Allright... here's some results:
The SpySweeper rebooted the box while in the entity removal step, so the log file was retrieved after a reboot.
The Ewido scan had to be retried about 4 times to make it through without a Windows error that would shutdown Internet Explorer.
CWShredder was quick, but appeared to have no issues.
HouseCall scan would not kickoff and go. It would go through a a verifying and updating step, then go to idle status. I ran a system scan with my EZTrust AV software, and it was clean.
Here are the log files:
SPYSWEEPER:
********
10:45 PM: | Start of Session, Saturday, January 07, 2006 |
10:45 PM: Spy Sweeper started
10:45 PM: Sweep initiated using definitions version 597
10:45 PM: Found Trojan Horse: trojan-downloader-conhook
10:45 PM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\inprocserver32\ (2 subtraces) (ID = 1065932)
10:45 PM: ddccb.dll (ID = 1065932)
10:45 PM: Starting Memory Sweep
10:45 PM: Found Adware: exact navisearch
10:45 PM: Detected running threat: C:\WINDOWS\System32\nvms.dll (ID = 70411)
10:45 PM: Detected running threat: C:\WINDOWS\System32\mscb.dll (ID = 70399)
10:46 PM: Found Adware: virtumonde
10:46 PM: Detected running threat: C:\WINDOWS\SYSTEM32\jkkli.dll (ID = 77)
10:46 PM: Detected running threat: C:\WINDOWS\SYSTEM32\pmnll.dll (ID = 77)
10:49 PM: Memory Sweep Complete, Elapsed Time: 00:03:49
10:49 PM: Starting Registry Sweep
10:49 PM: HKCR\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (9 subtraces) (ID = 104006)
10:49 PM: Found Adware: blazefind
10:49 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (2 subtraces) (ID = 104526)
10:49 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
10:49 PM: Found Adware: exact cashback/bargain buddy
10:49 PM: HKLM\software\cashback\ (1 subtraces) (ID = 105372)
10:49 PM: Found Adware: clearsearch
10:49 PM: HKCR\csbb.csbbcore.1\ (3 subtraces) (ID = 105593)
10:49 PM: HKCR\csbb.csbbcore\ (5 subtraces) (ID = 105594)
10:49 PM: HKLM\software\classes\csbb.csbbcore.1\ (3 subtraces) (ID = 105716)
10:49 PM: HKLM\software\classes\csbb.csbbcore\ (5 subtraces) (ID = 105717)
10:49 PM: HKLM\software\classes\interface\{15bf1d7c-9e2c-489c-aca0-ede133a06df5}\ (8 subtraces) (ID = 105721)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\contextsidebar\ (ID = 105842)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\mirrorunder\ (ID = 105843)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ronsidebar\ (ID = 105844)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\urlsidebar\ (ID = 105846)
10:49 PM: HKCR\typelib\{abbf650c-e69a-4c95-ba45-0f2c7c2a13a4}\ (9 subtraces) (ID = 105866)
10:49 PM: Found Adware: great net downloadware
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (2 subtraces) (ID = 125363)
10:49 PM: Found Adware: internexus dialer
10:49 PM: HKLM\software\intexusdial\ (ID = 128946)
10:49 PM: HKCR\cb.urlcatcher.1\ (3 subtraces) (ID = 135553)
10:49 PM: HKCR\cb.urlcatcher\ (3 subtraces) (ID = 135554)
10:49 PM: HKCR\clsid\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (9 subtraces) (ID = 135558)
10:49 PM: HKCR\nls.urlcatcher.1\ (3 subtraces) (ID = 135565)
10:49 PM: HKCR\nls.urlcatcher\ (3 subtraces) (ID = 135566)
10:49 PM: HKLM\software\classes\nls.urlcatcher.1\ (3 subtraces) (ID = 135575)
10:49 PM: HKLM\software\classes\nls.urlcatcher\ (3 subtraces) (ID = 135576)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (ID = 135578)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (ID = 135579)
10:49 PM: Found Adware: networkessentials
10:49 PM: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136074)
10:49 PM: HKCR\mp.mediapops.1\ (3 subtraces) (ID = 136079)
