0

help about spywares!! :( my desktop changed to this

[IMG]http://img.photobucket.com/albums/v644/maderpaker01/taena.jpg[/IMG]

heres my hjlog

Logfile of HijackThis v1.99.1
Scan saved at 2:19:37 PM, on 3/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\System32\Fec.exe
C:\WINDOWS\gbxivopi.exe
C:\WINDOWS\Mke.exe
C:\WINDOWS\Mln.exe
C:\WINDOWS\System32\Ihs.exe
C:\WINDOWS\Epb.exe
C:\WINDOWS\Lig.exe
C:\WINDOWS\Kmn.exe
C:\WINDOWS\Bio.exe
C:\WINDOWS\Jtb.exe
C:\WINDOWS\System32\Tti.exe
C:\WINDOWS\Gmr.exe
C:\WINDOWS\System32\Sfa.exe
C:\WINDOWS\System32\Rck.exe
C:\WINDOWS\Uor.exe
C:\WINDOWS\System32\Ejo.exe
C:\WINDOWS\System32\Gcl.exe
C:\WINDOWS\System32\Roc.exe
C:\WINDOWS\Dus.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Fec.exe
C:\WINDOWS\Mke.exe
C:\WINDOWS\Mln.exe
C:\WINDOWS\System32\Ihs.exe
C:\WINDOWS\Epb.exe
C:\WINDOWS\Lig.exe
C:\WINDOWS\Kmn.exe
C:\WINDOWS\Bio.exe
C:\WINDOWS\Jtb.exe
C:\WINDOWS\System32\Tti.exe
C:\WINDOWS\Gmr.exe
C:\WINDOWS\System32\Sfa.exe
C:\WINDOWS\System32\Rck.exe
C:\WINDOWS\Uor.exe
C:\WINDOWS\System32\Ejo.exe
C:\WINDOWS\System32\Gcl.exe
C:\WINDOWS\System32\Roc.exe
C:\WINDOWS\Dus.exe
C:\WINDOWS\System32\Rno.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\connmie.exe
C:\WINDOWS\System32\truettf.exe
C:\WINDOWS\System32\dxconf.exe
C:\Program Files\Opera\opera.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {1C09F143-07FA-49BF-A729-90460914F0B3} - C:\WINDOWS\System32\nfo.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [Gtn] C:\WINDOWS\System32\Fec.exe
O4 - HKLM\..\Run: [wval8GZ] C:\WINDOWS\gbxivopi.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Rgk] C:\WINDOWS\Mke.exe
O4 - HKLM\..\Run: [Lmm] C:\WINDOWS\Mln.exe
O4 - HKLM\..\Run: [Sof] C:\WINDOWS\System32\Ihs.exe
O4 - HKLM\..\Run: [Ngl] C:\WINDOWS\Epb.exe
O4 - HKLM\..\Run: [Drk] C:\WINDOWS\System32\Run.exe
O4 - HKLM\..\Run: [Sgg] C:\WINDOWS\Lig.exe
O4 - HKLM\..\Run: [Euo] C:\WINDOWS\Kmn.exe
O4 - HKLM\..\Run: [Tsa] C:\WINDOWS\Bio.exe
O4 - HKLM\..\Run: [Ibl] C:\WINDOWS\Jtb.exe
O4 - HKLM\..\Run: [Nmk] C:\WINDOWS\System32\Tti.exe
O4 - HKLM\..\Run: [Onj] C:\WINDOWS\Gmr.exe
O4 - HKLM\..\Run: [Vup] C:\WINDOWS\System32\Sfa.exe
O4 - HKLM\..\Run: [Hts] C:\WINDOWS\System32\Rck.exe
O4 - HKLM\..\Run: [Huh] C:\WINDOWS\Uor.exe
O4 - HKLM\..\Run: [Ftb] C:\WINDOWS\System32\Ejo.exe
O4 - HKLM\..\Run: [Fri] C:\WINDOWS\System32\Gcl.exe
O4 - HKLM\..\Run: [Kek] C:\WINDOWS\System32\Roc.exe
