-8489-48AE-891F-90C8B2F19F56}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{A506EF88-9EFC-4522-BFE1-A8E886A64D80}' Windows Registry: Cleaned '' in 'CLSID\{3831331E-0D11-4716-871D-68F3B11D23C9}' Windows Registry: Cleaned '' in 'CLSID\{D502D4A3-03E6-4EAE-A14E-69606CA63430}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{3831331E-0D11-4716-871D-68F3B11D23C9}' Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{D502D4A3-03E6-4EAE-A14E-69606CA63430}' Windows Registry: Cleaned '' in 'CLSID\{762EC429-1A5D-4AB8-844A-9A552E1241DA}' Windows Registry: Cleaned '' in 'CLSID\{BBC73C94-337C-43CC-B52C-31EB9FA34013}' Finished Cleaning Started Cleaning Internet Explorer/MSN/AOL Cache Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in '' Internet Browser History Delete History Items on Startup: Cleaned 'Internet Browser History' in '' Media Player history Delete History Items on Startup: Cleaned 'Media Player history' in '' RealPlayer History Delete History Items on Startup: Cleaned 'RealPlayer History' in '' Windows common dialog recently used file list Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in '' Windows Search History Delete History Items on Startup: Cleaned 'Windows Search History' in '' Windows Temp Files Delete History Items on Startup: Cleaned 'Windows Temp Files' in '' Windows Document History Delete History Items on Startup: Cleaned 'Windows Document History' in '' Windows Run History Delete History Items on Startup: Cleaned 'Windows Run History' in '' Start Menu Order/Click History Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in '' MS Download Temp Directory Delete History Items on Startup: Cleaned 'MS Download Temp Directory' in '' Google Search History Delete History Items on Startup: Cleaned 'Google Search History' in '' Winzip Recent File List Delete History Items on Startup: Cleaned 'Winzip Recent File List' in '' Adobe Acrobat recent file list Delete History Items on Startup: Cleaned 'Adobe Acrobat recent file list' in '' Microsoft Word recent file list Delete History Items on Startup: Cleaned 'Microsoft Word recent file list' in '' Jasc Paint Shop Pro History Delete History Items on Startup: Cleaned 'Jasc Paint Shop Pro History' in '' Cookies Delete History Items on Startup: Cleaned 'Cookies' in '' Finished Cleaning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Thu Sep 22 10:09:25 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Started Scanning Programs in Memory Finished Scanning --------------------------------- Anti-Spyware session started --------------------------------- Machine=DHWSSV31 Time=Thu Sep 22 10:13:11 2005 Product Version=3, 0, 1, 23 OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

#45 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 22 September 2005 - 12:23 PM

when it keeps finding msconfig and identifying its as bad where is the file located? Example C:/xxxxxxxx/xxxxxxxxx Please let me know.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·