Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93100 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hijackthis log


  • This topic is locked This topic is locked
11 replies to this topic

#1 lastdance

lastdance

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 March 2006 - 02:01 AM

Hi. my computer is running really bad right now. its freezing every few seconds. Im getting pop ups whenever i open explorer now. If anyone could take a look at my hijack this log and let me know if theres something i can do i would be very greatful. thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:55:45 PM, on 3/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\RecordNow!\RecordNow.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove


#2 lastdance

lastdance

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 02 March 2006 - 10:46 AM

sorry, forgot to mention that I had already updated and ran the following programs: cwshredder, about buster, cleanup, and adaware.

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 March 2006 - 12:39 PM

Hello lastdance, welcome to the TC.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#4 lastdance

lastdance

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 06 March 2006 - 03:24 AM

thanks for the reply. my computer seems a little better as of now...i havent gotten a ridiculous number of pop ups yet. here is my new hjt log and the spy sweeper log. thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 1:16:11 AM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

********
12:51 AM: | Start of Session, Monday, March 06, 2006 |
12:51 AM: Spy Sweeper started
12:51 AM: Sweep initiated using definitions version 625
12:51 AM: Starting Memory Sweep
12:55 AM: Memory Sweep Complete, Elapsed Time: 00:03:42
12:55 AM: Starting Registry Sweep
12:55 AM: Found Adware: addestroyer
12:55 AM: HKCR\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102729)
12:55 AM: HKLM\software\classes\clsid\{d52433a9-a44c-43ab-a013-24b3c756dd2b}\ (13 subtraces) (ID = 102738)
12:55 AM: Found Adware: apropos
12:55 AM: HKLM\software\aprps\ (8 subtraces) (ID = 103741)
12:55 AM: Found Adware: bookedspace
12:55 AM: HKLM\software\configuration manager\cfgmgr52\ (174 subtraces) (ID = 104873)
12:55 AM: Found Adware: coolsavings
12:55 AM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
12:55 AM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
12:55 AM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
12:55 AM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
12:55 AM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
12:55 AM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
12:55 AM: Found Adware: cws-aboutblank
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\searchassistant uninstall\ (2 subtraces) (ID = 116768)
12:55 AM: Found Adware: elitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
12:55 AM: Found Adware: internetoptimizer
12:55 AM: HKCR\dyfuca_bh_bucket.bucket.1\ (3 subtraces) (ID = 128883)
12:55 AM: HKCR\dyfuca_bh_bucket.bucket\ (5 subtraces) (ID = 128884)
12:55 AM: HKLM\software\classes\dyfuca_bh_bucket.bucket.1\ (3 subtraces) (ID = 128894)
12:55 AM: HKLM\software\classes\dyfuca_bh_bucket.bucket\ (5 subtraces) (ID = 128895)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128897)
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tcontext\ (2 subtraces) (ID = 128926)