O4 - HKLM\..\Run: [Hmj] C:\WINDOWS\Dus.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Qhd] C:\WINDOWS\System32\Rno.exe
O4 - HKLM\..\Run: [Lbj] C:\WINDOWS\Ovo.exe
O4 - HKLM\..\Run: [Egs] C:\WINDOWS\System32\Rua.exe
O4 - HKLM\..\Run: [Ioq] C:\WINDOWS\Jll.exe
O4 - HKLM\..\Run: [Qaa] C:\WINDOWS\System32\Hnl.exe
O4 - HKLM\..\Run: [Uep] C:\WINDOWS\System32\Pap.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\YAHOO!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ChikkaIM] C:\PROGRA~1\CHIKKA\Chikka.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1034.dll,InstantAccess
O4 - HKCU\..\Run: [Gtn] C:\WINDOWS\System32\Fec.exe
O4 - HKCU\..\Run: [Rgk] C:\WINDOWS\Mke.exe
O4 - HKCU\..\Run: [Lmm] C:\WINDOWS\Mln.exe
O4 - HKCU\..\Run: [Sof] C:\WINDOWS\System32\Ihs.exe
O4 - HKCU\..\Run: [Ngl] C:\WINDOWS\Epb.exe
O4 - HKCU\..\Run: [Drk] C:\WINDOWS\System32\Run.exe
O4 - HKCU\..\Run: [Sgg] C:\WINDOWS\Lig.exe
O4 - HKCU\..\Run: [Euo] C:\WINDOWS\Kmn.exe
O4 - HKCU\..\Run: [Tsa] C:\WINDOWS\Bio.exe
O4 - HKCU\..\Run: [Ibl] C:\WINDOWS\Jtb.exe
O4 - HKCU\..\Run: [Nmk] C:\WINDOWS\System32\Tti.exe
O4 - HKCU\..\Run: [Onj] C:\WINDOWS\Gmr.exe
O4 - HKCU\..\Run: [Vup] C:\WINDOWS\System32\Sfa.exe
O4 - HKCU\..\Run: [Hts] C:\WINDOWS\System32\Rck.exe
O4 - HKCU\..\Run: [Huh] C:\WINDOWS\Uor.exe
O4 - HKCU\..\Run: [Ftb] C:\WINDOWS\System32\Ejo.exe
O4 - HKCU\..\Run: [Fri] C:\WINDOWS\System32\Gcl.exe
O4 - HKCU\..\Run: [Kek] C:\WINDOWS\System32\Roc.exe
O4 - HKCU\..\Run: [Hmj] C:\WINDOWS\Dus.exe
O4 - HKCU\..\Run: [Qhd] C:\WINDOWS\System32\Rno.exe
O4 - HKCU\..\Run: [Lbj] C:\WINDOWS\Ovo.exe
O4 - HKCU\..\Run: [Egs] C:\WINDOWS\System32\Rua.exe
O4 - HKCU\..\Run: [Ioq] C:\WINDOWS\Jll.exe
O4 - HKCU\..\Run: [Qaa] C:\WINDOWS\System32\Hnl.exe
O4 - HKCU\..\Run: [Uep] C:\WINDOWS\System32\Pap.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {505098FD-5D61-4BC2-9B82-F969D0E932A2} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1034_EN_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://210.1.70.65/nProtect/KeyCrypt/npkcx.cab
O16 - DPF: {DD85FDB7-9363-4873-B50C-CC46F3E4B704} (IGOLauncher6 Control) - http://vitalsign.igamesasia.com.sg/activex/IGOLauncher6.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN_XP.cab
O18 - Filter: text/html - {458F46A8-D2AE-4707-93C2-2917078C065B} - C:\WINDOWS\System32\nfo.dll
O18 - Filter: text/plain - {458F46A8-D2AE-4707-93C2-2917078C065B} - C:\WINDOWS\System32\nfo.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

