Please help me decipher my Hijack This Log (RESOLVED)

**VopThis** · 20-03-2006

I am still experiencing these constant intrusion attempts when the parental controls are turned off!

Try uninstalling 'webshots':

Copies of this program have been created by known malware relating to W32.PassMail, on our users systems. It is possible that this was as a direct result of the user's actions, or may have occured without their knowledge.

Additionally, you have restrictions set with these lines which may be responsible for intrusion detection events. Could try fixing these lines:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

If still no joy, try the following malware scanning tool:

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
http://www.webroot.com/shoppingcart/...php?bjpc=64011
OR
http://www.webroot.com/consumer/prod...de=af1&rc=3597

Click the Free Trial link to download the program.
Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directory as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.

Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
Once the definitions are installed and shields disabled, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

Post the SpySweeper session log here along with a fresh HiJackThis log.

**Ria** · 23-03-2006

Hi,
Sorry for the delay -- haven't been able to get to the computer lately ...

I've removed Webshots, but I'm unsure what you meant with the next set of instructions: -

Additionally, you have restrictions set with these lines which may be responsible for intrusion detection events. Could try fixing these lines:

Quote:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

**It just occurred to me -- did you mean "fix" through Highjack This??

I went ahead & ran Spysweeper -- log follows: -

********
12:29 AM: | Start of Session, Wednesday, 22 March 2006 |
12:29 AM: Spy Sweeper started
12:29 AM: Sweep initiated using definitions version 556
12:29 AM: Starting Memory Sweep
12:31 AM: Memory Sweep Complete, Elapsed Time: 00:01:45
12:31 AM: Starting Registry Sweep
12:31 AM: Found Adware: cws awebfind.biz hijacker
12:31 AM: HKLM\software\microsoft\internet explorer\abouturls\ || blank (ID = 116981)
12:31 AM: Found Adware: hot as hell
12:31 AM: HKCR\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}\ (8 subtraces) (ID = 127192)
12:31 AM: Found Adware: instant access
12:31 AM: HKCR\interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef}\ (8 subtraces) (ID = 128716)
12:31 AM: HKCR\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\ (8 subtraces) (ID = 128718)
12:31 AM: HKLM\software\classes\clsid\{eeeca057-ad0f-44a7-8be5-8634cedbdbd1}\ (3 subtraces) (ID = 128749)
12:31 AM: HKLM\software\classes\interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef}\ (8 subtraces) (ID = 128771)
12:31 AM: HKLM\software\classes\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\ (8 subtraces) (ID = 128773)
12:31 AM: HKLM\software\classes\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\proxystubclsid32\ (1 subtraces) (ID = 128774)
12:31 AM: HKLM\software\classes\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\typelib\ (2 subtraces) (ID = 128775)
12:31 AM: Found Adware: minigolf
12:31 AM: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/winnt/minigolf_affiliate.exe\ (2 subtraces) (ID = 135054)
12:31 AM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\winnt\minigolf_affiliate.exe (ID = 135060)
12:31 AM: Found Adware: purityscan
12:31 AM: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/winnt/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137987)
12:31 AM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\winnt\downloaded program files\mediaticketsinstaller.ocx (ID = 139078)
12:31 AM: Found Trojan Horse: trojan_backdoor_retro64
12:31 AM: HKCR\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f98}\ (20 subtraces) (ID = 144993)
12:31 AM: HKCR\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 144995)
