Ok i did all the steps. Everything seems to be working fine now. When i load windows i get an error "Error loading w02e77a1.dll . The specified module could not be found." I dont know what this is but it just started popping up. Here are my results-
Logfile of HijackThis v1.99.1
Scan saved at 12:07:34 AM, on 5/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\1140457788\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\thiselt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ms060140161733.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\common files\aol\1140457788\ee\aim6.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Justin Grindle\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mpxlrkl.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140457788\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [D-Link AirPremier Utility] C:\Program Files\D-Link\AirPremier Utility\D-Link\AirPremier Utility\AirPMCFG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [w02e77a1.dll] RUNDLL32.EXE w02e77a1.dll,I2 000cce45002e77a1
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ms060140161733] C:\WINDOWS\ms060140161733.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Registration .LNK = C:\Program Files\UBISOFT\Myst IV - Revelation\support\register\na\RegistrationReminder.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} -
http://cabs.elitemed...s/mediaview.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Spy Sweeper-
********
11:11 PM: | Start of Session, Saturday, May 13, 2006 |
11:11 PM: Spy Sweeper started
11:11 PM: Sweep initiated using definitions version 677
11:11 PM: Found Adware: internetoptimizer
11:11 PM: HKLM\software\avenue media\internet optimizer\browser helper\ || modulefilename (ID = 1187895)
11:11 PM: nem220.dll (ID = 1187895)
11:11 PM: Starting Memory Sweep
11:11 PM: Found Adware: webhancer
11:11 PM: Detected running threat: C:\WINDOWS\webhdll.dll (ID = 83813)
11:12 PM: Found Adware: clkoptimizer
11:12 PM: Detected running threat: C:\WINDOWS\system32\cuqih.exe (ID = 268934)
11:12 PM: Detected running threat: C:\WINDOWS\system32\llaehf.exe (ID = 268995)
11:12 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || kceuhd (ID = 0)
11:12 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run || hykwi (ID = 0)
11:12 PM: Detected running threat: C:\WINDOWS\system32\cuqih.exe (ID = 268934)
11:12 PM: Detected running threat: C:\WINDOWS\system32\cuqih.exe (ID = 268934)
11:13 PM: Found Trojan Horse: trojan-downloader-ac2
11:13 PM: Detected running threat: C:\WINDOWS\system32\w02e77a1.dll (ID = 276222)
11:13 PM: Memory Sweep Complete, Elapsed Time: 00:02:20
11:13 PM: Starting Registry Sweep
11:13 PM: HKCR\clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}\ (11 subtraces) (ID = 128881)
11:13 PM: HKLM\software\avenue media\ (27 subtraces) (ID = 128888)
11:13 PM: HKLM\software\classes\clsid\{00000010-6f7d-442c-93e3-4a4827c2e4c8}\ (11 subtraces) (ID = 128892)
11:13 PM: HKLM\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 128912)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\internet optimizer\ (2 subtraces) (ID = 128921)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\kapabout\ (2 subtraces) (ID = 128924)
11:13 PM: HKLM\software\policies\avenue media\ (ID = 128929)
11:13 PM: Found Adware: mirar webband
11:13 PM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135063)
11:13 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135066)
11:13 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135069)
11:13 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135070)
11:13 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135071)
