thanks for the reply. my computer seems a little better as of now...i havent gotten a ridiculous number of pop ups yet. here is my new hjt log and the spy sweeper log. thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 1:16:11 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) -
http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
********
12:51 AM: | Start of Session, Monday, March 06, 2006 |
12:51 AM: Spy Sweeper started
12:51 AM: Sweep initiated using definitions version 625
12:51 AM: Starting Memory Sweep
12:55 AM: Memory Sweep Complete, Elapsed Time: 00:03:42
12:55 AM: Starting Registry Sweep
12:55 AM: Found Adware: addestroyer
12:55 AM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
12:55 AM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
12:55 AM: Found Adware: apropos
12:55 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
12:55 AM: Found Adware: bookedspace
12:55 AM: HKLM\software\configuration manager\cfgmgr52\ (174 subtraces) (ID = 104873)
12:55 AM: Found Adware: coolsavings
12:55 AM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
12:55 AM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
12:55 AM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
12:55 AM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
12:55 AM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
12:55 AM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
12:55 AM: Found Adware: cws-aboutblank
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\searchassistant uninstall\ (2 subtraces) (ID = 116768)
12:55 AM: Found Adware: elitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
12:55 AM: Found Adware: internetoptimizer
12:55 AM: HKCR\dyfuca_bh_bucket.bucket.1\ (3 subtraces) (ID = 128883)
12:55 AM: HKCR\dyfuca_bh_bucket.bucket\ (5 subtraces) (ID = 128884)
12:55 AM: HKLM\software\classes\dyfuca_bh_bucket.bucket.1\ (3 subtraces) (ID = 128894)
12:55 AM: HKLM\software\classes\dyfuca_bh_bucket.bucket\ (5 subtraces) (ID = 128895)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128897)
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tcontext\ (2 subtraces) (ID = 128926)
12:55 AM: HKCR\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128933)
12:55 AM: Found Adware: moneytree
12:55 AM: HKCR\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128933)
12:55 AM: Found Adware: logih adware
12:55 AM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systemcheck2 (ID = 129814)
12:55 AM: Found Adware: mirar webband
12:55 AM: HKLM\software\microsoft\code store database\distribution units\{33331111-1111-1111-1111-611111193458}\ (8 subtraces) (ID = 135094)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\0\win32\ (1 subtraces) (ID = 135203)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\flags\ (1 subtraces) (ID = 135204)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\helpdir\ (1 subtraces) (ID = 135205)
12:55 AM: Found Adware: neededware
12:55 AM: HKCR\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\ (18 subtraces) (ID = 135802)
12:55 AM: HKCR\clsid\{55d798f7-ada2-4be4-afb6-3277f884b60d}\ (3 subtraces) (ID = 135804)
12:55 AM: HKCR\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}\ (3 subtraces) (ID = 135809)
12:55 AM: HKCR\clsid\{bf2d741d-6f32-4885-a96a-76725b64a8ce}\ (18 subtraces) (ID = 135811)
12:55 AM: HKCR\epxactivex.epxactivexctrl.1\ (3 subtraces) (ID = 135812)
12:55 AM: HKLM\software\classes\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\ (18 subtraces) (ID = 135819)
12:55 AM: HKLM\software\classes\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\typelib\ (1 subtraces) (ID = 135820)
12:55 AM: HKLM\software\classes\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\version\ (1 subtraces) (ID = 135821)
