Thread: Multiple pop-ups on multiple user system
View Single Post
Old 01-16-2006, 12:22 PM   #25 (permalink)
stretched
Registered User
 
Join Date: Aug 2005
Posts: 115
OS: Windows XP


"Alrighty then"

This is user account:

"mommy"

Ran the new Spysweeper, Adware, Spybot, Ewido, CWShredder, I also ran CCleaner after all of them (I hope that was not stupid).

Here is the Spysweeper log:

********
10:57 AM: | Start of Session, Monday, January 16, 2006 |
10:57 AM: Spy Sweeper started
10:57 AM: Sweep initiated using definitions version 601
10:57 AM: Starting Memory Sweep
11:01 AM: Memory Sweep Complete, Elapsed Time: 00:03:26
11:01 AM: Starting Registry Sweep
11:01 AM: Found Adware: screensavers
11:01 AM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140550)
11:01 AM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (2 subtraces) (ID = 140555)
11:01 AM: HKLM\software\microsoft\windows\currentversion\uninstall\screensaversinstaller\ (2 subtraces) (ID = 140568)
11:01 AM: HKLM\software\screensavers.com\ (18 subtraces) (ID = 140569)
11:01 AM: Found Adware: websearch toolbar
11:01 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow_as2.dll\ (2 subtraces) (ID = 146482)
11:01 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
11:01 AM: Found Adware: winad
11:01 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
11:01 AM: HKLM\software\media gateway\ (10 subtraces) (ID = 359545)
11:01 AM: Found Adware: drsnsrch hijacker
11:01 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
11:01 AM: Found Adware: rich editor
11:01 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
11:01 AM: HKLM\software\lanbridge\ (51 subtraces) (ID = 609177)
11:01 AM: HKLM\software\toolbar\ (6 subtraces) (ID = 646240)
11:01 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
11:01 AM: Found Adware: dealbar toolbar
11:01 AM: HKCR\compbar.getpricebar\ (5 subtraces) (ID = 726184)
11:01 AM: HKCR\compbar.getpricebar.1\ (3 subtraces) (ID = 726190)
11:01 AM: HKCR\mynewsbarlauncher.ie5barlauncher\ (5 subtraces) (ID = 726194)
11:01 AM: HKCR\mynewsbarlauncher.ie5barlauncher.1\ (3 subtraces) (ID = 726200)
11:01 AM: HKCR\clsid\{3d782bb3-f2a5-11d3-bf4c-000000000000}\ (1 subtraces) (ID = 726226)
11:01 AM: HKLM\software\classes\compbar.getpricebar\ (5 subtraces) (ID = 726303)
11:01 AM: HKLM\software\classes\compbar.getpricebar.1\ (3 subtraces) (ID = 726309)
11:01 AM: HKLM\software\classes\mynewsbarlauncher.ie5barlauncher\ (5 subtraces) (ID = 726313)
11:01 AM: HKLM\software\classes\mynewsbarlauncher.ie5barlauncher.1\ (3 subtraces) (ID = 726337)
11:01 AM: HKLM\software\classes\clsid\{3d782bb3-f2a5-11d3-bf4c-000000000000}\ (1 subtraces) (ID = 726363)
11:01 AM: Found Adware: safesurf
11:01 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
11:01 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
11:01 AM: HKLM\software\picshow\ (26 subtraces) (ID = 730989)
11:01 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
11:01 AM: Found Adware: 180search assistant/zango
11:01 AM: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
11:01 AM: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
11:01 AM: Found Adware: cas
11:01 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
11:01 AM: HKCR\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820397)
11:01 AM: HKLM\software\italmanager\ (29 subtraces) (ID = 820452)
11:01 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
11:01 AM: HKLM\software\classes\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820550)
11:01 AM: HKLM\software\microsoft\windows\currentversion\uninstall\italmgr\ (2 subtraces) (ID = 820572)
11:01 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ichckupd.exe\ (1 subtraces) (ID = 820614)
11:01 AM: Found Adware: ezula ilookup
11:01 AM: HKLM\software\microsoft\webext\ (1 subtraces) (ID = 828947)
11:01 AM: HKLM\software\microsoft\windows\currentversion\app paths\ichckupd\ (2 subtraces) (ID = 831816)
11:01 AM: Found Adware: multidial
11:01 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/mfc42.dll\ || {e8edb60c-951e-4130-93dc-faf1ad25f8e7} (ID = 956093)
11:01 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/msvcrt.dll\ || {e8edb60c-951e-4130-93dc-faf1ad25f8e7} (ID = 956095)
11:01 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/olepro32.dll\ || {e8edb60c-951e-4130-93dc-faf1ad25f8e7} (ID = 956097)
11:01 AM: Found Adware: fullcontext
11:01 AM: HKCR\typelib\{1b8b502e-465b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1075392)
11:01 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1075534)
11:01 AM: Found Adware: ieplugin
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\intexp\ (2 subtraces) (ID = 128173)
11:01 AM: Found Adware: drsnsrch.com hijack
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\salm\ (3 subtraces) (ID = 135792)
11:01 AM: Found Adware: starware toolbar
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\starware\ (12 subtraces) (ID = 142866)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\toolbar\ (34 subtraces) (ID = 146513)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\wintools\ (17 subtraces) (ID = 146514)
11:01 AM: Found Adware: directrevenue-abetterinternet