11:13 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135072)
11:13 PM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135079)
11:13 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135082)
11:13 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135083)
11:13 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135084)
11:13 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135085)
11:13 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135092)
11:13 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135121)
11:13 PM: HKCR\dyfuca_bh.bhobj.1\ (3 subtraces) (ID = 135175)
11:13 PM: HKCR\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135176)
11:13 PM: HKLM\software\classes\dyfuca_bh.bhobj\ (5 subtraces) (ID = 135194)
11:13 PM: HKLM\software\classes\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135201)
11:13 PM: HKCR\typelib\{40b1d454-9ca4-43cc-86aa-cb175eac52fb}\ (9 subtraces) (ID = 135217)
11:13 PM: Found Adware: elitemediagroup-mediamotor
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media-motor\ (2 subtraces) (ID = 140208)
11:13 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
11:13 PM: HKCR\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ (9 subtraces) (ID = 146268)
11:13 PM: HKCR\interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0}\ (8 subtraces) (ID = 146269)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webhancer agent\ (3 subtraces) (ID = 146274)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\whsurvey\ (3 subtraces) (ID = 146275)
11:13 PM: HKCR\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\ (9 subtraces) (ID = 146279)
11:13 PM: HKCR\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 146280)
11:13 PM: HKCR\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 146281)
11:13 PM: HKLM\software\avenue media\internet optimizer\ (26 subtraces) (ID = 394594)
11:13 PM: Found Adware: findthewebsiteyouneed hijack
11:13 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
11:13 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
11:13 PM: HKLM\software\qstat\ || brr (ID = 877670)
11:13 PM: Found Adware: command
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
11:13 PM: Found Adware: dollarrevenue
11:13 PM: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803)
11:13 PM: Found Adware: enbrowser
11:13 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
11:13 PM: HKLM\system\currentcontrolset\services\cmdservice\ (13 subtraces) (ID = 958670)
11:13 PM: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836)
11:13 PM: HKLM\software\classes\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 972216)
11:13 PM: HKLM\software\classes\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 972220)
11:13 PM: HKLM\software\classes\clsid\{c900b400-cdfe-11d3-976a-00e02913a9e0}\ (9 subtraces) (ID = 972225)
11:13 PM: HKLM\software\classes\typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0}\ (9 subtraces) (ID = 972236)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webnexus\ (2 subtraces) (ID = 1006191)
11:13 PM: Found Adware: elitemediagroup-pop64
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroup\ (2 subtraces) (ID = 1015939)
11:13 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
11:13 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
11:13 PM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
11:13 PM: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890)
11:13 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
11:13 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (2 subtraces) (ID = 1066860)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
11:13 PM: Found Adware: safesearch