12:55 AM: HKLM\software\classes\clsid\{55d798f7-ada2-4be4-afb6-3277f884b60d}\ (3 subtraces) (ID = 135823)
12:55 AM: HKLM\software\classes\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}\ (3 subtraces) (ID = 135828)
12:55 AM: HKLM\software\classes\clsid\{bf2d741d-6f32-4885-a96a-76725b64a8ce}\ (18 subtraces) (ID = 135830)
12:55 AM: HKLM\software\classes\epxactivex.epxactivexctrl.1\ (3 subtraces) (ID = 135831)
12:55 AM: HKLM\software\classes\typelib\{375743f3-736c-4377-86b6-06618f1cd726}\ (9 subtraces) (ID = 135838)
12:55 AM: HKLM\software\classes\typelib\{df454277-1009-4413-bfdc-502d1b8bd49e}\ (9 subtraces) (ID = 135841)
12:55 AM: HKCR\typelib\{375743f3-736c-4377-86b6-06618f1cd726}\ (9 subtraces) (ID = 135853)
12:55 AM: HKCR\typelib\{df454277-1009-4413-bfdc-502d1b8bd49e}\ (9 subtraces) (ID = 135856)
12:55 AM: Found Adware: ist powerscan
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826)
12:55 AM: Found Adware: sicro dialer
12:55 AM: HKLM\software\microsoft\code store database\distribution units\{33331111-1111-1111-1111-611111193457}\ (8 subtraces) (ID = 141760)
12:55 AM: Found Adware: surfsidekick
12:55 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
12:55 AM: Found Trojan Horse: topconverting downloader
12:55 AM: HKLM\software\classes\tpusn\ (1 subtraces) (ID = 143805)
12:55 AM: HKCR\tpusn\ (1 subtraces) (ID = 143835)
12:55 AM: Found Adware: directrevenue-abetterinternet
12:55 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
12:55 AM: Found Adware: winad
12:55 AM: HKLM\software\classes\adtoolsx.installer\ (3 subtraces) (ID = 147163)
12:55 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
12:55 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
12:55 AM: Found Adware: ist software
12:55 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
12:55 AM: Found Adware: ist yoursitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
12:55 AM: Found Adware: ist surf accuracy
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
12:55 AM: Found Adware: personal money tree
12:55 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
12:55 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
12:55 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
12:55 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\personal money tree\ (2 subtraces) (ID = 359445)
12:55 AM: Found Adware: quicklink search toolbar
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
12:55 AM: HKLM\software\ql\ (3 subtraces) (ID = 359458)
12:55 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
12:55 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
12:55 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
12:55 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
12:55 AM: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
12:55 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
12:55 AM: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
12:55 AM: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
12:55 AM: HKLM\software\pmt\ (2 subtraces) (ID = 705425)
12:55 AM: Found Adware: clearsearch
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\prositefinder-uninstall.exe\ (2 subtraces) (ID = 773836)
12:55 AM: HKLM\software\prositefinder\ (29 subtraces) (ID = 773839)
12:55 AM: Found Adware: 180search assistant/zango
12:55 AM: HKLM\software\prositefinder1\ (14 subtraces) (ID = 773865)
12:55 AM: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
12:55 AM: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
12:55 AM: HKCR\clsid\{54645654-2225-4455-44a1-9f4543d34546}\ (3 subtraces) (ID = 945838)
12:55 AM: HKLM\software\classes\clsid\{54645654-2225-4455-44a1-9f4543d34546}\ (3 subtraces) (ID = 945846)