12:31 AM: HKCR\retro64_loader.r64loader.1\ (3 subtraces) (ID = 144996)
12:31 AM: HKCR\retro64_loader.r64loader\ (5 subtraces) (ID = 144997)
12:31 AM: HKLM\software\classes\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f98}\ (20 subtraces) (ID = 144998)
12:31 AM: HKLM\software\classes\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 145000)
12:31 AM: HKLM\software\classes\retro64_loader.r64loader.1\ (3 subtraces) (ID = 145001)
12:31 AM: HKLM\software\classes\retro64_loader.r64loader\ (5 subtraces) (ID = 145002)
12:31 AM: HKLM\software\classes\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145003)
12:31 AM: HKCR\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145004)
12:31 AM: Found Adware: wildmedia
12:31 AM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
12:31 AM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
12:31 AM: Found Adware: winad
12:31 AM: HKCR\mediagatewayx.installer\ (5 subtraces) (ID = 372857)
12:31 AM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
12:31 AM: HKLM\software\classes\mediagatewayx.installer\ (5 subtraces) (ID = 398902)
12:31 AM: HKLM\software\classes\mediagatewayx.installer\clsi d\ (1 subtraces) (ID = 398904)
12:31 AM: Found System Monitor: netnanny chat monitor
12:31 AM: HKCR\appid\nnsvc.exe\ (1 subtraces) (ID = 595241)
12:31 AM: HKLM\software\nns\ (3 subtraces) (ID = 595256)
12:31 AM: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/winnt/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 775720)
12:31 AM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\winnt\downloaded program files\mediagatewayx.dll (ID = 838612)
12:31 AM: Found Adware: cws-aboutblank
12:31 AM: HKU\S-1-5-21-448539723-1644491937-725345543-1000\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
12:31 AM: HKU\S-1-5-21-448539723-1644491937-725345543-1000\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
12:31 AM: HKU\S-1-5-21-448539723-1644491937-725345543-1000\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
12:31 AM: Registry Sweep Complete, Elapsed Time:00:00:11
12:31 AM: Starting Cookie Sweep
12:31 AM: Found Spy Cookie: primaryads cookie
12:31 AM: greg boylan@1.primaryads[1].txt (ID = 3190)
12:31 AM: Found Spy Cookie: 216.221.138 cookie
12:31 AM: greg boylan@216.221.138[2].txt (ID = 1947)
12:31 AM: Found Spy Cookie: 64.62.232 cookie
12:31 AM: greg boylan@64.62.232[1].txt (ID = 1987)
12:31 AM: greg boylan@64.62.232[2].txt (ID = 1987)
12:31 AM: greg boylan@64.62.232[4].txt (ID = 1987)
12:31 AM: greg boylan@64.62.232[5].txt (ID = 1987)
12:31 AM: Found Spy Cookie: go.com cookie
12:31 AM: greg boylan@a.disney.go[1].txt (ID = 2729)
12:31 AM: Found Spy Cookie: aa cookie
12:31 AM: greg boylan@aa[1].txt (ID = 2029)
12:31 AM: greg boylan@aa[3].txt (ID = 2029)
12:31 AM: greg boylan@aa[4].txt (ID = 2029)
12:31 AM: greg boylan@aa[5].txt (ID = 2029)
12:31 AM: greg boylan@abcnews.go[1].txt (ID = 2729)
12:31 AM: Found Spy Cookie: about cookie
12:31 AM: greg boylan@about[1].txt (ID = 2037)
12:31 AM: Found Spy Cookie: ad-rotator cookie
12:31 AM: greg boylan@ad-rotator[1].txt (ID = 2051)
12:31 AM: Found Spy Cookie: hbmediapro cookie
12:31 AM: greg boylan@adopt.hbmediapro[2].txt (ID = 2768)
12:31 AM: Found Spy Cookie: adprofile cookie
12:31 AM: greg boylan@adprofile[1].txt (ID = 2084)
12:31 AM: Found Spy Cookie: cc214142 cookie
12:31 AM: greg boylan@ads.cc214142[2].txt (ID = 2367)
12:31 AM: Found Spy Cookie: apmebf cookie
12:31 AM: greg boylan@apmebf[2].txt (ID = 2229)
12:31 AM: Found Spy Cookie: aptimus cookie
12:31 AM: greg boylan@aptimus[1].txt (ID = 2233)
12:31 AM: Found Spy Cookie: askmen cookie
12:31 AM: greg boylan@askmen[1].txt (ID = 2247)
12:31 AM: Found Spy Cookie: belnk cookie
12:31 AM: greg boylan@ath.belnk[1].txt (ID = 2293)
12:31 AM: Found Spy Cookie: atwola cookie
12:31 AM: greg boylan@atwola[1].txt (ID = 2255)
12:31 AM: Found Spy Cookie: a cookie
12:31 AM: greg boylan@a[1].txt (ID = 2027)