11:13 PM: HKCR\typelib\{72ec96e8-30eb-4da8-9446-b4366bf00249}\ (9 subtraces) (ID = 1160022)
11:13 PM: HKCR\iman.riemon\ (5 subtraces) (ID = 1160080)
11:13 PM: HKCR\iman.riemon.1\ (3 subtraces) (ID = 1160086)
11:13 PM: HKLM\software\microsoft\windows\currentversion\app paths\irism\ (2 subtraces) (ID = 1160093)
11:13 PM: HKLM\software\microsoft\windows\currentversion\app paths\irssyncd\ (2 subtraces) (ID = 1160096)
11:13 PM: HKLM\software\irismon\ (14 subtraces) (ID = 1165615)
11:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\irismon\ (2 subtraces) (ID = 1165617)
11:13 PM: HKLM\software\classes\iman.riemon\ (5 subtraces) (ID = 1165636)
11:13 PM: HKLM\software\classes\iman.riemon.1\ (3 subtraces) (ID = 1165642)
11:13 PM: HKLM\software\classes\typelib\{72ec96e8-30eb-4da8-9446-b4366bf00249}\ (9 subtraces) (ID = 1165660)
11:13 PM: Found Adware: ezula ilookup
11:13 PM: HKCR\da.bomb\ (5 subtraces) (ID = 1221354)
11:13 PM: HKCR\da.bomb.1\ (3 subtraces) (ID = 1221359)
11:13 PM: HKCR\onone.theimp\ (5 subtraces) (ID = 1221362)
11:13 PM: HKCR\onone.theimp.1\ (3 subtraces) (ID = 1221367)
11:13 PM: HKCR\clsid\{23fb5add-da37-4a40-9fc0-b0e2384cde92}\ (11 subtraces) (ID = 1221402)
11:13 PM: HKCR\clsid\{ed5d884b-1a35-482e-bea1-dd52f75b6138}\ (11 subtraces) (ID = 1221449)
11:13 PM: HKCR\typelib\{230290d9-946f-4276-9a91-ce2a2f376b9e}\ (9 subtraces) (ID = 1221495)
11:13 PM: HKLM\software\classes\da.bomb\ (5 subtraces) (ID = 1221507)
11:13 PM: HKLM\software\classes\da.bomb.1\ (3 subtraces) (ID = 1221512)
11:13 PM: HKLM\software\classes\onone.theimp\ (5 subtraces) (ID = 1221515)
11:13 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{23fb5add-da37-4a40-9fc0-b0e2384cde92}\ (ID = 1221519)
11:13 PM: HKLM\software\classes\onone.theimp.1\ (3 subtraces) (ID = 1221523)
11:13 PM: HKLM\software\classes\clsid\{23fb5add-da37-4a40-9fc0-b0e2384cde92}\ (11 subtraces) (ID = 1221558)
11:13 PM: HKLM\software\classes\clsid\{ed5d884b-1a35-482e-bea1-dd52f75b6138}\ (11 subtraces) (ID = 1221605)
11:13 PM: HKLM\software\classes\typelib\{230290d9-946f-4276-9a91-ce2a2f376b9e}\ (9 subtraces) (ID = 1221651)
11:13 PM: HKCR\mm06ocx.mm06ocxf\ (3 subtraces) (ID = 1323762)
11:13 PM: HKCR\clsid\{5526b4c6-63d6-41a1-9783-0fabf529859a}\ (27 subtraces) (ID = 1323770)
11:13 PM: HKCR\typelib\{d13decbb-52f8-4bf4-ba6c-b0cc603963c9}\ (9 subtraces) (ID = 1323794)
11:13 PM: HKLM\software\classes\mm06ocx.mm06ocxf\ (3 subtraces) (ID = 1323810)
11:13 PM: HKLM\software\classes\clsid\{5526b4c6-63d6-41a1-9783-0fabf529859a}\ (27 subtraces) (ID = 1323818)
11:13 PM: HKLM\software\classes\typelib\{d13decbb-52f8-4bf4-ba6c-b0cc603963c9}\ (9 subtraces) (ID = 1323842)
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\avenue media\ (ID = 128887)
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\policies\avenue media\ (ID = 128928)
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\microsoft\windows\currentversion\policies\ameopt\ (ID = 654042)
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\system\sysuid\ (1 subtraces) (ID = 731748)
11:13 PM: Found Adware: zquest
11:13 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\software\microsoft\internet explorer\desktop\components\0\ || source (ID = 1140816)
11:13 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
11:13 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
11:13 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
11:13 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
11:13 PM: HKU\S-1-5-18\software\microsoft\internet explorer\desktop\components\0\ || source (ID = 1140816)
11:13 PM: Registry Sweep Complete, Elapsed Time:00:00:06
11:13 PM: Starting Cookie Sweep
11:13 PM: Found Spy Cookie: 2o7.net cookie
11:13 PM: justin grindle@2o7[2].txt (ID = 1957)