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\aurorahandler\ (16 subtraces) (ID = 360172)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\aurora\ (37 subtraces) (ID = 360174)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\aurorahandler\ (16 subtraces) (ID = 480802)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\dsrch\ (2 subtraces) (ID = 509156)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\toolbar\ (34 subtraces) (ID = 646239)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-501\software\wintools\ (17 subtraces) (ID = 646241)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\internet explorer\explorer bars\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (1 subtraces) (ID = 142856)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\internet explorer\toolbar\webbrowser\ || {7bed0340-176b-44bc-915e-c21c1dd6f617} (ID = 142861)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\starware\ (12 subtraces) (ID = 142866)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\dsrch\ (5 subtraces) (ID = 509156)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\fchelp\ (2 subtraces) (ID = 1075408)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1015\software\microsoft\windows\currentversion\run\ || fchelp (ID = 1075456)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\starware\ (12 subtraces) (ID = 142866)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\aurora\ (37 subtraces) (ID = 360174)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1011\software\dsrch\ (7 subtraces) (ID = 509156)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\searchurl\ (ID = 128212)
11:01 AM: Found Adware: instant access
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\egdhtml\ (16 subtraces) (ID = 128787)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)
11:01 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\salm\ (3 subtraces) (ID = 135792)
11:02 AM: Found Adware: one2one viewer
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\livesvc\ (ID = 136368)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\starware\ (12 subtraces) (ID = 142866)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\toolbar\ (36 subtraces) (ID = 146513)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\wintools\ (16 subtraces) (ID = 146514)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\aurorahandler\ (22 subtraces) (ID = 360172)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\aurora\ (37 subtraces) (ID = 360174)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\aurorahandler\ (22 subtraces) (ID = 480802)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\dsrch\ (9 subtraces) (ID = 509156)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\toolbar\ (36 subtraces) (ID = 646239)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1010\software\wintools\ (16 subtraces) (ID = 646241)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\intexp\ (2 subtraces) (ID = 128173)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\egdhtml\ (16 subtraces) (ID = 128787)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\salm\ (4 subtraces) (ID = 135792)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\livesvc\ (ID = 136368)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\starware\ (12 subtraces) (ID = 142866)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\toolbar\ (42 subtraces) (ID = 146513)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\wintools\ (19 subtraces) (ID = 146514)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\aurorahandler\ (22 subtraces) (ID = 360172)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\aurora\ (37 subtraces) (ID = 360174)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\aurorahandler\ (22 subtraces) (ID = 480802)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\dsrch\ (9 subtraces) (ID = 509156)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\toolbar\ (42 subtraces) (ID = 646239)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\wintools\ (19 subtraces) (ID = 646241)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1009\software\microsoft\windows\currentversion\run\ || pshower (ID = 730935)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\intexp\ (2 subtraces) (ID = 128173)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\egdhtml\ (12 subtraces) (ID = 128787)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\salm\ (3 subtraces) (ID = 135792)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\livesvc\ (ID = 136368)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\starware\ (12 subtraces) (ID = 142866)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\toolbar\ (38 subtraces) (ID = 146513)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\wintools\ (16 subtraces) (ID = 146514)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\aurorahandler\ (22 subtraces) (ID = 360172)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\aurora\ (37 subtraces) (ID = 360174)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\aurorahandler\ (22 subtraces) (ID = 480802)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\dsrch\ (11 subtraces) (ID = 509156)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\toolbar\ (38 subtraces) (ID = 646239)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1008\software\wintools\ (16 subtraces) (ID = 646241)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\intexp\ (11 subtraces) (ID = 128173)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\main\ || search page (ID = 128207)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\egdhtml\ (13 subtraces) (ID = 128787)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\salm\ (11 subtraces) (ID = 135792)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\livesvc\ (ID = 136368)
11:02 AM: Found Adware: privacyscan