12:55 AM: HKCR\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128933)
12:55 AM: Found Adware: moneytree
12:55 AM: HKCR\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\ (9 subtraces) (ID = 128933)
12:55 AM: Found Adware: logih adware
12:55 AM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systemcheck2 (ID = 129814)
12:55 AM: Found Adware: mirar webband
12:55 AM: HKLM\software\microsoft\code store database\distribution units\{33331111-1111-1111-1111-611111193458}\ (8 subtraces) (ID = 135094)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\0\win32\ (1 subtraces) (ID = 135203)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\flags\ (1 subtraces) (ID = 135204)
12:55 AM: HKLM\software\classes\typelib\{b999b42b-863d-4a6c-aa2b-ce6d2137d628}\1.0\helpdir\ (1 subtraces) (ID = 135205)
12:55 AM: Found Adware: neededware
12:55 AM: HKCR\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\ (18 subtraces) (ID = 135802)
12:55 AM: HKCR\clsid\{55d798f7-ada2-4be4-afb6-3277f884b60d}\ (3 subtraces) (ID = 135804)
12:55 AM: HKCR\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}\ (3 subtraces) (ID = 135809)
12:55 AM: HKCR\clsid\{bf2d741d-6f32-4885-a96a-76725b64a8ce}\ (18 subtraces) (ID = 135811)
12:55 AM: HKCR\epxactivex.epxactivexctrl.1\ (3 subtraces) (ID = 135812)
12:55 AM: HKLM\software\classes\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\ (18 subtraces) (ID = 135819)
12:55 AM: HKLM\software\classes\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\typelib\ (1 subtraces) (ID = 135820)
12:55 AM: HKLM\software\classes\clsid\{17b8b110-fd82-4a50-9a46-328bb50c6ca4}\version\ (1 subtraces) (ID = 135821)
12:55 AM: HKLM\software\classes\clsid\{55d798f7-ada2-4be4-afb6-3277f884b60d}\ (3 subtraces) (ID = 135823)
12:55 AM: HKLM\software\classes\clsid\{84564147-251a-4f06-8fc5-8ae36b3a55ab}\ (3 subtraces) (ID = 135828)
12:55 AM: HKLM\software\classes\clsid\{bf2d741d-6f32-4885-a96a-76725b64a8ce}\ (18 subtraces) (ID = 135830)
12:55 AM: HKLM\software\classes\epxactivex.epxactivexctrl.1\ (3 subtraces) (ID = 135831)
12:55 AM: HKLM\software\classes\typelib\{375743f3-736c-4377-86b6-06618f1cd726}\ (9 subtraces) (ID = 135838)
12:55 AM: HKLM\software\classes\typelib\{df454277-1009-4413-bfdc-502d1b8bd49e}\ (9 subtraces) (ID = 135841)
12:55 AM: HKCR\typelib\{375743f3-736c-4377-86b6-06618f1cd726}\ (9 subtraces) (ID = 135853)
12:55 AM: HKCR\typelib\{df454277-1009-4413-bfdc-502d1b8bd49e}\ (9 subtraces) (ID = 135856)
12:55 AM: Found Adware: ist powerscan
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\power scan\ (2 subtraces) (ID = 136826)
12:55 AM: Found Adware: sicro dialer
12:55 AM: HKLM\software\microsoft\code store database\distribution units\{33331111-1111-1111-1111-611111193457}\ (8 subtraces) (ID = 141760)
12:55 AM: Found Adware: surfsidekick
12:55 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
12:55 AM: Found Trojan Horse: topconverting downloader
12:55 AM: HKLM\software\classes\tpusn\ (1 subtraces) (ID = 143805)
12:55 AM: HKCR\tpusn\ (1 subtraces) (ID = 143835)
12:55 AM: Found Adware: directrevenue-abetterinternet
12:55 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
12:55 AM: Found Adware: winad
12:55 AM: HKLM\software\classes\adtoolsx.installer\ (3 subtraces) (ID = 147163)
12:55 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
12:55 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
12:55 AM: Found Adware: ist software
12:55 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