11:13 PM: Found Spy Cookie: 80503492 cookie
11:13 PM: justin grindle@80503492[1].txt (ID = 2013)
11:13 PM: Found Spy Cookie: 888 cookie
11:13 PM: justin grindle@888[1].txt (ID = 2019)
11:13 PM: Found Spy Cookie: yieldmanager cookie
11:13 PM: justin grindle@ad.yieldmanager[2].txt (ID = 3751)
11:13 PM: Found Spy Cookie: adecn cookie
11:13 PM: justin grindle@adecn[1].txt (ID = 2063)
11:13 PM: Found Spy Cookie: adknowledge cookie
11:13 PM: justin grindle@adknowledge[2].txt (ID = 2072)
11:13 PM: Found Spy Cookie: adlegend cookie
11:13 PM: justin grindle@adlegend[1].txt (ID = 2074)
11:13 PM: Found Spy Cookie: hbmediapro cookie
11:13 PM: justin grindle@adopt.hbmediapro[2].txt (ID = 2768)
11:13 PM: Found Spy Cookie: advertising cookie
11:13 PM: justin grindle@advertising[1].txt (ID = 2175)
11:13 PM: Found Spy Cookie: tacoda cookie
11:13 PM: justin grindle@anat.tacoda[2].txt (ID = 6445)
11:13 PM: Found Spy Cookie: atwola cookie
11:13 PM: justin grindle@ar.atwola[1].txt (ID = 2256)
11:13 PM: Found Spy Cookie: falkag cookie
11:13 PM: justin grindle@as-eu.falkag[2].txt (ID = 2650)
11:13 PM: justin grindle@as-us.falkag[1].txt (ID = 2650)
11:13 PM: Found Spy Cookie: ask cookie
11:13 PM: justin grindle@ask[1].txt (ID = 2245)
11:13 PM: Found Spy Cookie: atlas dmt cookie
11:13 PM: justin grindle@atdmt[2].txt (ID = 2253)
11:13 PM: justin grindle@atwola[1].txt (ID = 2255)
11:13 PM: Found Spy Cookie: searchingbooth cookie
11:13 PM: justin grindle@banners.searchingbooth[1].txt (ID = 3322)
11:13 PM: Found Spy Cookie: belnk cookie
11:13 PM: justin grindle@belnk[1].txt (ID = 2292)
11:13 PM: Found Spy Cookie: bluestreak cookie
11:13 PM: justin grindle@bluestreak[2].txt (ID = 2314)
11:13 PM: Found Spy Cookie: enhance cookie
11:13 PM: justin grindle@c.enhance[1].txt (ID = 2614)
11:13 PM: Found Spy Cookie: goclick cookie
11:13 PM: justin grindle@c.goclick[1].txt (ID = 2733)
11:13 PM: Found Spy Cookie: zedo cookie
11:13 PM: justin grindle@c5.zedo[1].txt (ID = 3763)
11:13 PM: Found Spy Cookie: casalemedia cookie
11:13 PM: justin grindle@casalemedia[2].txt (ID = 2354)
11:13 PM: Found Spy Cookie: cassava cookie
11:13 PM: justin grindle@cassava[1].txt (ID = 2362)
11:13 PM: Found Spy Cookie: overture cookie
11:13 PM: justin grindle@data2.perf.overture[1].txt (ID = 3106)
11:13 PM: Found Spy Cookie: directtrack cookie
11:13 PM: justin grindle@directtrack[1].txt (ID = 2527)
11:13 PM: justin grindle@dist.belnk[2].txt (ID = 2293)
11:13 PM: Found Spy Cookie: exitexchange cookie
11:13 PM: justin grindle@exitexchange[2].txt (ID = 2633)
11:13 PM: Found Spy Cookie: fastclick cookie
11:13 PM: justin grindle@fastclick[1].txt (ID = 2651)
11:13 PM: Found Spy Cookie: findwhat cookie
11:13 PM: justin grindle@findwhat[1].txt (ID = 2674)
11:13 PM: Found Spy Cookie: go.com cookie
11:13 PM: justin grindle@go[2].txt (ID = 2728)
11:13 PM: Found Spy Cookie: starware.com cookie
11:13 PM: justin grindle@h.starware[1].txt (ID = 3442)
11:13 PM: Found Spy Cookie: clickandtrack cookie
11:13 PM: justin grindle@hits.clickandtrack[2].txt (ID = 2397)
11:13 PM: Found Spy Cookie: maxserving cookie
11:13 PM: justin grindle@maxserving[2].txt (ID = 2966)
11:13 PM: Found Spy Cookie: top-banners cookie
11:13 PM: justin grindle@media.top-banners[2].txt (ID = 3548)
11:13 PM: Found Spy Cookie: mediaplex cookie
11:13 PM: justin grindle@mediaplex[1].txt (ID = 6442)
11:13 PM: justin grindle@movies.go[1].txt (ID = 2729)
11:13 PM: justin grindle@msnportal.112.2o7[1].txt (ID = 1958)
11:13 PM: Found Spy Cookie: offeroptimizer cookie
11:13 PM: justin grindle@offeroptimizer[2].txt (ID = 3087)
11:13 PM: justin grindle@overture[1].txt (ID = 3105)