10:49 PM: HKCR\mp.mediapops\ (5 subtraces) (ID = 136080)
10:49 PM: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136147)
10:49 PM: HKLM\software\classes\mp.mediapops\ (5 subtraces) (ID = 136152)
10:49 PM: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136154)
10:49 PM: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136181)
10:49 PM: Found Adware: searchexe
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bmse dbl\ (2 subtraces) (ID = 140919)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ie help\ (2 subtraces) (ID = 140920)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\iec system\ (2 subtraces) (ID = 140921)
10:49 PM: Found Adware: starware toolbar
10:49 PM: HKCR\clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (6 subtraces) (ID = 142841)
10:49 PM: HKCR\clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (6 subtraces) (ID = 142842)
10:49 PM: HKCR\clsid\{d49e9d35-254c-4c6a-9d17-95018d228ff5}\ (4 subtraces) (ID = 142845)
10:49 PM: HKLM\software\classes\clsid\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (6 subtraces) (ID = 142849)
10:49 PM: HKLM\software\classes\clsid\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (6 subtraces) (ID = 142850)
10:49 PM: HKLM\software\classes\clsid\{d49e9d35-254c-4c6a-9d17-95018d228ff5}\ (4 subtraces) (ID = 142853)
10:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\starware\ (3 subtraces) (ID = 142865)
10:49 PM: HKLM\software\cashback\ (1 subtraces) (ID = 397089)
10:49 PM: HKLM\software\classes\cb.urlcatcher\ (3 subtraces) (ID = 646640)
10:49 PM: HKLM\software\classes\cb.urlcatcher.1\ (3 subtraces) (ID = 646644)
10:49 PM: HKLM\software\classes\clsid\{aeecbfda-12fa-4881-bdce-8c3e1ce4b344}\ (9 subtraces) (ID = 646656)
10:49 PM: HKLM\software\classes\clsid\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (9 subtraces) (ID = 646666)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce188402-6ee7-4022-8868-ab25173a3e14}\ (ID = 646714)
10:49 PM: Found Adware: exact bullseye
10:49 PM: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\ (9 subtraces) (ID = 651023)
10:49 PM: HKCR\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516e2a3}\ (9 subtraces) (ID = 651043)
10:49 PM: HKLM\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516c2e3}\ (9 subtraces) (ID = 651255)
10:49 PM: HKLM\software\classes\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833627)
10:49 PM: HKCR\clsid\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (3 subtraces) (ID = 833628)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00dbdac8-4691-4797-8e6a-7c6ab89bc441}\ (ID = 833629)
10:49 PM: HKCR\atldistrib.atldistrib\ (9 subtraces) (ID = 1030533)
10:49 PM: HKCR\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030535)
10:49 PM: HKCR\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030537)
10:49 PM: HKCR\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030539)
10:49 PM: HKCR\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030541)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib\ (9 subtraces) (ID = 1030666)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030668)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030670)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030672)
10:49 PM: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030674)
10:49 PM: HKCR\clsid\{3fe36807-69ed-45d1-b9be-85c0e3f75b6a}\ (12 subtraces) (ID = 1037004)
10:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{3fe36807-69ed-45d1-b9be-85c0e3f75b6a}\ (ID = 1037057)
10:49 PM: HKLM\software\classes\clsid\{3fe36807-69ed-45d1-b9be-85c0e3f75b6a}\ (12 subtraces) (ID = 1037059)