12:55 AM: Found Adware: ist yoursitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
12:55 AM: Found Adware: ist surf accuracy
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
12:55 AM: Found Adware: personal money tree
12:55 AM: HKCR\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359438)
12:55 AM: HKCR\comparishopper.application\ (3 subtraces) (ID = 359439)
12:55 AM: HKLM\software\classes\clsid\{d1a3a43b-05a1-40cd-834c-053e6c03b258}\ (7 subtraces) (ID = 359441)
12:55 AM: HKLM\software\classes\comparishopper.application\ (3 subtraces) (ID = 359442)
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\personal money tree\ (2 subtraces) (ID = 359445)
12:55 AM: Found Adware: quicklink search toolbar
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
12:55 AM: HKLM\software\ql\ (3 subtraces) (ID = 359458)
12:55 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359578)
12:55 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359584)
12:55 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 359725)
12:55 AM: HKLM\software\classes\aurorahandlerdll.aurorahandlerdllobj.1\ (3 subtraces) (ID = 359731)
12:55 AM: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
12:55 AM: HKCR\aurorahandlerdll.aurorahandlerdllobj\ (5 subtraces) (ID = 360169)
12:55 AM: HKCR\interface\{544b6a3f-4024-4403-9661-69b8410be505}\ (8 subtraces) (ID = 479497)
12:55 AM: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
12:55 AM: HKLM\software\pmt\ (2 subtraces) (ID = 705425)
12:55 AM: Found Adware: clearsearch
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\prositefinder-uninstall.exe\ (2 subtraces) (ID = 773836)
12:55 AM: HKLM\software\prositefinder\ (29 subtraces) (ID = 773839)
12:55 AM: Found Adware: 180search assistant/zango
12:55 AM: HKLM\software\prositefinder1\ (14 subtraces) (ID = 773865)
12:55 AM: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
12:55 AM: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
12:55 AM: HKCR\clsid\{54645654-2225-4455-44a1-9f4543d34546}\ (3 subtraces) (ID = 945838)
12:55 AM: HKLM\software\classes\clsid\{54645654-2225-4455-44a1-9f4543d34546}\ (3 subtraces) (ID = 945846)
12:55 AM: HKLM\software\microsoft\code store database\distribution units\{33331111-1111-1111-1111-622221193458}\ (8 subtraces) (ID = 945850)
12:55 AM: HKCR\mediagateway.installer.1\ (3 subtraces) (ID = 1026542)
12:55 AM: HKCR\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026546)
12:55 AM: HKCR\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026552)
12:55 AM: HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026556)
12:55 AM: HKLM\software\classes\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026584)
12:55 AM: HKLM\software\classes\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026590)
12:55 AM: HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026594)
12:55 AM: HKLM\software\mediagateway\ (4 subtraces) (ID = 1026619)
12:55 AM: HKLM\software\classes\mediagateway.installer.1\ (3 subtraces) (ID = 1026624)
12:55 AM: HKLM\software\microsoft\windows\currentversion\uninstall\mediagateway\ (2 subtraces) (ID = 1026626)
12:55 AM: HKCR\interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c}\ (8 subtraces) (ID = 1027782)
12:55 AM: HKCR\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\ (8 subtraces) (ID = 1027791)
12:55 AM: HKLM\software\classes\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\ (8 subtraces) (ID = 1027841)