3
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by DMR
0

Ouch! You have numerous infections, so this is going to take a bit. Please be patient, follow any and all instructions we offer exactly, and don't hesitate to ask questions if there's something you're unsure of.

HijackThis alone isn't going to fix everthying you have, so let's see how much of it we can clean up before we delve into your log.

A) Do all 3 of the following free online virus/spyware scans. Please post the results reported by each:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/com/activescan_principal.htm


B) Run a full anti-virus scan with Norton if you haven't already, making sure that you have downloaded the most current virus definition updates. If Norton finds files that it says it can't clean or delete, post the locations of those files.


C) Download and run Ad Aware and SpyBot Search & Destroy (download links are in my sig below).

Follow these directions for configuring Ad Aware (directions courtesy of our member "crunchie"):

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days


2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file


3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT


4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only


Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot


Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

6. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

7. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

8. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

9. Save the log file when it asks and then click ‘finish’

10. REBOOT to complete the removal of what Ad-Aware SE found


* Run SpyBot.

When you first run SpyBot, it will walk you through a Wizard which will perform a few critical functions (making a registry backup, getting the latest updates, etc.).

1. Perform all of the Wizard's tasks.
2. Run the program. Once it completes, have it fix everything it finds.
3. Reboot.


D) Boot into Safe Mode (do this by hitting the F8 key as the computer is booting) and:

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files".

- Delete the following 2 folders entirely:

C:\Program Files\ISTsvc
C:\Program Files\WareOut

- For every user account listed under C:\Documents and Settings, delete everything inside the following folders (don't delete the folders themselves though):

1. Local Settings\Temp
2. Cookies
3. History
4. Local Settings\Temporary Internet Files\Content.IE5

- Delete the entire content of your C:\Windows\Temp folder.

(If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed.)

- Empty your Recycle Bin.


E) Reboot normally, run HijackThis again, and post a new log.

0

I need help too please.
I have window 98 SE running on Pentium 2 350MHZ
Norton antivirus 2004 - updated
Adaware se proofessional v.1.03 (cant update to 1.05 as I lost reg #)
spybot - latest
About blank removal (recently bought but useless)
Spyware nuker 2005 (recently bought but another failure!!!)
I have tried adaware, it's detected but still have probs as I was half asleep and click OK to let about blank got through. I currently switch adwatch off as it keeps popping up to ask change home page to about blank
Norton scan and clean virus but it's still there
Got AB remover last night and hav this when finished scanning: Done! Removed from your system:- CWS.HiddenDll but still there the next time scanned
Got spyware nuker this morning and scan 5 times still keep asking to restart PC each time : Keep saying threre's 1 item cannot be removed without restarting but still same message each time. Heres the log:
********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 08:38:00 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 08:38:43 process list begins (scan)
= 03/12/2005 08:38:43 -000003148577 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 08:38:43 -000000024517 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 08:38:43 -000000018517 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 08:38:43 -000000110621 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 08:38:43 -000000119289 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 08:38:43 -000000076561 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 08:38:43 -000000070241 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 08:38:43 -000000106069 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 08:38:43 -000000156673 C:\WINDOWS\EXPLORER.EXE
= 03/12/2005 08:38:43 -000000253825 C:\WINDOWS\TASKMON.EXE
= 03/12/2005 08:38:43 -000000248625 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
= 03/12/2005 08:38:43 -000000251049 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 08:38:43 -000000246525 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
= 03/12/2005 08:38:43 -000000318273 C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
= 03/12/2005 08:38:43 -000000281601 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
= 03/12/2005 08:38:43 -000000245153 C:\WINDOWS\SYSTEM\WMIEXE.EXE
= 03/12/2005 08:38:43 -000000579561 C:\WINDOWS\SYSTEM\DDHELP.EXE
= 03/12/2005 08:38:43 -000000446317 C:\DOWNLOAD\LAVASOFT\AD-AWARE SE PROFESSIONAL\AD-WATCH.EXE
= 03/12/2005 08:38:43 -000000190761 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
= 03/12/2005 08:38:43 -000000519497 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 08:38:43 process list ends (scan)
= 03/12/2005 08:39:10 Scan result:

