Tech Support Forum - View Single Post

Spike95609 · 06-20-2006, 05:35 AM

Hi,
I've done all that and it has removed a pile of things. Not sure if they're connected though as the test.exe and other files were still in place afterwards. I've deleted these myself in case that makes any difference, though I suspect they'll be reinstalled later on. Anyway the log is as follows:

********
11:39: | Start of Session, 20 June 2006 |
11:39: Spy Sweeper started
11:39: Sweep initiated using definitions version 702
11:39: Starting Memory Sweep
11:43: Memory Sweep Complete, Elapsed Time: 00:04:08
11:43: Starting Registry Sweep
11:43: Found Adware: coolwebsearch (cws)
11:43: HKCR\interface\{cf021f3f-3e14-23a5-cba2-7173706d1316}\ (8 subtraces) (ID = 108399)
11:43: HKLM\software\classes\interface\{cf021f3f-3e14-23a5-cba2-7173706d1316}\ (8 subtraces) (ID = 109777)
11:43: HKLM\software\classes\typelib\{cf021f32-3e14-23a5-cba2-7173706d1316}\ (9 subtraces) (ID = 109804)
11:43: HKCR\typelib\{cf021f32-3e14-23a5-cba2-7173706d1316}\ (9 subtraces) (ID = 112511)
11:43: Found Adware: cws-aboutblank
11:43: HKLM\software\classes\wer1316.wer1316\ (3 subtraces) (ID = 115921)
11:43: HKCR\wer1316.wer1316\ (3 subtraces) (ID = 116781)
11:43: Found Adware: purityscan
11:43: HKCR\interface\{cf021f3f-3e14-23a5-cba2-717765721316}\ (8 subtraces) (ID = 137350)
11:43: HKLM\software\classes\interface\{cf021f3f-3e14-23a5-cba2-717765721316}\ (8 subtraces) (ID = 137681)
11:43: HKLM\software\classes\typelib\{cf021f32-3e14-23a5-cba2-717765721316}\ (9 subtraces) (ID = 137690)
11:43: HKLM\software\classes\wer1316.wer1316.1\ (3 subtraces) (ID = 137694)
11:43: HKCR\typelib\{cf021f32-3e14-23a5-cba2-717765721316}\ (9 subtraces) (ID = 139094)
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-7173706d1316}\ (ID = 112121)
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
11:44: Found Adware: edipol alloticket dialer
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\visio ras script\ (9 subtraces) (ID = 125646)
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765721316}\ (ID = 137948)
11:44: Found Adware: sidesearch
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
11:44: Registry Sweep Complete, Elapsed Time:00:00:15
11:44: Starting Cookie Sweep
11:44: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:44: Starting File Sweep
11:44: Found Trojan Horse: 2nd-thought
11:44: c:\program files\common files\slmss (ID = -2147481537)
12:05: Found Adware: aureate-radiate
12:05: advert.dll (ID = 50290)
12:29: Warning: Unhandled Archive Type
12:30: File Sweep Complete, Elapsed Time: 00:45:51
12:30: Full Sweep has completed. Elapsed time 00:50:17
12:30: Traces Found: 106
12:30: Removal process initiated
12:30: Quarantining All Traces: 2nd-thought
12:30: Quarantining All Traces: cws-aboutblank
12:30: Quarantining All Traces: purityscan
12:30: Quarantining All Traces: coolwebsearch (cws)
12:30: Quarantining All Traces: sidesearch
12:30: Quarantining All Traces: aureate-radiate
12:30: Quarantining All Traces: edipol alloticket dialer
12:30: Removal process completed. Elapsed time 00:00:14
********
11:37: | Start of Session, 20 June 2006 |
11:37: Spy Sweeper started
11:38: Your spyware definitions have been updated.
11:39: | End of Session, 20 June 2006 |