11:13 PM: justin grindle@partygaming.122.2o7[1].txt (ID = 1958)
11:13 PM: Found Spy Cookie: partypoker cookie
11:13 PM: justin grindle@partypoker[2].txt (ID = 3111)
11:13 PM: justin grindle@perf.overture[2].txt (ID = 3106)
11:13 PM: Found Spy Cookie: popuptraffic cookie
11:13 PM: justin grindle@popuptraffic[2].txt (ID = 3163)
11:13 PM: Found Spy Cookie: questionmarket cookie
11:13 PM: justin grindle@questionmarket[2].txt (ID = 3217)
11:13 PM: Found Spy Cookie: realmedia cookie
11:13 PM: justin grindle@realmedia[2].txt (ID = 3235)
11:13 PM: justin grindle@revenuegateway.directtrack[2].txt (ID = 2528)
11:13 PM: Found Spy Cookie: revenue.net cookie
11:13 PM: justin grindle@revenue[2].txt (ID = 3257)
11:13 PM: Found Spy Cookie: server.iad.liveperson cookie
11:13 PM: justin grindle@server.iad.liveperson[1].txt (ID = 3341)
11:13 PM: justin grindle@tacoda[1].txt (ID = 6444)
11:13 PM: Found Spy Cookie: targetnet cookie
11:13 PM: justin grindle@targetnet[1].txt (ID = 3489)
11:13 PM: Found Spy Cookie: trafficmp cookie
11:13 PM: justin grindle@trafficmp[1].txt (ID = 3581)
11:13 PM: Found Spy Cookie: tribalfusion cookie
11:13 PM: justin grindle@tribalfusion[2].txt (ID = 3589)
11:13 PM: justin grindle@try.starware[1].txt (ID = 3442)
11:13 PM: justin grindle@yieldmanager[2].txt (ID = 3749)
11:13 PM: justin grindle@zedo[2].txt (ID = 3762)
11:13 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:13 PM: Starting File Sweep
11:13 PM: c:\program files\whinstall (11 subtraces) (ID = -2147480064)
11:13 PM: c:\program files\webhancer (8 subtraces) (ID = -2147476841)
11:13 PM: c:\program files\network monitor (1 subtraces) (ID = -2147459771)
11:13 PM: c:\program files\internet optimizer (1 subtraces) (ID = -2147480830)
11:14 PM: Found Adware: deskwizz
11:14 PM: wallpap[1].exe (ID = 240959)
11:15 PM: wallpap[1].exe (ID = 240959)
11:15 PM: license.txt (ID = 83802)
11:15 PM: justin2a[1].exe (ID = 279493)
11:15 PM: wallpap.exe (ID = 240959)
11:15 PM: justin2a.exe (ID = 279493)
11:15 PM: installer_2512[1].exe (ID = 277894)
11:15 PM: mte3ndi6odoxng[1].exe (ID = 185985)
11:15 PM: license.txt (ID = 83802)
11:16 PM: idlemg[1].exe (ID = 235944)
11:16 PM: idlemg.exe (ID = 235944)
11:16 PM: b2search_v17.exe (ID = 188142)
11:16 PM: Found Adware: zenosearchassistant
11:16 PM: zifi002[1].exe (ID = 235993)
11:16 PM: zifi002.exe (ID = 235993)
11:16 PM: Found Adware: purityscan
11:16 PM: yoinsi[1].exe (ID = 213483)
11:16 PM: yoinsi.exe (ID = 213483)
11:16 PM: Found Adware: surfsidekick
11:16 PM: ss1205[1].exe (ID = 278244)
11:16 PM: ss1205.exe (ID = 278244)
11:16 PM: readme.txt (ID = 83804)
11:16 PM: readme.txt (ID = 83804)
11:16 PM: mit84.tmp (ID = 133197)
11:17 PM: Found Adware: look2me
11:17 PM: installer[1].exe (ID = 168558)
11:17 PM: webhdll.dll (ID = 83813)
11:17 PM: sos.i.exe (ID = 246713)
11:18 PM: uninstall_nmon.vbs (ID = 231442)
11:18 PM: wallpap[1].exe (ID = 240959)
11:18 PM: keyboard18.exe (ID = 293397)
11:19 PM: mpxlrkl.exe (ID = 268932)
11:19 PM: cuqih.exe (ID = 268934)
11:20 PM: nem220.dll (ID = 64043)
11:21 PM: mte3ndi6odoxng.exe (ID = 185985)
11:21 PM: webhdll.dll (ID = 83813)
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:21 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:22 PM: w0067dbe.dll (ID = 276222)
11:22 PM: optimize.exe (ID = 288489)
11:22 PM: optimize.exe (ID = 288489)
11:23 PM: mit84.tmp.cab (ID = 133197)
11:23 PM: w02e77a1.dll (ID = 276222)
11:24 PM: netmon.exe (ID = 231443)
11:25 PM: irismon.dll (ID = 246191)
11:25 PM: whiehlpr.dll (ID = 83838)
11:25 PM: unirimon.exe (ID = 246195)
11:25 PM: llaehf.exe (ID = 268995)
11:25 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || kceuhd (ID = 0)