12:31 AM: greg boylan@belnk[2].txt (ID = 2292)
12:31 AM: greg boylan@bventertainment.go[1].txt (ID = 2729)
12:31 AM: Found Spy Cookie: barelylegal cookie
12:31 AM: greg boylan@c.fsx[2].txt (ID = 2286)
12:31 AM: Found Spy Cookie: gostats cookie
12:31 AM: greg boylan@c2.gostats[1].txt (ID = 2748)
12:31 AM: greg boylan@c3.gostats[1].txt (ID = 2748)
12:31 AM: Found Spy Cookie: ccbill cookie
12:31 AM: greg boylan@ccbill[1].txt (ID = 2369)
12:31 AM: Found Spy Cookie: cgi-win cookie
12:31 AM: greg boylan@cgi-win[1].txt (ID = 2376)
12:31 AM: Found Spy Cookie: tickle cookie
12:31 AM: greg boylan@cookie.tickle[1].txt (ID = 3530)
12:31 AM: Found Spy Cookie: counter cookie
12:31 AM: greg boylan@counter[1].txt (ID = 2477)
12:31 AM: Found Spy Cookie: 360i cookie
12:31 AM: greg boylan@ct.360i[1].txt (ID = 1962)
12:31 AM: Found Spy Cookie: danni cookie
12:31 AM: greg boylan@danni[1].txt (ID = 2493)
12:31 AM: greg boylan@daysofourlives.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: wtlive.com cookie
12:31 AM: greg boylan@dcstest.wtlive[2].txt (ID = 3700)
12:31 AM: Found Spy Cookie: did-it cookie
12:31 AM: greg boylan@did-it[1].txt (ID = 2523)
12:31 AM: Found Spy Cookie: directtrack cookie
12:31 AM: greg boylan@directtrack[1].txt (ID = 2527)
12:31 AM: greg boylan@disney.go[2].txt (ID = 2729)
12:31 AM: greg boylan@disneyshopping.go[2].txt (ID = 2729)
12:31 AM: greg boylan@dist.belnk[1].txt (ID = 2293)
12:31 AM: Found Spy Cookie: dl cookie
12:31 AM: greg boylan@dl[1].txt (ID = 2529)
12:31 AM: Found Spy Cookie: epicgalls cookie
12:31 AM: greg boylan@epicgalls[1].txt (ID = 2619)
12:31 AM: Found Spy Cookie: exitexchange cookie
12:31 AM: greg boylan@exitexchange[2].txt (ID = 2633)
12:31 AM: greg boylan@experts.about[1].txt (ID = 2038)
12:31 AM: greg boylan@familyfun.go[2].txt (ID = 2729)
12:31 AM: Found Spy Cookie: gamespy cookie
12:31 AM: greg boylan@gamespy[2].txt (ID = 2719)
12:31 AM: Found Spy Cookie: go2net.com cookie
12:31 AM: greg boylan@go2net[1].txt (ID = 2730)
12:31 AM: greg boylan@gostats[1].txt (ID = 2747)
12:31 AM: greg boylan@go[1].txt (ID = 2728)
12:31 AM: greg boylan@horror.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: kinghost cookie
12:31 AM: greg boylan@kinghost[2].txt (ID = 2903)
12:31 AM: Found Spy Cookie: zango cookie
12:31 AM: greg boylan@lp.zango[1].txt (ID = 3761)
12:31 AM: Found Spy Cookie: ugo cookie
12:31 AM: greg boylan@mediamgr.ugo[2].txt (ID = 3609)
12:31 AM: Found Spy Cookie: 2o7.net cookie
12:31 AM: greg boylan@microsofteup.112.2o7[1].txt (ID = 1958)
12:31 AM: greg boylan@monster.gostats[1].txt (ID = 2748)
12:31 AM: greg boylan@movies.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: mrskin cookie
12:31 AM: greg boylan@mrskin[2].txt (ID = 3020)
12:31 AM: greg boylan@network.aptimus[1].txt (ID = 2235)
12:31 AM: greg boylan@ocean.directtrack[2].txt (ID = 2528)
12:31 AM: Found Spy Cookie: outster cookie
12:31 AM: greg boylan@outster[2].txt (ID = 3103)
12:31 AM: Found Spy Cookie: paycounter cookie
12:31 AM: greg boylan@paycounter[2].txt (ID = 3115)
12:31 AM: greg boylan@photography.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: pornochicks cookie
12:31 AM: greg boylan@pornochicks[2].txt (ID = 3171)
12:31 AM: greg boylan@radio.disney.go[1].txt (ID = 2729)
12:31 AM: Found Spy Cookie: rb4.ampland cookie
12:31 AM: greg boylan@rb4.ampland[1].txt (ID = 3229)
12:31 AM: greg boylan@register.go[1].txt (ID = 2729)
12:31 AM: Found Spy Cookie: rightmedia cookie
12:31 AM: greg boylan@rightmedia[1].txt (ID = 3259)
12:31 AM: greg boylan@romanticmovies.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: search123 cookie
12:31 AM: greg boylan@search123[1].txt (ID = 3305)
12:31 AM: Found Spy Cookie: seeq cookie
12:31 AM: greg boylan@seeq[1].txt (ID = 3331)
12:31 AM: Found Spy Cookie: servlet cookie
12:31 AM: greg boylan@servlet[1].txt (ID = 3345)
12:31 AM: greg boylan@sideshow.directtrack[2].txt (ID = 2528)
12:31 AM: Found Spy Cookie: sirsearch cookie