12:55 AM: Found System Monitor: windows keylogger
12:55 AM: HKCR\.pca\ (4 subtraces) (ID = 1179879)
12:55 AM: HKLM\software\classes\.pca\ (4 subtraces) (ID = 1179881)
12:55 AM: HKU\WRSS_Profile_S-1-5-21-4172867570-632882057-2426258595-500\software\aurora\ (18 subtraces) (ID = 360174)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aprps\ (7 subtraces) (ID = 103740)
12:55 AM: Found Adware: drsnsrch.com hijack
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
12:55 AM: Found Trojan Horse: trojan-downloader-pacisoft
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\psof1\ (14 subtraces) (ID = 136530)
12:55 AM: Found Adware: ist sidefind
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
12:55 AM: Found Trojan Horse: trojan-downloader-moneymind
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\xjado\ (1 subtraces) (ID = 144725)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aurorahandler\ (22 subtraces) (ID = 360172)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aurorahandler\ (22 subtraces) (ID = 480802)
12:55 AM: Found Adware: drsnsrch hijacker
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\dsrch\ (11 subtraces) (ID = 509156)
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
12:55 AM: Found Adware: findthewebsiteyouneed hijack
12:55 AM: HKU\S-1-5-21-4172867570-632882057-2426258595-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
12:55 AM: Registry Sweep Complete, Elapsed Time:00:00:24
12:55 AM: Starting Cookie Sweep
12:55 AM: Found Spy Cookie: 2o7.net cookie
12:55 AM: owner@2o7[2].txt (ID = 1957)
12:55 AM: Found Spy Cookie: websponsors cookie
12:55 AM: owner@a.websponsors[2].txt (ID = 3665)
12:55 AM: Found Spy Cookie: go.com cookie
12:55 AM: owner@abc.go[2].txt (ID = 2729)
12:55 AM: owner@abclocal.go[2].txt (ID = 2729)
12:55 AM: Found Spy Cookie: about cookie
12:55 AM: owner@about[1].txt (ID = 2037)
12:55 AM: Found Spy Cookie: yieldmanager cookie
12:55 AM: owner@ad.yieldmanager[2].txt (ID = 3751)
12:55 AM: owner@adam.about[2].txt (ID = 2038)
12:55 AM: Found Spy Cookie: adecn cookie
12:55 AM: owner@adecn[1].txt (ID = 2063)
12:55 AM: Found Spy Cookie: adknowledge cookie
12:55 AM: owner@adknowledge[2].txt (ID = 2072)
12:55 AM: Found Spy Cookie: specificclick.com cookie
12:55 AM: owner@adopt.specificclick[2].txt (ID = 3400)
12:55 AM: Found Spy Cookie: adrevolver cookie
12:55 AM: owner@adrevolver[1].txt (ID = 2088)
12:55 AM: owner@adrevolver[3].txt (ID = 2088)
12:55 AM: Found Spy Cookie: addynamix cookie
12:55 AM: owner@ads.addynamix[2].txt (ID = 2062)
12:55 AM: Found Spy Cookie: cc214142 cookie
12:55 AM: owner@ads.cc214142[1].txt (ID = 2367)
12:55 AM: Found Spy Cookie: pointroll cookie
12:55 AM: owner@ads.pointroll[2].txt (ID = 3148)
12:55 AM: Found Spy Cookie: adtech cookie
12:55 AM: owner@adtech[2].txt (ID = 2155)
12:55 AM: Found Spy Cookie: adultfriendfinder cookie
12:55 AM: owner@adultfriendfinder[1].txt (ID = 2165)
12:55 AM: Found Spy Cookie: advertising cookie
12:55 AM: owner@advertising[2].txt (ID = 2175)
12:55 AM: Found Spy Cookie: apmebf cookie
12:55 AM: owner@apmebf[1].txt (ID = 2229)
12:55 AM: Found Spy Cookie: falkag cookie
12:55 AM: owner@as-eu.falkag[1].txt (ID = 2650)
12:55 AM: owner@as-us.falkag[1].txt (ID = 2650)
12:55 AM: owner@as1.falkag[2].txt (ID = 2650)
12:55 AM: Found Spy Cookie: ask cookie
12:55 AM: owner@ask[1].txt (ID = 2245)
12:55 AM: Found Spy Cookie: atlas dmt cookie
12:55 AM: owner@atdmt[2].txt (ID = 2253)