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\privacy champion\ (1 subtraces) (ID = 136898)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\run\ || privacyscanner (ID = 136899)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\starware\ (12 subtraces) (ID = 142866)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146464)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\toolbar\ (36 subtraces) (ID = 146513)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\wintools\ (18 subtraces) (ID = 146514)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\zango\ (15 subtraces) (ID = 147919)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\aurorahandler\ (22 subtraces) (ID = 360172)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\aurora\ (38 subtraces) (ID = 360174)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\cmapp\ (12 subtraces) (ID = 381792)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\run\ || cmapp (ID = 381808)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 392934)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\aurorahandler\ (22 subtraces) (ID = 480802)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\dsrch\ (9 subtraces) (ID = 509156)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\aurorahandler\ || aut9i1m4eofsfinalad (ID = 512963)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\toolbar\ (36 subtraces) (ID = 646239)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\wintools\ (18 subtraces) (ID = 646241)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\cmapp\client\ || registered (ID = 724012)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\cmsystem\ (9 subtraces) (ID = 820421)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\run\ || ichckupd (ID = 820435)
11:02 AM: Found Adware: hotconnect dialer
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\montorgueil\ (18 subtraces) (ID = 879699)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\cmman\ (9 subtraces) (ID = 980823)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\run\ || cmman (ID = 1018857)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\fchelp\ (3 subtraces) (ID = 1075408)
11:02 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\software\microsoft\windows\currentversion\run\ || fchelp (ID = 1075456)
11:02 AM: HKU\S-1-5-21-2034715575-3859179852-3284876818-1006\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
11:02 AM: HKU\S-1-5-21-2034715575-3859179852-3284876818-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
11:02 AM: HKU\S-1-5-21-2034715575-3859179852-3284876818-1006\software\starware\ (12 subtraces) (ID = 142866)
11:02 AM: HKU\S-1-5-21-2034715575-3859179852-3284876818-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:02 AM: HKU\S-1-5-21-2034715575-3859179852-3284876818-1006\software\toolbar\ (2 subtraces) (ID = 146513)
11:02 AM: HKU\S-1-5-21-2034715575-3859179852-3284876818-1006\software\toolbar\ (2 subtraces) (ID = 646239)
11:02 AM: Registry Sweep Complete, Elapsed Time:00:01:01
11:02 AM: Starting Cookie Sweep
11:02 AM: Found Spy Cookie: 2o7.net cookie
11:02 AM: zakariya@2o7[1].txt (ID = 1957)
11:02 AM: Found Spy Cookie: 888 cookie
11:02 AM: zakariya@888[1].txt (ID = 2019)
11:02 AM: Found Spy Cookie: websponsors cookie
11:02 AM: zakariya@a.websponsors[2].txt (ID = 3665)
11:02 AM: Found Spy Cookie: aa cookie
11:02 AM: zakariya@aa[1].txt (ID = 2029)
11:02 AM: Found Spy Cookie: go.com cookie
11:02 AM: zakariya@abcfamily.go[1].txt (ID = 2729)
11:02 AM: Found Spy Cookie: abetterinternet cookie
11:02 AM: zakariya@abetterinternet[1].txt (ID = 2035)
11:02 AM: Found Spy Cookie: about cookie
11:02 AM: zakariya@about[1].txt (ID = 2037)
11:02 AM: Found Spy Cookie: yieldmanager cookie
11:02 AM: zakariya@ad.yieldmanager[1].txt (ID = 3751)
11:02 AM: Found Spy Cookie: adknowledge cookie
11:02 AM: zakariya@adknowledge[1].txt (ID = 2072)
11:02 AM: Found Spy Cookie: adrevservice cookie
11:02 AM: zakariya@adrevservice[1].txt (ID = 2091)
11:02 AM: Found Spy Cookie: cc214142 cookie
11:02 AM: zakariya@ads.cc214142[2].txt (ID = 2367)
11:02 AM: Found Spy Cookie: pointroll cookie
11:02 AM: zakariya@ads.pointroll[1].txt (ID = 3148)
11:02 AM: Found Spy Cookie: adultrevenueservice cookie
11:02 AM: zakariya@adultrevenueservice[1].txt (ID = 2167)
11:02 AM: zakariya@anime.about[1].txt (ID = 2038)
11:02 AM: Found Spy Cookie: falkag cookie
11:02 AM: zakariya@as-us.falkag[1].txt (ID = 2650)
11:02 AM: Found Spy Cookie: ask cookie
11:02 AM: zakariya@ask[1].txt (ID = 2245)
11:02 AM: Found Spy Cookie: atlas dmt cookie
11:02 AM: zakariya@atdmt[2].txt (ID = 2253)
11:02 AM: Found Spy Cookie: belnk cookie
11:02 AM: zakariya@ath.belnk[1].txt (ID = 2293)
11:02 AM: Found Spy Cookie: atwola cookie
11:02 AM: zakariya@atwola[1].txt (ID = 2255)
11:02 AM: Found Spy Cookie: azjmp cookie
11:02 AM: zakariya@azjmp[2].txt (ID = 2270)
11:02 AM: Found Spy Cookie: a cookie
11:02 AM: zakariya@a[2].txt (ID = 2027)
11:02 AM: zakariya@belnk[2].txt (ID = 2292)
11:02 AM: Found Spy Cookie: bizrate cookie
11:02 AM: zakariya@bizrate[2].txt (ID = 2308)
11:02 AM: Found Spy Cookie: btgrab cookie
11:02 AM: zakariya@btg.btgrab[1].txt (ID = 2333)
11:02 AM: zakariya@btg.btgrab[2].txt (ID = 2333)
11:02 AM: Found Spy Cookie: burstnet cookie
11:02 AM: zakariya@burstnet[2].txt (ID = 2336)
11:02 AM: Found Spy Cookie: goclick cookie
11:02 AM: zakariya@c.goclick[1].txt (ID = 2733)
11:02 AM: Found Spy Cookie: gostats cookie
11:02 AM: zakariya@c3.gostats[1].txt (ID = 2748)
11:02 AM: Found Spy Cookie: ccbill cookie
11:02 AM: zakariya@ccbill[2].txt (ID = 2369)
11:02 AM: Found Spy Cookie: cliks cookie
11:02 AM: zakariya@cliks[2].txt (ID = 2414)
11:02 AM: Found Spy Cookie: dealtime cookie
11:02 AM: zakariya@dealtime[1].txt (ID = 2505)
11:02 AM: zakariya@dist.belnk[1].txt (ID = 2293)
11:02 AM: Found Spy Cookie: webservicehosts cookie
11:02 AM: zakariya@dr.webservicehosts[2].txt (ID = 3663)
11:02 AM: Found Spy Cookie: gamespy cookie
11:02 AM: zakariya@gamespy[1].txt (ID = 2719)
11:02 AM: zakariya@gostats[1].txt (ID = 2747)
11:02 AM: Found Spy Cookie: metareward.com cookie
11:02 AM: zakariya@metareward[2].txt (ID = 2990)
11:02 AM: Found Spy Cookie: military cookie
11:02 AM: zakariya@military[1].txt (ID = 2996)