12:31 AM: greg boylan@sirsearch[2].txt (ID = 3379)
12:31 AM: Found Spy Cookie: spywarestormer cookie
12:31 AM: greg boylan@spywarestormer[2].txt (ID = 3417)
12:31 AM: Found Spy Cookie: dealtime cookie
12:31 AM: greg boylan@stat.dealtime[2].txt (ID = 2506)
12:31 AM: Found Spy Cookie: clicktracks cookie
12:31 AM: greg boylan@stats2.clicktracks[1].txt (ID = 2407)
12:31 AM: Found Spy Cookie: promaxtraffic cookie
12:31 AM: greg boylan@tds.promaxtraffic[1].txt (ID = 3200)
12:31 AM: Found Spy Cookie: tgp16 cookie
12:31 AM: greg boylan@tgp16[1].txt (ID = 3519)
12:31 AM: Found Spy Cookie: toplist cookie
12:31 AM: greg boylan@toplist[2].txt (ID = 3557)
12:31 AM: greg boylan@video.movies.go[1].txt (ID = 2729)
12:31 AM: greg boylan@volleyball.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: webpower cookie
12:31 AM: greg boylan@webpower[2].txt (ID = 3660)
12:31 AM: greg boylan@womenshistory.about[1].txt (ID = 2038)
12:31 AM: Found Spy Cookie: www.club-nikki cookie
12:31 AM: greg boylan@www.club-nikki[1].txt (ID = 2420)
12:31 AM: Found Spy Cookie: coolsearch cookie
12:31 AM: greg boylan@www.coolsearch[1].txt (ID = 2467)
12:31 AM: greg boylan@www.coolsearch[2].txt (ID = 2467)
12:31 AM: greg boylan@www.danni[2].txt (ID = 2494)
12:31 AM: greg boylan@www.disney.go[2].txt (ID = 2729)
12:31 AM: Found Spy Cookie: fetcj cookie
12:31 AM: greg boylan@www.fetcj[1].txt (ID = 2663)
12:31 AM: Found Spy Cookie: frenchcum cookie
12:31 AM: greg boylan@www.frenchcum[1].txt (ID = 2707)
12:31 AM: Found Spy Cookie: www.mature-post cookie
12:31 AM: greg boylan@www.mature-post[1].txt (ID = 3703)
12:31 AM: greg boylan@www.mrskin[2].txt (ID = 3021)
12:31 AM: Found Spy Cookie: screensavers.com cookie
12:31 AM: greg boylan@www.screensavers[1].txt (ID = 3298)
12:31 AM: greg boylan@www.seeq[2].txt (ID = 3332)
12:31 AM: Found Spy Cookie: teenax cookie
12:31 AM: greg boylan@www.teenax[2].txt (ID = 3504)
12:31 AM: Found Spy Cookie: xxx69 cookie
12:31 AM: greg boylan@www.xxx69[2].txt (ID = 3732)
12:31 AM: Found Spy Cookie: xiti cookie
12:31 AM: greg boylan@xiti[1].txt (ID = 3717)
12:31 AM: Found Spy Cookie: xren_cj cookie
12:31 AM: greg boylan@xren_cj[10].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[11].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[12].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[14].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[15].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[1].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[2].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[3].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[4].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[5].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[6].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[7].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[8].txt (ID = 3723)
12:31 AM: greg boylan@xren_cj[9].txt (ID = 3723)
12:31 AM: Found Spy Cookie: tinyamerica cookie
12:31 AM: greg boylan@zuzana.tinyamerica[1].txt (ID = 3534)
12:31 AM: Cookie Sweep Complete, Elapsed Time: 00:00:04
12:31 AM: Starting File Sweep
12:35 AM: minigolf_affiliate.exe (ID = 69949)
12:37 AM: miniclipgameloader.dll (ID = 81259)
12:38 AM: Found Adware: 180search assistant/zango
12:38 AM: o (ID = 70587)
12:38 AM: o.bat (ID = 70586)
12:38 AM: Found Adware: netpal
12:38 AM: gamehouse games.url (ID = 70891)
12:38 AM: Found Adware: coolwebsearch (cws)
12:38 AM: !!! exclusive youngest porn !!!.url (ID = 53889)
12:38 AM: !!! exclusive youngest porn !!!.url (ID = 53889)
12:38 AM: 80 old daddies brutally ****ing their daughters.url (ID = 53931)
12:38 AM: 80 old daddies brutally ****ing their daughters.url (ID = 53931)
12:38 AM: ****ing young virginz !!!.url (ID = 54150)
12:38 AM: ****ing young virginz !!!.url (ID = 54150)
12:38 AM: young masha sucking huge dick until her lips teared open.url (ID = 54679)
12:38 AM: young masha sucking huge dick until her lips teared open.url (ID = 54679)