11:25 PM: HKU\S-1-5-21-1715567821-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run || hykwi (ID = 0)
11:26 PM: installer_2512.exe (ID = 277894)
11:26 PM: whinstaller.exe (ID = 83844)
11:26 PM: j84o0ih3e84.dll (ID = 163672)
11:26 PM: backup-20060513-223415-742.dll (ID = 246679)
11:26 PM: chadch.exe (ID = 288265)
11:26 PM: dslfn.exe (ID = 268995)
11:26 PM: o4660ejseho60.dll (ID = 159)
11:26 PM: whinstaller.exe (ID = 83844)
11:26 PM: unwn.exe (ID = 268798)
11:26 PM: installer[1].exe (ID = 231664)
11:26 PM: unstall.exe (ID = 133210)
11:26 PM: mirar.exe (ID = 272168)
11:26 PM: qiohs.dat (ID = 268995)
11:26 PM: wallpap.exe (ID = 240959)
11:26 PM: whsurvey.exe (ID = 83849)
11:26 PM: ac2_0009.exe (ID = 273770)
11:26 PM: l06o0aj3edo.dll (ID = 163672)
11:26 PM: command.exe (ID = 144946)
11:26 PM: backup-20060513-223416-227.dll (ID = 208226)
11:27 PM: whinstaller.ini (ID = 83848)
11:27 PM: whagent.inf (ID = 83821)
11:27 PM: whagent.inf (ID = 83821)
11:27 PM: dmonwv.dll (ID = 268799)
11:27 PM: irsmnusd.dll (ID = 246679)
11:27 PM: csc.dll (ID = 163672)
11:27 PM: whcc-giant.exe (ID = 83829)
11:28 PM: whsurvey.exe (ID = 83849)
11:28 PM: dmvvox.dll (ID = 163672)
11:29 PM: nscad.dll (ID = 180772)
11:29 PM: backup-20060513-223415-458.dll (ID = 233175)
11:29 PM: whagent.exe (ID = 83816)
11:29 PM: whagent.exe (ID = 83816)
11:29 PM: guard.tmp (ID = 159)
11:29 PM: asappsrv.dll (ID = 144945)
11:31 PM: whiehlpr.dll (ID = 83838)
11:31 PM: whagent.ini (ID = 83825)
11:31 PM: whagent.ini (ID = 83825)
11:31 PM: whinstaller.ini (ID = 83848)
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:31 PM: backup-20060513-223415-458.inf (ID = 233153)
11:31 PM: backup-20060513-223416-227.inf (ID = 208224)
11:31 PM: mbpwx35rkhxvuqc4v3o.vbs (ID = 185675)
11:32 PM: File Sweep Complete, Elapsed Time: 00:18:09
11:32 PM: Full Sweep has completed. Elapsed time 00:20:40
11:32 PM: Traces Found: 829
11:33 PM: Removal process initiated
11:33 PM: Quarantining All Traces: clkoptimizer
11:33 PM: clkoptimizer is in use. It will be removed on reboot.
11:33 PM: cuqih.exe is in use. It will be removed on reboot.
11:33 PM: llaehf.exe is in use. It will be removed on reboot.
11:33 PM: dslfn.exe is in use. It will be removed on reboot.
11:33 PM: C:\WINDOWS\system32\cuqih.exe is in use. It will be removed on reboot.
11:33 PM: C:\WINDOWS\system32\llaehf.exe is in use. It will be removed on reboot.
11:33 PM: C:\WINDOWS\system32\cuqih.exe is in use. It will be removed on reboot.
11:33 PM: C:\WINDOWS\system32\cuqih.exe is in use. It will be removed on reboot.
11:33 PM: Quarantining All Traces: look2me
11:33 PM: Quarantining All Traces: purityscan
11:33 PM: Quarantining All Traces: dollarrevenue
11:33 PM: Quarantining All Traces: elitemediagroup-mediamotor
11:33 PM: Quarantining All Traces: enbrowser
11:33 PM: Quarantining All Traces: internetoptimizer
11:33 PM: internetoptimizer is in use. It will be removed on reboot.
11:33 PM: nem220.dll is in use. It will be removed on reboot.
11:33 PM: Quarantining All Traces: safesearch
11:33 PM: Quarantining All Traces: surfsidekick
11:33 PM: Quarantining All Traces: trojan-downloader-ac2
11:33 PM: trojan-downloader-ac2 is in use. It will be removed on reboot.
11:33 PM: w02e77a1.dll is in use. It will be removed on reboot.
11:33 PM: Quarantining All Traces: zquest
11:33 PM: Quarantining All Traces: command
11:33 PM: Quarantining All Traces: deskwizz
11:33 PM: Quarantining All Traces: elitemediagroup-pop64
11:33 PM: Quarantining All Traces: ezula ilookup
11:33 PM: Quarantining All Traces: findthewebsiteyouneed hijack
11:33 PM: Quarantining All Traces: mirar webband
11:33 PM: Quarantining All Traces: webhancer
11:33 PM: webhancer is in use. It will be removed on reboot.