966-55884: Cookie: [email]nga@dist.belnk[2].txt[/email]: dMS

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 08:49:43 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 08:50:07 process list begins (scan)
= 03/12/2005 08:50:07 -000003148577 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 08:50:07 -000000024517 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 08:50:07 -000000018517 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 08:50:07 -000000110621 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 08:50:07 -000000119289 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 08:50:07 -000000076561 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 08:50:07 -000000070241 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 08:50:07 -000000106069 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 08:50:07 -000000156673 C:\WINDOWS\EXPLORER.EXE
= 03/12/2005 08:50:07 -000000253825 C:\WINDOWS\TASKMON.EXE
= 03/12/2005 08:50:07 -000000248625 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
= 03/12/2005 08:50:07 -000000251049 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 08:50:07 -000000246525 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
= 03/12/2005 08:50:07 -000000318273 C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
= 03/12/2005 08:50:07 -000000281601 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
= 03/12/2005 08:50:07 -000000245153 C:\WINDOWS\SYSTEM\WMIEXE.EXE
= 03/12/2005 08:50:07 -000000579561 C:\WINDOWS\SYSTEM\DDHELP.EXE
= 03/12/2005 08:50:07 -000000519497 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 08:50:07 -000000556777 C:\WINDOWS\SYSTEM\PSTORES.EXE
= 03/12/2005 08:50:07 -000000472381 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
= 03/12/2005 08:50:07 -000000683865 C:\WINDOWS\SYSTEM\SPOOL32.EXE
= 03/12/2005 08:50:07 process list ends (scan)
= 03/12/2005 08:50:20 Scan result:

