Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HJT Log


  • This topic is locked This topic is locked
15 replies to this topic

#1 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 02 November 2005 - 05:09 PM

This is my friends laptop computer, and he just told me about a popup he was getting to run "msniu.exe" every time he started up his computer. This occured soon after he clicked on a link in an instant message window. I looked at his computer and installed Ad-aware, Spybot S&D, as well as Spyware Blaster, ad ran them all. After doing so, he still gets the pop up. Here is the HJT Log file

Logfile of HijackThis v1.99.1
Scan saved at 4:02:34 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DropSpam\oesrv.exe
C:\Program Files\dslifestyle\dslifestyle.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Jason Johnson\Desktop\Spyware Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01786 - {1923D19B-2EE9-4466-9C3B-87F52DF177E7} - C:\PROGRA~1\TRUSTY~1\toolbar.dll
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [oe_drop_spam] C:\Program Files\DropSpam\oesrv.exe
O4 - HKLM\..\Run: [DropSpam Lifestyle] "C:\Program Files\dslifestyle\dslifestyle.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\RunServices: [InoRT] C:\Program Files\CA\eTrust Antivirus\InoRT9X.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Program Files\CA\eTrust Antivirus\InoRPC.exe
O4 - HKLM\..\RunServices: [InoTask] C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf....ler/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124303808515
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRpc) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE



Thanks for taking the time to look and helping me clean up his computer!

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 08 November 2005 - 06:58 PM

Hello Zebadiah, Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 08 November 2005 - 10:57 PM

No worries about the delay at all. I appreciate you looking at this for me.



Logfile of HijackThis v1.99.1
Scan saved at 9:54:56 PM, on 11/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DropSpam\oesrv.exe
C:\Program Files\dslifestyle\dslifestyle.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLServiceHost.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Johnson\Desktop\Spyware Protection\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTP01786 - {1923D19B-2EE9-4466-9C3B-87F52DF177E7} - C:\PROGRA~1\TRUSTY~1\toolbar.dll
O2 - BHO: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Drop Spam Toolbar - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - C:\Program Files\DropSpam\ewwie.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [oe_drop_spam] C:\Program Files\DropSpam\oesrv.exe
O4 - HKLM\..\Run: [DropSpam Lifestyle] "C:\Program Files\dslifestyle\dslifestyle.exe"
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
O4 - HKLM\..\RunServices: [InoRT] C:\Program Files\CA\eTrust Antivirus\InoRT9X.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Program Files\CA\eTrust Antivirus\InoRPC.exe
O4 - HKLM\..\RunServices: [InoTask] C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dll
O9 - Extra 'Tools' menuitem: Looksitup Toolbar - {B6E649FA-5461-40d7-AB4D-54FC3C8DB767} - C:\Program Files\DropSpam\ewwie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf....ler/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124303808515
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensave.../sinstaller.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRpc) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 09 November 2005 - 11:23 AM

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 09 November 2005 - 05:29 PM