12:55 AM: Found Spy Cookie: belnk cookie
12:55 AM: owner@ath.belnk[2].txt (ID = 2293)
12:55 AM: Found Spy Cookie: atwola cookie
12:55 AM: owner@atwola[1].txt (ID = 2255)
12:55 AM: owner@belnk[1].txt (ID = 2292)
12:55 AM: Found Spy Cookie: bravenet cookie
12:55 AM: owner@bravenet[1].txt (ID = 2322)
12:55 AM: Found Spy Cookie: burstnet cookie
12:55 AM: owner@burstnet[2].txt (ID = 2336)
12:55 AM: Found Spy Cookie: zedo cookie
12:55 AM: owner@c5.zedo[1].txt (ID = 3763)
12:55 AM: Found Spy Cookie: casalemedia cookie
12:55 AM: owner@casalemedia[2].txt (ID = 2354)
12:55 AM: Found Spy Cookie: centrport net cookie
12:55 AM: owner@centrport[1].txt (ID = 2374)
12:55 AM: Found Spy Cookie: classmates cookie
12:55 AM: owner@classmates[2].txt (ID = 2384)
12:55 AM: Found Spy Cookie: overture cookie
12:55 AM: owner@data2.perf.overture[2].txt (ID = 3106)
12:55 AM: owner@dist.belnk[1].txt (ID = 2293)
12:55 AM: Found Spy Cookie: ru4 cookie
12:55 AM: owner@edge.ru4[1].txt (ID = 3269)
12:55 AM: Found Spy Cookie: exitexchange cookie
12:55 AM: owner@exitexchange[1].txt (ID = 2633)
12:55 AM: Found Spy Cookie: fastclick cookie
12:55 AM: owner@fastclick[2].txt (ID = 2651)
12:55 AM: Found Spy Cookie: fortunecity cookie
12:55 AM: owner@fortunecity[2].txt (ID = 2686)
12:55 AM: owner@go[1].txt (ID = 2728)
12:55 AM: owner@heartdisease.about[1].txt (ID = 2038)
12:55 AM: Found Spy Cookie: clickandtrack cookie
12:55 AM: owner@hits.clickandtrack[1].txt (ID = 2397)
12:55 AM: Found Spy Cookie: homestore cookie
12:55 AM: owner@homestore[2].txt (ID = 2793)
12:55 AM: Found Spy Cookie: ic-live cookie
12:55 AM: owner@ic-live[1].txt (ID = 2821)
12:55 AM: Found Spy Cookie: maxserving cookie
12:55 AM: owner@maxserving[2].txt (ID = 2966)
12:55 AM: Found Spy Cookie: mediaplex cookie
12:55 AM: owner@mediaplex[1].txt (ID = 6442)
12:55 AM: owner@msnportal.112.2o7[1].txt (ID = 1958)
12:55 AM: Found Spy Cookie: nextag cookie
12:55 AM: owner@nextag[1].txt (ID = 5014)
12:55 AM: owner@overture[2].txt (ID = 3105)
12:55 AM: owner@partygaming.122.2o7[1].txt (ID = 1958)
12:55 AM: owner@perf.overture[1].txt (ID = 3106)
12:55 AM: Found Spy Cookie: questionmarket cookie
12:55 AM: owner@questionmarket[1].txt (ID = 3217)
12:55 AM: Found Spy Cookie: realmedia cookie
12:55 AM: owner@realmedia[1].txt (ID = 3235)
12:55 AM: Found Spy Cookie: revenue.net cookie
12:55 AM: owner@revenue[1].txt (ID = 3257)
12:55 AM: owner@rsi.abc.go[1].txt (ID = 2729)
12:55 AM: Found Spy Cookie: servedby advertising cookie
12:55 AM: owner@servedby.advertising[2].txt (ID = 3335)
12:55 AM: Found Spy Cookie: server.iad.liveperson cookie
12:55 AM: owner@server.iad.liveperson[1].txt (ID = 3341)
12:55 AM: owner@sonymediasoftware.122.2o7[1].txt (ID = 1958)
12:55 AM: Found Spy Cookie: statcounter cookie
12:55 AM: owner@statcounter[1].txt (ID = 3447)
12:55 AM: Found Spy Cookie: webtrendslive cookie
12:55 AM: owner@statse.webtrendslive[1].txt (ID = 3667)
12:55 AM: Found Spy Cookie: tacoda cookie
12:55 AM: owner@tacoda[2].txt (ID = 6444)
12:55 AM: Found Spy Cookie: targetnet cookie
12:55 AM: owner@targetnet[1].txt (ID = 3489)
12:55 AM: Found Spy Cookie: trafficmp cookie
12:55 AM: owner@trafficmp[1].txt (ID = 3581)
12:55 AM: Found Spy Cookie: tribalfusion cookie
12:55 AM: owner@tribalfusion[2].txt (ID = 3589)
12:55 AM: owner@trucks.about[2].txt (ID = 2038)
12:55 AM: owner@usnews.122.2o7[1].txt (ID = 1958)
12:55 AM: owner@www.classmates[1].txt (ID = 2385)