966-55884: Cookie: [email]nga@dist.belnk[2].txt[/email]: dMS

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 08:50:26 Start removing/backuping
= 03/12/2005 08:50:26 *** begin process cleanup ***
= 03/12/2005 08:50:26 *** end process cleanup ***
= 03/12/2005 08:50:26 *** begin registry cleanup ***
= 03/12/2005 08:50:26 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 08:50:26 Repair of LSP chain started (process -519497, thread -660885)
= 03/12/2005 08:50:26 re-generation of LSP chain complete
= 03/12/2005 08:50:26 re-generation of LSP chain complete
= 03/12/2005 08:50:26 Repair of LSP chain finished (process -519497, thread -660885)
= 03/12/2005 08:50:26 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 08:50:26 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 08:50:26 *** end registry cleanup ***
= 03/12/2005 08:50:26 *** begin files cleanup ***
= 03/12/2005 08:50:26 *** end files cleanup ***
= 03/12/2005 08:50:27 Removing finished! Total removed:6
= 03/12/2005 08:50:27 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 08:52:25 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 08:54:15 process list begins (scan)
= 03/12/2005 08:54:15 -000003148451 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 08:54:15 -000000024135 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 08:54:15 -000000018903 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 08:54:15 -000000111007 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 08:54:15 -000000118867 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 08:54:15 -000000076491 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 08:54:15 -000000070483 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 08:54:15 -000000069611 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 08:54:15 -000000086887 C:\WINDOWS\SYSTEM\RUNONCE.EXE
= 03/12/2005 08:54:15 -000000138243 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 08:54:15 -000000245611 C:\WINDOWS\RUNDLL32.EXE
= 03/12/2005 08:54:15 process list ends (scan)
= 03/12/2005 08:54:23 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 08:54:30 Start removing/backuping
= 03/12/2005 08:54:31 *** begin process cleanup ***
= 03/12/2005 08:54:31 *** end process cleanup ***
= 03/12/2005 08:54:31 *** begin registry cleanup ***
= 03/12/2005 08:54:31 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 08:54:31 Repair of LSP chain started (process -138243, thread -285011)
= 03/12/2005 08:54:31 re-generation of LSP chain complete
= 03/12/2005 08:54:31 re-generation of LSP chain complete
= 03/12/2005 08:54:31 Repair of LSP chain finished (process -138243, thread -285011)
= 03/12/2005 08:54:31 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 08:54:31 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 08:54:31 *** end registry cleanup ***
= 03/12/2005 08:54:31 *** begin files cleanup ***
= 03/12/2005 08:54:31 *** end files cleanup ***
= 03/12/2005 08:54:31 Removing finished! Total removed:5
= 03/12/2005 08:54:32 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 08:56:21 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 08:58:13 process list begins (scan)
= 03/12/2005 08:58:13 -000003148535 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 08:58:13 -000000024083 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 08:58:13 -000000018819 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 08:58:13 -000000111051 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 08:58:13 -000000118831 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 08:58:13 -000000076487 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 08:58:13 -000000070435 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 08:58:13 -000000069395 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 08:58:13 -000000188915 C:\WINDOWS\SYSTEM\RUNONCE.EXE
= 03/12/2005 08:58:13 -000000156975 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 08:58:13 -000000159199 C:\WINDOWS\RUNDLL32.EXE
= 03/12/2005 08:58:13 process list ends (scan)
= 03/12/2005 08:58:20 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 08:59:22 Start removing/backuping
= 03/12/2005 08:59:23 *** begin process cleanup ***
= 03/12/2005 08:59:23 *** end process cleanup ***
= 03/12/2005 08:59:23 *** begin registry cleanup ***
= 03/12/2005 08:59:23 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 08:59:23 Repair of LSP chain started (process -156975, thread -291739)
= 03/12/2005 08:59:23 re-generation of LSP chain complete
= 03/12/2005 08:59:23 re-generation of LSP chain complete
= 03/12/2005 08:59:23 Repair of LSP chain finished (process -156975, thread -291739)
= 03/12/2005 08:59:23 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 08:59:23 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 08:59:23 *** end registry cleanup ***
= 03/12/2005 08:59:23 *** begin files cleanup ***
= 03/12/2005 08:59:23 *** end files cleanup ***
= 03/12/2005 08:59:24 Removing finished! Total removed:5
= 03/12/2005 08:59:24 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 09:13:22 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 09:15:18 WARNING: binary scanner could not open file C:\WINDOWS\WIN386.SWP: OS Error 32: The process cannot access the file because
it is being used by another process
= 03/12/2005 09:25:20 WARNING: binary scanner could not open file C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll: OS Error 32: The process cannot access the file because
it is being used by another process
= 03/12/2005 09:39:39 process list begins (scan)
= 03/12/2005 09:39:39 -000003148535 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 09:39:39 -000000024083 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 09:39:39 -000000018819 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 09:39:39 -000000111051 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 09:39:39 -000000118831 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 09:39:39 -000000076487 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 09:39:39 -000000070435 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 09:39:39 -000000069395 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 09:39:39 -000000105711 C:\WINDOWS\EXPLORER.EXE