11:02 AM: Found Spy Cookie: mywebsearch cookie
11:02 AM: zakariya@mywebsearch[2].txt (ID = 3051)
11:02 AM: Found Spy Cookie: nextag cookie
11:02 AM: zakariya@nextag[2].txt (ID = 5014)
11:02 AM: Found Spy Cookie: offeroptimizer cookie
11:02 AM: zakariya@offeroptimizer[1].txt (ID = 3087)
11:02 AM: Found Spy Cookie: outster cookie
11:02 AM: zakariya@outster[2].txt (ID = 3103)
11:02 AM: Found Spy Cookie: partypoker cookie
11:02 AM: zakariya@partypoker[2].txt (ID = 3111)
11:02 AM: Found Spy Cookie: paypopup cookie
11:02 AM: zakariya@paypopup[1].txt (ID = 3119)
11:02 AM: Found Spy Cookie: pricegrabber cookie
11:02 AM: zakariya@pricegrabber[1].txt (ID = 3185)
11:02 AM: Found Spy Cookie: rightmedia cookie
11:02 AM: zakariya@rightmedia[1].txt (ID = 3259)
11:02 AM: Found Spy Cookie: spywarestormer cookie
11:02 AM: zakariya@spywarestormer[2].txt (ID = 3417)
11:02 AM: zakariya@stat.dealtime[1].txt (ID = 2506)
11:02 AM: Found Spy Cookie: toplist cookie
11:02 AM: zakariya@toplist[1].txt (ID = 3557)
11:02 AM: zakariya@toplist[2].txt (ID = 3557)
11:02 AM: Found Spy Cookie: tracking cookie
11:02 AM: zakariya@tracking[2].txt (ID = 3571)
11:02 AM: Found Spy Cookie: tribalfusion cookie
11:02 AM: zakariya@tribalfusion[1].txt (ID = 3589)
11:02 AM: Found Spy Cookie: burstbeacon cookie
11:02 AM: zakariya@www.burstbeacon[1].txt (ID = 2335)
11:02 AM: zakariya@www.burstnet[1].txt (ID = 2337)
11:02 AM: Found Spy Cookie: hardcoresexshack cookie
11:02 AM: zakariya@www.hardcoresexshack[1].txt (ID = 2764)
11:02 AM: Found Spy Cookie: xiti cookie
11:02 AM: zakariya@xiti[1].txt (ID = 3717)
11:02 AM: Found Spy Cookie: yadro cookie
11:02 AM: zakariya@yadro[2].txt (ID = 3743)
11:02 AM: safiyah@2o7[1].txt (ID = 1957)
11:02 AM: Found Spy Cookie: 412 cookie
11:02 AM: safiyah@412[2].txt (ID = 1969)
11:02 AM: Found Spy Cookie: 447 cookie
11:02 AM: safiyah@447[2].txt (ID = 1973)
11:02 AM: Found Spy Cookie: 64.62.232 cookie
11:02 AM: safiyah@64.62.232[2].txt (ID = 1987)
11:02 AM: safiyah@64.62.232[3].txt (ID = 1987)
11:02 AM: safiyah@64.62.232[4].txt (ID = 1987)
11:02 AM: safiyah@64.62.232[5].txt (ID = 1987)
11:02 AM: safiyah@64.62.232[6].txt (ID = 1987)
11:02 AM: safiyah@888[2].txt (ID = 2019)
11:02 AM: safiyah@a.websponsors[2].txt (ID = 3665)
11:02 AM: safiyah@abc.go[2].txt (ID = 2729)
11:02 AM: safiyah@abcfamily.go[2].txt (ID = 2729)
11:02 AM: safiyah@abetterinternet[1].txt (ID = 2035)
11:02 AM: safiyah@about[2].txt (ID = 2037)
11:02 AM: safiyah@ad.yieldmanager[2].txt (ID = 3751)
11:02 AM: Found Spy Cookie: adecn cookie
11:02 AM: safiyah@adecn[2].txt (ID = 2063)
11:02 AM: safiyah@adknowledge[1].txt (ID = 2072)
11:02 AM: Found Spy Cookie: adlegend cookie
11:02 AM: safiyah@adlegend[1].txt (ID = 2074)
11:02 AM: Found Spy Cookie: hbmediapro cookie
11:02 AM: safiyah@adopt.hbmediapro[2].txt (ID = 2768)
11:02 AM: Found Spy Cookie: hotbar cookie
11:02 AM: safiyah@adopt.hotbar[2].txt (ID = 4207)
11:02 AM: Found Spy Cookie: precisead cookie
11:02 AM: safiyah@adopt.precisead[1].txt (ID = 3182)
11:02 AM: Found Spy Cookie: specificclick.com cookie
11:02 AM: safiyah@adopt.specificclick[1].txt (ID = 3400)
11:02 AM: Found Spy Cookie: adorigin cookie
11:02 AM: safiyah@adorigin[1].txt (ID = 2082)
11:02 AM: Found Spy Cookie: adprofile cookie
11:02 AM: safiyah@adprofile[1].txt (ID = 2084)
11:02 AM: safiyah@ads.cc214142[1].txt (ID = 2367)
11:02 AM: Found Spy Cookie: starpulse cookie
11:02 AM: safiyah@ads.starpulse[1].txt (ID = 3440)
11:02 AM: Found Spy Cookie: adultfriendfinder cookie
11:02 AM: safiyah@adultfriendfinder[2].txt (ID = 2165)
11:02 AM: Found Spy Cookie: advertising cookie
11:02 AM: safiyah@advertising[1].txt (ID = 2175)
11:02 AM: Found Spy Cookie: angelfire cookie
11:02 AM: safiyah@angelfire[1].txt (ID = 2221)
11:02 AM: safiyah@ask[1].txt (ID = 2245)
11:02 AM: safiyah@atdmt[2].txt (ID = 2253)
11:02 AM: safiyah@ath.belnk[2].txt (ID = 2293)
11:02 AM: safiyah@atwola[2].txt (ID = 2255)
11:02 AM: safiyah@azjmp[2].txt (ID = 2270)
11:02 AM: safiyah@a[1].txt (ID = 2027)
11:02 AM: safiyah@a[3].txt (ID = 2027)
11:02 AM: safiyah@a[4].txt (ID = 2027)
11:02 AM: Found Spy Cookie: bannerspace cookie
11:02 AM: safiyah@bannerspace[1].txt (ID = 2284)
11:02 AM: Found Spy Cookie: banners cookie
11:02 AM: safiyah@banners[1].txt (ID = 2282)
11:02 AM: Found Spy Cookie: banner cookie
11:02 AM: safiyah@banner[1].txt (ID = 2276)
11:02 AM: safiyah@belnk[1].txt (ID = 2292)
11:02 AM: safiyah@bizrate[1].txt (ID = 2308)
11:02 AM: Found Spy Cookie: bravenet cookie
11:02 AM: safiyah@bravenet[2].txt (ID = 2322)
11:02 AM: safiyah@btg.btgrab[2].txt (ID = 2333)
11:02 AM: safiyah@btg.btgrab[3].txt (ID = 2333)
11:02 AM: safiyah@burstnet[2].txt (ID = 2336)
11:02 AM: safiyah@c.goclick[1].txt (ID = 2733)
11:02 AM: safiyah@c3.gostats[2].txt (ID = 2748)
11:02 AM: Found Spy Cookie: callwave cookie
11:02 AM: safiyah@callwave[1].txt (ID = 2342)
11:02 AM: Found Spy Cookie: casalemedia cookie
11:02 AM: safiyah@casalemedia[2].txt (ID = 2354)
11:02 AM: Found Spy Cookie: commission junction cookie
11:02 AM: safiyah@cj[1].txt (ID = 2453)
11:02 AM: Found Spy Cookie: classmates cookie
11:02 AM: safiyah@classmates[2].txt (ID = 2384)
11:02 AM: safiyah@cliks[1].txt (ID = 2414)
11:02 AM: Found Spy Cookie: tickle cookie
11:02 AM: safiyah@cookie.tickle[1].txt (ID = 3530)
11:02 AM: safiyah@countrymusic.about[2].txt (ID = 2038)
11:02 AM: safiyah@dealtime[2].txt (ID = 2505)
11:02 AM: Found Spy Cookie: did-it cookie
11:02 AM: safiyah@did-it[2].txt (ID = 2523)
11:02 AM: safiyah@dist.belnk[1].txt (ID = 2293)
11:02 AM: safiyah@dr.webservicehosts[1].txt (ID = 3663)
11:02 AM: Found Spy Cookie: empnads cookie
11:02 AM: safiyah@empnads[2].txt (ID = 5012)
11:02 AM: Found Spy Cookie: exitexchange cookie
11:02 AM: safiyah@exitexchange[2].txt (ID = 2633)