10:49 PM: Found Adware: ebates money maker
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: Found Adware: webrebates
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (6 subtraces) (ID = 125589)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\menuext\web savings\ (2 subtraces) (ID = 125591)
10:49 PM: Found Adware: ieplugin
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\dsktb\ (6 subtraces) (ID = 128171)
10:49 PM: Found Adware: upspiral toolbar
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\dsktb\ (6 subtraces) (ID = 128171)
10:49 PM: Found Adware: redzip toolbar
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\dsktb\ (6 subtraces) (ID = 128171)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\intexp\ (58 subtraces) (ID = 128173)
10:49 PM: Found Adware: ieplugin hijacker
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\main\ || search bar (ID = 128214)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\main\ || search page (ID = 128215)
10:49 PM: Found Adware: 180search assistant/zango
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\msbb\ (17 subtraces) (ID = 135781)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\support software\ (8 subtraces) (ID = 136177)
10:49 PM: Found Adware: search-exe hijacker
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\menuext\web rebates\ (2 subtraces) (ID = 146297)
10:49 PM: Found Adware: sidesearch
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1011\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\menuext\web savings\ (2 subtraces) (ID = 125591)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\support software\ (11 subtraces) (ID = 136177)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\menuext\web savings\ (2 subtraces) (ID = 125591)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\support software\ (8 subtraces) (ID = 136177)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\search\ || searchassistant (ID = 140932)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\WRSS_Profile_S-1-5-21-3034213126-833917562-2051650550-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\support software\ (8 subtraces) (ID = 136177)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\starware\ (12 subtraces) (ID = 142866)
10:49 PM: HKU\S-1-5-21-3034213126-833917562-2051650550-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
10:49 PM: Registry Sweep Complete, Elapsed Time:00:00:37
10:49 PM: Starting Cookie Sweep
10:49 PM: Found Spy Cookie: sandboxer cookie
10:49 PM: kristen@0[1].txt (ID = 3282)
10:49 PM: kristen@0[3].txt (ID = 3282)
10:49 PM: Found Spy Cookie: 412 cookie
10:49 PM: kristen@412[1].txt (ID = 1969)
10:49 PM: Found Spy Cookie: 69.93.205 cookie
10:49 PM: kristen@69.93.205[2].txt (ID = 2005)
10:49 PM: Found Spy Cookie: websponsors cookie
10:49 PM: kristen@a.websponsors[2].txt (ID = 3665)
10:49 PM: Found Spy Cookie: yieldmanager cookie
10:49 PM: kristen@ad.yieldmanager[2].txt (ID = 3751)
10:49 PM: Found Spy Cookie: adecn cookie
10:49 PM: kristen@adecn[1].txt (ID = 2063)
10:49 PM: Found Spy Cookie: adlegend cookie
10:49 PM: kristen@adlegend[1].txt (ID = 2074)
10:49 PM: Found Spy Cookie: hbmediapro cookie
10:49 PM: kristen@adopt.hbmediapro[2].txt (ID = 2768)
10:49 PM: Found Spy Cookie: precisead cookie
10:49 PM: kristen@adopt.precisead[1].txt (ID = 3182)
10:49 PM: Found Spy Cookie: specificclick.com cookie
10:49 PM: kristen@adopt.specificclick[1].txt (ID = 3400)
10:49 PM: Found Spy Cookie: adrevolver cookie
10:49 PM: kristen@adrevolver[1].txt (ID = 2088)
10:49 PM: kristen@adrevolver[3].txt (ID = 2088)