11:33 PM: webhdll.dll is in use. It will be removed on reboot.
11:33 PM: C:\WINDOWS\webhdll.dll is in use. It will be removed on reboot.
11:33 PM: Quarantining All Traces: zenosearchassistant
11:33 PM: Quarantining All Traces: 2o7.net cookie
11:33 PM: Quarantining All Traces: 80503492 cookie
11:33 PM: Quarantining All Traces: 888 cookie
11:33 PM: Quarantining All Traces: adecn cookie
11:33 PM: Quarantining All Traces: adknowledge cookie
11:33 PM: Quarantining All Traces: adlegend cookie
11:33 PM: Quarantining All Traces: advertising cookie
11:33 PM: Quarantining All Traces: ask cookie
11:33 PM: Quarantining All Traces: atlas dmt cookie
11:33 PM: Quarantining All Traces: atwola cookie
11:33 PM: Quarantining All Traces: belnk cookie
11:33 PM: Quarantining All Traces: bluestreak cookie
11:33 PM: Quarantining All Traces: casalemedia cookie
11:33 PM: Quarantining All Traces: cassava cookie
11:33 PM: Quarantining All Traces: clickandtrack cookie
11:33 PM: Quarantining All Traces: directtrack cookie
11:33 PM: Quarantining All Traces: enhance cookie
11:33 PM: Quarantining All Traces: exitexchange cookie
11:33 PM: Quarantining All Traces: falkag cookie
11:33 PM: Quarantining All Traces: fastclick cookie
11:33 PM: Quarantining All Traces: findwhat cookie
11:33 PM: Quarantining All Traces: go.com cookie
11:33 PM: Quarantining All Traces: goclick cookie
11:33 PM: Quarantining All Traces: hbmediapro cookie
11:33 PM: Quarantining All Traces: maxserving cookie
11:33 PM: Quarantining All Traces: mediaplex cookie
11:33 PM: Quarantining All Traces: offeroptimizer cookie
11:33 PM: Quarantining All Traces: overture cookie
11:33 PM: Quarantining All Traces: partypoker cookie
11:33 PM: Quarantining All Traces: popuptraffic cookie
11:33 PM: Quarantining All Traces: questionmarket cookie
11:33 PM: Quarantining All Traces: realmedia cookie
11:33 PM: Quarantining All Traces: revenue.net cookie
11:33 PM: Quarantining All Traces: searchingbooth cookie
11:33 PM: Quarantining All Traces: server.iad.liveperson cookie
11:33 PM: Quarantining All Traces: starware.com cookie
11:33 PM: Quarantining All Traces: tacoda cookie
11:33 PM: Quarantining All Traces: targetnet cookie
11:33 PM: Quarantining All Traces: top-banners cookie
11:33 PM: Quarantining All Traces: trafficmp cookie
11:33 PM: Quarantining All Traces: tribalfusion cookie
11:33 PM: Quarantining All Traces: yieldmanager cookie
11:33 PM: Quarantining All Traces: zedo cookie
11:35 PM: Removal process completed. Elapsed time 00:01:42
********
11:06 PM: | Start of Session, Saturday, May 13, 2006 |
11:06 PM: Spy Sweeper started
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: The Spy Communication shield has blocked access to: dl.web-nexus.net
11:09 PM: Your spyware definitions have been updated.
11:10 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0 -- Execution Denied
11:10 PM: Spy Installation Shield: found: Adware: zenosearchassistant, version 1.0.0.0 -- Execution Denied
11:10 PM: IE Security Shield: found: C:\WINDOWS\THISELT.EXE -- IE Security modification denied
11:10 PM: Spy Installation Shield: found: Adware: purityscan, version 1.0.0.0 -- Execution Denied
11:10 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Execution Denied
11:10 PM: Spy Installation Shield: found: Adware: command, version 1.0.0.0 -- Execution Denied
11:11 PM: | End of Session, Saturday, May 13, 2006 |
Ewido-
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:57:41 PM, 5/13/2006
+ Report-Checksum: 357BA8CD
+ Scan result:
HKU\S-1-5-21-1715567821-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@ehg-citrixonline.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Cookies\justin grindle@www5.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@ehg-aviatechllc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@popuptraffic[2].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@tahitiannoniintl.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@www.adtrak[2].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@www5.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Justin Grindle\Local Settings\Temp\Cookies\justin grindle@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\justin grindle@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
::Report End