06-20-2006, 05:35 AM	#9 (permalink)
Spike95609 Registered User Join Date: Jun 2006 Posts: 14 OS: Win 2000 Pro	Hi, I've done all that and it has removed a pile of things. Not sure if they're connected though as the test.exe and other files were still in place afterwards. I've deleted these myself in case that makes any difference, though I suspect they'll be reinstalled later on. Anyway the log is as follows: ****** 11:39: \| Start of Session, 20 June 2006 \| 11:39: Spy Sweeper started 11:39: Sweep initiated using definitions version 702 11:39: Starting Memory Sweep 11:43: Memory Sweep Complete, Elapsed Time: 00:04:08 11:43: Starting Registry Sweep 11:43: Found Adware: coolwebsearch (cws) 11:43: HKCR\interface\{cf021f3f-3e14-23a5-cba2-7173706d1316}\ (8 subtraces) (ID = 108399) 11:43: HKLM\software\classes\interface\{cf021f3f-3e14-23a5-cba2-7173706d1316}\ (8 subtraces) (ID = 109777) 11:43: HKLM\software\classes\typelib\{cf021f32-3e14-23a5-cba2-7173706d1316}\ (9 subtraces) (ID = 109804) 11:43: HKCR\typelib\{cf021f32-3e14-23a5-cba2-7173706d1316}\ (9 subtraces) (ID = 112511) 11:43: Found Adware: cws-aboutblank 11:43: HKLM\software\classes\wer1316.wer1316\ (3 subtraces) (ID = 115921) 11:43: HKCR\wer1316.wer1316\ (3 subtraces) (ID = 116781) 11:43: Found Adware: purityscan 11:43: HKCR\interface\{cf021f3f-3e14-23a5-cba2-717765721316}\ (8 subtraces) (ID = 137350) 11:43: HKLM\software\classes\interface\{cf021f3f-3e14-23a5-cba2-717765721316}\ (8 subtraces) (ID = 137681) 11:43: HKLM\software\classes\typelib\{cf021f32-3e14-23a5-cba2-717765721316}\ (9 subtraces) (ID = 137690) 11:43: HKLM\software\classes\wer1316.wer1316.1\ (3 subtraces) (ID = 137694) 11:43: HKCR\typelib\{cf021f32-3e14-23a5-cba2-717765721316}\ (9 subtraces) (ID = 139094) 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-7173706d1316}\ (ID = 112121) 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\main\ \|\| search bar_bak (ID = 115924) 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\main\ \|\| search page_bak (ID = 115925) 11:44: Found Adware: edipol alloticket dialer 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\visio ras script\ (9 subtraces) (ID = 125646) 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\windows\currentversion\explorer\browser helper objects\{cf021f40-3e14-23a5-cba2-717765721316}\ (ID = 137948) 11:44: Found Adware: sidesearch 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\extensions\cmdmapping\ \|\| {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423) 11:44: HKU\S-1-5-21-1614895754-492894223-839522115-500\software\microsoft\internet explorer\main\ \|\| search page_bak (ID = 774883) 11:44: Registry Sweep Complete, Elapsed Time:00:00:15 11:44: Starting Cookie Sweep 11:44: Cookie Sweep Complete, Elapsed Time: 00:00:00 11:44: Starting File Sweep 11:44: Found Trojan Horse: 2nd-thought 11:44: c:\program files\common files\slmss (ID = -2147481537) 12:05: Found Adware: aureate-radiate 12:05: advert.dll (ID = 50290) 12:29: Warning: Unhandled Archive Type 12:30: File Sweep Complete, Elapsed Time: 00:45:51 12:30: Full Sweep has completed. Elapsed time 00:50:17 12:30: Traces Found: 106 12:30: Removal process initiated 12:30: Quarantining All Traces: 2nd-thought 12:30: Quarantining All Traces: cws-aboutblank 12:30: Quarantining All Traces: purityscan 12:30: Quarantining All Traces: coolwebsearch (cws) 12:30: Quarantining All Traces: sidesearch 12:30: Quarantining All Traces: aureate-radiate 12:30: Quarantining All Traces: edipol alloticket dialer 12:30: Removal process completed. Elapsed time 00:00:14 ****** 11:37: \| Start of Session, 20 June 2006 \| 11:37: Spy Sweeper started 11:38: Your spyware definitions have been updated. 11:39: \| End of Session, 20 June 2006 \|