12:55 AM: HKLM\software\microsoft\code store database\distribution units\{33331111-1111-1111-1111-622221193458}\ (8 subtraces) (ID = 945850)
12:55 AM: HKCR\mediagateway.installer.1\ (3 subtraces) (ID = 1026542)
12:55 AM: HKCR\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026546)
12:55 AM: HKCR\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026552)
12:55 AM: HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026556)
12:55 AM: HKLM\software\classes\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026584)
12:55 AM: HKLM\software\classes\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026590)
12:55 AM: HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026594)
12:55 AM: HKLM\software\mediagateway\ (4 subtraces) (ID = 1026619)
12:55 AM: HKLM\software\classes\mediagateway.installer.1\ (3 subtraces) (ID = 1026624)
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\mediagateway\ (2 subtraces) (ID = 1026626)
12:55 AM: HKCR\interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c}\ (8 subtraces) (ID = 1027782)
12:55 AM: HKCR\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\ (8 subtraces) (ID = 1027791)
12:55 AM: HKLM\software\classes\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\ (8 subtraces) (ID = 1027841)
12:55 AM: Found System Monitor: windows keylogger
12:55 AM: HKCR\.pca\ (4 subtraces) (ID = 1179879)
12:55 AM: HKLM\software\classes\.pca\ (4 subtraces) (ID = 1179881)
12:55 AM: HKU\WRSS_Profile_S-1-5-21-4172867570-632882057-2426258595-500\software\aurora\ (18 subtraces) (ID = 360174)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aprps\ (7 subtraces) (ID = 103740)
12:55 AM: Found Adware: drsnsrch.com hijack
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
12:55 AM: Found Trojan Horse: trojan-downloader-pacisoft
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\psof1\ (14 subtraces) (ID = 136530)
12:55 AM: Found Adware: ist sidefind
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
12:55 AM: Found Trojan Horse: trojan-downloader-moneymind
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\xjado\ (1 subtraces) (ID = 144725)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aurorahandler\ (22 subtraces) (ID = 360172)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aurorahandler\ (22 subtraces) (ID = 480802)
12:55 AM: Found Adware: drsnsrch hijacker
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\dsrch\ (11 subtraces) (ID = 509156)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
12:55 AM: Found Adware: findthewebsiteyouneed hijack
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
12:55 AM: Registry Sweep Complete, Elapsed Time:00:00:24
12:55 AM: Starting Cookie Sweep
12:55 AM: Found Spy Cookie: 2o7.net cookie
12:55 AM: owner@2o7[2].txt (ID = 1957)
12:55 AM: Found Spy Cookie: websponsors cookie
12:55 AM: owner@a.websponsors[2].txt (ID = 3665)
12:55 AM: Found Spy Cookie: go.com cookie
12:55 AM: owner@abc.go[2].txt (ID = 2729)
12:55 AM: owner@abclocal.go[2].txt (ID = 2729)
12:55 AM: Found Spy Cookie: about cookie
12:55 AM: owner@about[1].txt (ID = 2037)
12:55 AM: Found Spy Cookie: yieldmanager cookie
12:55 AM: owner@ad.yieldmanager[2].txt (ID = 3751)
12:55 AM: owner@adam.about[2].txt (ID = 2038)
12:55 AM: Found Spy Cookie: adecn cookie
12:55 AM: owner@adecn[1].txt (ID = 2063)
12:55 AM: Found Spy Cookie: adknowledge cookie
12:55 AM: owner@adknowledge[2].txt (ID = 2072)
12:55 AM: Found Spy Cookie: specificclick.com cookie
12:55 AM: owner@adopt.specificclick[2].txt (ID = 3400)
12:55 AM: Found Spy Cookie: adrevolver cookie
12:55 AM: owner@adrevolver[1].txt (ID = 2088)
12:55 AM: owner@adrevolver[3].txt (ID = 2088)
12:55 AM: Found Spy Cookie: addynamix cookie
12:55 AM: owner@ads.addynamix[2].txt (ID = 2062)