12:38 AM: xx y.o. girls getting brutally ****ed by huge dick.url (ID = 54660)
12:38 AM: xx y.o. girls getting brutally ****ed by huge dick.url (ID = 54660)
12:38 AM: censored youngest porn.url (ID = 54005)
12:38 AM: censored youngest porn.url (ID = 54005)
12:38 AM: little bitches getting ****ed.url (ID = 54247)
12:38 AM: little bitches getting ****ed.url (ID = 54247)
12:38 AM: virgin girls in action.url (ID = 54573)
12:38 AM: virgin girls in action.url (ID = 54573)
12:38 AM: youngest girls only.url (ID = 54677)
12:38 AM: youngest girls only.url (ID = 54677)
12:38 AM: youngest hardcore action.url (ID = 54678)
12:38 AM: youngest hardcore action.url (ID = 54678)
12:38 AM: innocent girls brutally ****ed.url (ID = 54209)
12:38 AM: innocent girls brutally ****ed.url (ID = 54209)
12:38 AM: fresh xxx pics & movie.url (ID = 54149)
12:38 AM: fresh xxx pics & movie.url (ID = 54149)
12:39 AM: big fish games.url (ID = 70885)
12:39 AM: flyordie games.url (ID = 70890)
12:39 AM: Found Adware: blazefind
12:39 AM: bridge.inf (ID = 51438)
12:39 AM: bridge.inf (ID = 51438)
12:39 AM: bridge.inf (ID = 51438)
12:39 AM: backup-20060317-172831-465.inf (ID = 69911)
12:39 AM: data sources (odbc).lnk (ID = 70587)
12:39 AM: on-screen keyboard.lnk (ID = 70587)
12:39 AM: on-screen keyboard.lnk (ID = 70587)
12:39 AM: bridge.inf.lnk (ID = 51438)
12:39 AM: File Sweep Complete, Elapsed Time: 00:07:19
12:39 AM: Full Sweep has completed. Elapsed time 00:09:33
12:39 AM: Traces Found: 362
12:43 AM: Removal process initiated
12:43 AM: Quarantining All Traces: cws-aboutblank
12:43 AM: Quarantining All Traces: netnanny chat monitor
12:43 AM: Quarantining All Traces: trojan_backdoor_retro64
12:43 AM: Quarantining All Traces: 180search assistant/zango
12:43 AM: Quarantining All Traces: blazefind
12:43 AM: Quarantining All Traces: coolwebsearch (cws)
12:43 AM: Quarantining All Traces: cws awebfind.biz hijacker
12:43 AM: Quarantining All Traces: hot as hell
12:43 AM: Quarantining All Traces: instant access
12:43 AM: Quarantining All Traces: minigolf
12:43 AM: Quarantining All Traces: netpal
12:43 AM: Quarantining All Traces: purityscan
12:43 AM: Quarantining All Traces: wildmedia
12:43 AM: Quarantining All Traces: winad
12:43 AM: Quarantining All Traces: 216.221.138 cookie
12:43 AM: Quarantining All Traces: 2o7.net cookie
12:43 AM: Quarantining All Traces: 360i cookie
12:43 AM: Quarantining All Traces: 64.62.232 cookie
12:43 AM: Quarantining All Traces: a cookie
12:43 AM: Quarantining All Traces: aa cookie
12:43 AM: Quarantining All Traces: about cookie
12:43 AM: Quarantining All Traces: adprofile cookie
12:43 AM: Quarantining All Traces: ad-rotator cookie
12:43 AM: Quarantining All Traces: apmebf cookie
12:43 AM: Quarantining All Traces: aptimus cookie
12:43 AM: Quarantining All Traces: askmen cookie
12:43 AM: Quarantining All Traces: atwola cookie
12:43 AM: Quarantining All Traces: barelylegal cookie
12:43 AM: Quarantining All Traces: belnk cookie
12:43 AM: Quarantining All Traces: cc214142 cookie
12:43 AM: Quarantining All Traces: ccbill cookie
12:43 AM: Quarantining All Traces: cgi-win cookie
12:43 AM: Quarantining All Traces: clicktracks cookie
12:43 AM: Quarantining All Traces: coolsearch cookie
12:43 AM: Quarantining All Traces: counter cookie
12:43 AM: Quarantining All Traces: danni cookie
12:43 AM: Quarantining All Traces: dealtime cookie
12:43 AM: Quarantining All Traces: did-it cookie
12:43 AM: Quarantining All Traces: directtrack cookie
12:43 AM: Quarantining All Traces: dl cookie
12:43 AM: Quarantining All Traces: epicgalls cookie
12:43 AM: Quarantining All Traces: exitexchange cookie
12:43 AM: Quarantining All Traces: fetcj cookie
12:43 AM: Quarantining All Traces: frenchcum cookie
12:43 AM: Quarantining All Traces: gamespy cookie
12:43 AM: Quarantining All Traces: go.com cookie
12:43 AM: Quarantining All Traces: go2net.com cookie
12:43 AM: Quarantining All Traces: gostats cookie
12:43 AM: Quarantining All Traces: hbmediapro cookie