11:02 AM: Found Spy Cookie: expage cookie
11:02 AM: safiyah@expage[2].txt (ID = 2637)
11:02 AM: Found Spy Cookie: fastclick cookie
11:02 AM: safiyah@fastclick[2].txt (ID = 2651)
11:02 AM: safiyah@forums.go[1].txt (ID = 2729)
11:02 AM: Found Spy Cookie: go2net.com cookie
11:02 AM: safiyah@go2net[1].txt (ID = 2730)
11:02 AM: safiyah@go[1].txt (ID = 2728)
11:02 AM: Found Spy Cookie: starware.com cookie
11:02 AM: safiyah@h.starware[1].txt (ID = 3442)
11:02 AM: Found Spy Cookie: clickandtrack cookie
11:02 AM: safiyah@hits.clickandtrack[1].txt (ID = 2397)
11:02 AM: safiyah@hollywoodrecords.go[2].txt (ID = 2729)
11:02 AM: Found Spy Cookie: screensavers.com cookie
11:02 AM: safiyah@i.screensavers[1].txt (ID = 3298)
11:02 AM: Found Spy Cookie: kount cookie
11:02 AM: safiyah@kount[1].txt (ID = 2911)
11:02 AM: Found Spy Cookie: maxserving cookie
11:02 AM: safiyah@maxserving[2].txt (ID = 2966)
11:02 AM: safiyah@media.fastclick[1].txt (ID = 2652)
11:02 AM: safiyah@metareward[2].txt (ID = 2990)
11:02 AM: safiyah@military[2].txt (ID = 2996)
11:02 AM: safiyah@movies.about[1].txt (ID = 2038)
11:02 AM: safiyah@mywebsearch[2].txt (ID = 3051)
11:02 AM: safiyah@nextag[2].txt (ID = 5014)
11:02 AM: safiyah@offeroptimizer[1].txt (ID = 3087)
11:02 AM: Found Spy Cookie: touchclarity cookie
11:02 AM: safiyah@partypoker.touchclarity[1].txt (ID = 3567)
11:02 AM: safiyah@partypoker[1].txt (ID = 3111)
11:02 AM: safiyah@paypopup[2].txt (ID = 3119)
11:02 AM: safiyah@pricegrabber[1].txt (ID = 3185)
11:02 AM: safiyah@primetimetv.about[1].txt (ID = 2038)
11:02 AM: safiyah@quiz.disney.go[1].txt (ID = 2729)
11:02 AM: Found Spy Cookie: reunion cookie
11:02 AM: safiyah@reunion[2].txt (ID = 3255)
11:02 AM: safiyah@rightmedia[2].txt (ID = 3259)
11:02 AM: safiyah@rsi.abc.go[1].txt (ID = 2729)
11:02 AM: safiyah@search.starware[1].txt (ID = 3442)
11:02 AM: Found Spy Cookie: search123 cookie
11:02 AM: safiyah@search123[2].txt (ID = 3305)
11:02 AM: Found Spy Cookie: servedby advertising cookie
11:02 AM: safiyah@servedby.advertising[2].txt (ID = 3335)
11:02 AM: Found Spy Cookie: servlet cookie
11:02 AM: safiyah@servlet[1].txt (ID = 3345)
11:02 AM: Found Spy Cookie: sirsearch cookie
11:02 AM: safiyah@sirsearch[1].txt (ID = 3379)
11:02 AM: safiyah@starware[2].txt (ID = 3441)
11:02 AM: safiyah@stat.dealtime[1].txt (ID = 2506)
11:02 AM: Found Spy Cookie: reliablestats cookie
11:02 AM: safiyah@stats1.reliablestats[2].txt (ID = 3254)
11:02 AM: safiyah@teentvmovies.about[1].txt (ID = 2038)
11:02 AM: safiyah@top40.about[1].txt (ID = 2038)
11:02 AM: safiyah@toplist[1].txt (ID = 3557)
11:02 AM: safiyah@tracking[1].txt (ID = 3571)
11:02 AM: safiyah@travelwithkids.about[1].txt (ID = 2038)
11:02 AM: Found Spy Cookie: trb.com cookie
11:02 AM: safiyah@trb[2].txt (ID = 3587)
11:02 AM: Found Spy Cookie: clickzs cookie
11:02 AM: safiyah@vip.clickzs[2].txt (ID = 2413)
11:02 AM: Found Spy Cookie: webpower cookie
11:02 AM: safiyah@webpower[2].txt (ID = 3660)
11:02 AM: safiyah@wgntv.trb[1].txt (ID = 3588)
11:02 AM: safiyah@www.burstbeacon[2].txt (ID = 2335)
11:02 AM: safiyah@www.burstnet[2].txt (ID = 2337)
11:02 AM: safiyah@www.metareward[1].txt (ID = 2991)
11:02 AM: Found Spy Cookie: redzip cookie
11:02 AM: safiyah@www.redzip[1].txt (ID = 3250)
11:02 AM: safiyah@www.screensavers[2].txt (ID = 3298)
11:02 AM: safiyah@www.starpulse[1].txt (ID = 3440)
11:02 AM: Found Spy Cookie: upspiral cookie
11:02 AM: safiyah@www.upspiral[1].txt (ID = 3615)
11:02 AM: safiyah@xiti[1].txt (ID = 3717)
11:02 AM: safiyah@yadro[1].txt (ID = 3743)
11:02 AM: safiyah@yieldmanager[2].txt (ID = 3749)
11:02 AM: khaliyl@2o7[1].txt (ID = 1957)
11:02 AM: khaliyl@a.websponsors[1].txt (ID = 3665)
11:02 AM: khaliyl@abetterinternet[1].txt (ID = 2035)
11:02 AM: khaliyl@about[2].txt (ID = 2037)
11:02 AM: khaliyl@ad.yieldmanager[2].txt (ID = 3751)
11:02 AM: khaliyl@adknowledge[2].txt (ID = 2072)
11:02 AM: khaliyl@adlegend[1].txt (ID = 2074)
11:02 AM: khaliyl@adopt.hbmediapro[2].txt (ID = 2768)
11:02 AM: khaliyl@adopt.specificclick[1].txt (ID = 3400)
11:02 AM: khaliyl@adprofile[1].txt (ID = 2084)
11:02 AM: Found Spy Cookie: adrevolver cookie
11:02 AM: khaliyl@adrevolver[2].txt (ID = 2088)
11:02 AM: khaliyl@adrevolver[3].txt (ID = 2088)
11:02 AM: khaliyl@ads.cc214142[2].txt (ID = 2367)
11:02 AM: Found Spy Cookie: askmen cookie
11:02 AM: khaliyl@askmen[1].txt (ID = 2247)
11:02 AM: khaliyl@ask[1].txt (ID = 2245)
11:02 AM: khaliyl@atdmt[2].txt (ID = 2253)
11:02 AM: khaliyl@atwola[2].txt (ID = 2255)
11:02 AM: khaliyl@a[2].txt (ID = 2027)
11:02 AM: khaliyl@belnk[1].txt (ID = 2292)
11:02 AM: khaliyl@bizrate[2].txt (ID = 2308)
11:02 AM: khaliyl@btg.btgrab[2].txt (ID = 2333)
11:02 AM: khaliyl@burstnet[2].txt (ID = 2336)
11:02 AM: Found Spy Cookie: enhance cookie
11:02 AM: khaliyl@c.enhance[1].txt (ID = 2614)
11:02 AM: khaliyl@casalemedia[2].txt (ID = 2354)
11:02 AM: Found Spy Cookie: cassava cookie
11:02 AM: khaliyl@cassava[1].txt (ID = 2362)
11:02 AM: Found Spy Cookie: cgi-win cookie
11:02 AM: khaliyl@cgi-win[2].txt (ID = 2376)
11:02 AM: khaliyl@cliks[1].txt (ID = 2414)
11:02 AM: Found Spy Cookie: cursorzone cookie
11:02 AM: khaliyl@cursorzone[2].txt (ID = 2479)
11:02 AM: khaliyl@cz4.clickzs[2].txt (ID = 2413)
11:02 AM: Found Spy Cookie: overture cookie
11:02 AM: khaliyl@data3.perf.overture[1].txt (ID = 3106)
11:02 AM: khaliyl@dist.belnk[2].txt (ID = 2293)
11:02 AM: khaliyl@exitexchange[2].txt (ID = 2633)
11:02 AM: khaliyl@expage[1].txt (ID = 2637)
11:02 AM: khaliyl@fastclick[2].txt (ID = 2651)
11:02 AM: Found Spy Cookie: fe.lea.lycos.com cookie
11:02 AM: khaliyl@fe.lea.lycos[1].txt (ID = 2660)
11:02 AM: khaliyl@gamespy[1].txt (ID = 2719)
11:02 AM: khaliyl@h.starware[2].txt (ID = 3442)
11:02 AM: Found Spy Cookie: herfirstanalsex cookie