10:49 PM: Found Spy Cookie: addynamix cookie
10:49 PM: kristen@ads.addynamix[1].txt (ID = 2062)
10:49 PM: Found Spy Cookie: pointroll cookie
10:49 PM: kristen@ads.pointroll[1].txt (ID = 3148)
10:49 PM: Found Spy Cookie: bpath cookie
10:49 PM: kristen@ads18.bpath[1].txt (ID = 2321)
10:49 PM: Found Spy Cookie: adultfriendfinder cookie
10:49 PM: kristen@adultfriendfinder[2].txt (ID = 2165)
10:49 PM: Found Spy Cookie: affiliate cookie
10:49 PM: kristen@affiliate[1].txt (ID = 2199)
10:49 PM: Found Spy Cookie: apmebf cookie
10:49 PM: kristen@apmebf[2].txt (ID = 2229)
10:49 PM: Found Spy Cookie: atwola cookie
10:49 PM: kristen@ar.atwola[2].txt (ID = 2256)
10:49 PM: Found Spy Cookie: ask cookie
10:49 PM: kristen@ask[1].txt (ID = 2245)
10:49 PM: Found Spy Cookie: belnk cookie
10:49 PM: kristen@ath.belnk[2].txt (ID = 2293)
10:49 PM: kristen@atwola[2].txt (ID = 2255)
10:49 PM: Found Spy Cookie: avres cookie
10:49 PM: kristen@avres[2].txt (ID = 2261)
10:49 PM: Found Spy Cookie: azjmp cookie
10:49 PM: kristen@azjmp[2].txt (ID = 2270)
10:49 PM: Found Spy Cookie: banners cookie
10:49 PM: kristen@banners[2].txt (ID = 2282)
10:49 PM: Found Spy Cookie: banner cookie
10:49 PM: kristen@banner[1].txt (ID = 2276)
10:49 PM: kristen@belnk[1].txt (ID = 2292)
10:49 PM: Found Spy Cookie: enhance cookie
10:49 PM: kristen@c.enhance[1].txt (ID = 2614)
10:49 PM: Found Spy Cookie: goclick cookie
10:49 PM: kristen@c.goclick[2].txt (ID = 2733)
10:49 PM: Found Spy Cookie: 2o7.net cookie
10:49 PM: kristen@cnn.122.2o7[1].txt (ID = 1958)
10:49 PM: Found Spy Cookie: 180solutions cookie
10:49 PM: kristen@config.180solutions[1].txt (ID = 1934)
10:49 PM: Found Spy Cookie: tickle cookie
10:49 PM: kristen@cookie.tickle[1].txt (ID = 3530)
10:49 PM: Found Spy Cookie: customer cookie
10:49 PM: kristen@customer[1].txt (ID = 2481)
10:49 PM: kristen@customer[2].txt (ID = 2481)
10:49 PM: Found Spy Cookie: overture cookie
10:49 PM: kristen@data3.perf.overture[2].txt (ID = 3106)
10:49 PM: Found Spy Cookie: directtrack cookie
10:49 PM: kristen@directtrack[1].txt (ID = 2527)
10:49 PM: Found Spy Cookie: go.com cookie
10:49 PM: kristen@disney.go[2].txt (ID = 2729)
10:49 PM: kristen@dist.belnk[2].txt (ID = 2293)
10:49 PM: Found Spy Cookie: exitexchange cookie
10:49 PM: kristen@exitexchange[1].txt (ID = 2633)
10:49 PM: Found Spy Cookie: goldenpalace cookie
10:49 PM: kristen@goldenpalace[1].txt (ID = 2734)
10:49 PM: kristen@go[1].txt (ID = 2728)
10:49 PM: Found Spy Cookie: clickandtrack cookie
10:49 PM: kristen@hits.clickandtrack[1].txt (ID = 2397)
10:49 PM: Found Spy Cookie: homestore cookie
10:49 PM: kristen@homestore[1].txt (ID = 2793)
10:49 PM: Found Spy Cookie: about cookie
10:49 PM: kristen@humor.about[1].txt (ID = 2038)
10:49 PM: Found Spy Cookie: screensavers.com cookie
10:49 PM: kristen@i.screensavers[2].txt (ID = 3298)
10:49 PM: Found Spy Cookie: incredifind cookie
10:49 PM: kristen@incredifind[2].txt (ID = 2849)
10:49 PM: kristen@installs.180solutions[1].txt (ID = 1934)
10:49 PM: Found Spy Cookie: kount cookie
10:49 PM: kristen@kount[2].txt (ID = 2911)
10:49 PM: Found Spy Cookie: netster cookie
10:49 PM: kristen@lb1.netster[1].txt (ID = 3072)
10:49 PM: kristen@media.homestore[1].txt (ID = 2794)
10:49 PM: Found Spy Cookie: ugo cookie
10:49 PM: kristen@mediamgr.ugo[2].txt (ID = 3609)
10:49 PM: kristen@msnportal.112.2o7[1].txt (ID = 1958)
10:49 PM: Found Spy Cookie: mywebsearch cookie
10:49 PM: kristen@mywebsearch[2].txt (ID = 3051)
10:49 PM: Found Spy Cookie: nextag cookie
10:49 PM: kristen@nextag[1].txt (ID = 5014)
10:49 PM: Found Spy Cookie: offeroptimizer cookie
10:49 PM: kristen@offeroptimizer[1].txt (ID = 3087)