Thanks, I ran the sweeper and the first time it locked up on me while removing. I restarted and ran it again, and things worked fine. I notice that the msniu.exe is no longer trying to run at start up. At this moment computer seems to be running fine. Anything else I can do? Sweeper: ******** 3:52 PM: | Start of Session, Wednesday, November 09, 2005 | 3:52 PM: Spy Sweeper started 3:52 PM: Sweep initiated using definitions version 569 3:53 PM: Starting Memory Sweep 3:54 PM: Found Adware: surf accuracy 3:54 PM: Detected running threat: C:\Program Files\SurfAccuracy\SAcc.exe (ID = 180326) 3:54 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0) 3:54 PM: Found Adware: dropspam toobar 3:54 PM: Detected running threat: C:\Program Files\dslifestyle\dslifestyle.exe (ID = 185108) 3:54 PM: Memory Sweep Complete, Elapsed Time: 00:01:34 3:54 PM: Starting Registry Sweep 3:54 PM: Found Adware: hotbar 3:54 PM: HKLM\software\classes\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 127543) 3:54 PM: HKLM\software\hbtools\ (7 subtraces) (ID = 127564) 3:54 PM: HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\ (1 subtraces) (ID = 127569) 3:54 PM: HKCR\typelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\ (9 subtraces) (ID = 127641) 3:54 PM: Found Adware: screensavers 3:54 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550) 3:54 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140551) 3:54 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555) 3:54 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (2 subtraces) (ID = 140556) 3:54 PM: HKLM\software\microsoft\code store database\distribution units\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (9 subtraces) (ID = 140566) 3:54 PM: HKLM\software\screensavers.com\ (ID = 140569) 3:54 PM: Found Adware: trustyhound toolbar 3:54 PM: HKLM\software\classes\toolband.xbtp01786.1\ (3 subtraces) (ID = 145186) 3:54 PM: HKLM\software\classes\toolband.xbtp01786\ (5 subtraces) (ID = 145187) 3:54 PM: HKLM\software\classes\xbtb01786.ietoolbar.1\ (3 subtraces) (ID = 145189) 3:54 PM: HKLM\software\classes\xbtb01786.ietoolbar\ (5 subtraces) (ID = 145190) 3:54 PM: HKCR\toolband.xbtp01786.1\ (3 subtraces) (ID = 145198) 3:54 PM: HKCR\toolband.xbtp01786\ (5 subtraces) (ID = 145199) 3:54 PM: HKCR\xbtb01786.ietoolbar.1\ (3 subtraces) (ID = 145201) 3:54 PM: HKCR\xbtb01786.ietoolbar\ (5 subtraces) (ID = 145202) 3:54 PM: HKLM\software\sacc\ (10 subtraces) (ID = 203068) 3:54 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfaccuracy (ID = 203069) 3:54 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070) 3:54 PM: Found Adware: quicklink search toolbar 3:54 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457) 3:54 PM: HKLM\software\ql\ (4 subtraces) (ID = 359458) 3:54 PM: HKCR\clsid\{1923d19b-2ee9-4466-9c3b-87f52df177e7}\ (11 subtraces) (ID = 754077) 3:54 PM: HKCR\typelib\{0837367e-6944-43e8-a999-c80334ec7116}\ (9 subtraces) (ID = 754094) 3:54 PM: HKLM\software\classes\clsid\{1923d19b-2ee9-4466-9c3b-87f52df177e7}\ (11 subtraces) (ID = 754104) 3:54 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{1923d19b-2ee9-4466-9c3b-87f52df177e7}\ (1 subtraces) (ID = 754127) 3:54 PM: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 subtraces) (ID = 774223) 3:54 PM: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 subtraces) (ID = 774358) 3:54 PM: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 subtraces) (ID = 774394) 3:54 PM: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 subtraces) (ID = 774412) 3:54 PM: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 subtraces) (ID = 774457) 3:54 PM: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (8 subtraces) (ID = 774499) 3:54 PM: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (8 subtraces) (ID = 774634) 3:54 PM: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (8 subtraces) (ID = 774670) 3:54 PM: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (8 subtraces) (ID = 774688) 3:54 PM: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (8 subtraces) (ID = 774733) 3:54 PM: HKCR\ewwie.band\ (5 subtraces) (ID = 956837) 3:54 PM: HKCR\ewwie.band.1\ (3 subtraces) (ID = 956843) 3:54 PM: HKCR\ewwie.popcounter\ (5 subtraces) (ID = 956847) 3:54 PM: HKCR\ewwie.popcounter.1\ (3 subtraces) (ID = 956853) 3:54 PM: HKCR\ewwotb.addin\ (5 subtraces) (ID = 956857) 3:54 PM: HKCR\ewwotb.addin.1\ (3 subtraces) (ID = 956863) 3:54 PM: HKCR\oehk.oerebar\ (5 subtraces) (ID = 956867) 3:54 PM: HKCR\oehk.oerebar.1\ (3 subtraces) (ID = 956873) 3:54 PM: HKCR\oesrv.oeinterface\ (5 subtraces) (ID = 956877) 3:54 PM: HKCR\oesrv.oeinterface.1\ (3 subtraces) (ID = 956883) 3:54 PM: HKCR\appid\{54ac0313-c709-4f55-a430-ec7e89f74665}\ (1 subtraces) (ID = 956889) 3:54 PM: HKCR\clsid\{1d95d4b4-f3de-4bde-af1d-219b23b58986}\ (11 subtraces) (ID = 956891) 3:54 PM: HKCR\clsid\{2dea8791-c2b7-48e1-8992-8e8e6a6fe789}\ (11 subtraces) (ID = 956904) 3:54 PM: HKCR\clsid\{3058b2ea-a146-451a-916a-a5dcce7fa0b7}\ (11 subtraces) (ID = 956916) 3:54 PM: HKCR\clsid\{5d50d513-e136-4f9f-b610-c7805e5f2491}\ (11 subtraces) (ID = 956928) 3:54 PM: HKCR\clsid\{88b79166-13ab-4d04-aee8-7ab1cde75d7e}\ (11 subtraces) (ID = 956941) 3:54 PM: HKCR\typelib\{8220059c-d959-4f27-b559-179a8c5efdc1}\ (9 subtraces) (ID = 956953) 3:54 PM: HKCR\typelib\{9ca78f1b-ee6b-4fd0-84e0-794d58a51496}\ (9 subtraces) (ID = 956963) 3:54 PM: HKCR\typelib\{cc1074c2-0ca2-408e-81f9-ca8ad68d31a9}\ (9 subtraces) (ID = 956973) 3:54 PM: HKCR\typelib\{f45e6252-3fb8-4876-b185-cdc91f42165d}\ (9 subtraces) (ID = 956986) 3:54 PM: HKLM\software\microsoft\windows\currentversion\run\ || oe_drop_spam (ID = 957004) 3:54 PM: HKLM\software\classes\ewwie.band\ (5 subtraces) (ID = 957005) 3:54 PM: HKLM\software\classes\ewwie.band.1\ (3 subtraces) (ID = 957011) 3:54 PM: HKLM\software\classes\ewwie.popcounter\ (5 subtraces) (ID = 957015) 3:54 PM: HKLM\software\classes\ewwie.popcounter.1\ (3 subtraces) (ID = 957021) 3:54 PM: HKLM\software\classes\ewwotb.addin\ (5 subtraces) (ID = 957025) 3:54 PM: HKLM\software\classes\ewwotb.addin.1\ (3 subtraces) (ID = 957031) 3:54 PM: HKLM\software\classes\oehk.oerebar\ (5 subtraces) (ID = 957035) 3:54 PM: HKLM\software\classes\oehk.oerebar.1\ (3 subtraces) (ID = 957041) 3:54 PM: HKLM\software\classes\oesrv.oeinterface\ (5 subtraces) (ID = 957045) 3:54 PM: HKLM\software\classes\oesrv.oeinterface.1\ (3 subtraces) (ID = 957051) 3:54 PM: HKLM\software\classes\appid\oesrv.exe\ (1 subtraces) (ID = 957055) 3:54 PM: HKLM\software\classes\appid\{54ac0313-c709-4f55-a430-ec7e89f74665}\ (1 subtraces) (ID = 957057) 3:54 PM: HKLM\software\classes\clsid\{1d95d4b4-f3de-4bde-af1d-219b23b58986}\ (11 subtraces) (ID = 957059) 3:54 PM: HKLM\software\classes\clsid\{2dea8791-c2b7-48e1-8992-8e8e6a6fe789}\ (11 subtraces) (ID = 957072) 3:54 PM: HKLM\software\classes\clsid\{3058b2ea-a146-451a-916a-a5dcce7fa0b7}\ (11 subtraces) (ID = 957084) 3:54 PM: HKLM\software\classes\clsid\{5d50d513-e136-4f9f-b610-c7805e5f2491}\ (11 subtraces) (ID = 957096) 3:54 PM: HKLM\software\classes\clsid\{88b79166-13ab-4d04-aee8-7ab1cde75d7e}\ (11 subtraces) (ID = 957109) 3:54 PM: HKLM\software\classes\typelib\{8220059c-d959-4f27-b559-179a8c5efdc1}\ (9 subtraces) (ID = 957121) 3:54 PM: HKLM\software\classes\typelib\{9ca78f1b-ee6b-4fd0-84e0-794d58a51496}\ (9 subtraces) (ID = 957131) 3:54 PM: HKLM\software\classes\typelib\{cc1074c2-0ca2-408e-81f9-ca8ad68d31a9}\ (9 subtraces) (ID = 957141) 3:54 PM: HKLM\software\classes\typelib\{f45e6252-3fb8-4876-b185-cdc91f42165d}\ (9 subtraces) (ID = 957154) 3:54 PM: HKLM\software\microsoft\internet explorer\extensions\{b6e649fa-5461-40d7-ab4d-54fc3c8db767}\ (6 subtraces) (ID = 957164) 3:54 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {2dea8791-c2b7-48e1-8992-8e8e6a6fe789} (ID = 957173) 3:54 PM: HKLM\software\microsoft\windows\currentversion\run\ || dropspam lifestyle (ID = 957174) 3:54 PM: HKLM\software\microsoft\windows\currentversion\uninstall\drop spam\ (13 subtraces) (ID = 957175) 3:54 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet explorer toolbar - dropspam\ (2 subtraces) (ID = 957189) 3:54 PM: HKLM\software\microsoft\windows\currentversion\uninstall\lifestyle . dropspam\ (9 subtraces) (ID = 957192) 3:54 PM: Found Adware: dropspam hijacker 3:54 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 957316) 3:54 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 957317) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\hbtools\ (180 subtraces) (ID = 127563) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586) 3:54 PM: Found Adware: starware toolbar 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\starware\ (10 subtraces) (ID = 142866) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\xbtb01786\ (1 subtraces) (ID = 145197) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\microsoft\installer\features\10b0642b36134f8f914ea8e11ee5b503\ (1 subtraces) (ID = 