when i try and fic tht with HJT it keeps showing up. Posting HJT log and 3 other scans to see what ya think.
Logfile of HijackThis v1.99.1
Scan saved at 2:56:19 PM, on 3/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\OmniMouse Driver\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\OmniMouse Driver\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades -
http://download.games.yahoo.com/game...ts/y/st2_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1141538913609
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...03/mcfscan.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Service Cvasvr (Service Cvas) - Unknown owner - C:\WINNT\csvas.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
//-----------------------------------------------------------------
//
// Product: BitDefender 9 Internet Security
// Version: 9.0
//
// Created on: 05/03/2006 11:12:03
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
F:\
Folders : 2255
Files : 224837
Archives : 1969
Packed files : 22132
Identified viruses : 3
Infected files : 5
Warnings : 0
Suspect files : 1
Disinfected files : 0
Deleted files : 3
Copied files : 0
Moved files : 0
Renamed files : 0
I/O errors : 19
Scan time : 00:34:09
Scan speed (files/sec) : 109
Virus definitions : 311131
Scan plugins : 15
Archive plugins : 42
Unpack plugins : 4
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1141575123.log
Summary:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat=>files\wtvh.dll Detected: Application.Low.Risk.Adware.Wildtangent.A
C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008 Detected: Adware.Wheaterbug.A
C:\Program Files\Norton Antivirus\Quarantine\022C25AF.dll=>(Quarantine-1) Suspect: Trojan.Downloader.Gen
C:\Program Files\Norton Antivirus\Quarantine\022C25AF.dll=>(Quarantine-1) Copy failed
C:\WINNT\system32\j0n20a5oed.dll Detected: Adware.Dinky.A.Trojan
C:\WINNT\system32\j0n20a5oed.dll Deleted
C:\WINNT\system32\maexcl40.dll Detected: Adware.Dinky.A.Trojan
C:\WINNT\system32\maexcl40.dll Deleted
C:\WINNT\system32\mlvbvm50.dll Detected: Adware.Dinky.A.Trojan
C:\WINNT\system32\mlvbvm50.dll Deleted
11:52 PM: |··· Start of Session, Saturday, March 04, 2006 ···|
11:52 PM: Spy Sweeper 3.5.0 (Build 189) started
11:52 PM: Updating spyware definitions
11:53 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
11:54 PM: Sweep initiated using definitions version 421
11:54 PM: Sweeping memory for threats.
11:54 PM: Memory sweep has completed. Elapsed time 00:00:09
11:54 PM: Registry sweep initiated.
11:54 PM: Found: 21 CWS_NS3 registry traces.
11:54 PM: Registry sweep completed. Elapsed time 00:00:12
11:54 PM: Full sweep on all local drives initiated.
11:54 PM: Now sweeping drive C:
12:00 AM: Found Cookie: specificclick.com Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@adopt.specificclick[1].txt
12:01 AM: Found Cookie: Falkag Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@as-eu.falkag[2].txt
12:01 AM: Found Cookie: Qksrv Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@qksrv[2].txt
12:01 AM: Found Cookie: Atwola Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@ar.atwola[2].txt
12:01 AM: Found Cookie: Atwola Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@atwola[1].txt
12:01 AM: Found Cookie: Clickandtrack Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@hits.clickandtrack[2].txt
12:26 AM: Found: 6 file traces.
12:26 AM: Full Sweep has completed. Elapsed time 00:31:42
45,384 files swept
27 item traces located
12:30 AM: Removal process initiated
12:30 AM: Quarantining: Atwola Cookie
12:30 AM: Cookie: c:\documents and settings\administrator\cookies\administrator@atwola[1].txt
12:30 AM: Cookie: c:\documents and settings\administrator\cookies\administrator@ar.atwola[2].txt
12:30 AM: Quarantining: Clickandtrack Cookie
12:30 AM: Cookie: c:\documents and settings\administrator\cookies\administrator@hits.clickandtrack[2].txt
12:30 AM: Quarantining: CWS_NS3
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\control
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\inprocserver32
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\miscstatus
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\progid
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\toolboxbitmap32
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\typelib
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\version
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\versionindependentprogid
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\miscstatus\1
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}||appid
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\inprocserver32||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\inprocserver32||threadingmodel
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\miscstatus||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\progid||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\toolboxbitmap32||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\typelib||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\version||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\versionindependentprogid||(-default-)
12:30 AM: Registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\miscstatus\1||(-default-)
12:30 AM: Quarantining: Falkag Cookie
12:30 AM: Cookie: c:\documents and settings\administrator\cookies\administrator@as-eu.falkag[2].txt
12:30 AM: Quarantining: Qksrv Cookie
12:30 AM: Cookie: c:\documents and settings\administrator\cookies\administrator@qksrv[2].txt
12:30 AM: Quarantining: specificclick.com Cookie
12:30 AM: Cookie: c:\documents and settings\administrator\cookies\administrator@adopt.specificclick[1].txt
12:30 AM: Cleaning Traces
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\versionindependentprogid
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\version
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\typelib
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\toolboxbitmap32
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\progid
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\miscstatus\1
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\miscstatus
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\inprocserver32|| (threadingmodel)
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\inprocserver32
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}\control
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}|| (appid)
12:30 AM: Removing registry: HKEY_CLASSES_ROOT\clsid\{b38870e4-7ecb-40da-8c6a-595f0a5519ff}
12:30 AM: Removal process completed. Elapsed time 00:00:10
6 12:33 AM: |··· Start of Session, Sunday, March 05, 2006 ···|
12:33 AM: Spy Sweeper 3.5.0 (Build 189) started
01:07 AM: |··· End of Session, Sunday, March 05, 2006 ···|
10:29 AM: |··· Start of Session, Sunday, March 05, 2006 ···|
10:29 AM: Spy Sweeper 3.5.0 (Build 189) started
10:29 AM: |··· End of Session, Sunday, March 05, 2006 ···|
01:41 PM: |··· Start of Session, Sunday, March 05, 2006 ···|
01:41 PM: Spy Sweeper 3.5.0 (Build 189) started
01:41 PM: Sweep initiated using definitions version 421
01:41 PM: Sweeping memory for threats.
01:41 PM: Memory sweep has completed. Elapsed time 00:00:10
01:41 PM: Registry sweep initiated.
01:41 PM: Registry sweep completed. Elapsed time 00:00:13
01:41 PM: Full sweep on all local drives initiated.
01:41 PM: Now sweeping drive C:
01:48 PM: Found Cookie: 2o7.net Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@2o7[1].txt
01:48 PM: Found Cookie: 2o7.net Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@microsofteup.112.2o7[1].txt
01:48 PM: Found Cookie: myaffiliateprogram.com Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@www.myaffiliateprogram[2].txt
01:48 PM: Found Cookie: Adserver Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@z1.adserver[1].txt
01:48 PM: Found Cookie: Atwola Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@ar.atwola[1].txt
01:48 PM: Found Cookie: Atwola Cookie, version 1, c:\documents and settings\administrator\cookies\administrator@atwola[1].txt
02:08 PM: Found: 6 file traces.
02:08 PM: Full Sweep has completed. Elapsed time 00:27:00
46,603 files swept
6 item traces located
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:38:20 PM, 3/5/2006
+ Report-Checksum: 2B516B3F
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\WINNT\z00096.exe -> Adware.VB : Cleaned with backup
::Report End
Unsolved 
Offline 
.