12:55 AM: Found Spy Cookie: myaffiliateprogram.com cookie
12:55 AM: owner@www.myaffiliateprogram[2].txt (ID = 3032)
12:55 AM: owner@yieldmanager[1].txt (ID = 3749)
12:55 AM: Found Spy Cookie: adserver cookie
12:55 AM: owner@z1.adserver[1].txt (ID = 2142)
12:55 AM: owner@zedo[2].txt (ID = 3762)
12:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:55 AM: Starting File Sweep
12:55 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
12:55 AM: c:\program files\aprps (9 subtraces) (ID = -2147481420)
12:55 AM: c:\documents and settings\all users\application data\addestroyer (1 subtraces) (ID = -2147481464)
12:55 AM: c:\windows\cfgmgr52 (50 subtraces) (ID = -2147479590)
12:55 AM: Found Adware: virtualbouncer
12:55 AM: c:\documents and settings\all users\application data\vbouncer (5 subtraces) (ID = -2147480097)
12:55 AM: c:\program files\mediagateway (1 subtraces) (ID = -2147463340)
12:55 AM: sskknwrd.dll (ID = 77733)
12:56 AM: backup-20050610-135502-155.osd (ID = 70665)
12:56 AM: preuninstallpmt.exe (ID = 74822)
12:56 AM: preuninstallql.exe (ID = 131326)
12:56 AM: uninst.exe (ID = 73428)
12:59 AM: Found Adware: targetsaver
12:59 AM: vocabulary (ID = 78283)
12:59 AM: class-barrel (ID = 78229)
1:00 AM: 97_ventura4_4_0_3_7.exe (ID = 146359)
1:00 AM: bsva-egihsg52.exe (ID = 95082)
1:03 AM: winstat11.dat (ID = 70669)
1:03 AM: tsuninst.exe (ID = 78276)
1:04 AM: swsettings.xml (ID = 82816)
1:04 AM: proxystub.dll (ID = 120164)
1:04 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
1:04 AM: ventura-hot_246765.exe (ID = 107491)
1:05 AM: cxtpls.exe (ID = 120161)
1:05 AM: cxtpls.dll (ID = 120160)
1:05 AM: updater.exe (ID = 238634)
1:08 AM: Found Adware: clkoptimizer
1:08 AM: bdqacrq.exe (ID = 146191)
1:08 AM: wingenerics.dll (ID = 50187)
1:08 AM: sskcwrd.dll (ID = 77712)
1:08 AM: Found Trojan Horse: trojan-downloader-mediket
1:08 AM: eied.inf (ID = 80748)
1:08 AM: start7.inf (ID = 207464)
1:08 AM: user.xml (ID = 82817)
1:08 AM: File Sweep Complete, Elapsed Time: 00:13:11
1:08 AM: Full Sweep has completed. Elapsed time 00:17:28
1:08 AM: Traces Found: 1054
1:11 AM: Removal process initiated
1:11 AM: Quarantining All Traces: 180search assistant/zango
1:11 AM: Quarantining All Traces: clearsearch
1:11 AM: Quarantining All Traces: clkoptimizer
1:11 AM: Quarantining All Traces: cws-aboutblank
1:11 AM: Quarantining All Traces: directrevenue-abetterinternet
1:11 AM: Quarantining All Traces: elitebar
1:11 AM: Quarantining All Traces: trojan-downloader-moneymind
1:11 AM: Quarantining All Traces: windows keylogger
1:11 AM: Quarantining All Traces: apropos
1:11 AM: Quarantining All Traces: internetoptimizer
1:11 AM: Quarantining All Traces: quicklink search toolbar
1:11 AM: Quarantining All Traces: surfsidekick
1:11 AM: Quarantining All Traces: topconverting downloader
1:11 AM: Quarantining All Traces: trojan-downloader-mainstreamdollars
1:11 AM: Quarantining All Traces: trojan-downloader-mediket
1:11 AM: Quarantining All Traces: trojan-downloader-pacisoft
1:11 AM: Quarantining All Traces: winad
1:11 AM: Quarantining All Traces: addestroyer
1:11 AM: Quarantining All Traces: bookedspace
1:11 AM: Quarantining All Traces: coolsavings
1:11 AM: Quarantining All Traces: drsnsrch hijacker
1:11 AM: Quarantining All Traces: drsnsrch.com hijack
1:11 AM: Quarantining All Traces: findthewebsiteyouneed hijack
1:11 AM: Quarantining All Traces: ist powerscan
1:11 AM: Quarantining All Traces: ist sidefind