788006) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\microsoft\installer\products\d493500bd4a54ea6bc805fc9cda952c5\ (2 subtraces) (ID = 788008) 3:54 PM: HKU\WRSS_Profile_S-1-5-21-3591170506-3910473465-2857936442-501\software\dropspamtoolbar\ (2 subtraces) (ID = 956998) 3:54 PM: HKU\S-1-5-21-3591170506-3910473465-2857936442-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575) 3:54 PM: HKU\S-1-5-21-3591170506-3910473465-2857936442-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576) 3:54 PM: HKU\S-1-5-21-3591170506-3910473465-2857936442-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586) 3:54 PM: HKU\S-1-5-21-3591170506-3910473465-2857936442-1005\software\xbtb01786\ (3 subtraces) (ID = 145197) 3:54 PM: HKU\S-1-5-21-3591170506-3910473465-2857936442-1005\software\dropspam\ (5 subtraces) (ID = 956996) 3:54 PM: HKU\S-1-5-21-3591170506-3910473465-2857936442-1005\software\dropspamtoolbar\ (2 subtraces) (ID = 956998) 3:54 PM: Registry Sweep Complete, Elapsed Time:00:00:13 3:54 PM: Starting Cookie Sweep 3:54 PM: Found Spy Cookie: hotbar cookie 3:54 PM: guest@hotbar[2].txt (ID = 2797) 3:54 PM: Found Spy Cookie: primaryads cookie 3:54 PM: jason johnson@1.primaryads[2].txt (ID = 3190) 3:54 PM: Found Spy Cookie: 888 cookie 3:54 PM: jason johnson@888[2].txt (ID = 2019) 3:54 PM: Found Spy Cookie: yieldmanager cookie 3:54 PM: jason johnson@ad.yieldmanager[1].txt (ID = 3751) 3:54 PM: Found Spy Cookie: adknowledge cookie 3:54 PM: jason johnson@adknowledge[1].txt (ID = 2072) 3:54 PM: Found Spy Cookie: hbmediapro cookie 3:54 PM: jason johnson@adopt.hbmediapro[2].txt (ID = 2768) 3:54 PM: Found Spy Cookie: specificclick.com cookie 3:54 PM: jason johnson@adopt.specificclick[1].txt (ID = 3400) 3:54 PM: Found Spy Cookie: adprofile cookie 3:54 PM: jason johnson@adprofile[2].txt (ID = 2084) 3:54 PM: Found Spy Cookie: belointeractive cookie 3:54 PM: jason johnson@ads.belointeractive[2].txt (ID = 2295) 3:54 PM: Found Spy Cookie: cc214142 cookie 3:54 PM: jason johnson@ads.cc214142[2].txt (ID = 2367) 3:54 PM: Found Spy Cookie: ask cookie 3:54 PM: jason johnson@ask[2].txt (ID = 2245) 3:54 PM: Found Spy Cookie: belnk cookie 3:54 PM: jason johnson@ath.belnk[1].txt (ID = 2293) 3:54 PM: Found Spy Cookie: atwola cookie 3:54 PM: jason johnson@atwola[2].txt (ID = 2255) 3:54 PM: Found Spy Cookie: azjmp cookie 3:54 PM: jason johnson@azjmp[2].txt (ID = 2270) 3:54 PM: Found Spy Cookie: banner cookie 3:54 PM: jason johnson@banner[2].txt (ID = 2276) 3:54 PM: jason johnson@belnk[1].txt (ID = 2292) 3:54 PM: jason johnson@belointeractive[1].txt (ID = 2294) 3:54 PM: Found Spy Cookie: bizrate cookie 3:54 PM: jason johnson@bizrate[2].txt (ID = 2308) 3:54 PM: Found Spy Cookie: burstnet cookie 3:54 PM: jason johnson@burstnet[2].txt (ID = 2336) 3:54 PM: Found Spy Cookie: enhance cookie 3:54 PM: jason johnson@c.enhance[1].txt (ID = 2614) 3:54 PM: Found Spy Cookie: dealtime cookie 3:54 PM: jason johnson@dealtime[1].txt (ID = 2505) 3:54 PM: Found Spy Cookie: directtrack cookie 3:54 PM: jason johnson@directtrack[2].txt (ID = 2527) 3:54 PM: jason johnson@dist.belnk[2].txt (ID = 2293) 3:54 PM: Found Spy Cookie: exitexchange cookie 3:54 PM: jason johnson@exitexchange[1].txt (ID = 2633) 3:54 PM: Found Spy Cookie: go.com cookie 3:54 PM: jason johnson@go[2].txt (ID = 2728) 3:54 PM: Found Spy Cookie: clickandtrack cookie 3:54 PM: jason johnson@hits.clickandtrack[1].txt (ID = 2397) 3:54 PM: Found Spy Cookie: screensavers.com cookie 3:54 PM: jason johnson@i.screensavers[1].txt (ID = 3298) 3:54 PM: Found Spy Cookie: ic-live cookie 3:54 PM: jason johnson@ic-live[1].txt (ID = 2821) 3:54 PM: Found Spy Cookie: metareward.com cookie 3:54 PM: jason johnson@metareward[2].txt (ID = 2990) 3:54 PM: jason johnson@movies.go[2].txt (ID = 2729) 3:54 PM: Found Spy Cookie: mywebsearch cookie 3:54 PM: jason johnson@mywebsearch[1].txt (ID = 3051) 3:54 PM: Found Spy Cookie: nextag cookie 3:54 PM: jason johnson@nextag[1].txt (ID = 5014) 3:54 PM: Found Spy Cookie: offeroptimizer cookie 3:54 PM: jason johnson@offeroptimizer[2].txt (ID = 3087) 3:54 PM: Found Spy Cookie: partypoker cookie 3:54 PM: jason johnson@partypoker[2].txt (ID = 3111) 3:54 PM: Found Spy Cookie: passion cookie 3:54 PM: jason johnson@passion[1].txt (ID = 3113) 3:54 PM: Found Spy Cookie: paypopup cookie 3:54 PM: jason johnson@paypopup[1].txt (ID = 3119) 3:54 PM: Found Spy Cookie: pricegrabber cookie 3:54 PM: jason johnson@pricegrabber[1].txt (ID = 3185) 3:54 PM: Found Spy Cookie: realmedia cookie 3:54 PM: jason johnson@realmedia[2].txt (ID = 3235) 3:54 PM: jason johnson@ridemg.directtrack[2].txt (ID = 2528) 3:54 PM: Found Spy Cookie: rn11 cookie 3:54 PM: jason johnson@rn11[2].txt (ID = 3261) 3:54 PM: jason johnson@screensavers[1].txt (ID = 3297) 3:54 PM: Found Spy Cookie: server.iad.liveperson cookie 3:54 PM: jason johnson@server.iad.liveperson[1].txt (ID = 3341) 3:54 PM: jason johnson@sideshow.directtrack[1].txt (ID = 2528) 3:54 PM: Found Spy Cookie: spywarestormer cookie 3:54 PM: jason johnson@spywarestormer[1].txt (ID = 3417) 3:54 PM: Found Spy Cookie: starware.com cookie 3:54 PM: jason johnson@starware[1].txt (ID = 3441) 3:54 PM: jason johnson@stat.dealtime[1].txt (ID = 2506) 3:54 PM: Found Spy Cookie: statcounter cookie 3:54 PM: jason johnson@statcounter[1].txt (ID = 3447) 3:54 PM: Found Spy Cookie: reliablestats cookie 3:54 PM: jason johnson@stats1.reliablestats[2].txt (ID = 3254) 3:54 PM: Found Spy Cookie: clicktracks cookie 3:54 PM: jason johnson@stats2.clicktracks[1].txt (ID = 2407) 3:54 PM: Found Spy Cookie: toplist cookie 3:54 PM: jason johnson@toplist[1].txt (ID = 3557) 3:54 PM: Found Spy Cookie: tracking cookie 3:54 PM: jason johnson@tracking[2].txt (ID = 3571) 3:54 PM: Found Spy Cookie: trb.com cookie 3:54 PM: jason johnson@trb[2].txt (ID = 3587) 3:54 PM: jason johnson@video.movies.go[1].txt (ID = 2729) 3:54 PM: jason johnson@wb2.trb[2].txt (ID = 3588) 3:54 PM: Found Spy Cookie: burstbeacon cookie 3:54 PM: jason johnson@www.burstbeacon[1].txt (ID = 2335) 3:54 PM: jason johnson@www.burstnet[2].txt (ID = 2337) 3:54 PM: Found Spy Cookie: clickads cookie 3:54 PM: jason johnson@www.clickads[1].txt (ID = 4643) 3:54 PM: jason johnson@www.metareward[2].txt (ID = 2991) 3:54 PM: jason johnson@www.screensavers[1].txt (ID = 3298) 3:54 PM: jason johnson@www.starware[1].txt (ID = 3442) 3:54 PM: Found Spy Cookie: xiti cookie 3:54 PM: jason johnson@xiti[1].txt (ID = 3717) 3:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03 3:54 PM: Starting File Sweep 3:55 PM: c:\program files\dslifestyle (21 subtraces) (ID = -2147466159) 3:55 PM: c:\program files\dropspam (10 subtraces) (ID = -2147466160) 3:55 PM: c:\documents and settings\jason johnson\application data\hbtools (5 subtraces) (ID = -2147480879) 3:55 PM: c:\program files\trustyhound-tb (3 subtraces) (ID = -2147480135) 3:55 PM: c:\program files\screensavers.com (51 subtraces) (ID = -2147480365) 3:55 PM: c:\documents and settings\all users\application data\starware (ID = -2147480224) 3:55 PM: c:\program files\quick links (2 subtraces) (ID = -2147478145) 3:55 PM: c:\program files\surfaccuracy (4 subtraces) (ID = -2147478266) 3:55 PM: c:\documents and settings\guest\application data\hbtools (98 subtraces) (ID = -2147480879) 3:55 PM: c:\documents and settings\guest\application data\starware (3 subtraces) (ID = -2147480225) 3:55 PM: c:\documents and settings\guest\application data\shopperreports (4 subtraces) (ID = -2147480876) 3:55 PM: d_icons_buttons_2000.xip (ID = 114390) 3:55 PM: sacc.prod.v1116.20oct2005.exe[1].263a5acb41f0de25ba4efcdf6cdd662a (ID = 180326) 3:55 PM: d_icons_buttons_1000.xip (ID = 114339) 3:55 PM: d_icons_buttons_bbar1.res (ID = 121825) 3:55 PM: sacc[1].cfg (ID = 162775) 3:55 PM: uninstaller.prod.24oct2005.exe[1].67ed8085ef4da0dd46732bc56aa91a66 (ID = 180136) 3:56 PM: icons2.xip (ID = 121862) 3:57 PM: d_icons_buttons_2000.res (ID = 121823) 3:57 PM: d_icons_buttons_3000.xip (ID = 114353) 3:57 PM: country.xip (ID = 121857) 3:58 PM: icons2.res (ID = 121846) 3:58 PM: tooltipdisp[5].xml (ID = 162962) 3:58 PM: saccu.exe (ID = 180136) 3:58 PM: Found Adware: powerscan 3:58 PM: uninstall.exe (ID = 72675) 3:59 PM: d_icons_buttons_3000.res (ID = 121824) 3:59 PM: power_remove[1].exe (ID = 72675) 3:59 PM: Found Adware: personal money tree 3:59 PM: pmt[1].exe (ID = 137597) 3:59 PM: pmt.exe (ID = 137597) 3:59 PM: fmt[1].cab (ID = 153752) 3:59 PM: a9b61.tmp (ID = 153752) 3:59 PM: preuninstallql.exe (ID = 131326) 4:00 PM: uninst.exe (ID = 73428) 4:00 PM: d_icons_weather.res (ID = 121840) 4:00 PM: shprrprt.exe (ID = 154120) 4:00 PM: country.exe (ID = 121818) 4:01 PM: dslife.exe (ID = 185113) 4:01 PM: Found Adware: exact cashback/bargain buddy 4:01 PM: exactofferd8.exe (ID = 185170) 4:01 PM: Found Adware: apropos 4:01 PM: wingenerics.dll (ID = 50187) 4:02 PM: setup.exe (ID = 185110) 4:02 PM: ps.exe (ID = 185109) 4:02 PM: d_icons_weather.xip (ID = 121860) 4:02 PM: tsd_bg.xip (ID = 62383) 4:02 PM: tsd_bg.res (ID = 62382) 4:02 PM: t2_bg.xip (ID = 121869) 4:02 