12:55 AM: Found Spy Cookie: cc214142 cookie
12:55 AM: owner@ads.cc214142[1].txt (ID = 2367)
12:55 AM: Found Spy Cookie: pointroll cookie
12:55 AM: owner@ads.pointroll[2].txt (ID = 3148)
12:55 AM: Found Spy Cookie: adtech cookie
12:55 AM: owner@adtech[2].txt (ID = 2155)
12:55 AM: Found Spy Cookie: adultfriendfinder cookie
12:55 AM: owner@adultfriendfinder[1].txt (ID = 2165)
12:55 AM: Found Spy Cookie: advertising cookie
12:55 AM: owner@advertising[2].txt (ID = 2175)
12:55 AM: Found Spy Cookie: apmebf cookie
12:55 AM: owner@apmebf[1].txt (ID = 2229)
12:55 AM: Found Spy Cookie: falkag cookie
12:55 AM: owner@as-eu.falkag[1].txt (ID = 2650)
12:55 AM: owner@as-us.falkag[1].txt (ID = 2650)
12:55 AM: owner@as1.falkag[2].txt (ID = 2650)
12:55 AM: Found Spy Cookie: ask cookie
12:55 AM: owner@ask[1].txt (ID = 2245)
12:55 AM: Found Spy Cookie: atlas dmt cookie
12:55 AM: owner@atdmt[2].txt (ID = 2253)
12:55 AM: Found Spy Cookie: belnk cookie
12:55 AM: owner@ath.belnk[2].txt (ID = 2293)
12:55 AM: Found Spy Cookie: atwola cookie
12:55 AM: owner@atwola[1].txt (ID = 2255)
12:55 AM: owner@belnk[1].txt (ID = 2292)
12:55 AM: Found Spy Cookie: bravenet cookie
12:55 AM: owner@bravenet[1].txt (ID = 2322)
12:55 AM: Found Spy Cookie: burstnet cookie
12:55 AM: owner@burstnet[2].txt (ID = 2336)
12:55 AM: Found Spy Cookie: zedo cookie
12:55 AM: owner@c5.zedo[1].txt (ID = 3763)
12:55 AM: Found Spy Cookie: casalemedia cookie
12:55 AM: owner@casalemedia[2].txt (ID = 2354)
12:55 AM: Found Spy Cookie: centrport net cookie
12:55 AM: owner@centrport[1].txt (ID = 2374)
12:55 AM: Found Spy Cookie: classmates cookie
12:55 AM: owner@classmates[2].txt (ID = 2384)
12:55 AM: Found Spy Cookie: overture cookie
12:55 AM: owner@data2.perf.overture[2].txt (ID = 3106)
12:55 AM: owner@dist.belnk[1].txt (ID = 2293)
12:55 AM: Found Spy Cookie: ru4 cookie
12:55 AM: owner@edge.ru4[1].txt (ID = 3269)
12:55 AM: Found Spy Cookie: exitexchange cookie
12:55 AM: owner@exitexchange[1].txt (ID = 2633)
12:55 AM: Found Spy Cookie: fastclick cookie
12:55 AM: owner@fastclick[2].txt (ID = 2651)
12:55 AM: Found Spy Cookie: fortunecity cookie
12:55 AM: owner@fortunecity[2].txt (ID = 2686)
12:55 AM: owner@go[1].txt (ID = 2728)
12:55 AM: owner@heartdisease.about[1].txt (ID = 2038)
12:55 AM: Found Spy Cookie: clickandtrack cookie
12:55 AM: owner@hits.clickandtrack[1].txt (ID = 2397)
12:55 AM: Found Spy Cookie: homestore cookie
12:55 AM: owner@homestore[2].txt (ID = 2793)
12:55 AM: Found Spy Cookie: ic-live cookie
12:55 AM: owner@ic-live[1].txt (ID = 2821)
12:55 AM: Found Spy Cookie: maxserving cookie
12:55 AM: owner@maxserving[2].txt (ID = 2966)
12:55 AM: Found Spy Cookie: mediaplex cookie
12:55 AM: owner@mediaplex[1].txt (ID = 6442)
12:55 AM: owner@msnportal.112.2o7[1].txt (ID = 1958)
12:55 AM: Found Spy Cookie: nextag cookie
12:55 AM: owner@nextag[1].txt (ID = 5014)
12:55 AM: owner@overture[2].txt (ID = 3105)
12:55 AM: owner@partygaming.122.2o7[1].txt (ID = 1958)
12:55 AM: owner@perf.overture[1].txt (ID = 3106)
12:55 AM: Found Spy Cookie: questionmarket cookie
12:55 AM: owner@questionmarket[1].txt (ID = 3217)
12:55 AM: Found Spy Cookie: realmedia cookie
12:55 AM: owner@realmedia[1].txt (ID = 3235)
12:55 AM: Found Spy Cookie: revenue.net cookie
12:55 AM: owner@revenue[1].txt (ID = 3257)
12:55 AM: owner@rsi.abc.go[1].txt (ID = 2729)
12:55 AM: Found Spy Cookie: servedby advertising cookie
12:55 AM: owner@servedby.advertising[2].txt (ID = 3335)
12:55 AM: Found Spy Cookie: server.iad.liveperson cookie
12:55 AM: owner@server.iad.liveperson[1].txt (ID = 3341)
12:55 AM: owner@sonymediasoftware.122.2o7[1].txt (ID = 1958)
12:55 AM: Found Spy Cookie: statcounter cookie
12:55 AM: owner@statcounter[1].txt (ID = 3447)