10:49 PM: kristen@overture[2].txt (ID = 3105)
10:49 PM: kristen@perf.overture[1].txt (ID = 3106)
10:49 PM: kristen@psc.disney.go[1].txt (ID = 2729)
10:49 PM: kristen@rapidresponse.directtrack[2].txt (ID = 2528)
10:49 PM: Found Spy Cookie: rednova cookie
10:49 PM: kristen@rednova[1].txt (ID = 3245)
10:49 PM: Found Spy Cookie: rightmedia cookie
10:49 PM: kristen@rightmedia[2].txt (ID = 3259)
10:49 PM: Found Spy Cookie: server.iad.liveperson cookie
10:49 PM: kristen@server.iad.liveperson[2].txt (ID = 3341)
10:49 PM: Found Spy Cookie: servlet cookie
10:49 PM: kristen@servlet[1].txt (ID = 3345)
10:49 PM: Found Spy Cookie: spywarestormer cookie
10:49 PM: kristen@spywarestormer[1].txt (ID = 3417)
10:50 PM: Found Spy Cookie: reliablestats cookie
10:50 PM: kristen@stats1.reliablestats[1].txt (ID = 3254)
10:50 PM: kristen@tickle[2].txt (ID = 3529)
10:50 PM: Found Spy Cookie: tracking cookie
10:50 PM: kristen@tracking[1].txt (ID = 3571)
10:50 PM: Found Spy Cookie: coremetrics cookie
10:50 PM: kristen@twci.coremetrics[1].txt (ID = 2472)
10:50 PM: Found Spy Cookie: uproar cookie
10:50 PM: kristen@uproar[2].txt (ID = 3612)
10:50 PM: kristen@web.tickle[1].txt (ID = 3530)
10:50 PM: Found Spy Cookie: webservicehosts cookie
10:50 PM: kristen@webservicehosts[2].txt (ID = 3662)
10:50 PM: Found Spy Cookie: affiliatefuel.com cookie
10:50 PM: kristen@www.affiliatefuel[1].txt (ID = 2202)
10:50 PM: kristen@www.disney.go[1].txt (ID = 2729)
10:50 PM: kristen@www.goldenpalace[1].txt (ID = 2735)
10:50 PM: kristen@www.rednova[1].txt (ID = 3246)
10:50 PM: kristen@www.screensavers[1].txt (ID = 3298)
10:50 PM: Found Spy Cookie: toprebates.com cookie
10:50 PM: kristen@www.toprebates[2].txt (ID = 3562)
10:50 PM: Found Spy Cookie: yadro cookie
10:50 PM: kristen@yadro[1].txt (ID = 3743)
10:50 PM: kristen@yieldmanager[2].txt (ID = 3749)
10:50 PM: tyler@ad.yieldmanager[1].txt (ID = 3751)
10:50 PM: tyler@adopt.specificclick[2].txt (ID = 3400)
10:50 PM: tyler@ask[1].txt (ID = 2245)
10:50 PM: tyler@atwola[1].txt (ID = 2255)
10:50 PM: tyler@stats1.reliablestats[2].txt (ID = 3254)
10:50 PM: kim@ad.yieldmanager[1].txt (ID = 3751)
10:50 PM: kim@adopt.specificclick[1].txt (ID = 3400)
10:50 PM: kim@adrevolver[2].txt (ID = 2088)
10:50 PM: kim@adrevolver[3].txt (ID = 2088)
10:50 PM: kim@ads.addynamix[1].txt (ID = 2062)
10:50 PM: kim@ads.pointroll[2].txt (ID = 3148)
10:50 PM: kim@apmebf[2].txt (ID = 2229)
10:50 PM: kim@ask[2].txt (ID = 2245)
10:50 PM: kim@ath.belnk[1].txt (ID = 2293)
10:50 PM: kim@atwola[1].txt (ID = 2255)
10:50 PM: kim@azjmp[2].txt (ID = 2270)
10:50 PM: kim@banner[1].txt (ID = 2276)
10:50 PM: kim@belnk[2].txt (ID = 2292)
10:50 PM: kim@cnn.122.2o7[1].txt (ID = 1958)
10:50 PM: kim@cookie.tickle[1].txt (ID = 3530)
10:50 PM: Found Spy Cookie: 360i cookie
10:50 PM: kim@ct.360i[2].txt (ID = 1962)
10:50 PM: kim@dist.belnk[1].txt (ID = 2293)
10:50 PM: kim@overture[2].txt (ID = 3105)
10:50 PM: kim@perf.overture[1].txt (ID = 3106)
10:50 PM: kim@server.iad.liveperson[2].txt (ID = 3341)
10:50 PM: kim@stats1.reliablestats[1].txt (ID = 3254)
10:50 PM: kim@tickle[2].txt (ID = 3529)
10:50 PM: kim@tracking[2].txt (ID = 3571)
10:50 PM: kim@twci.coremetrics[1].txt (ID = 2472)
10:50 PM: Found Spy Cookie: burstbeacon cookie
10:50 PM: kim@www.burstbeacon[1].txt (ID = 2335)
10:50 PM: Found Spy Cookie: web-stat cookie
10:50 PM: kim@www.web-stat[2].txt (ID = 3649)
10:50 PM: scott@ads.pointroll[2].txt (ID = 3148)
10:50 PM: Found Spy Cookie: sharewareonline cookie
10:50 PM: scott@adserver.sharewareonline[1].txt (ID = 3366)
10:50 PM: scott@apmebf[1].txt (ID = 2229)
10:50 PM: scott@atwola[1].txt (ID = 2255)