PM: t2_bg.res (ID = 121851) 4:03 PM: progress.res (ID = 62367) 4:03 PM: d_icons_buttons_bbar1.xip (ID = 114354) 4:03 PM: d_icons_buttons_1000.res (ID = 121822) 4:03 PM: default_hotbarcom.mnu (ID = 121820) 4:03 PM: toolbar.exe (ID = 144037) 4:04 PM: d_icons_buttons_1000[1].xip (ID = 114339) 4:04 PM: d_icons_buttons_2000[1].xip (ID = 114390) 4:04 PM: d_icons_buttons_3000[1].xip (ID = 114353) 4:04 PM: d_icons_weather[1].xip (ID = 121860) 4:04 PM: tsd_bg[1].xip (ID = 62383) 4:04 PM: t2_bg[1].xip (ID = 121869) 4:04 PM: d_icons_buttons_bbar1[1].xip (ID = 114354) 4:04 PM: country[1].xip (ID = 121857) 4:04 PM: icons2[1].xip (ID = 121862) 4:04 PM: swpstart.exe (ID = 74759) 4:04 PM: dslifestyle.exe (ID = 185108) 4:04 PM: sacc.exe (ID = 180326) 4:04 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0) 4:04 PM: qlink32.dll (ID = 153756) 4:05 PM: sinstaller.inf (ID = 74756) 4:05 PM: linkpathlegal[1].xip (ID = 121866) 4:05 PM: linkpathlegal.xip (ID = 121866) 4:05 PM: linkpathlegal.txt (ID = 121849) 4:05 PM: d_icons_buttons_logos[1].xip (ID = 62296) 4:05 PM: d_icons_buttons_logos.xip (ID = 62296) 4:05 PM: d_icons_buttons_logos.res (ID = 62295) 4:05 PM: d_icons_buttons_other[1].xip (ID = 62296) 4:05 PM: d_icons_buttons_other.xip (ID = 62296) 4:05 PM: d_icons_buttons_other.res (ID = 62295) 4:05 PM: progress[1].xip (ID = 62368) 4:05 PM: progress.xip (ID = 62368) 4:05 PM: d_icons_buttons_bar[1].xip (ID = 62296) 4:05 PM: d_icons_buttons_bar.xip (ID = 62296) 4:05 PM: d_icons_buttons_bar.res (ID = 62295) 4:05 PM: business_promo[1].xip (ID = 121856) 4:05 PM: business_promo.xip (ID = 121856) 4:05 PM: hotbar_promo[1].xip (ID = 114346) 4:05 PM: hotbar_promo.xip (ID = 114346) 4:05 PM: default_mails.mnu (ID = 121821) 4:05 PM: email-def-511724-9595.mnu (ID = 121842) 4:05 PM: email-def-511724-548964.mnu (ID = 121841) 4:05 PM: ads[1].xip (ID = 121855) 4:05 PM: ads.xip (ID = 121855) 4:05 PM: ads.cdf (ID = 121815) 4:05 PM: hotbar-premium[1].xip (ID = 114359) 4:05 PM: hotbar-premium.xip (ID = 114359) 4:05 PM: hotbar-premium.cdf (ID = 121845) 4:05 PM: hotbar-premium-hotbar-premium.mnu (ID = 121844) 4:05 PM: Found System Monitor: potentially rootkit-masked files 4:05 PM: 00000099_436aeb6d_000d1cef (ID = 0) 4:05 PM: 0000305e_4370e7de_00000000 (ID = 0) 4:05 PM: 0000153c_436aeb18_00089544 (ID = 0) 4:05 PM: 00003d6c_437185fa_00076417 (ID = 0) 4:05 PM: 00004dc8_436aec3b_0008583b (ID = 0) 4:05 PM: 0000260d_436b1517_00089544 (ID = 0) 4:05 PM: 000066bb_436aec6b_000a037a (ID = 0) 4:05 PM: 00000124_4370e7be_00029f63 (ID = 0) 4:05 PM: 000026e9_436e505c_000e1113 (ID = 0) 4:05 PM: 000072ae_43694523_00057bcf (ID = 0) 4:05 PM: 00006bfc_43684b63_00066ff3 (ID = 0) 4:05 PM: 00006df1_43684974_000d59f8 (ID = 0) 4:05 PM: 000054de_43684ad4_0004c4b4 (ID = 0) 4:05 PM: 00006443_436aec66_00000000 (ID = 0) 4:05 PM: 00004db7_436aebe3_0005f5e1 (ID = 0) 4:05 PM: 00000f3e_4370e7a6_0002625a (ID = 0) 4:05 PM: 00000732_436b1539_000ec82e (ID = 0) 4:05 PM: 00005d03_4370e855_00098968 (ID = 0) 4:05 PM: 0000428b_436aec75_00066ff3 (ID = 0) 4:05 PM: 00005d03_436aec84_000baeb9 (ID = 0) 4:05 PM: 00005878_436b156c_000b71b0 (ID = 0) 4:05 PM: 0000491c_4369480e_0001e848 (ID = 0) 4:05 PM: 00003a9e_436b1bbf_00090f56 (ID = 0) 4:05 PM: 0000153c_4370e777_00089544 (ID = 0) 4:05 PM: 000039b3_43684ad4_00081b32 (ID = 0) 4:05 PM: 0000701f_436aec7d_0001e848 (ID = 0) 4:05 PM: 0000440d_4370e7e1_00029f63 (ID = 0) 4:05 PM: 00002d12_43684ad4_00081b32 (ID = 0) 4:05 PM: 000026e9_436b129e_0008d24d (ID = 0) 4:05 PM: 00003b25_4369487a_000a7d8c (ID = 0) 4:05 PM: 00007e87_436aeb1e_000e1113 (ID = 0) 4:05 PM: 00006952_43694531_0008d24d (ID = 0) 4:05 PM: 00001649_436fc655_000b34a7 (ID = 0) 4:05 PM: 00004d06_4369480f_0001ab3f (ID = 0) 4:05 PM: 00001649_436cfeb2_0009c671 (ID = 0) 4:05 PM: 0000491c_4370e7e1_000487ab (ID = 0) 4:05 PM: 00004e45_436948df_00057bcf (ID = 0) 4:05 PM: 000058b0_436b1cc1_0004c4b4 (ID = 0) 4:05 PM: 00007a5a_4370e86d_000af79e (ID = 0) 4:05 PM: 00006df1_4372303e_00094c5f (ID = 0) 4:05 PM: 00007f96_43684b6b_0006ea05 (ID = 0) 4:05 PM: 00006df1_436e9c77_00016e36 (ID = 0) 4:05 PM: 000026e9_43694748_000d9701 (ID = 0) 4:05 PM: 00007ff5_43684b6f_00039387 (ID = 0) 4:05 PM: 00004db7_43694816_00022551 (ID = 0) 4:05 PM: 00001547_43694817_00016e36 (ID = 0) 4:05 PM: 000026a6_436aec75_000a4083 (ID = 0) 4:05 PM: 00004e45_43684b6f_000d59f8 (ID = 0) 4:05 PM: 00007a5a_436aec8a_000d1cef (ID = 0) 4:05 PM: 00004823_436e8c05_00089544 (ID = 0) 4:05 PM: 0000323b_43684b73_0007270e (ID = 0) 4:05 PM: 0000314f_436b1c04_00039387 (ID = 0) 4:05 PM: qosudite.exe (ID = 0) 4:05 PM: 000001eb_436b12c0_000bebc2 (ID = 0) 4:05 PM: 00004d06_4370e7e1_000b34a7 (ID = 0) 4:05 PM: 000039b3_4370e802_00081b32 (ID = 0) 4:05 PM: 0000767d_4370e87c_000a7d8c (ID = 0) 4:05 PM: 00000bb3_436b12cf_000487ab (ID = 0) 4:05 PM: 00002ea6_436b12e0_0006ea05 (ID = 0) 4:05 PM: 00004db7_4370e7e2_0001312d (ID = 0) 4:05 PM: 000026ca_436b1cc1_00053ec6 (ID = 0) 4:05 PM: 00001366_436b1c77_00000000 (ID = 0) 4:05 PM: 000012db_436b12f4_00090f56 (ID = 0) 4:05 PM: 00000f3e_436aeb47_0002625a (ID = 0) 4:05 PM: 00001547_4370e7e2_00029f63 (ID = 0) 4:05 PM: 0000797d_436b1bd2_00007a12 (ID = 0) 4:05 PM: 00004509_4370e887_000d1cef (ID = 0) 4:05 PM: 00007e87_436b1313_000baeb9 (ID = 0) 4:05 PM: 000054de_4370e7e2_0003567e (ID = 0) 4:05 PM: 0000390c_436a8c69_0008583b (ID = 0) 4:05 PM: 00002d12_4370e802_0009c671 (ID = 0) 4:05 PM: 00000120_43718fad_0007270e (ID = 0) 4:05 PM: 000054de_4369481e_00029f63 (ID = 0) 4:05 PM: 00006b89_436b1518_0005f5e1 (ID = 0) 4:05 PM: 00004230_436ffa26_000501bd (ID = 0) 4:05 PM: 00002213_43684b7e_0001312d (ID = 0) 4:05 PM: 000018be_436946f0_0001312d (ID = 0) 4:05 PM: 00005f90_436b11ec_00000000 (ID = 0) 4:05 PM: 00001649_4369473d_000ec82e (ID = 0) 4:05 PM: 00006784_436946f5_0006ea05 (ID = 0) 4:05 PM: 00006952_43686305_000e8b25 (ID = 0) 4:05 PM: 00000fbf_43719e14_000a7d8c (ID = 0) 4:05 PM: 00004ae1_436946f6_000e4e1c (ID = 0) 4:05 PM: 00007e87_43727ca2_0009c671 (ID = 0) 4:05 PM: 00006784_436a7688_000632ea (ID = 0) 4:05 PM: 000001eb_436e5069_000af79e (ID = 0) 4:05 PM: 000054de_43695505_000501bd (ID = 0) 4:05 PM: 000018be_43695249_0003567e (ID = 0) 4:05 PM: 000072ae_436a8956_0005f5e1 (ID = 0) 4:05 PM: 00005f49_436b1bdc_000d59f8 (ID = 0) 4:05 PM: 00006bfc_43718f69_00089544 (ID = 0) 4:05 PM: 00001649_436e4fdb_00053ec6 (ID = 0) 4:05 PM: 0000074d_4370e80e_000c28cb (ID = 0) 4:05 PM: 00006784_4369525f_00022551 (ID = 0) 4:05 PM: 0000366b_436b1c96_00090f56 (ID = 0) 4:05 PM: 0000047e_436b1dc2_0008583b (ID = 0) 4:05 PM: 000012db_436e5258_00044aa2 (ID = 0) 4:05 PM: 00004ae1_43695267_000aba95 (ID = 0) 4:05 PM: 00003699_436b1cc1_000c65d4 (ID = 0) 4:05 PM: 00000ddc_436b1be9_00044aa2 (ID = 0) 4:05 PM: 00003e12_436fe490_0005b8d8 (ID = 0) 4:06 PM: 00001238_4370e8a7_00040d99 (ID = 0) 4:06 PM: 00003b25_4370e8ac_0001e848 (ID = 0) 4:06 PM: 00003d6c_4369527d_000b71b0 (ID = 0) 4:06 PM: 00001649_4368631f_000af79e (ID = 0) 4:06 PM: 00005f90_436a8989_00076417 (ID = 0) 4:06 PM: 00002cd6_436952d5_000e8b25 (ID = 0) 4:06 PM: 0000401d_4371a03d_00016e36 (ID = 0) 4:06 PM: 000072ae_436952d9_0006ea05 (ID = 0) 4:06 PM: 000001eb_43695375_0000f424 (ID = 0) 4:06 PM: 000026e9_4369530a_000a4083 (ID = 0) 4:06 PM: 00000120_436b1542_0007de29 (ID = 0) 4:06 PM: 00001649_4370e6ec_0000b71b (ID = 0) 4:06 PM: 00004823_43695242_00081b32 (ID = 0) 4:06 PM: 00005f90_43718609_0009c671 (ID = 0) 4:06 PM: 00001649_436b11ed_00044aa2 (ID = 0) 4:06 PM: 00004cad_436b1bf2_00076417 (ID = 0) 4:06 PM: 00006784_4369321b_000cdfe6 (ID = 0) 4:06 PM: 00007ff5_43685f74_00007a12 (ID = 0) 4:06 PM: 000072ae_436e9ad2_0007270e (ID = 0) 4:06 PM: 00004dc8_4370e825_0007270e (ID = 0) 4:06 PM: 00000029_436e8baf_000632ea (ID = 0) 4:06 PM: 00006df1_436a89d9_0008d24d (ID = 0) 4:06 PM: 00001649_436a89b1_0000b71b (ID = 0) 4:06 PM: 00000099_4370e7b4_0001e848 (ID = 0) 4:06 PM: 00002cd6_436a8920_000baeb9 (ID = 0) 4:06 PM: 000063cb_436fe1d8_000aba95 (ID = 0) 4:06 PM: 000012db_436953e1_00022551 (ID = 0) 4:06 PM: 0000153c_436953e3_000d1cef (ID = 0) 4:06 PM: 00006df1_43694744_000b71b0 (ID = 0) 4:06 PM: 00006443_4370e831_00076417 (ID = 0) 4:06 PM: 000041bb_436fc914_000d59f8 (ID = 0) 4:06 PM: 000012db_43727a91_000aba95 (ID = 0) 4:06 PM: 00000f3e_436b1439_00090f56 (ID = 0) 4:06 PM: 00004cad_43719477_00040d99 (ID = 0) 4:06 PM: 000066bb_4370e83b_00007a12 (ID = 0) 4:06 PM: 0000428b_4370e83b_00029f63 (ID = 0) 4:06 PM: 0000030a_436b1519_000632ea (ID = 0) 4:06 PM: 0000701f_4370e844_0003d090 (ID = 0) 4:06 PM: 00006df1_436b11ed_0007de29 (ID = 0) 4:06 PM: 000026a6_436b14c4_000e4e1c (ID = 0) 4:06 PM: 00002cd6_436ae8a6_00003d09 (ID = 0) 4:06 PM: 0000701f_436b14ca_000baeb9 (ID = 0) 4:06 PM: 00006b36_436b1575_000b34a7 (ID = 0) 4:06 PM: 0000260d_43684bb4_00081b32 (ID = 0) 4:06 PM: 000060bf_43719ddd_00053ec6 (ID = 0) 4:06 PM: 00001649_436952ec_00029f63 (ID = 0) 4:06 PM: 00004823_436944ee_0007a120 (ID = 0) 4:06 PM: 00005e14_436b1c0b_00081b32 (ID = 0) 4:06 PM: 00004df2_436b1c0d_000b34a7 (ID = 0) 4:06 PM: 00005039_4371aa28_00029f63 (ID = 0) 4:06 PM: 0000153c_43727a98_00053ec6 (ID = 0) 4:06 PM: 00001e1f_4370e8bb_0002625a (ID = 0) 4:06 PM: 00004db7_43718aff_000f0537 (ID = 0) 4:06 PM: 00000bb3_43685ce2_00040d99 (ID = 0) 4:06 PM: dns (ID = 0) 4:06 PM: 0000440d_43685de9_000b71b0 (ID = 0) 4:06 PM: 0000489c_43719ff6_000af79e (ID = 0) 4:06 PM: 0000305e_436aeba5_000487ab (ID = 0) 4:06 PM: 00006e5d_4370e8c1_00057bcf (ID = 0) 4:06 PM: 00004823_43686bc5_0008d24d (ID = 0) 4:06 PM: 00006df1_436952fc_000ca2dd (ID = 0) 4:06 PM: 00002cd6_436e9aa3_0007de29 (ID = 0) 4:06 PM: 00000099_436953fb_00089544 (ID = 0) 4:06 PM: 000039b3_4369483f_000f0537 (ID = 0) 4:06 PM: 00000099_436b143b_000cdfe6 (ID = 0) 4:06 PM: 00005af1_43695301_000d9701 (ID = 0) 4:06 PM: 00001ad4_4370e8c5_00007a12 (ID = 0) 4:06 PM: 00000124_436953fe_0003d090 (ID = 0) 4:06 PM: 000066c4_436b1ca1_00053ec6 (ID = 0) 4:06 PM: 00004230_436b1ca3_0006acfc (ID = 0) 4:06 PM: 00000bb3_436e5077_00031975 (ID = 0) 4:06 PM: 000063cb_4370e8ce_000ca2dd (ID = 0) 4:06 PM: 0000767d_437280cf_000a4083 (ID = 0) 4:06 PM: 000012db_436aeaf7_000f0537 (ID = 0) 4:06 PM: 00006952_43704295_000e1113 (ID = 0) 4:06 PM: 0000323b_436948e3_00031975 (ID = 0) 4:06 PM: 00002d12_43694844_0001ab3f (ID = 0) 4:06 PM: 000001eb_437279df_000e4e1c (ID = 0) 4:06 PM: modvga.sys (ID = 0) 4:06 PM: 00000bb3_43694758_000af79e (ID = 0) 4:06 PM: 00005c67_43719df2_00076417 (ID = 0) 4:06 PM: 000018be_436b826f_000baeb9 (ID = 0) 4:06 PM: 00004944_436b1c0f_0003567e (ID = 0) 4:06 PM: 0000692c_436b1cdb_00029f63 (ID = 0) 4:06 PM: 0000261e_43719f93_00029f63 (ID = 0) 4:06 PM: 000026e9_4372790a_00098968 (ID = 0) 4:06 PM: 00003cd6_43719df8_0009c671 (ID = 0) 4:06 PM: 00000f3e_436849e6_000f0537 (ID = 0) 4:06 PM: 00003c61_436b7475_000c28cb (ID = 0) 4:06 PM: 00003d6c_436946fa_000501bd (ID = 0) 4:06 PM: 00007e87_436953e7_000bebc2 (ID = 0) 4:06 PM: 0000074d_436aec0e_00094c5f (ID = 0) 4:06 PM: 000071f0_4371a047_000dd40a (ID = 0) 4:06 PM: 00000029_4372758a_0005b8d8 (ID = 0) 4:06 PM: 00000bdb_436b1522_0006ea05 (ID = 0) 4:06 PM: 00002e40_436b1c0f_000dd40a (ID = 0) 4:06 PM: 0000759a_436b154a_00029f63 (ID = 0) 4:06 PM: 0000301c_436948e3_000af79e (ID = 0) 4:06 PM: 00001cd0_436b1c85_00044aa2 (ID = 0) 4:06 PM: 000012db_4369475a_000487ab (ID = 0) 4:06 PM: 00005af1_436ae93f_000ca2dd (ID = 0) 4:06 PM: 00004d06_43718aab_0008d24d (ID = 0) 4:06 PM: 000018be_43722fd2_000cdfe6 (ID = 0) 4:06 PM: 00004d06_436b143c_000af79e (ID = 0) 4:06 PM: 00002cd6_437185fc_0000b71b (ID = 0) 4:06 PM: 00006784_43722fd3_00053ec6 (ID = 0) 4:06 PM: 00004ae1_436944f5_00022551 (ID = 0) 4:06 PM: 00004823_4372758c_00076417 (ID = 0) 4:06 PM: 0000390c_436aeb2f_000af79e (ID = 0) 4:06 PM: 00000029_43722f4b_000ec82e (ID = 0) 4:06 PM: 00005cfd_436b15b3_00057bcf (ID = 0) 4:06 PM: 00006b36_4371941f_0008583b (ID = 0) 4:06 PM: 00002cd6_436946fd_00076417 (ID = 0) 4:06 PM: 0000422d_436b1f21_0005b8d8 (ID = 0) 4:06 PM: 0000153c_436947ac_0003d090 (ID = 0) 4:06 PM: 00002f14_43719e85_0006ea05 (ID = 0) 4:06 PM: 000075ef_43719f2a_0001312d (ID = 0) 4:06 PM: 00007dd1_43719f7d_000cdfe6 (ID = 0) 4:06 PM: 000066bb_43728040_000d1cef (ID = 0) 4:06 PM: 00006952_436e9b1f_0005b8d8 (ID = 0) 4:06 PM: 000001eb_43685ccf_000af79e (ID = 0) 4:06 PM: 00007e87_436947af_000a037a (ID = 0) 4:06 PM: 0000390c_436947b3_000bebc2 (ID = 0) 4:06 PM: 00004657_43719f46_000b34a7 (ID = 0) 4:06 PM: 00003d6c_436cfceb_000632ea (ID = 0) 4:06 PM: 00000124_43684a03_00094c5f (ID = 0) 4:06 PM: 00000bdb_436948e5_000a4083 (ID = 0) 4:06 PM: 00002c49_43719f4e_0000f424 (ID = 0) 4:06 PM: 00002cd6_436944f5_00089544 (ID = 0) 4:06 PM: 00005f90_436e4f2d_00098968 (ID = 0) 4:06 PM: 0000390c_43727e16_000c65d4 (ID = 0) 4:06 PM: 00001649_436e9c42_0004c4b4 (ID = 0) 4:06 PM: 00000bb3_436fca46_0003567e (ID = 0) 4:06 PM: 000054de_436b1443_0003567e (ID = 0) 4:06 PM: 0000491c_43727fdf_000ec82e (ID = 0) 4:06 PM: 000072ae_436946ff_0006ea05 (ID = 0) 4:06 PM: 00005af1_436fc8b2_0004c4b4 (ID = 0) 4:06 PM: 00001547_436b1443_00031975 (ID = 0) 4:06 PM: 00007e87_4370e782_0002dc6c (ID = 0) 4:06 PM: 0000305e_43684a04_00053ec6 (ID = 0) 4:06 PM: 000072ae_43704291_000d59f8 (ID = 0) 4:06 PM: 00001547_436a91d1_0002625a (ID = 0) 4:06 PM: 00005f90_436e9b92_00016e36 (ID = 0) 4:06 PM: 00001366_43719672_0002dc6c (ID = 0) 4:06 PM: 0000314f_436fee8b_00057bcf (ID = 0) 4:06 PM: 00006032_436ffa34_000b34a7 (ID = 0) 4:06 PM: 000063cb_43685f68_00057bcf (ID = 0) 4:06 PM: 000054de_436a91d2_000a4083 (ID = 0) 4:06 PM: 00004823_436b7ca0_0008d24d (ID = 0) 4:07 PM: 0000390c_4370e78d_000cdfe6 (ID = 0) 4:07 PM: 0000428b_43684ad5_00040d99 (ID = 0) 4:07 PM: 000039b3_436b1446_0004c4b4 (ID = 0) 4:07 PM: 0000409d_436b1cb4_00044aa2 (ID = 0) 4:07 PM: 000026e9_436fdfed_00057bcf (ID = 0) 4:07 PM: 00001ad4_436b14d5_00098968 (ID = 0) 4:07 PM: 000039b3_436a91d3_0003567e (ID = 0) 4:07 PM: 000001eb_436fdffa_0004c4b4 (ID = 0) 4:07 PM: 00000099_436fe1c1_000a7d8c (ID = 0) 4:07 PM: 00003bf6_436fe5c5_0007de29 (ID = 0) 4:07 PM: 000066bb_436fe1c5_0003567e (ID = 0) 4:07 PM: 00001e1f_436fe1d7_00007a12 (ID = 0) 4:07 PM: 00005f32_436fe5b5_0007a120 (ID = 0) 4:07 PM: 00000124_43718a3f_0007a120 (ID = 0) 4:07 PM: 00004d06_43727fe6_00016e36 (ID = 0) 4:07 PM: 00003c61_43719f5d_000e4e1c (ID = 0) 4:07 PM: 00002d12_436a91d4_000b34a7 (ID = 0) 4:07 PM: 00006172_43719ffa_000a4083 (ID = 0) 4:07 PM: 00006443_436b144c_000c28cb (ID = 0) 4:07 PM: 00004a80_436b1cdb_0007a120 (ID = 0) 4:07 PM: 00001cd0_43719672_0005f5e1 (ID = 0) 4:07 PM: 00000029_436fc4d3_0001ab3f (ID = 0) 4:07 PM: 000072ae_436cfe49_00040d99 (ID = 0) 4:07 PM: 00005af1_43694746_000bebc2 (ID = 0) 4:07 PM: 00000124_436947ff_00016e36 (ID = 0) 4:07 PM: 00004509_43694872_0001e848 (ID = 0) 4:07 PM: 00006784_43727590_0003d090 (ID = 0) 4:07 PM: 000073da_436b1cc0_00076417 (ID = 0) 4:07 PM: 000026a6_43684ad5_0006acfc (ID = 0) 4:07 PM: 0000187e_436b1ce2_0000b71b (ID = 0) 4:07 PM: 0000491c_436aebbd_0000f424 (ID = 0) 4:07 PM: 0000440d_43695412_0002dc6c (ID = 0) 4:07 PM: 0000305e_43694806_00022551 (ID = 0) 4:07 PM: 000066bb_436b1450_00039387 (ID = 0) 4:07 PM: 00002cd6_4368496a_0005f5e1 (ID = 0) 4:07 PM: 0000440d_43694807_00016e36 (ID = 0) 4:07 PM: 00006899_436b1ce2_00066ff3 (ID = 0) 4:07 PM: 000026a6_4372805a_0004c4b4 (ID = 0) 4:07 PM: 00005af1_43684976_0006ea05 (ID = 0) 4:07 PM: 0000301c_43718f8e_00089544 (ID = 0) 4:07 PM: 00007f96_43718f6f_0005b8d8 (ID = 0) 4:07 PM: 000041bb_436b11f8_00040d99 (ID = 0) 4:07 PM: 00005f90_4368630a_00016e36 (ID = 0) 4:07 PM: 00005af1_4371862f_00066ff3 (ID = 0) 4:07 PM: 00006e5d_4369487b_0009c671 (ID = 0) 4:07 PM: 000001eb_43718656_0005b8d8 (ID = 0) 4:07 PM: 00007eb7_436b1ca3_000d1cef (ID = 0) 4:07 PM: 000018be_436862d2_000d59f8 (ID = 0) 4:07 PM: 000041bb_43718632_000501bd (ID = 0) 4:07 PM: 00005d03_4369486f_0006ea05 (ID = 0) 4:07 PM: 000013e9_436b1ce9_000e1113 (ID = 0) 4:07 PM: 00004080_436b1cea_000501bd (ID = 0) 4:07 PM: 00007a5a_43694870_000e4e1c (ID = 0) 4:07 PM: 00002213_43718f74_0006acfc (ID = 0) 4:07 PM: 00001649_4371860d_00000000 (ID = 0) 4:07 PM: 0000260d_43718f88_00031975 (ID = 0) 4:07 PM: 000056ae_436b152b_0005b8d8 (ID = 0) 4:07 PM: 000012db_43718728_0003d090 (ID = 0) 4:07 PM: 00006bfc_436948d2_00016e36 (ID = 0) 4:07 PM: 00004b40_4371941a_000d9701 (ID = 0) 4:07 PM: 00005d03_43684ad5_000b34a7 (ID = 0) 4:07 PM: 00004a80_43719a36_00040d99 (ID = 0) 4:07 PM: 000018be_4370e60d_00066ff3 (ID = 0) 4:07 PM: 00002f14_436b1d9f_0000b71b (ID = 0) 4:07 PM: 00002fff_43719f62_00029f63 (ID = 0) 4:07 PM: 0000798b_436b1cb7_0006acfc (ID = 0) 4:07 PM: 00004e45_436b14fa_00029f63 (ID = 0) 4:07 PM: 00007f96_436948d4_000f0537 (ID = 0) 4:07 PM: 00000bb3_436fe0b4_000ec82e (ID = 0) 4:07 PM: 00004ae1_43727593_000d9701 (ID = 0) 4:07 PM: 000026e9_43718633_0008d24d (ID = 0) 4:07 PM: 00000902_436b1cca_000a7d8c (ID = 0) 4:07 PM: 00005f90_4369326f_00016e36 (ID = 0) 4:07 PM: 00005e9d_43719fec_00098968 (ID = 0) 4:07 PM: 0000409d_43700bca_0001ab3f (ID = 0) 4:07 PM: 00003ef6_436ffa48_00031975 (ID = 0) 4:07 PM: 000066bb_4369484d_000a037a (ID = 0) 4:07 PM: 00000fbf_436b1d98_00094c5f (ID = 0) 4:07 PM: 00002d12_43718dc0_000a7d8c (ID = 0) 4:07 PM: 00000029_437185f2_000b34a7 (ID = 0) 4:07 PM: 00004dc8_43694849_000b71b0 (ID = 0) 4:07 PM: 000039b3_43728008_00094c5f (ID = 0) 4:07 PM: 0000428b_4369485d_0002625a (ID = 0) 4:07 PM: 0000074d_43694847_0001312d (ID = 0) 4:07 PM: 000026a6_43694861_000b34a7 (ID = 0) 4:07 PM: 000026e9_43684979_000d9701 (ID = 0) 4:07 PM: 00002fff_436b7476_0002dc6c (ID = 0) 4:07 PM: 00001238_43684b3d_00016e36 (ID = 0) 4:07 PM: 00006e5d_436fe1d8_00029f63 (ID = 0) 4:07 PM: 00007bb9_436b1ccb_00003d09 (ID = 0) 4:07 PM: 000016c5_436b1ce2_0000f424 (ID = 0) 4:07 PM: 00003cd5_436b1ce9_000e1113 (ID = 0) 4:07 PM: 00000384_4371a048_0008583b (ID = 0) 4:07 PM: 00005af1_4370e6fe_0001e848 (ID = 0) 4:07 PM: 0000701f_43694862_00066ff3 (ID = 0) 4:07 PM: 00004823_437185f7_000e4e1c (ID = 0) 4:07 PM: 000018be_437185f8_0001312d (ID = 0) 4:07 PM: 00002ea6_436fe0c5_0003567e (ID = 0) 4:07 PM: 00000f3e_436fe1bc_000a7d8c (ID = 0) 4:07 PM: 00005cfd_436fe48f_00081b32 (ID = 0) 4:07 PM: 00002ea6_43718699_00081b32 (ID = 0) 4:07 PM: 00006952_436cfe4f_0000b71b (ID = 0) 4:07 PM: 0000074d_43684ad4_0008583b (ID = 0) 4:07 PM: 00006df1_436fde4f_000d59f8 (ID = 0) 4:07 PM: 00006443_43684ad4_000f0537 (ID = 0) 4:07 PM: 000072ae_436ae8ab_0007de29 (ID = 0) 4:07 PM: 00001ad4_4369487c_000bebc2 (ID = 0) 4:07 PM: 000041bb_436e5045_0005b8d8 (ID = 0) 4:07 PM: dsukbdcr.exe (ID = 0) 4:07 PM: ace.dll (ID = 0) 4:07 PM: data.bin (ID = 0) 4:07 PM: 000032e6_43719ffe_00016e36 (ID = 0) 4:07 PM: 00005753_436b1d88_0002dc6c (ID = 0) 4:07 PM: 00003ef6_436b1cb2_000e8b25 (ID = 0) 4:07 PM: 00005f32_436b1ba2_000b71b0 (ID = 0) 4:07 PM: 000072ae_436862fc_00039387 (ID = 0) 4:07 PM: 000066bb_43718f48_0002dc6c (ID = 0) 4:07 PM: 00006ad6_43719e89_00081b32 (ID = 0) 4:07 PM: 0000368e_43719ec9_00076417 (ID = 0) 4:07 PM: 0000305e_43718a4c_000c65d4 (ID = 0) 4:07 PM: 00006784_4370e60d_00094c5f (ID = 0) 4:07 PM: 00006952_43722fd6_00053ec6 (ID = 0) 4:07 PM: 00004e45_43718f73_0005f5e1 (ID = 0) 4:07 PM: 00001649_43693271_0001ab3f (ID = 0) 4:07 PM: 00007ff5_436948d9_00089544 (ID = 0) 4:07 PM: 000060bf_436b1d88_00089544 (ID = 0) 4:07 PM: 00000902_43719a28_00022551 (ID = 0) 4:07 PM: 00000120_436948e6_00057bcf (ID = 0) 4:07 PM: 0000767d_436b14cc_00029f63 (ID = 0) 4:07 PM: 00003cd6_436b1d8f_000b34a7 (ID = 0) 4:07 PM: 0000428b_43718f49_000a7d8c (ID = 0) 4:07 PM: 0000759a_436948e6_0006acfc (ID = 0) 4:07 PM: 000026a6_43718f4a_0000f424 (ID = 0) 4:07 PM: 000041bb_4370e6fe_000ca2dd (ID = 0) 4:07 PM: 00000d66_43719ec9_0009c671 (ID = 0) 4:07 PM: 00004823_436fc4d3_000bebc2 (ID = 0) 4:07 PM: index (ID = 0) 4:07 PM: 00004509_43684b3a_0006ea05 (ID = 0) 4:07 PM: 000012db_4370e767_000c28cb (ID = 0) 4:07 PM: 00004cad_436fee68_00007a12 (ID = 0) 4:07 PM: 0000798b_43700bcc_000d59f8 (ID = 0) 4:07 PM: 0000390c_436fcb8c_0002625a (ID = 0) 4:07 PM: 00002cd6_4370e60f_00007a12 (ID = 0) 4:07 PM: 00005d03_437280be_0000f424 (ID = 0) 4:07 PM: 00002cd6_43727596_00090f56 (ID = 0) 4:07 PM: 00004823_436946e6_00053ec6 (ID = 0) 4:07 PM: 00007bb9_43719a2a_000e4e1c (ID = 0) 4:07 PM: 00001238_43718f58_000c65d4 (ID = 0) 4:07 PM: 00004230_43719674_00040d99 (ID = 0) 4:07 PM: 000072ae_4370e611_00029f63 (ID = 0) 4:07 PM: 00005cfd_4371941f_000ec82e (ID = 0) 4:07 PM: 00006952_4370e611_00066ff3 (ID = 0) 4:07 PM: 000072ae_436b1083_00090f56 (ID = 0) 4:07 PM: 000054dc_436b1fe4_000dd40a (ID = 0) 4:07 PM: 00004657_436b2041_0003567e (ID = 0) 4:07 PM: 00003d6c_436e9a8b_00057bcf (ID = 0) 4:07 PM: 00001547_436aec05_00000000 (ID = 0) 4:07 PM: 000041bb_436ae9a8_00090f56 (ID = 0) 4:07 PM: 000001eb_4370e728_0009c671 (ID = 0) 4:07 PM: 00005422_436b1cb2_000a4083 (ID = 0) 4:07 PM: 00000124_436a91b5_000ca2dd (ID = 0) 4:07 PM: 0000074d_436a91d9_0007a120 (ID = 0) 4:07 PM: 00006df1_436e5030_000d59f8 (ID = 0) 4:07 PM: 00004509_436b14cf_00090f56 (ID = 0) 4:08 PM: 00007ff5_436b14ef_00098968 (ID = 0) 4:08 PM: 0000491c_43718a55_000a7d8c (ID = 0) 4:08 PM: 000015a1_436ffa39_0005b8d8 (ID = 0) 4:08 PM: 0000366b_436ffa1a_00089544 (ID = 0) 4:08 PM: 000066c4_436ffa1d_000a037a (ID = 0) 4:08 PM: 00003a9e_436fe5c9_000bebc2 (ID = 0) 4:08 PM: 000039b3_436aec05_00039387 (ID = 0) 4:08 PM: 00006784_436fd70b_00076417 (ID = 0) 4:08 PM: 00001238_436b14d2_00044aa2 (ID = 0) 4:08 PM: 0000323b_43718f73_00089544 (ID = 0) 4:08 PM: 00007eb7_43719674_0006ea05 (ID = 0) 4:08 PM: 00002350_436b1553_0003567e (ID = 0) 4:08 PM: upspcns4.exe (ID = 0) 4:08 PM: 00005772_436b1ccb_0000b71b (ID = 0) 4:08 PM: 0000030a_43718f8e_00053ec6 (ID = 0) 4:08 PM: 00000bb3_4370e730_0002dc6c (ID = 0) 4:08 PM: 00005db2_436b1d7b_0006acfc (ID = 0) 4:08 PM: 0000422d_43719ec5_00094c5f (ID = 0) 4:08 PM: 000063cb_436b14dc_00022551 (ID = 0) 4:08 PM: 000039b3_43685eab_00098968 (ID = 0) 4:08 PM: 000056ae_43718f9c_000b34a7 (ID = 0) 4:08 PM: 0000047e_43719e94_00031975 (ID = 0) 4:08 PM: 00007a5a_43684ad5_000dd40a (ID = 0) 4:08 PM: 000022ee_436b155b_000ca2dd (ID = 0) 4:08 PM: 00002d12_436aec0e_0003567e (ID = 0) 4:08 PM: 00005f90_436cfe54_0003d090 (ID = 0) 4:08 PM: 000041bb_436a8ba5_00057bcf (ID = 0) 4:08 PM: 00007eb7_436ffa26_00081b32 (ID = 0) 4:08 PM: 00005772_43719a2c_00022551 (ID = 0) 4:08 PM: 00000822_436b1cb3_000e4e1c (ID = 0) 4:08 PM: 00005991_436b1cb4_00040d99 (ID = 0) 4:08 PM: 00005d03_43685f22_00007a12 (ID = 0) 4:08 PM: 00006952_436952eb_000a4083 (ID = 0) 4:08 PM: 00006032_43719678_0007a120 (ID = 0) 4:08 PM: 00006bfc_436b14e5_0001ab3f (ID = 0) 4:08 PM: 000015a1_436b1cae_000e4e1c (ID = 0) 4:08 PM: 0000139d_436b1ccb_00066ff3 (ID = 0) 4:08 PM: 0000491c_436a91b9_000bebc2 (ID = 0) 4:08 PM: 00004dc8_436a91d9_000ec82e (ID = 0) 4:08 PM: 0000121f_436b1cb7_000a4083 (ID = 0) 4:08 PM: 000023c9_436b1d7e_0003567e (ID = 0) 4:08 PM: 000026e9_436a8bfc_0001ab3f (ID = 0) 4:08 PM: 00003b25_43718f63_0005f5e1 (ID = 0) 4:08 PM: 000001eb_436a8c07_000baeb9 (ID = 0) 4:08 PM: 00006443_436a91e6_0004c4b4 (ID = 0) 4:08 PM: 00000bb3_436a8c1b_000bebc2 (ID = 0) 4:08 PM: 0000187e_43719a38_00090f56 (ID = 0) 4:08 PM: 00002ea6_436a8c34_0002625a (ID = 0) 4:08 PM: 000012db_436a8c40_00031975 (ID = 0) 4:08 PM: 000026a6_436fe1ce_0004c4b4 (ID = 0) 4:08 PM: 0000153c_436a8c46_00007a12 (ID = 0) 4:08 PM: 00004b40_436b1566_00007a12 (ID = 0) 4:08 PM: 00007e87_436a8c4b_0001e848 (ID = 0) 4:08 PM: 00003bf6_436b1bb3_000ca2dd (ID = 0) 4:08 PM: 000048cc_43719d77_00007a12 (ID = 0) 4:08 PM: 0000323b_436b1506_000d1cef (ID = 0) 4:08 PM: 00001ad4_43685f62_000d59f8 (ID = 0) 4:08 PM: 00001ad4_436fe1d8_00066ff3 (ID = 0) 4:08 PM: 00006443_43718dc5_000cdfe6 (ID = 0) 4:08 PM: 00001ad4_43718f63_000cdfe6 (ID = 0) 4:08 PM: 00005e14_436fee8c_000e8b25 (ID = 0) 4:08 PM: 00005753_43719d7c_000487ab (ID = 0) 4:08 PM: 000016c5_43719a46_0001ab3f (ID = 0) 4:08 PM: 000023c9_43719d67_000bebc2 (ID = 0) 4:08 PM: 00001a49_436b1b9c_000d59f8 (ID = 0) 4:08 PM: 00002213_436b150f_000d9701 (ID = 0) 4:08 PM: 00003e12_436b15c7_0001312d (ID = 0) 4:08 PM: 00000099_436947f4_0003567e (ID = 0) 4:08 PM: 00005af1_436e5034_00039387 (ID = 0) 4:08 PM: 00007983_43719f1c_000c65d4 (ID = 0) 4:08 PM: 000066bb_436a91e7_0006ea05 (ID = 0) 4:08 PM: 0000428b_436a91e7_0007de29 (ID = 0) 4:08 PM: 000001eb_436fc9b3_0000b71b (ID = 0) 4:08 PM: 000072ae_4372759b_000b71b0 (ID = 0) 4:08 PM: 0000305e_436a91b8_00094c5f (ID = 0) 4:08 PM: 00004ae1_436fddea_00007a12 (ID = 0) 4:08 PM: 00003d6c_436fddea_00039387 (ID = 0) 4:08 PM: 00001547_436fe1c3_000af79e (ID = 0) 4:08 PM: 00002ea6_4370e753_0000b71b (ID = 0) 4:08 PM: 00002ea6_436e508e_000e1113 (ID = 0) 4:08 PM: 00006952_4372759c_0001e848 (ID = 0) 4:08 PM: 000041bb_436fdee2_000a4083 (ID = 0) 4:08 PM: 0000440d_436a91b9_0001ab3f (ID = 0) 4:08 PM: 000026e9_436fc9b0_000af79e (ID = 0) 4:08 PM: 00004df2_436fee8d_0001ab3f (ID = 0) 4:08 PM: 00006899_43719a4b_000dd40a (ID = 0) 4:08 PM: 000039b3_43718be1_0008d24d (ID = 0) 4:08 PM: ai_09-11-2005.log (ID = 0) 4:08 PM: 00001547_43684ad2_000e4e1c (ID = 0) 4:08 PM: 0000428b_436fe1cb_000632ea (ID = 0) 4:08 PM: 00004dc8_43684ad4_000cdfe6 (ID = 0) 4:08 PM: 000066bb_43684ad5_00022551 (ID = 0) 4:08 PM: 00005af1_436b11ed_000c28cb (ID = 0) 4:08 PM: 00006952_4369326e_0008583b (ID = 0) 4:08 PM: 0000153c_436b1303_0002dc6c (ID = 0) 4:08 PM: 00004823_43684859_000a037a (ID = 0) 4:08 PM: 00006784_436944f4_0006ea05 (ID = 0) 4:08 PM: 00006df1_4371860e_0006acfc (ID = 0) 4:08 PM: 000001eb_43694757_000c28cb (ID = 0) 4:08 PM: 00002ea6_43694759_00003d09 (ID = 0) 4:08 PM: 00000124_436b143b_000e4e1c (ID = 0) 4:08 PM: 0000440d_436b143b_000f0537 (ID = 0) 4:08 PM: 0000491c_436b143c_00053ec6 (ID = 0) 4:08 PM: 00003d6c_436944f5_00044aa2 (ID = 0) 4:08 PM: 00007a5a_436b14cc_0001ab3f (ID = 0) 4:08 PM: 00001e1f_436b14d5_0002dc6c (ID = 0) 4:08 PM: 00006e5d_436b14d5_0004c4b4 (ID = 0) 4:08 PM: 00007f96_436b14e5_0006acfc (ID = 0) 4:08 PM: ai_04-11-2005.log (ID = 0) 4:08 PM: 00005f49_43719458_0006acfc (ID = 0) 4:08 PM: 000026a6_4370e83d_0002625a (ID = 0) 4:08 PM: 0000301c_436b151a_00016e36 (ID = 0) 4:08 PM: 00006443_4369484b_0009c671 (ID = 0) 4:08 PM: 00001e1f_4369487b_000501bd (ID = 0) 4:08 PM: 0000767d_43694871_00029f63 (ID = 0) 4:08 PM: 00006c69_436b7476_00044aa2 (ID = 0) 4:08 PM: 0000491c_43684a16_0009c671 (ID = 0) 4:08 PM: 00004d06_43684a41_0005f5e1 (ID = 0) 4:08 PM: 00002213_436948e3_00066ff3 (ID = 0) 4:08 PM: 0000260d_436948e3_0006ea05 (ID = 0) 4:08 PM: 00006b89_436948e3_0006ea05 (ID = 0) 4:08 PM: 0000030a_436948e3_0007270e (ID = 0) 4:08 PM: ai_08-11-2005.log (ID = 0) 4:08 PM: 00004ae1_437185f8_00089544 (ID = 0) 4:08 PM: 00006784_437185f8_0006ea05 (ID = 0) 4:08 PM: 000056ae_436948e6_0001e848 (ID = 0) 4:08 PM: 000011f4_4371ac00_00057bcf (ID = 0) 4:08 PM: 000072ae_43718604_000a4083 (ID = 0) 4:08 PM: 00000732_436948e6_0001e848 (ID = 0) 4:08 PM: 00006952_43718605_00094c5f (ID = 0) 4:08 PM: 00002350_436948e6_0008583b (ID = 0) 4:08 PM: 00004080_43719c7c_00094c5f (ID = 0) 4:08 PM: 000022ee_436948e6_000d59f8 (ID = 0) 4:08 PM: 00004b40_43694a60_000ca2dd (ID = 0) 4:08 PM: 00001547_43718b1e_00066ff3 (ID = 0) 4:08 PM: ai_03-11-2005.log (ID = 0) 4:08 PM: 00005f90_436952eb_000e1113 (ID = 