12:43 AM: Quarantining All Traces: kinghost cookie
12:43 AM: Quarantining All Traces: mrskin cookie
12:43 AM: Quarantining All Traces: outster cookie
12:43 AM: Quarantining All Traces: paycounter cookie
12:43 AM: Quarantining All Traces: pornochicks cookie
12:43 AM: Quarantining All Traces: primaryads cookie
12:43 AM: Quarantining All Traces: promaxtraffic cookie
12:43 AM: Quarantining All Traces: rb4.ampland cookie
12:43 AM: Quarantining All Traces: rightmedia cookie
12:43 AM: Quarantining All Traces: screensavers.com cookie
12:43 AM: Quarantining All Traces: search123 cookie
12:43 AM: Quarantining All Traces: seeq cookie
12:43 AM: Quarantining All Traces: servlet cookie
12:43 AM: Quarantining All Traces: sirsearch cookie
12:43 AM: Quarantining All Traces: spywarestormer cookie
12:43 AM: Quarantining All Traces: teenax cookie
12:43 AM: Quarantining All Traces: tgp16 cookie
12:43 AM: Quarantining All Traces: tickle cookie
12:43 AM: Quarantining All Traces: tinyamerica cookie
12:43 AM: Quarantining All Traces: toplist cookie
12:43 AM: Quarantining All Traces: ugo cookie
12:43 AM: Quarantining All Traces: webpower cookie
12:43 AM: Quarantining All Traces: wtlive.com cookie
12:43 AM: Quarantining All Traces: www.club-nikki cookie
12:43 AM: Quarantining All Traces: www.mature-post cookie
12:43 AM: Quarantining All Traces: xiti cookie
12:43 AM: Quarantining All Traces: xren_cj cookie
12:43 AM: Quarantining All Traces: xxx69 cookie
12:43 AM: Quarantining All Traces: zango cookie
12:44 AM: Removal process completed. Elapsed time 00:00:40
********
12:00 AM: | Start of Session, Wednesday, 22 March 2006 |
12:00 AM: Spy Sweeper started
12:00 AM: Sweep initiated using definitions version 556
12:00 AM: Starting Memory Sweep
12:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:13
12:02 AM: Starting Registry Sweep
12:02 AM: Found Adware: cws awebfind.biz hijacker
12:02 AM: HKLM\software\microsoft\internet explorer\abouturls\ || blank (ID = 116981)
12:02 AM: Found Adware: hot as hell
12:02 AM: HKCR\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}\ (8 subtraces) (ID = 127192)
12:02 AM: Found Adware: instant access
12:02 AM: HKCR\interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef}\ (8 subtraces) (ID = 128716)
12:02 AM: HKCR\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\ (8 subtraces) (ID = 128718)
12:02 AM: HKLM\software\classes\clsid\{eeeca057-ad0f-44a7-8be5-8634cedbdbd1}\ (3 subtraces) (ID = 128749)
12:02 AM: HKLM\software\classes\interface\{3947ac1d-db09-4353-bbcc-55b97f5035ef}\ (8 subtraces) (ID = 128771)
12:02 AM: HKLM\software\classes\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\ (8 subtraces) (ID = 128773)
12:02 AM: HKLM\software\classes\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\proxystubclsid32\ (1 subtraces) (ID = 128774)
12:02 AM: HKLM\software\classes\interface\{a58f3d09-4543-4396-8be7-105f14dd6ed5}\typelib\ (2 subtraces) (ID = 128775)
12:02 AM: Found Adware: minigolf
12:02 AM: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/winnt/minigolf_affiliate.exe\ (2 subtraces) (ID = 135054)
12:02 AM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\winnt\minigolf_affiliate.exe (ID = 135060)
12:02 AM: Found Adware: purityscan
12:02 AM: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/winnt/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137987)
12:02 AM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\winnt\downloaded program files\mediaticketsinstaller.ocx (ID = 139078)
12:02 AM: Found Trojan Horse: trojan_backdoor_retro64
12:02 AM: HKCR\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f98}\ (20 subtraces) (ID = 144993)
12:02 AM: HKCR\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 144995)
12:02 AM: HKCR\retro64_loader.r64loader.1\ (3 subtraces) (ID = 144996)
12:02 AM: HKCR\retro64_loader.r64loader\ (5 subtraces) (ID = 144997)
12:02 AM: HKLM\software\classes\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f98}\ (20 subtraces) (ID = 144998)