= 03/12/2005 09:39:39 -000000258215 C:\WINDOWS\TASKMON.EXE
= 03/12/2005 09:39:39 -000000198487 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
= 03/12/2005 09:39:39 -000000234871 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 09:39:39 -000000209983 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
= 03/12/2005 09:39:39 -000000296271 C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
= 03/12/2005 09:39:39 -000000323039 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 09:39:39 -000000270935 C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVW32.EXE
= 03/12/2005 09:39:39 -000000352275 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
= 03/12/2005 09:39:39 -000000439999 C:\WINDOWS\SYSTEM\WMIEXE.EXE
= 03/12/2005 09:39:39 -000000275415 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
= 03/12/2005 09:39:39 -000000599711 C:\WINDOWS\SYSTEM\DDHELP.EXE
= 03/12/2005 09:39:39 -000000590895 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
= 03/12/2005 09:39:39 -000000694931 C:\WINDOWS\MSAGENT\AGENTSVR.EXE
= 03/12/2005 09:39:39 -000000714423 C:\WINDOWS\SYSTEM\SPOOL32.EXE
= 03/12/2005 09:39:39 -000000706575 C:\WINDOWS\SYSTEM\PSTORES.EXE
= 03/12/2005 09:39:39 process list ends (scan)
= 03/12/2005 09:46:56 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 09:47:02 Start removing/backuping
= 03/12/2005 09:47:02 *** begin process cleanup ***
= 03/12/2005 09:47:02 *** end process cleanup ***
= 03/12/2005 09:47:02 *** begin registry cleanup ***
= 03/12/2005 09:47:02 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 09:47:02 Repair of LSP chain started (process -323039, thread -479395)
= 03/12/2005 09:47:02 re-generation of LSP chain complete
= 03/12/2005 09:47:02 re-generation of LSP chain complete
= 03/12/2005 09:47:02 Repair of LSP chain finished (process -323039, thread -479395)
= 03/12/2005 09:47:02 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 09:47:02 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 09:47:02 *** end registry cleanup ***
= 03/12/2005 09:47:02 *** begin files cleanup ***
= 03/12/2005 09:47:02 *** end files cleanup ***
= 03/12/2005 09:47:03 Removing finished! Total removed:5
= 03/12/2005 09:47:04 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 09:50:37 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 09:53:09 WARNING: binary scanner could not open file C:\WINDOWS\WIN386.SWP: OS Error 32: The process cannot access the file because
it is being used by another process
= 03/12/2005 10:17:45 process list begins (scan)
= 03/12/2005 10:17:45 -000003148409 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 10:17:45 -000000024221 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 10:17:45 -000000018701 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 10:17:45 -000000110917 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 10:17:45 -000000118921 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 10:17:45 -000000076353 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 10:17:45 -000000070449 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 10:17:45 -000000091793 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 10:17:45 -000000087805 C:\WINDOWS\SYSTEM\RUNONCE.EXE
= 03/12/2005 10:17:45 -000000144817 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 10:17:45 -000000308529 C:\WINDOWS\RUNDLL32.EXE
= 03/12/2005 10:17:45 -000000358537 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 10:17:45 process list ends (scan)
= 03/12/2005 10:18:14 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 10:18:20 Start removing/backuping
= 03/12/2005 10:18:21 *** begin process cleanup ***
= 03/12/2005 10:18:21 *** end process cleanup ***
= 03/12/2005 10:18:21 *** begin registry cleanup ***
= 03/12/2005 10:18:21 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 10:18:21 Repair of LSP chain started (process -144817, thread -346513)
= 03/12/2005 10:18:21 re-generation of LSP chain complete
= 03/12/2005 10:18:21 re-generation of LSP chain complete
= 03/12/2005 10:18:21 Repair of LSP chain finished (process -144817, thread -346513)
= 03/12/2005 10:18:21 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 10:18:21 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 10:18:21 *** end registry cleanup ***
= 03/12/2005 10:18:21 *** begin files cleanup ***
= 03/12/2005 10:18:21 *** end files cleanup ***
= 03/12/2005 10:18:21 Removing finished! Total removed:5
= 03/12/2005 10:18:22 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 10:56:16 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 10:56:43 process list begins (scan)
= 03/12/2005 10:56:43 -000003148409 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 10:56:43 -000000024221 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 10:56:43 -000000018701 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 10:56:43 -000000110917 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 10:56:43 -000000118921 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 10:56:43 -000000076353 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 10:56:43 -000000070449 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 10:56:43 -000000091793 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 10:56:43 -000000358537 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 10:56:43 -000000163141 C:\WINDOWS\EXPLORER.EXE
= 03/12/2005 10:56:43 -000000271413 C:\WINDOWS\TASKMON.EXE
= 03/12/2005 10:56:43 -000000266301 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
= 03/12/2005 10:56:43 -000000390633 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
= 03/12/2005 10:56:43 -000000345361 C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
= 03/12/2005 10:56:43 -000000199641 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 10:56:43 -000000219693 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
= 03/12/2005 10:56:43 -000000216365 C:\WINDOWS\SYSTEM\WMIEXE.EXE
= 03/12/2005 10:56:43 -000000473913 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
= 03/12/2005 10:56:43 -000000648717 C:\WINDOWS\SYSTEM\PSTORES.EXE
= 03/12/2005 10:56:43 -000000654701 C:\WINDOWS\SYSTEM\DDHELP.EXE
= 03/12/2005 10:56:43 process list ends (scan)
= 03/12/2005 10:56:56 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