11:02 AM: khaliyl@herfirstanalsex[1].txt (ID = 2769)
11:02 AM: Found Spy Cookie: herfirstlesbiansex cookie
11:02 AM: khaliyl@herfirstlesbiansex[1].txt (ID = 2771)
11:02 AM: khaliyl@i.screensavers[1].txt (ID = 3298)
11:02 AM: khaliyl@offeroptimizer[1].txt (ID = 3087)
11:02 AM: khaliyl@paypopup[1].txt (ID = 3119)
11:02 AM: khaliyl@pricegrabber[1].txt (ID = 3185)
11:02 AM: Found Spy Cookie: questionmarket cookie
11:02 AM: khaliyl@questionmarket[2].txt (ID = 3217)
11:02 AM: Found Spy Cookie: realmedia cookie
11:02 AM: khaliyl@realmedia[2].txt (ID = 3235)
11:02 AM: Found Spy Cookie: adjuggler cookie
11:02 AM: khaliyl@rotator.adjuggler[2].txt (ID = 2071)
11:02 AM: Found Spy Cookie: serving-sys cookie
11:02 AM: khaliyl@serving-sys[2].txt (ID = 3343)
11:02 AM: Found Spy Cookie: directtrack cookie
11:02 AM: khaliyl@sideshow.directtrack[2].txt (ID = 2528)
11:02 AM: khaliyl@spywarestormer[1].txt (ID = 3417)
11:02 AM: khaliyl@stat.dealtime[1].txt (ID = 2506)
11:02 AM: khaliyl@stats1.reliablestats[1].txt (ID = 3254)
11:02 AM: Found Spy Cookie: targetnet cookie
11:02 AM: khaliyl@targetnet[2].txt (ID = 3489)
11:02 AM: Found Spy Cookie: teensforcash cookie
11:02 AM: khaliyl@teensforcash[2].txt (ID = 3509)
11:02 AM: khaliyl@toplist[2].txt (ID = 3557)
11:02 AM: Found Spy Cookie: trafficmp cookie
11:02 AM: khaliyl@trafficmp[1].txt (ID = 3581)
11:02 AM: khaliyl@tribalfusion[1].txt (ID = 3589)
11:02 AM: khaliyl@vgstrategies.about[1].txt (ID = 2038)
11:02 AM: khaliyl@webpower[2].txt (ID = 3660)
11:02 AM: khaliyl@wgntv.trb[1].txt (ID = 3588)
11:02 AM: Found Spy Cookie: joetec.net cookie
11:02 AM: khaliyl@www.ads.joetec[1].txt (ID = 2890)
11:02 AM: khaliyl@www.burstbeacon[2].txt (ID = 2335)
11:02 AM: Found Spy Cookie: freepassbucks cookie
11:02 AM: khaliyl@www.freepassbucks[1].txt (ID = 2702)
11:02 AM: khaliyl@www.starware[1].txt (ID = 3442)
11:02 AM: khaliyl@xiti[1].txt (ID = 3717)
11:02 AM: khaliyl@yadro[1].txt (ID = 3743)
11:02 AM: mommy@2o7[1].txt (ID = 1957)
11:02 AM: mommy@ads.pointroll[2].txt (ID = 3148)
11:02 AM: mommy@ask[1].txt (ID = 2245)
11:02 AM: mommy@atwola[1].txt (ID = 2255)
11:02 AM: Found Spy Cookie: ru4 cookie
11:02 AM: mommy@edge.ru4[1].txt (ID = 3269)
11:02 AM: mommy@questionmarket[1].txt (ID = 3217)
11:02 AM: mommy@tribalfusion[2].txt (ID = 3589)
11:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:21
11:02 AM: Starting File Sweep
11:03 AM: Found Adware: apropos
11:03 AM: c:\documents and settings\safiyah\local settings\temp\atf (ID = -2147481416)
11:03 AM: c:\documents and settings\guest\application data\starware (47 subtraces) (ID = -2147480225)
11:03 AM: c:\documents and settings\hehehe\application data\starware (47 subtraces) (ID = -2147480225)
11:03 AM: c:\documents and settings\safiyah\application data\starware (47 subtraces) (ID = -2147480225)
11:03 AM: c:\program files\screensavers.com (10 subtraces) (ID = -2147480365)
11:03 AM: c:\documents and settings\khaliyl\application data\starware (47 subtraces) (ID = -2147480225)
11:03 AM: c:\documents and settings\456\application data\starware (47 subtraces) (ID = -2147480225)
11:03 AM: c:\documents and settings\zakariya\application data\starware (47 subtraces) (ID = -2147480225)
11:03 AM: c:\documents and settings\faizah\application data\starware (47 subtraces) (ID = -2147480225)
11:04 AM: cmappupd[1].exe (ID = 198859)
11:06 AM: fchelp[1].exe (ID = 215768)
11:06 AM: Found Adware: shopathomeselect
11:06 AM: liqp7c25q_.dll (ID = 75611)
11:07 AM: aurareco.exe (ID = 115472)
11:08 AM: umqltg4cl_.exe (ID = 75603)
11:09 AM: egdaccess_1066_aspiv4_xp[1].cab (ID = 168074)
11:09 AM: thin_installer.exe (ID = 109660)
11:09 AM: nahbluff.exe (ID = 154779)
11:09 AM: norisuni.exe (ID = 138284)
11:09 AM: adsetup.silent.1.12[1].exe (ID = 161596)
11:10 AM: umqltg4cl_.exe (ID = 75603)
11:10 AM: Found Adware: visfx
11:10 AM: vfx3.exe (ID = 155627)
11:11 AM: crptclrs.tmp (ID = 156483)
11:11 AM: cmapp13.exe (ID = 156523)
11:11 AM: eulaupgrade.exe (ID = 107447)
11:11 AM: umqltg4cl_.exe (ID = 75603)
11:11 AM: 111419.exe (ID = 156165)
11:11 AM: Found Adware: begin2search
11:11 AM: bingo_big3123.ico (ID = 51022)
11:11 AM: update.exe (ID = 75690)
11:11 AM: eulaupgrade.exe (ID = 107447)
11:12 AM: Warning: Failed to open file "c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp396\a0422763.exe". Access is denied
11:12 AM: upd0002.exe (ID = 156532)
11:12 AM: adwsetup_upd.exe (ID = 161596)
11:14 AM: egdaccess_1070_xp[1].cab (ID = 206943)
11:15 AM: Found Adware: winantispyware 2005
11:15 AM: setup.exe (ID = 162517)
11:15 AM: adwsetup_upd.exe (ID = 161596)
11:16 AM: egdaccess_1066_xp[1].cab (ID = 166450)
11:16 AM: liqp7c25q_.dll (ID = 75611)
11:21 AM: netlanm.dll (ID = 138227)
11:21 AM: pdrpdb.dll (ID = 156482)
11:21 AM: ichckupd.exe (ID = 156483)
11:21 AM: HKU\WRSS_Profile_S-1-5-21-2034715575-3859179852-3284876818-1007\Software\Microsoft\Windows\CurrentVersion\Run || ichckupd (ID = 0)
11:22 AM: cmappsetup.exe (ID = 115280)
11:22 AM: installerv5_thin.exe (ID = 140473)
11:22 AM: stb.exe (ID = 138172)
11:22 AM: egdaccess_1070_aspiv4_xp[1].cab (ID = 206942)
11:23 AM: fchelp.exe (ID = 215768)
11:23 AM: Found Adware: newads transponder
11:23 AM: tpsetup[1].exe (ID = 209294)
11:23 AM: transponder.dll (ID = 209206)
11:23 AM: tpuninstall.exe (ID = 209217)
11:24 AM: pscan-pcscan3.exe (ID = 72722)
11:25 AM: setup4030.cab (ID = 107452)
11:25 AM: setup4030.cab (ID = 107452)
11:25 AM: winfixer2005setup.exe (ID = 162518)
11:25 AM: gah95on6.ini (ID = 75741)
11:26 AM: swpstart.exe (ID = 74759)
11:26 AM: installer4_thin.exe (ID = 122354)
11:27 AM: bwf1003.exe (ID = 125426)
11:27 AM: egdaccess_1065.dll (ID = 161514)
11:29 AM: aurareco.exe (ID = 115472)
11:29 AM: liqp7c25q_.dll (ID = 75611)
11:29 AM: installer4_thin.exe (ID = 122354)