12:02 AM: HKLM\software\classes\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 145000)
12:02 AM: HKLM\software\classes\retro64_loader.r64loader.1\ (3 subtraces) (ID = 145001)
12:02 AM: HKLM\software\classes\retro64_loader.r64loader\ (5 subtraces) (ID = 145002)
12:02 AM: HKLM\software\classes\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145003)
12:02 AM: HKCR\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145004)
12:02 AM: Found Adware: wildmedia
12:02 AM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
12:02 AM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
12:02 AM: Found Adware: winad
12:02 AM: HKCR\mediagatewayx.installer\ (5 subtraces) (ID = 372857)
12:02 AM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
12:02 AM: HKLM\software\classes\mediagatewayx.installer\ (5 subtraces) (ID = 398902)
12:02 AM: HKLM\software\classes\mediagatewayx.installer\clsi d\ (1 subtraces) (ID = 398904)
12:02 AM: Found System Monitor: netnanny chat monitor
12:02 AM: HKCR\appid\nnsvc.exe\ (1 subtraces) (ID = 595241)
12:02 AM: HKLM\software\nns\ (3 subtraces) (ID = 595256)
12:02 AM: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/winnt/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 775720)
12:02 AM: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\winnt\downloaded program files\mediagatewayx.dll (ID = 838612)
12:02 AM: Found Adware: cws-aboutblank
12:02 AM: HKU\S-1-5-21-448539723-1644491937-725345543-1000\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
12:02 AM: HKU\S-1-5-21-448539723-1644491937-725345543-1000\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
12:02 AM: HKU\S-1-5-21-448539723-1644491937-725345543-1000\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
12:02 AM: Registry Sweep Complete, Elapsed Time:00:00:24
12:03 AM: Starting Cookie Sweep
12:03 AM: Found Spy Cookie: primaryads cookie
12:03 AM: greg boylan@1.primaryads[1].txt (ID = 3190)
12:03 AM: Found Spy Cookie: 216.221.138 cookie
12:03 AM: greg boylan@216.221.138[2].txt (ID = 1947)
12:03 AM: Found Spy Cookie: 64.62.232 cookie
12:03 AM: greg boylan@64.62.232[1].txt (ID = 1987)
12:03 AM: greg boylan@64.62.232[2].txt (ID = 1987)
12:03 AM: greg boylan@64.62.232[4].txt (ID = 1987)
12:03 AM: greg boylan@64.62.232[5].txt (ID = 1987)
12:03 AM: Found Spy Cookie: go.com cookie
12:03 AM: greg boylan@a.disney.go[1].txt (ID = 2729)
12:03 AM: Found Spy Cookie: aa cookie
12:03 AM: greg boylan@aa[1].txt (ID = 2029)
12:03 AM: greg boylan@aa[3].txt (ID = 2029)
12:03 AM: greg boylan@aa[4].txt (ID = 2029)
12:03 AM: greg boylan@aa[5].txt (ID = 2029)
12:03 AM: greg boylan@abcnews.go[1].txt (ID = 2729)
12:03 AM: Found Spy Cookie: about cookie
12:03 AM: greg boylan@about[1].txt (ID = 2037)
12:03 AM: Found Spy Cookie: ad-rotator cookie
12:03 AM: greg boylan@ad-rotator[1].txt (ID = 2051)
12:03 AM: Found Spy Cookie: hbmediapro cookie
12:03 AM: greg boylan@adopt.hbmediapro[2].txt (ID = 2768)
12:03 AM: Found Spy Cookie: adprofile cookie
12:03 AM: greg boylan@adprofile[1].txt (ID = 2084)
12:03 AM: Found Spy Cookie: cc214142 cookie
12:03 AM: greg boylan@ads.cc214142[2].txt (ID = 2367)
12:03 AM: Found Spy Cookie: apmebf cookie
12:03 AM: greg boylan@apmebf[2].txt (ID = 2229)
12:03 AM: Found Spy Cookie: aptimus cookie
12:03 AM: greg boylan@aptimus[1].txt (ID = 2233)
12:03 AM: Found Spy Cookie: askmen cookie
12:03 AM: greg boylan@askmen[1].txt (ID = 2247)
12:03 AM: Found Spy Cookie: belnk cookie
12:03 AM: greg boylan@ath.belnk[1].txt (ID = 2293)
12:03 AM: Found Spy Cookie: atwola cookie
12:03 AM: greg boylan@atwola[1].txt (ID = 2255)
12:03 AM: Found Spy Cookie: a cookie
12:03 AM: greg boylan@a[1].txt (ID = 2027)
12:03 AM: greg boylan@belnk[2].txt (ID = 2292)
12:03 AM: greg boylan@bventertainment.go[1].txt (ID = 2729)
12:03 AM: Found Spy Cookie: barelylegal cookie
12:03 AM: greg boylan@c.fsx[2].txt (ID = 2286)
12:03 AM: Found Spy Cookie: gostats cookie