816-49877: Cookie: [email]nga@tribalfusion[1].txt[/email]: ANON_ID

= 03/12/2005 10:57:05 Start removing/backuping
= 03/12/2005 10:57:05 *** begin process cleanup ***
= 03/12/2005 10:57:05 *** end process cleanup ***
= 03/12/2005 10:57:05 *** begin registry cleanup ***
= 03/12/2005 10:57:05 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 10:57:05 Repair of LSP chain started (process -199641, thread -246389)
= 03/12/2005 10:57:05 re-generation of LSP chain complete
= 03/12/2005 10:57:05 re-generation of LSP chain complete
= 03/12/2005 10:57:05 Repair of LSP chain finished (process -199641, thread -246389)
= 03/12/2005 10:57:05 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 10:57:05 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 10:57:05 *** end registry cleanup ***
= 03/12/2005 10:57:05 *** begin files cleanup ***
= 03/12/2005 10:57:05 *** end files cleanup ***
= 03/12/2005 10:57:06 Removing finished! Total removed:6
= 03/12/2005 10:57:06 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

= 03/12/2005 11:18:47 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 11:19:11 process list begins (scan)
= 03/12/2005 11:19:11 -000003148409 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 11:19:11 -000000024221 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 11:19:11 -000000018701 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 11:19:11 -000000110917 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 11:19:11 -000000118921 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 11:19:11 -000000076353 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 11:19:11 -000000070449 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 11:19:11 -000000091793 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 11:19:11 -000000358537 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 11:19:11 -000000163141 C:\WINDOWS\EXPLORER.EXE
= 03/12/2005 11:19:11 -000000271413 C:\WINDOWS\TASKMON.EXE
= 03/12/2005 11:19:11 -000000266301 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
= 03/12/2005 11:19:11 -000000390633 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
= 03/12/2005 11:19:11 -000000345361 C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
= 03/12/2005 11:19:11 -000000199641 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 11:19:11 -000000219693 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
= 03/12/2005 11:19:11 -000000216365 C:\WINDOWS\SYSTEM\WMIEXE.EXE
= 03/12/2005 11:19:11 -000000473913 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
= 03/12/2005 11:19:11 -000000648717 C:\WINDOWS\SYSTEM\PSTORES.EXE
= 03/12/2005 11:19:11 -000000654701 C:\WINDOWS\SYSTEM\DDHELP.EXE
= 03/12/2005 11:19:11 process list ends (scan)
= 03/12/2005 11:19:39 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 11:19:44 Start removing/backuping
= 03/12/2005 11:19:44 *** begin process cleanup ***
= 03/12/2005 11:19:44 *** end process cleanup ***
= 03/12/2005 11:19:44 *** begin registry cleanup ***
= 03/12/2005 11:19:44 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 11:19:44 Repair of LSP chain started (process -199641, thread -295469)
= 03/12/2005 11:19:44 re-generation of LSP chain complete
= 03/12/2005 11:19:44 re-generation of LSP chain complete
= 03/12/2005 11:19:44 Repair of LSP chain finished (process -199641, thread -295469)
= 03/12/2005 11:19:44 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 11:19:44 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 11:19:44 *** end registry cleanup ***
= 03/12/2005 11:19:44 *** begin files cleanup ***
= 03/12/2005 11:19:44 *** end files cleanup ***
= 03/12/2005 11:19:44 Removing finished! Total removed:5
= 03/12/2005 11:19:44 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