11:31 AM: siuninst.exe (ID = 74757)
11:31 AM: setup4030.cab (ID = 107452)
11:31 AM: update.exe (ID = 75690)
11:31 AM: egdaccess_1065.dll (ID = 161514)
11:32 AM: Found Trojan Horse: sysnet
11:32 AM: snuninst.exe (ID = 115282)
11:32 AM: tpsetup.exe (ID = 209294)
11:32 AM: installer4_thin.exe (ID = 122354)
11:32 AM: wupdt.exe (ID = 63392)
11:33 AM: update.exe (ID = 75690)
11:33 AM: thin_installer2.exe (ID = 109660)
11:33 AM: aurareco.exe (ID = 115472)
11:34 AM: aurareco.exe (ID = 115472)
11:34 AM: eulaupgrade.exe (ID = 107447)
11:34 AM: res53a.tmp (ID = 157832)
11:35 AM: wincmapp.exe (ID = 145805)
11:38 AM: bln02nqv.ini (ID = 75683)
11:38 AM: egdaccess.inf (ID = 161541)
11:38 AM: egdaccess.inf (ID = 161541)
11:38 AM: umqltg4cl_.ini (ID = 75960)
11:38 AM: hqrhil7kg_.ini (ID = 75789)
11:38 AM: setup4030.ini (ID = 107455)
11:38 AM: backup-20060110-014730-926.inf (ID = 217684)
11:38 AM: backup-20060110-014731-305.inf (ID = 217684)
11:38 AM: backup-20060110-014731-467.inf (ID = 217684)
11:38 AM: backup-20060110-014731-916.inf (ID = 206934)
11:38 AM: backup-20060110-014731-569.inf (ID = 206934)
11:38 AM: backup-20060110-014732-817.inf (ID = 217684)
11:38 AM: backup-20060110-014732-334.inf (ID = 206934)
11:38 AM: backup-20060110-014732-179.inf (ID = 217684)
11:38 AM: backup-20060110-014732-557.inf (ID = 206934)
11:38 AM: backup-20060110-014733-325.inf (ID = 63912)
11:38 AM: backup-20060110-014733-797.inf (ID = 206934)
11:38 AM: backup-20060110-014733-227.inf (ID = 217684)
11:38 AM: backup-20060110-014733-265.inf (ID = 206934)
11:38 AM: backup-20060110-014733-998.inf (ID = 74756)
11:38 AM: backup-20060110-014734-980.inf (ID = 217684)
11:39 AM: backup-20060110-014734-997.inf (ID = 217684)
11:39 AM: backup-20060110-014734-117.inf (ID = 185438)
11:39 AM: backup-20060110-014735-250.inf (ID = 217684)
11:39 AM: backup-20060110-014735-863.inf (ID = 217684)
11:39 AM: backup-20060110-014735-612.inf (ID = 217684)
11:39 AM: backup-20060110-014735-214.inf (ID = 206934)
11:39 AM: backup-20060110-014735-309.inf (ID = 217684)
11:39 AM: backup-20060110-014736-309.inf (ID = 217684)
11:39 AM: backup-20060110-014736-192.inf (ID = 206934)
11:39 AM: backup-20060110-014736-853.inf (ID = 217684)
11:39 AM: umqltg4cl_.ini (ID = 75960)
11:39 AM: hqrhil7kg_.ini (ID = 75789)
11:39 AM: setup4030.ini (ID = 107455)
11:39 AM: umqltg4cl_.ini (ID = 75960)
11:39 AM: hqrhil7kg_.ini (ID = 75789)
11:39 AM: setup4030.ini (ID = 107455)
11:40 AM: Found Adware: java byteverify
11:40 AM: jar.jar-134a9cc4-350ad1bb.zip (ID = 64818)
11:40 AM: Warning: Unhandled Archive Type
11:41 AM: jar.jar-16e6c0b4-2f901308.zip (ID = 64818)
11:41 AM: jar.jar-7f062dc3-5173e449.zip (ID = 64818)
11:41 AM: Warning: Unhandled Archive Type
11:41 AM: Warning: Invalid Stream
11:41 AM: Warning: Invalid Stream
11:41 AM: Warning: Invalid Stream
11:41 AM: Warning: Invalid Stream
11:42 AM: File Sweep Complete, Elapsed Time: 00:39:14
11:42 AM: Full Sweep has completed. Elapsed time 00:44:22
11:42 AM: Traces Found: 2478
11:50 AM: Removal process initiated
11:50 AM: Quarantining All Traces: 180search assistant/zango
11:50 AM: Quarantining All Traces: directrevenue-abetterinternet
11:50 AM: Quarantining All Traces: newads transponder
11:50 AM: Quarantining All Traces: visfx
11:50 AM: Quarantining All Traces: websearch toolbar
11:50 AM: websearch toolbar is in use. It will be removed on reboot.
11:50 AM: HKLM: software\toolbar\ is in use. It will be removed on reboot.
11:50 AM: Quarantining All Traces: apropos
11:50 AM: Quarantining All Traces: begin2search
11:50 AM: Quarantining All Traces: cas
11:50 AM: Quarantining All Traces: starware toolbar
11:51 AM: Quarantining All Traces: sysnet
11:51 AM: Quarantining All Traces: winad
11:51 AM: Quarantining All Traces: dealbar toolbar
11:51 AM: Quarantining All Traces: drsnsrch hijacker
11:51 AM: Quarantining All Traces: drsnsrch.com hijack
11:51 AM: Quarantining All Traces: ezula ilookup
11:51 AM: Quarantining All Traces: fullcontext
11:51 AM: Quarantining All Traces: hotconnect dialer
11:51 AM: Quarantining All Traces: ieplugin
11:51 AM: Quarantining All Traces: instant access
11:51 AM: Quarantining All Traces: java byteverify
11:51 AM: Quarantining All Traces: multidial
11:51 AM: Quarantining All Traces: one2one viewer
11:51 AM: Quarantining All Traces: privacyscan
11:51 AM: Quarantining All Traces: rich editor
11:51 AM: Quarantining All Traces: safesurf
11:51 AM: Quarantining All Traces: screensavers
11:51 AM: Quarantining All Traces: shopathomeselect
11:51 AM: Quarantining All Traces: 2o7.net cookie
11:51 AM: Quarantining All Traces: 412 cookie
11:51 AM: Quarantining All Traces: 447 cookie
11:51 AM: Quarantining All Traces: 64.62.232 cookie
11:51 AM: Quarantining All Traces: 888 cookie
11:51 AM: Quarantining All Traces: a cookie
11:51 AM: Quarantining All Traces: aa cookie
11:51 AM: Quarantining All Traces: abetterinternet cookie
11:51 AM: Quarantining All Traces: about cookie
11:51 AM: Quarantining All Traces: adecn cookie
11:51 AM: Quarantining All Traces: adjuggler cookie
11:51 AM: Quarantining All Traces: adknowledge cookie
11:51 AM: Quarantining All Traces: adlegend cookie
11:51 AM: Quarantining All Traces: adorigin cookie
11:51 AM: Quarantining All Traces: adprofile cookie
11:51 AM: Quarantining All Traces: adrevolver cookie
11:51 AM: Quarantining All Traces: adrevservice cookie
11:51 AM: Quarantining All Traces: adultfriendfinder cookie
11:51 AM: Quarantining All Traces: adultrevenueservice cookie
11:51 AM: Quarantining All Traces: advertising cookie
11:51 AM: Quarantining All Traces: angelfire cookie
11:51 AM: Quarantining All Traces: ask cookie
11:51 AM: Quarantining All Traces: askmen cookie
11:51 AM: Quarantining All Traces: atlas dmt cookie
11:51 AM: Quarantining All Traces: atwola cookie