12:55 AM: Found Spy Cookie: webtrendslive cookie
12:55 AM: owner@statse.webtrendslive[1].txt (ID = 3667)
12:55 AM: Found Spy Cookie: tacoda cookie
12:55 AM: owner@tacoda[2].txt (ID = 6444)
12:55 AM: Found Spy Cookie: targetnet cookie
12:55 AM: owner@targetnet[1].txt (ID = 3489)
12:55 AM: Found Spy Cookie: trafficmp cookie
12:55 AM: owner@trafficmp[1].txt (ID = 3581)
12:55 AM: Found Spy Cookie: tribalfusion cookie
12:55 AM: owner@tribalfusion[2].txt (ID = 3589)
12:55 AM: owner@trucks.about[2].txt (ID = 2038)
12:55 AM: owner@usnews.122.2o7[1].txt (ID = 1958)
12:55 AM: owner@www.classmates[1].txt (ID = 2385)
12:55 AM: Found Spy Cookie: myaffiliateprogram.com cookie
12:55 AM: owner@www.myaffiliateprogram[2].txt (ID = 3032)
12:55 AM: owner@yieldmanager[1].txt (ID = 3749)
12:55 AM: Found Spy Cookie: adserver cookie
12:55 AM: owner@z1.adserver[1].txt (ID = 2142)
12:55 AM: owner@zedo[2].txt (ID = 3762)
12:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:55 AM: Starting File Sweep
12:55 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
12:55 AM: c:\program files\aprps (9 subtraces) (ID = -2147481420)
12:55 AM: c:\documents and settings\all users\application data\addestroyer (1 subtraces) (ID = -2147481464)
12:55 AM: c:\windows\cfgmgr52 (50 subtraces) (ID = -2147479590)
12:55 AM: Found Adware: virtualbouncer
12:55 AM: c:\documents and settings\all users\application data\vbouncer (5 subtraces) (ID = -2147480097)
12:55 AM: c:\program files\mediagateway (1 subtraces) (ID = -2147463340)
12:55 AM: sskknwrd.dll (ID = 77733)
12:56 AM: backup-20050610-135502-155.osd (ID = 70665)
12:56 AM: preuninstallpmt.exe (ID = 74822)
12:56 AM: preuninstallql.exe (ID = 131326)
12:56 AM: uninst.exe (ID = 73428)
12:59 AM: Found Adware: targetsaver
12:59 AM: vocabulary (ID = 78283)
12:59 AM: class-barrel (ID = 78229)
1:00 AM: 97_ventura4_4_0_3_7.exe (ID = 146359)
1:00 AM: bsva-egihsg52.exe (ID = 95082)
1:03 AM: winstat11.dat (ID = 70669)
1:03 AM: tsuninst.exe (ID = 78276)
1:04 AM: swsettings.xml (ID = 82816)
1:04 AM: proxystub.dll (ID = 120164)
1:04 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
1:04 AM: ventura-hot_246765.exe (ID = 107491)
1:05 AM: cxtpls.exe (ID = 120161)
1:05 AM: cxtpls.dll (ID = 120160)
1:05 AM: updater.exe (ID = 238634)
1:08 AM: Found Adware: clkoptimizer
1:08 AM: bdqacrq.exe (ID = 146191)
1:08 AM: wingenerics.dll (ID = 50187)
1:08 AM: sskcwrd.dll (ID = 77712)
1:08 AM: Found Trojan Horse: trojan-downloader-mediket
1:08 AM: eied.inf (ID = 80748)
1:08 AM: start7.inf (ID = 207464)
1:08 AM: user.xml (ID = 82817)
1:08 AM: File Sweep Complete, Elapsed Time: 00:13:11
1:08 AM: Full Sweep has completed. Elapsed time 00:17:28
1:08 AM: Traces Found: 1054
1:11 AM: Removal process initiated
1:11 AM: Quarantining All Traces: 180search assistant/zango
1:11 AM: Quarantining All Traces: clearsearch
1:11 AM: Quarantining All Traces: clkoptimizer
1:11 AM: Quarantining All Traces: cws-aboutblank
1:11 AM: Quarantining All Traces: directrevenue-abetterinternet
1:11 AM: Quarantining All Traces: elitebar
1:11 AM: Quarantining All Traces: trojan-downloader-moneymind
1:11 AM: Quarantining All Traces: windows keylogger
1:11 AM: Quarantining All Traces: apropos
1:11 AM: Quarantining All Traces: internetoptimizer
1:11 AM: Quarantining All Traces: quicklink search toolbar
1:11 AM: Quarantining All Traces: surfsidekick
1:11 AM: Quarantining All Traces: topconverting downloader
1:11 AM: Quarantining All Traces: trojan-downloader-mainstreamdollars
1:11 AM: Quarantining All Traces: trojan-downloader-mediket
1:11 AM: Quarantining All Traces: trojan-downloader-pacisoft
1:11 AM: Quarantining All Traces: winad
1:11 AM: Quarantining All Traces: addestroyer
1:11 AM: Quarantining All Traces: bookedspace