10:50 PM: scott@cnn.122.2o7[1].txt (ID = 1958)
10:50 PM: scott@data3.perf.overture[2].txt (ID = 3106)
10:50 PM: scott@nextag[1].txt (ID = 5014)
10:50 PM: Found Spy Cookie: partypoker cookie
10:50 PM: scott@partypoker[2].txt (ID = 3111)
10:50 PM: scott@perf.overture[1].txt (ID = 3106)
10:50 PM: Found Spy Cookie: qsrch cookie
10:50 PM: scott@qsrch[1].txt (ID = 3215)
10:50 PM: scott@stats1.reliablestats[2].txt (ID = 3254)
10:50 PM: Cookie Sweep Complete, Elapsed Time: 00:00:07
10:50 PM: Starting File Sweep
10:50 PM: c:\documents and settings\kristen\application data\starware (47 subtraces) (ID = -2147480225)
10:50 PM: c:\documents and settings\tyler\application data\starware (45 subtraces) (ID = -2147480225)
10:50 PM: c:\documents and settings\kristen\local settings\temp\fleok (ID = -2147480558)
10:50 PM: c:\program files\support software (ID = -2147480532)
10:50 PM: c:\documents and settings\all users\application data\starware (18 subtraces) (ID = -2147480224)
10:50 PM: c:\program files\starware (6 subtraces) (ID = -2147480223)
10:50 PM: c:\documents and settings\kristen\local settings\temp\clrsch (ID = -2147481250)
10:50 PM: c:\program files\websavingsfromebates (31 subtraces) (ID = -2147481067)
10:50 PM: c:\documents and settings\kim\application data\starware (45 subtraces) (ID = -2147480225)
10:50 PM: c:\program files\se (4 subtraces) (ID = -2147480358)
10:50 PM: c:\program files\medialoads (173 subtraces) (ID = -2147481081)
10:50 PM: c:\documents and settings\scott\application data\starware (45 subtraces) (ID = -2147480225)
10:51 PM: Found Adware: comet cursor
10:51 PM: dm.inf (ID = 53551)
10:52 PM: Found Adware: ist yoursitebar
10:52 PM: ysbactivex.dll (ID = 133888)
10:55 PM: res11e.tmp (ID = 70500)
10:56 PM: Found Adware: elitemediagroup-mediamotor
10:56 PM: mm20.inf (ID = 74036)
10:57 PM: resaf.tmp (ID = 70507)
11:03 PM: unstsa2.exe (ID = 51496)
11:04 PM: msbb.exe (ID = 70556)
11:04 PM: ncmyb.dll (ID = 70584)
11:04 PM: bargain3.exe (ID = 50540)
11:04 PM: Found Trojan Horse: trojan downloader sysupdates
11:04 PM: wsebate1.exe (ID = 80968)
11:05 PM: nvms.dll (ID = 70411)
11:05 PM: mscb.dll (ID = 70399)
11:05 PM: omniband.dll (ID = 111868)
11:07 PM: rgrt.exe (ID = 63365)
11:07 PM: bidulator.exe (ID = 115242)
11:08 PM: cdt_bbi8016.exe (ID = 50582)
11:08 PM: delb.tmp (ID = 70620)
11:08 PM: djebmm350.exe (ID = 59578)
11:08 PM: delaf.tmp (ID = 70620)
11:08 PM: zangoinstaller.exe (ID = 184234)
11:10 PM: axuninstall.exe (ID = 111862)
11:10 PM: bm.dat (ID = 74957)
11:10 PM: dwcg2.exe (ID = 59299)
11:11 PM: mmaker2.exe (ID = 59683)
11:11 PM: key2.txt (ID = 51468)
11:13 PM: roing17.ocx (ID = 74133)
11:13 PM: roing17.ocx (ID = 74133)
11:13 PM: Found Adware: twain-tech
11:13 PM: twaintec.inf (ID = 81888)
11:13 PM: Found Adware: directrevenue-abetterinternet
11:13 PM: alchem.inf (ID = 83109)
11:13 PM: alchem.ini (ID = 83112)
11:13 PM: twaintec.inf (ID = 81889)
11:13 PM: twaintec.inf (ID = 81889)
11:13 PM: Found Adware: ezsearchbar
11:13 PM: ctadl.inf (ID = 60336)
11:13 PM: alchem.inf (ID = 83109)
11:13 PM: twaintec.inf (ID = 81889)
11:14 PM: File Sweep Complete, Elapsed Time: 00:24:24
11:14 PM: Full Sweep has completed. Elapsed time 00:29:07
11:14 PM: Traces Found: 1173
11:15 PM: Removal process initiated
11:20 PM: Quarantining All Traces: 180search assistant/zango
11:20 PM: Quarantining All Traces: clearsearch
11:20 PM: Quarantining All Traces: directrevenue-abetterinternet
11:20 PM: Quarantining All Traces: virtumonde
11:20 PM: virtumonde is in use. It will be removed on reboot.
11:20 PM: C:\WINDOWS\SYSTEM32\jkkli.dll is in use. It will be removed on reboot.