1:11 AM: Quarantining All Traces: ist software
1:11 AM: Quarantining All Traces: ist surf accuracy
1:11 AM: Quarantining All Traces: ist yoursitebar
1:11 AM: Quarantining All Traces: logih adware
1:11 AM: Quarantining All Traces: mirar webband
1:11 AM: Quarantining All Traces: moneytree
1:11 AM: Quarantining All Traces: neededware
1:11 AM: Quarantining All Traces: personal money tree
1:12 AM: Quarantining All Traces: sicro dialer
1:12 AM: Quarantining All Traces: targetsaver
1:12 AM: Quarantining All Traces: virtualbouncer
1:12 AM: Quarantining All Traces: 2o7.net cookie
1:12 AM: Quarantining All Traces: about cookie
1:12 AM: Quarantining All Traces: addynamix cookie
1:12 AM: Quarantining All Traces: adecn cookie
1:12 AM: Quarantining All Traces: adknowledge cookie
1:12 AM: Quarantining All Traces: adrevolver cookie
1:12 AM: Quarantining All Traces: adserver cookie
1:12 AM: Quarantining All Traces: adtech cookie
1:12 AM: Quarantining All Traces: adultfriendfinder cookie
1:12 AM: Quarantining All Traces: advertising cookie
1:12 AM: Quarantining All Traces: apmebf cookie
1:12 AM: Quarantining All Traces: ask cookie
1:12 AM: Quarantining All Traces: atlas dmt cookie
1:12 AM: Quarantining All Traces: atwola cookie
1:12 AM: Quarantining All Traces: belnk cookie
1:12 AM: Quarantining All Traces: bravenet cookie
1:12 AM: Quarantining All Traces: burstnet cookie
1:12 AM: Quarantining All Traces: casalemedia cookie
1:12 AM: Quarantining All Traces: cc214142 cookie
1:12 AM: Quarantining All Traces: centrport net cookie
1:12 AM: Quarantining All Traces: classmates cookie
1:12 AM: Quarantining All Traces: clickandtrack cookie
1:12 AM: Quarantining All Traces: exitexchange cookie
1:12 AM: Quarantining All Traces: falkag cookie
1:12 AM: Quarantining All Traces: fastclick cookie
1:12 AM: Quarantining All Traces: fortunecity cookie
1:12 AM: Quarantining All Traces: go.com cookie
1:12 AM: Quarantining All Traces: homestore cookie
1:12 AM: Quarantining All Traces: ic-live cookie
1:12 AM: Quarantining All Traces: maxserving cookie
1:12 AM: Quarantining All Traces: mediaplex cookie
1:12 AM: Quarantining All Traces: myaffiliateprogram.com cookie
1:12 AM: Quarantining All Traces: nextag cookie
1:12 AM: Quarantining All Traces: overture cookie
1:12 AM: Quarantining All Traces: pointroll cookie
1:12 AM: Quarantining All Traces: questionmarket cookie
1:12 AM: Quarantining All Traces: realmedia cookie
1:12 AM: Quarantining All Traces: revenue.net cookie
1:12 AM: Quarantining All Traces: ru4 cookie
1:12 AM: Quarantining All Traces: servedby advertising cookie
1:12 AM: Quarantining All Traces: server.iad.liveperson cookie
1:12 AM: Quarantining All Traces: specificclick.com cookie
1:12 AM: Quarantining All Traces: statcounter cookie
1:12 AM: Quarantining All Traces: tacoda cookie
1:12 AM: Quarantining All Traces: targetnet cookie
1:12 AM: Quarantining All Traces: trafficmp cookie
1:12 AM: Quarantining All Traces: tribalfusion cookie
1:12 AM: Quarantining All Traces: websponsors cookie
1:12 AM: Quarantining All Traces: webtrendslive cookie
1:12 AM: Quarantining All Traces: yieldmanager cookie
1:12 AM: Quarantining All Traces: zedo cookie
1:12 AM: Removal process completed. Elapsed time 00:00:56
********
12:49 AM: | Start of Session, Monday, March 06, 2006 |
12:49 AM: Spy Sweeper started
12:50 AM: Your spyware definitions have been updated.
12:51 AM: | End of Session, Monday, March 06, 2006 |