1:11 AM: Quarantining All Traces: coolsavings
1:11 AM: Quarantining All Traces: drsnsrch hijacker
1:11 AM: Quarantining All Traces: drsnsrch.com hijack
1:11 AM: Quarantining All Traces: findthewebsiteyouneed hijack
1:11 AM: Quarantining All Traces: ist powerscan
1:11 AM: Quarantining All Traces: ist sidefind
1:11 AM: Quarantining All Traces: ist software
1:11 AM: Quarantining All Traces: ist surf accuracy
1:11 AM: Quarantining All Traces: ist yoursitebar
1:11 AM: Quarantining All Traces: logih adware
1:11 AM: Quarantining All Traces: mirar webband
1:11 AM: Quarantining All Traces: moneytree
1:11 AM: Quarantining All Traces: neededware
1:11 AM: Quarantining All Traces: personal money tree
1:12 AM: Quarantining All Traces: sicro dialer
1:12 AM: Quarantining All Traces: targetsaver
1:12 AM: Quarantining All Traces: virtualbouncer
1:12 AM: Quarantining All Traces: 2o7.net cookie
1:12 AM: Quarantining All Traces: about cookie
1:12 AM: Quarantining All Traces: addynamix cookie
1:12 AM: Quarantining All Traces: adecn cookie
1:12 AM: Quarantining All Traces: adknowledge cookie
1:12 AM: Quarantining All Traces: adrevolver cookie
1:12 AM: Quarantining All Traces: adserver cookie
1:12 AM: Quarantining All Traces: adtech cookie
1:12 AM: Quarantining All Traces: adultfriendfinder cookie
1:12 AM: Quarantining All Traces: advertising cookie
1:12 AM: Quarantining All Traces: apmebf cookie
1:12 AM: Quarantining All Traces: ask cookie
1:12 AM: Quarantining All Traces: atlas dmt cookie
1:12 AM: Quarantining All Traces: atwola cookie
1:12 AM: Quarantining All Traces: belnk cookie
1:12 AM: Quarantining All Traces: bravenet cookie
1:12 AM: Quarantining All Traces: burstnet cookie
1:12 AM: Quarantining All Traces: casalemedia cookie
1:12 AM: Quarantining All Traces: cc214142 cookie
1:12 AM: Quarantining All Traces: centrport net cookie
1:12 AM: Quarantining All Traces: classmates cookie
1:12 AM: Quarantining All Traces: clickandtrack cookie
1:12 AM: Quarantining All Traces: exitexchange cookie
1:12 AM: Quarantining All Traces: falkag cookie
1:12 AM: Quarantining All Traces: fastclick cookie
1:12 AM: Quarantining All Traces: fortunecity cookie
1:12 AM: Quarantining All Traces: go.com cookie
1:12 AM: Quarantining All Traces: homestore cookie
1:12 AM: Quarantining All Traces: ic-live cookie
1:12 AM: Quarantining All Traces: maxserving cookie
1:12 AM: Quarantining All Traces: mediaplex cookie
1:12 AM: Quarantining All Traces: myaffiliateprogram.com cookie
1:12 AM: Quarantining All Traces: nextag cookie
1:12 AM: Quarantining All Traces: overture cookie
1:12 AM: Quarantining All Traces: pointroll cookie
1:12 AM: Quarantining All Traces: questionmarket cookie
1:12 AM: Quarantining All Traces: realmedia cookie
1:12 AM: Quarantining All Traces: revenue.net cookie
1:12 AM: Quarantining All Traces: ru4 cookie
1:12 AM: Quarantining All Traces: servedby advertising cookie
1:12 AM: Quarantining All Traces: server.iad.liveperson cookie
1:12 AM: Quarantining All Traces: specificclick.com cookie
1:12 AM: Quarantining All Traces: statcounter cookie
1:12 AM: Quarantining All Traces: tacoda cookie
1:12 AM: Quarantining All Traces: targetnet cookie
1:12 AM: Quarantining All Traces: trafficmp cookie
1:12 AM: Quarantining All Traces: tribalfusion cookie
1:12 AM: Quarantining All Traces: websponsors cookie
1:12 AM: Quarantining All Traces: webtrendslive cookie
1:12 AM: Quarantining All Traces: yieldmanager cookie
1:12 AM: Quarantining All Traces: zedo cookie
1:12 AM: Removal process completed. Elapsed time 00:00:56
********
12:49 AM: | Start of Session, Monday, March 06, 2006 |
12:49 AM: Spy Sweeper started
12:50 AM: Your spyware definitions have been updated.
12:51 AM: | End of Session, Monday, March 06, 2006 |