11:20 PM: C:\WINDOWS\SYSTEM32\pmnll.dll is in use. It will be removed on reboot.
11:20 PM: Quarantining All Traces: blazefind
11:20 PM: Quarantining All Traces: comet cursor
11:20 PM: Quarantining All Traces: searchexe
11:20 PM: Quarantining All Traces: sidesearch
11:21 PM: Quarantining All Traces: starware toolbar
11:21 PM: Quarantining All Traces: trojan downloader sysupdates
11:21 PM: Quarantining All Traces: trojan-downloader-conhook
11:21 PM: trojan-downloader-conhook is in use. It will be removed on reboot.
11:21 PM: ddccb.dll is in use. It will be removed on reboot.
11:21 PM: Quarantining All Traces: ebates money maker
11:21 PM: Quarantining All Traces: elitemediagroup-mediamotor
11:21 PM: Quarantining All Traces: exact bullseye
11:21 PM: Quarantining All Traces: exact cashback/bargain buddy
11:21 PM: Quarantining All Traces: exact navisearch
11:22 PM: exact navisearch is in use. It will be removed on reboot.
11:22 PM: nvms.dll is in use. It will be removed on reboot.
11:22 PM: mscb.dll is in use. It will be removed on reboot.
11:22 PM: Quarantining All Traces: ezsearchbar
11:22 PM: Quarantining All Traces: great net downloadware
11:22 PM: Quarantining All Traces: ieplugin hijacker
11:22 PM: Quarantining All Traces: ieplugin
11:22 PM: Quarantining All Traces: internexus dialer
11:22 PM: Quarantining All Traces: ist yoursitebar
11:22 PM: Quarantining All Traces: networkessentials
11:22 PM: Quarantining All Traces: redzip toolbar
11:22 PM: Quarantining All Traces: search-exe hijacker
11:22 PM: Quarantining All Traces: twain-tech
11:22 PM: Quarantining All Traces: upspiral toolbar
11:22 PM: Quarantining All Traces: webrebates
11:22 PM: Quarantining All Traces: 180solutions cookie
11:22 PM: Quarantining All Traces: 2o7.net cookie
11:22 PM: Quarantining All Traces: 360i cookie
11:22 PM: Quarantining All Traces: 412 cookie
11:22 PM: Quarantining All Traces: 69.93.205 cookie
11:22 PM: Quarantining All Traces: about cookie
11:22 PM: Quarantining All Traces: addynamix cookie
11:22 PM: Quarantining All Traces: adecn cookie
11:22 PM: Quarantining All Traces: adlegend cookie
11:22 PM: Quarantining All Traces: adrevolver cookie
11:22 PM: Quarantining All Traces: adultfriendfinder cookie
11:22 PM: Quarantining All Traces: affiliate cookie
11:22 PM: Quarantining All Traces: affiliatefuel.com cookie
11:22 PM: Quarantining All Traces: apmebf cookie
11:22 PM: Quarantining All Traces: ask cookie
11:22 PM: Quarantining All Traces: atwola cookie
11:22 PM: Quarantining All Traces: avres cookie
11:22 PM: Quarantining All Traces: azjmp cookie
11:22 PM: Quarantining All Traces: banner cookie
11:22 PM: Quarantining All Traces: banners cookie
11:22 PM: Quarantining All Traces: belnk cookie
11:22 PM: Quarantining All Traces: bpath cookie
11:22 PM: Quarantining All Traces: burstbeacon cookie
11:22 PM: Quarantining All Traces: clickandtrack cookie
11:22 PM: Quarantining All Traces: coremetrics cookie
11:22 PM: Quarantining All Traces: customer cookie
11:22 PM: Quarantining All Traces: directtrack cookie
11:22 PM: Quarantining All Traces: enhance cookie
11:22 PM: Quarantining All Traces: exitexchange cookie
11:22 PM: Quarantining All Traces: go.com cookie
11:22 PM: Quarantining All Traces: goclick cookie
11:22 PM: Quarantining All Traces: goldenpalace cookie
11:22 PM: Quarantining All Traces: hbmediapro cookie
11:22 PM: Quarantining All Traces: homestore cookie
11:22 PM: Quarantining All Traces: incredifind cookie
11:22 PM: Quarantining All Traces: kount cookie
11:22 PM: Quarantining All Traces: mywebsearch cookie
11:22 PM: Quarantining All Traces: netster cookie
11:22 PM: Quarantining All Traces: nextag cookie
11:22 PM: Quarantining All Traces: offeroptimizer cookie
11:22 PM: Quarantining All Traces: overture cookie
11:22 PM: Quarantining All Traces: partypoker cookie
11:22 PM: Quarantining All Traces: pointroll cookie
11:22 PM: Quarantining All Traces: precisead cookie
11:22 PM: Quarantining All Traces: qsrch cookie
11:22 PM: Quarantining All Traces: rednova cookie
11:22 PM: Quarantining All Traces: reliablestats cookie
11:22 PM: Quarantining All Traces: rightmedia cookie
11:22 PM: Quarantining All Traces: sandboxer cookie
11:22 PM: Quarantining All Traces: screensavers.com cookie
11:22 PM: Quarantining All Traces: server.iad.liveperson cookie
11:22 PM: Quarantining All Traces: servlet cookie
11:22 PM: Quarantining All Traces: sharewareonline cookie
11:22 PM: Quarantining All Traces: specificclick.com cookie
11:22 PM: Quarantining All Traces: spywarestormer cookie
11:22 PM: Quarantining All Traces: tickle cookie
11:22 PM: Quarantining All Traces: toprebates.com cookie
11:22 PM: Quarantining All Traces: tracking cookie
11:22 PM: Quarantining All Traces: ugo cookie
11:22 PM: Quarantining All Traces: uproar cookie
11:22 PM: Quarantining All Traces: webservicehosts cookie
11:22 PM: Quarantining All Traces: websponsors cookie
11:22 PM: Quarantining All Traces: web-stat cookie
11:22 PM: Quarantining All Traces: yadro cookie
11:22 PM: Quarantining All Traces: yieldmanager cookie