0) 4:08 PM: 000063cb_43718f69_0004c4b4 (ID = 0) 4:08 PM: 00002ea6_436953b8_0005b8d8 (ID = 0) 4:08 PM: 0000390c_436953ea_0001e848 (ID = 0) 4:08 PM: 0000491c_43695412_000c28cb (ID = 0) 4:08 PM: 0000305e_436953fe_0007de29 (ID = 0) 4:08 PM: 0000440d_436fe1c2_00081b32 (ID = 0) 4:08 PM: 000039b3_43695505_00057bcf (ID = 0) 4:08 PM: 00004d06_436fe1c2_000ec82e (ID = 0) 4:08 PM: 000026ca_43700c5c_000ca2dd (ID = 0) 4:08 PM: 00002cd6_43685c9c_000b34a7 (ID = 0) 4:08 PM: 00006784_43685a44_000cdfe6 (ID = 0) 4:08 PM: 0000428b_43728054_0005f5e1 (ID = 0) 4:08 PM: 00004dc8_43718dc5_000b71b0 (ID = 0) 4:08 PM: 00004db7_43685dea_0005f5e1 (ID = 0) 4:08 PM: 0000074d_43718dc5_0002dc6c (ID = 0) 4:08 PM: 00004d06_43685dea_0001e848 (ID = 0) 4:08 PM: 00002ea6_436fcaeb_000d59f8 (ID = 0) 4:08 PM: 0000701f_43718f4c_0002625a (ID = 0) 4:08 PM: 00004509_43718f58_00076417 (ID = 0) 4:08 PM: 00001e1f_43718f63_0006ea05 (ID = 0) 4:08 PM: 00006e5d_43718f63_00098968 (ID = 0) 4:08 PM: 00006b89_43718f88_000baeb9 (ID = 0) 4:08 PM: 00006784_43686bef_00090f56 (ID = 0) 4:08 PM: 00000732_43718f9d_000ca2dd (ID = 0) 4:08 PM: 0000440d_43727fdf_00090f56 (ID = 0) 4:08 PM: 00005878_4371941a_000e4e1c (ID = 0) 4:08 PM: 0000797d_43719439_000cdfe6 (ID = 0) 4:08 PM: 00003e12_43719421_00053ec6 (ID = 0) 4:09 PM: 00001a49_43719421_0007a120 (ID = 0) 4:09 PM: 000012e1_436b1cb4_00053ec6 (ID = 0) 4:09 PM: 00000ddc_43719476_000cdfe6 (ID = 0) 4:09 PM: 0000314f_43719495_000a4083 (ID = 0) 4:09 PM: 00005e14_437194f0_000501bd (ID = 0) 4:09 PM: 00004df2_4371950f_000487ab (ID = 0) 4:09 PM: 00004944_4371952d_000a7d8c (ID = 0) 4:09 PM: 00002e40_4371954c_000487ab (ID = 0) 4:09 PM: 0000366b_43719672_00081b32 (ID = 0) 4:09 PM: 000066c4_43719672_000a7d8c (ID = 0) 4:09 PM: 00007049_436b1cdb_0001e848 (ID = 0) 4:09 PM: 00005db2_43719d13_0003567e (ID = 0) 4:09 PM: 000033ea_43719d31_000baeb9 (ID = 0) 4:09 PM: 00004db7_436a91bb_000a4083 (ID = 0) 4:09 PM: 00004d06_436a91ba_00000000 (ID = 0) 4:09 PM: 0000074d_43685ead_00031975 (ID = 0) 4:09 PM: 000026a6_436a91e8_00040d99 (ID = 0) 4:09 PM: ai_06-11-2005.log (ID = 0) 4:09 PM: 0000701f_436a91f7_00057bcf (ID = 0) 4:09 PM: 00002b0c_4371abe1_000baeb9 (ID = 0) 4:09 PM: 00002cd6_436862fb_00057bcf (ID = 0) 4:09 PM: 000054de_436fe1c3_000d1cef (ID = 0) 4:09 PM: 000018be_43686bc8_00007a12 (ID = 0) 4:09 PM: 0000368e_436b1fe5_0001e848 (ID = 0) 4:09 PM: 00000d66_436b1fe5_00081b32 (ID = 0) 4:09 PM: 00007983_436b1fe5_000d59f8 (ID = 0) 4:09 PM: ai_05-11-2005.log (ID = 0) 4:09 PM: 00006df1_436cff02_00081b32 (ID = 0) 4:09 PM: 000054dc_43719ec9_00039387 (ID = 0) 4:09 PM: 00000029_436fd706_00090f56 (ID = 0) 4:09 PM: 00004ae1_436e8c99_0006ea05 (ID = 0) 4:09 PM: ai_07-11-2005.log (ID = 0) 4:09 PM: 000018be_436fc4d3_000e4e1c (ID = 0) 4:09 PM: 00006784_436fc4d4_0003567e (ID = 0) 4:09 PM: 00005f90_436fc5d3_0002dc6c (ID = 0) 4:09 PM: 00003a61_43719f63_00081b32 (ID = 0) 4:09 PM: 0000288f_43719f62_000632ea (ID = 0) 4:09 PM: 00006c69_43719f62_000632ea (ID = 0) 4:09 PM: 000022cd_43719f63_000b71b0 (ID = 0) 4:09 PM: 000012db_436fcaec_00003d09 (ID = 0) 4:09 PM: 00007e87_436fcb8b_000f0537 (ID = 0) 4:09 PM: 00001916_43719ffa_0000b71b (ID = 0) 4:09 PM: 00006b72_43719ffa_000dd40a (ID = 0) 4:09 PM: 0000542c_4371aa2c_00057bcf (ID = 0) 4:09 PM: 000018d7_4371a6b2_0001e848 (ID = 0) 4:09 PM: 00001649_43722fe6_0000b71b (ID = 0) 4:09 PM: 00001953_4371aa2c_00081b32 (ID = 0) 4:09 PM: 000018be_436fd708_000af79e (ID = 0) 4:09 PM: 00000124_436fe1c2_00007a12 (ID = 0) 4:09 PM: 00002cd6_436fddea_0005f5e1 (ID = 0) 4:09 PM: 0000305e_436fe1c2_0002dc6c (ID = 0) 4:09 PM: 0000074d_436fe1c4_00039387 (ID = 0) 4:09 PM: 0000491c_436fe1c2_0009c671 (ID = 0) 4:09 PM: 00006443_436fe1c4_0007270e (ID = 0) 4:09 PM: 00004db7_436fe1c3_0001312d (ID = 0) 4:09 PM: 000039b3_436fe1c4_00003d09 (ID = 0) 4:09 PM: 00002d12_436fe1c4_0001e848 (ID = 0) 4:09 PM: 00004dc8_436fe1c4_00053ec6 (ID = 0) 4:09 PM: 0000701f_436fe1cf_000f0537 (ID = 0) 4:09 PM: 00001a49_436fe490_0008d24d (ID = 0) 4:09 PM: 00000822_43700b9f_0003d090 (ID = 0) 4:09 PM: 00005f49_436feb18_000487ab (ID = 0) 4:09 PM: 00004944_436fee8d_0006acfc (ID = 0) 4:09 PM: 00001366_436ff8e7_0005b8d8 (ID = 0) 4:09 PM: 00004823_43722f4e_00039387 (ID = 0) 4:09 PM: 000012e1_43700bcc_000d1cef (ID = 0) 4:09 PM: 00004ae1_43722fd3_00076417 (ID = 0) 4:09 PM: 00003d6c_43722fd3_000b71b0 (ID = 0) 4:09 PM: 000018be_43702db4_000bebc2 (ID = 0) 4:09 PM: 00004823_43702d96_00031975 (ID = 0) 4:09 PM: 00006784_43702dd3_00029f63 (ID = 0) 4:09 PM: 00004ae1_43702df1_0008d24d (ID = 0) 4:09 PM: 00002cd6_43704291_0007de29 (ID = 0) 4:09 PM: 00005f90_4370e620_000e8b25 (ID = 0) 4:09 PM: 00004ae1_4370e60e_000af79e (ID = 0) 4:09 PM: 00003d6c_4370e60f_00000000 (ID = 0) 4:09 PM: 000018be_4372758e_0002625a (ID = 0) 4:09 PM: 000026e9_4370e701_000c65d4 (ID = 0) 4:09 PM: 00003d6c_43727596_0004c4b4 (ID = 0) 4:09 PM: 00005f90_4372759c_000487ab (ID = 0) 4:09 PM: 00001649_4372759c_00094c5f (ID = 0) 4:09 PM: 00004db7_43727fe8_00029f63 (ID = 0) 4:09 PM: 00001547_43727ffe_000a4083 (ID = 0) 4:09 PM: 00002ea6_437279e4_00066ff3 (ID = 0) 4:09 PM: 00000bb3_437279e3_000c65d4 (ID = 0) 4:09 PM: 000054de_43728000_000e4e1c (ID = 0) 4:09 PM: 00002d12_4372800a_000a037a (ID = 0) 4:09 PM: File Sweep Complete, Elapsed Time: 00:14:57 4:09 PM: Full Sweep has completed. Elapsed time 00:16:52 4:09 PM: Traces Found: 1834 4:12 PM: Removal process initiated 4:13 PM: Quarantining All Traces: apropos 4:13 PM: apropos is in use. It will be removed on reboot. 4:13 PM: wingenerics.dll is in use. It will be removed on reboot. 4:13 PM: Quarantining All Traces: dropspam hijacker 4:13 PM: Quarantining All Traces: hotbar 4:13 PM: Quarantining All Traces: starware toolbar 4:13 PM: Quarantining All Traces: trustyhound toolbar 4:13 PM: Quarantining All Traces: dropspam toobar 4:14 PM: dropspam toobar is in use. It will be removed on reboot. 4:14 PM: c:\program files\dropspam is in use. It will be removed on reboot. 4:14 PM: dslifestyle.exe is in use. It will be removed on reboot. 4:14 PM: Quarantining All Traces: exact cashback/bargain buddy 4:14 PM: Quarantining All Traces: personal money tree 4:14 PM: Quarantining All Traces: powerscan 4:14 PM: Quarantining All Traces: quicklink search toolbar 4:14 PM: Quarantining All Traces: screensavers 4:14 PM: Quarantining All Traces: surf accuracy 4:14 PM: surf accuracy is in use. It will be removed on reboot. 4:14 PM: sacc.exe is in use. It will be removed on reboot. 4:14 PM: Quarantining All Traces: 888 cookie 4:14 PM: Quarantining All Traces: adknowledge cookie 4:14 PM: Quarantining All Traces: adprofile cookie 4:14 PM: Quarantining All Traces: ask cookie 4:14 PM: Quarantining All Traces: atwola cookie 4:14 PM: Quarantining All Traces: azjmp cookie 4:14 PM: Quarantining All Traces: banner cookie 4:14 PM: Quarantining All Traces: belnk cookie 4:14 PM: Quarantining All Traces: belointeractive cookie 4:14 PM: Quarantining All Traces: bizrate cookie 4:14 PM: Quarantining All Traces: burstbeacon cookie 4:14 PM: Quarantining All Traces: burstnet cookie 4:14 PM: Quarantining All Traces: cc214142 cookie 4:14 PM: Quarantining All Traces: clickads cookie 4:14 PM: Quarantining All Traces: clickandtrack cookie 4:14 PM: Quarantining All Traces: clicktracks cookie 4:14 PM: Quarantining All Traces: dealtime cookie 4:14 PM: Quarantining All Traces: directtrack cookie 4:14 PM: Quarantining All Traces: enhance cookie 4:14 PM: Quarantining All Traces: exitexchange cookie 4:14 PM: Quarantining All Traces: go.com cookie 4:14 PM: Quarantining All Traces: hbmediapro cookie 4:14 PM: Quarantining All Traces: hotbar cookie 4:14 PM: Quarantining All Traces: ic-live cookie 4:14 PM: Quarantining All Traces: metareward.com cookie 4:14 PM: Quarantining All Traces: mywebsearch cookie 4:14 PM: Quarantining All Traces: nextag cookie 4:14 PM: Quarantining All Traces: offeroptimizer cookie 4:14 PM: Quarantining All Traces: partypoker cookie 4:14 PM: Quarantining All Traces: passion cookie 4:14 PM: Quarantining All Traces: paypopup cookie 4:14 PM: Quarantining All Traces: pricegrabber cookie 4:14 PM: Quarantining All Traces: primaryads cookie 4:14 PM: Quarantining All Traces: realmedia cookie 4:14 PM: Quarantining All Traces: reliablestats cookie 4:14 PM: Quarantining All Traces: rn11 cookie 4:14 PM: Quarantining All Traces: screensavers.com cookie 4:14 PM: Quarantining All Traces: server.iad.liveperson cookie 4:14 PM: Quarantining All Traces: specificclick.com cookie 4:14 PM: Quarantining All Traces: spywarestormer cookie 4:14 PM: Quarantining All Traces: starware.com cookie 4:14 PM: Quarantining All Traces: statcounter cookie 4:14 PM: Quarantining All Traces: toplist cookie 4:14 PM: Quarantining All Traces: tracking cookie 4:14 PM: Quarantining All Traces: trb.com cookie 4:14 PM: Quarantining All Traces: xiti cookie 4:14 PM: Quarantining All Traces: yieldmanager cookie 4:16 PM: Preparing to restart your computer. Please wait... 4:16 PM: Removal process completed. Elapsed time 00:03:49 ********