11:51 AM: Quarantining All Traces: azjmp cookie
11:51 AM: Quarantining All Traces: banner cookie
11:51 AM: Quarantining All Traces: banners cookie
11:51 AM: Quarantining All Traces: bannerspace cookie
11:51 AM: Quarantining All Traces: belnk cookie
11:51 AM: Quarantining All Traces: bizrate cookie
11:51 AM: Quarantining All Traces: bravenet cookie
11:51 AM: Quarantining All Traces: btgrab cookie
11:51 AM: Quarantining All Traces: burstbeacon cookie
11:51 AM: Quarantining All Traces: burstnet cookie
11:51 AM: Quarantining All Traces: callwave cookie
11:51 AM: Quarantining All Traces: casalemedia cookie
11:51 AM: Quarantining All Traces: cassava cookie
11:51 AM: Quarantining All Traces: cc214142 cookie
11:51 AM: Quarantining All Traces: ccbill cookie
11:51 AM: Quarantining All Traces: cgi-win cookie
11:51 AM: Quarantining All Traces: classmates cookie
11:51 AM: Quarantining All Traces: clickandtrack cookie
11:51 AM: Quarantining All Traces: clickzs cookie
11:51 AM: Quarantining All Traces: cliks cookie
11:51 AM: Quarantining All Traces: commission junction cookie
11:51 AM: Quarantining All Traces: cursorzone cookie
11:51 AM: Quarantining All Traces: dealtime cookie
11:51 AM: Quarantining All Traces: did-it cookie
11:51 AM: Quarantining All Traces: directtrack cookie
11:51 AM: Quarantining All Traces: empnads cookie
11:51 AM: Quarantining All Traces: enhance cookie
11:51 AM: Quarantining All Traces: exitexchange cookie
11:51 AM: Quarantining All Traces: expage cookie
11:51 AM: Quarantining All Traces: falkag cookie
11:51 AM: Quarantining All Traces: fastclick cookie
11:51 AM: Quarantining All Traces: fe.lea.lycos.com cookie
11:51 AM: Quarantining All Traces: freepassbucks cookie
11:51 AM: Quarantining All Traces: gamespy cookie
11:51 AM: Quarantining All Traces: go.com cookie
11:51 AM: Quarantining All Traces: go2net.com cookie
11:51 AM: Quarantining All Traces: goclick cookie
11:51 AM: Quarantining All Traces: gostats cookie
11:51 AM: Quarantining All Traces: hardcoresexshack cookie
11:51 AM: Quarantining All Traces: hbmediapro cookie
11:51 AM: Quarantining All Traces: herfirstanalsex cookie
11:51 AM: Quarantining All Traces: herfirstlesbiansex cookie
11:51 AM: Quarantining All Traces: hotbar cookie
11:51 AM: Quarantining All Traces: joetec.net cookie
11:51 AM: Quarantining All Traces: kount cookie
11:51 AM: Quarantining All Traces: maxserving cookie
11:51 AM: Quarantining All Traces: metareward.com cookie
11:51 AM: Quarantining All Traces: military cookie
11:51 AM: Quarantining All Traces: mywebsearch cookie
11:51 AM: Quarantining All Traces: nextag cookie
11:52 AM: Quarantining All Traces: offeroptimizer cookie
11:52 AM: Quarantining All Traces: outster cookie
11:52 AM: Quarantining All Traces: overture cookie
11:52 AM: Quarantining All Traces: partypoker cookie
11:52 AM: Quarantining All Traces: paypopup cookie
11:52 AM: Quarantining All Traces: pointroll cookie
11:52 AM: Quarantining All Traces: precisead cookie
11:52 AM: Quarantining All Traces: pricegrabber cookie
11:52 AM: Quarantining All Traces: questionmarket cookie
11:52 AM: Quarantining All Traces: realmedia cookie
11:52 AM: Quarantining All Traces: redzip cookie
11:52 AM: Quarantining All Traces: reliablestats cookie
11:52 AM: Quarantining All Traces: reunion cookie
11:52 AM: Quarantining All Traces: rightmedia cookie
11:52 AM: Quarantining All Traces: ru4 cookie
11:52 AM: Quarantining All Traces: screensavers.com cookie
11:52 AM: Quarantining All Traces: search123 cookie
11:52 AM: Quarantining All Traces: servedby advertising cookie
11:52 AM: Quarantining All Traces: serving-sys cookie
11:52 AM: Quarantining All Traces: servlet cookie
11:52 AM: Quarantining All Traces: sirsearch cookie
11:52 AM: Quarantining All Traces: specificclick.com cookie
11:52 AM: Quarantining All Traces: spywarestormer cookie
11:52 AM: Quarantining All Traces: starpulse cookie
11:52 AM: Quarantining All Traces: starware.com cookie
11:52 AM: Quarantining All Traces: targetnet cookie
11:52 AM: Quarantining All Traces: teensforcash cookie
11:52 AM: Quarantining All Traces: tickle cookie
11:52 AM: Quarantining All Traces: toplist cookie
11:52 AM: Quarantining All Traces: touchclarity cookie
11:52 AM: Quarantining All Traces: tracking cookie
11:52 AM: Quarantining All Traces: trafficmp cookie
11:52 AM: Quarantining All Traces: trb.com cookie
11:52 AM: Quarantining All Traces: tribalfusion cookie
11:52 AM: Quarantining All Traces: upspiral cookie
11:52 AM: Quarantining All Traces: webpower cookie
11:52 AM: Quarantining All Traces: webservicehosts cookie
11:52 AM: Quarantining All Traces: websponsors cookie
11:52 AM: Quarantining All Traces: winantispyware 2005
11:52 AM: Quarantining All Traces: xiti cookie
11:52 AM: Quarantining All Traces: yadro cookie
11:52 AM: Quarantining All Traces: yieldmanager cookie
11:53 AM: Removal process completed. Elapsed time 00:02:37
********
10:47 AM: | Start of Session, Monday, January 16, 2006 |
10:47 AM: Spy Sweeper started
10:47 AM: Warning: Failed to register registry notification for "HKLM\Software\Microsoft\Windows\CurrentVersion\Run": Access is denied
10:53 AM: Your spyware definitions have been updated.
10:57 AM: | End of Session, Monday, January 16, 2006 |

HERE IS HJT WHICH WAS JUST RUN:

Logfile of HijackThis v1.99.1
Scan saved at 1:09:51 PM, on 1/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AMERIC~1.0\waol.exe
C:\PROGRA~1\AMERIC~1.0\shellmon.exe
C:\PROGRA~1\AMERIC~1.0\aolwbspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56218849-857B-4B5B-9C85-8FDFB8882AD5}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Starting on next account, sorry about the delay, I work at home (translator) and getting behind a bit....
stretched is offline