11:23 PM: Warning: The media is write protected
********
10:43 PM: | Start of Session, Saturday, January 07, 2006 |
10:43 PM: Spy Sweeper started
10:44 PM: Your spyware definitions have been updated.
10:45 PM: | End of Session, Saturday, January 07, 2006 |
EWIDO:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 12:50:29 AM, 1/8/2006
+ Report-Checksum: A3D81330
+ Scan result:
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfk4oid5mfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfkokmajklo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfkyqocjkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wflocldpiao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wflyukd5cgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wflywnczolq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfmighc5oep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wfmycmcjwko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wgkiqkdpado.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjk4glajsdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjk4ukczibq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkyakczwfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkyggdpgbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkyopdpefo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjkysgdzidq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlicmcjslp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlikpcpkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjliskazwhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjliskcpcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlisocjibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjlyemdzwbq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjmiclajmbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjny-1odjsd.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnyapazcdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnycnajmhp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnycpdjwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnygpdzwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@e-2dj6wjnyolc5obo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-hyundaiusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-nestleusainc.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-newscientist.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-pfizer.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@ehg-rr.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Cookies\kim@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ads.specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ads.x10[1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@ehg-rr.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Kim\Local Settings\Temp\Cookies\kim@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Scott\Application Data\Mozilla\Profiles\default\0m3zq399.slt\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Scott\Cookies\scott@ehg-zentropypartners.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\cln3E.tmp -> Downloader.Dyfuca.cq : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Scott\Local Settings\Temp\Cookies\scott@web4.realtracker[2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\CoolSpeech\Realtime.dll -> Backdoor.Delf.eb : Cleaned with backup
C:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Zango Games\David vs Goliath\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Zango Games\David vs Goliath\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410448.exe -> Spyware.BlazeFind : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410449.dll -> Spyware.BlazeFind : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410450.exe -> Dropper.Delf.z : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410453.exe -> Spyware.BargainBuddy.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410454.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410455.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP645\A0410457.exe -> Adware.ShopNav : Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\ddcyv.dll -> Downloader.ConHook.r : Cleaned with backup
C:\WINDOWS\SYSTEM32\geeby.dll -> Downloader.ConHook.r : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmkhe.dll -> Downloader.ConHook.r : Cleaned with backup
C:\WINDOWS\SYSTEM32\pmnnk.dll -> Downloader.ConHook.r : Cleaned with backup
C:\WINDOWS\SYSTEM32\vturp.dll -> Downloader.ConHook.r : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
::Report End
HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 10:10:08 AM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\ca.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [System Kernal Support] system.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1124330648750
O20 - Winlogon Notify: ddccb - ddccb.dll (file missing)
O20 - Winlogon Notify: jkkli - C:\WINDOWS\system32\jkkli.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: Kodak Camera Connection Sof
Edited by ScottyG, 08 January 2006 - 10:24 AM.