Edited by Zebadiah, 09 November 2005 - 05:31 PM.


#6 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 09 November 2005 - 05:32 PM

HJT Logfile


Logfile of HijackThis v1.99.1
Scan saved at 4:29:54 PM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLServiceHost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Jason Johnson\Desktop\Spyware Protection\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [InoRT] C:\Program Files\CA\eTrust Antivirus\InoRT9X.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Program Files\CA\eTrust Antivirus\InoRPC.exe
O4 - HKLM\..\RunServices: [InoTask] C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf....ler/Install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124303808515
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRpc) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 09 November 2005 - 05:57 PM

I suggest you do this:


Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Use Add/Remove Programs and remove: If listed.
Viewpoint Manager



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://sidesearch.dr.../sidesearch.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...ilion&pf=laptop

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {2DEA8791-C2B7-48E1-8992-8E8E6A6FE789} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe

O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe

O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZRxdm069YYUS

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?
TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} - http://www.funnytaf....ler/Install.cab


Close ALL windows and browsers except HijackThis and click "Fix checked"



Restart in Safe Mode:
Restart your computer.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.



delete these files if listed:
msniu.exe


Open C:\Windows\Prefetch\ Delete ALL files in this folder.



Do this also if these Temp Folders are part of your OS.

Also in safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.


Next navigate to the C:\Documents and Settings\(EVERY LISTED PROFILE USER)\Local Settings\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 09 November 2005 - 08:09 PM

Alright, I did as you instructed. Was unable o find msniu.exe, so I assume that is was taken care of. When I tried to delete temporary internet files from the internet options, the program would stop responding. I was able to delete them in normal mode, though.

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 7:06:21 PM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Johnson\Desktop\Spyware Protection\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [InoRT] C:\Program Files\CA\eTrust Antivirus\InoRT9X.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Program Files\CA\eTrust Antivirus\InoRPC.exe
O4 - HKLM\..\RunServices: [InoTask] C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124303808515
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRpc) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 09 November 2005 - 08:17 PM

I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm

O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe

O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe


Close ALL windows and browsers except HijackThis and click "Fix checked"


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 09 November 2005 - 11:11 PM

I did as instructed, but I noticed that the R1 still remained.

Logfile of HijackThis v1.99.1
Scan saved at 10:10:11 PM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLServiceHost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and Settings\Jason Johnson\Desktop\Spyware Protection\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [InoRT] C:\Program Files\CA\eTrust Antivirus\InoRT9X.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Program Files\CA\eTrust Antivirus\InoRPC.exe
O4 - HKLM\..\RunServices: [InoTask] C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124303808515
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRpc) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 November 2005 - 03:19 PM

Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://sidesearch.dr.../sidesearch.htm

Close ALL windows and browsers except HijackThis and click "Fix checked"


Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 10 November 2005 - 04:52 PM

Alright, I did as you told. I was even able to delete the files while in safe mode. Here is the new log:


Logfile of HijackThis v1.99.1
Scan saved at 3:50:09 PM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1131400013\ee\AOLServiceHost.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason Johnson\Desktop\Spyware Protection\Hijack This\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1131400013\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [InoRT] C:\Program Files\CA\eTrust Antivirus\InoRT9X.exe
O4 - HKLM\..\RunServices: [InoRPC] C:\Program Files\CA\eTrust Antivirus\InoRPC.exe
O4 - HKLM\..\RunServices: [InoTask] C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1124303808515
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: eTrust Antivirus RPC Server (InoRpc) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 November 2005 - 04:57 PM

Good Job :thumbup:


Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 Zebadiah

Zebadiah

    Authentic Member

  • Authentic Member
  • PipPip
  • 47 posts

Posted 10 November 2005 - 05:01 PM

Alright, thanks a lot for all your help!!

#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 10 November 2005 - 05:02 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users