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 March 2006 - 03:37 PM

I suggest you do this:


Please do not delete anything unless instructed to.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab


Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete these Files if listed:
C:\WINDOWS\ALCXMNTR.EXE
c:\eied_s7.cab


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#6 lastdance

lastdance

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 07 March 2006 - 12:59 PM

i did all that and went a little longer this time without replying to get a better estimation of my computers performance. it seems its still have the slowdowns/freezes. every 30 seconds to a minute it seems like it freezes up. the pop ups dont seem to be as bad. anyways, here is my new hjt log.
Logfile of HijackThis v1.99.1
Scan saved at 10:53:25 AM, on 3/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\BitTorrent\btdownloadgui.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6B4C884C-F3D9-4C91-9B0E-10BD17B42E96}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 March 2006 - 03:56 PM

Go here and run this scan. Let me know what it finds.
Microsoft - Malicious Software Removal Tool
http://www.microsoft...ve/default.mspx


Download this one and let me know if it finds anything.
RootkitRevealer
http://www.sysintern...itRevealer.html

When it's done, go to file->save
save the logfile to the desktop, and then paste the contents here.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 lastdance

lastdance

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 08 March 2006 - 02:45 PM

the first program didnt find anything. the second program(rootkit revealer) found a quite a few things, but after the search, when i went to save the logfile, it froze and the program shut off. so i ran it a second time and it only found a couple thing. so here they are. computer is still freezing every thirty seconds or so. HKLM\SOFTWARE\Classes\CLSID\{B62055B7-A677-11d7-A773-00C04F68F44E}\Pins\Input\Types\{10ed2d83-f16f-0348-2080-8c26b23e9a26}\22 3/5/2006 5:22 PM 91 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Classes\CLSID\{B62055B7-A677-11d7-A773-00C04F68F44E}\Pins\Input\Types\{c7aed331-0000-0348-2080-8c46b23e9a26}\22 3/5/2006 5:22 PM 91 bytes Data mismatch between Windows API and raw hive data. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 3/8/2006 12:22 PM 4 bytes Data mismatch between Windows API and raw hive data. D: 0 bytes Error mounting volume

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 08 March 2006 - 03:50 PM

lets see if this will help.

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL



I recommend you download RegSeeker. Extract it to it's own folder, open and double click RegSeeker.exe to start the program. Maximize the window and click clean registry. Check all sections and click OK. When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again. Then right click within the search results and select delete. Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything). In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen. Reboot When done.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 lastdance

lastdance

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 14 March 2006 - 01:24 PM

sorry about the slow reply, been way too busy. anyways, my computer has stopped freezing, and i havent noticed any pop ups lately. is there anything else i should do, or am i good to go now? thanks for all your help.

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 March 2006 - 04:21 PM

Good Job :thumbup:

use Add/Remove Programs and remove Ewido unless you want to keep it. It's only a 14 day trial version.


Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.





If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 15 March 2006 - 04:11 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users