********* Spyware Nuker Log File **********
- Version: 3.3.16.1 Build 1
- Definition Database Date: 3/7/2005 08:39:40 AM (8857 entries)
- OS version: Windows 98 4.10.2222 [ A ]
- Web Browser Version: IE:6.0.2800.1106;
- User ID:
= 03/12/2005 11:20:39 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 11:22:07 WARNING: binary scanner could not open file C:\WINDOWS\WIN386.SWP: OS Error 32: The process cannot access the file because
it is being used by another process
= 03/12/2005 11:22:49 User terminated the scaning.
= 03/12/2005 11:23:02 Start Scaning:
Registry,Files,Cookies,Processes,Hosts
= 03/12/2005 11:23:33 process list begins (scan)
= 03/12/2005 11:23:33 -000003148409 C:\WINDOWS\SYSTEM\KERNEL32.DLL
= 03/12/2005 11:23:33 -000000024221 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
= 03/12/2005 11:23:33 -000000018701 C:\WINDOWS\SYSTEM\MPREXE.EXE
= 03/12/2005 11:23:33 -000000110917 C:\WINDOWS\SYSTEM\mmtask.tsk
= 03/12/2005 11:23:33 -000000118921 C:\WINDOWS\SYSTEM\MSTASK.EXE
= 03/12/2005 11:23:33 -000000076353 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
= 03/12/2005 11:23:33 -000000070449 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
= 03/12/2005 11:23:33 -000000091793 C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
= 03/12/2005 11:23:33 -000000358537 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
= 03/12/2005 11:23:33 -000000163141 C:\WINDOWS\EXPLORER.EXE
= 03/12/2005 11:23:33 -000000271413 C:\WINDOWS\TASKMON.EXE
= 03/12/2005 11:23:33 -000000266301 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
= 03/12/2005 11:23:33 -000000390633 C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
= 03/12/2005 11:23:33 -000000345361 C:\WINDOWS\SYSTEM\BCMWLTRY.EXE
= 03/12/2005 11:23:33 -000000219693 C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
= 03/12/2005 11:23:33 -000000216365 C:\WINDOWS\SYSTEM\WMIEXE.EXE
= 03/12/2005 11:23:33 -000000473913 C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
= 03/12/2005 11:23:33 -000000648717 C:\WINDOWS\SYSTEM\PSTORES.EXE
= 03/12/2005 11:23:33 -000000654701 C:\WINDOWS\SYSTEM\DDHELP.EXE
= 03/12/2005 11:23:33 -000000372545 C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
= 03/12/2005 11:23:33 process list ends (scan)
= 03/12/2005 11:23:47 Scan result:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46499: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
539-46496: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

886-52568: Registry Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
886-52566: Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
886-52563: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP

= 03/12/2005 11:23:53 Start removing/backuping
= 03/12/2005 11:23:53 *** begin process cleanup ***
= 03/12/2005 11:23:53 *** end process cleanup ***
= 03/12/2005 11:23:53 *** begin registry cleanup ***
= 03/12/2005 11:23:53 (TRegistryPatternList) Error: Delete Value HKLM\SOFTWARE\Microsoft\Internet Explorer\Main:Search BarREG_SZ:res://C:\WINDOWS\TEMP\se.dll/sp.html
= 03/12/2005 11:23:53 Repair of LSP chain started (process -372545, thread -299725)
= 03/12/2005 11:23:53 re-generation of LSP chain complete
= 03/12/2005 11:23:53 re-generation of LSP chain complete
= 03/12/2005 11:23:53 Repair of LSP chain finished (process -372545, thread -299725)
= 03/12/2005 11:23:53 Backing up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup...
= 03/12/2005 11:23:53 Backed up LSP Chain HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters to HKLM\Software\Spyware Nuker\LspBackup successfully
= 03/12/2005 11:23:53 *** end registry cleanup ***
= 03/12/2005 11:23:53 *** begin files cleanup ***
= 03/12/2005 11:23:53 *** end files cleanup ***
= 03/12/2005 11:23:53 Removing finished! Total removed:5
= 03/12/2005 11:23:53 Item(s) failed to be removed:

539-53426: Registry Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

And scan report:
Version: 3.3.16.1
Definition Database Date: 3/7/2005 08:39:40 AM
OS version: Windows 98 4.10.2222 [ A ]
Web Browser Version: IE:6.0.2800.1106;
Date/Time: 03/12/2005 08:58:26


CoolWebSearch - Hijacker 539 Hijacks browser settings and redirects traffic to a search portal site.
Registry Value 46496 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
Registry Value 46499 HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html
Registry Value 53426 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:Search Bar:res://C:\WINDOWS\TEMP\se.dll/sp.html

CWS.About_Blank - Hijacker 886 Hijacks browser homepage and search settings to a search portal. Can silently download and execute files.
Registry Value 52563 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main:HOMEOldSP
Registry Key 52566 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall
Registry Value 52568 HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main:HOMEOldSP
Please help.
Thanx

0

Hi Nashii,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there.

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules


Thanks for understanding.

When you do start your new thread, please do the following:

Download the utility "HijackThis" from this location.

Once downloaded, create a new and separate folder outside of any Temp/Temporary folders for HJT and move it there. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log into your new post. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the log we can tell you what to do from there.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.