12:03 AM: greg boylan@c2.gostats[1].txt (ID = 2748)
12:03 AM: greg boylan@c3.gostats[1].txt (ID = 2748)
12:03 AM: Found Spy Cookie: ccbill cookie
12:03 AM: greg boylan@ccbill[1].txt (ID = 2369)
12:03 AM: Found Spy Cookie: cgi-win cookie
12:03 AM: greg boylan@cgi-win[1].txt (ID = 2376)
12:03 AM: Found Spy Cookie: tickle cookie
12:03 AM: greg boylan@cookie.tickle[1].txt (ID = 3530)
12:03 AM: Found Spy Cookie: counter cookie
12:03 AM: greg boylan@counter[1].txt (ID = 2477)
12:03 AM: Found Spy Cookie: 360i cookie
12:03 AM: greg boylan@ct.360i[1].txt (ID = 1962)
12:03 AM: Found Spy Cookie: danni cookie
12:03 AM: greg boylan@danni[1].txt (ID = 2493)
12:03 AM: greg boylan@daysofourlives.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: wtlive.com cookie
12:03 AM: greg boylan@dcstest.wtlive[2].txt (ID = 3700)
12:03 AM: Found Spy Cookie: did-it cookie
12:03 AM: greg boylan@did-it[1].txt (ID = 2523)
12:03 AM: Found Spy Cookie: directtrack cookie
12:03 AM: greg boylan@directtrack[1].txt (ID = 2527)
12:03 AM: greg boylan@disney.go[2].txt (ID = 2729)
12:03 AM: greg boylan@disneyshopping.go[2].txt (ID = 2729)
12:03 AM: greg boylan@dist.belnk[1].txt (ID = 2293)
12:03 AM: Found Spy Cookie: dl cookie
12:03 AM: greg boylan@dl[1].txt (ID = 2529)
12:03 AM: Found Spy Cookie: epicgalls cookie
12:03 AM: greg boylan@epicgalls[1].txt (ID = 2619)
12:03 AM: Found Spy Cookie: exitexchange cookie
12:03 AM: greg boylan@exitexchange[2].txt (ID = 2633)
12:03 AM: greg boylan@experts.about[1].txt (ID = 2038)
12:03 AM: greg boylan@familyfun.go[2].txt (ID = 2729)
12:03 AM: Found Spy Cookie: gamespy cookie
12:03 AM: greg boylan@gamespy[2].txt (ID = 2719)
12:03 AM: Found Spy Cookie: go2net.com cookie
12:03 AM: greg boylan@go2net[1].txt (ID = 2730)
12:03 AM: greg boylan@gostats[1].txt (ID = 2747)
12:03 AM: greg boylan@go[1].txt (ID = 2728)
12:03 AM: greg boylan@horror.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: kinghost cookie
12:03 AM: greg boylan@kinghost[2].txt (ID = 2903)
12:03 AM: Found Spy Cookie: zango cookie
12:03 AM: greg boylan@lp.zango[1].txt (ID = 3761)
12:03 AM: Found Spy Cookie: ugo cookie
12:03 AM: greg boylan@mediamgr.ugo[2].txt (ID = 3609)
12:03 AM: Found Spy Cookie: 2o7.net cookie
12:03 AM: greg boylan@microsofteup.112.2o7[1].txt (ID = 1958)
12:03 AM: greg boylan@monster.gostats[1].txt (ID = 2748)
12:03 AM: greg boylan@movies.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: mrskin cookie
12:03 AM: greg boylan@mrskin[2].txt (ID = 3020)
12:03 AM: greg boylan@network.aptimus[1].txt (ID = 2235)
12:03 AM: greg boylan@ocean.directtrack[2].txt (ID = 2528)
12:03 AM: Found Spy Cookie: outster cookie
12:03 AM: greg boylan@outster[2].txt (ID = 3103)
12:03 AM: Found Spy Cookie: paycounter cookie
12:03 AM: greg boylan@paycounter[2].txt (ID = 3115)
12:03 AM: greg boylan@photography.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: pornochicks cookie
12:03 AM: greg boylan@pornochicks[2].txt (ID = 3171)
12:03 AM: greg boylan@radio.disney.go[1].txt (ID = 2729)
12:03 AM: Found Spy Cookie: rb4.ampland cookie
12:03 AM: greg boylan@rb4.ampland[1].txt (ID = 3229)
12:03 AM: greg boylan@register.go[1].txt (ID = 2729)
12:03 AM: Found Spy Cookie: rightmedia cookie
12:03 AM: greg boylan@rightmedia[1].txt (ID = 3259)
12:03 AM: greg boylan@romanticmovies.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: search123 cookie
12:03 AM: greg boylan@search123[1].txt (ID = 3305)
12:03 AM: Found Spy Cookie: seeq cookie
12:03 AM: greg boylan@seeq[1].txt (ID = 3331)
12:03 AM: Found Spy Cookie: servlet cookie
12:03 AM: greg boylan@servlet[1].txt (ID = 3345)
12:03 AM: greg boylan@sideshow.directtrack[2].txt (ID = 2528)
12:03 AM: Found Spy Cookie: sirsearch cookie
12:03 AM: greg boylan@sirsearch[2].txt (ID = 3379)
12:03 AM: Found Spy Cookie: spywarestormer cookie
12:03 AM: greg boylan@spywarestormer[2].txt (ID = 3417)
12:03 AM: Found Spy Cookie: dealtime cookie
12:03 AM: greg boylan@stat.dealtime[2].txt (ID = 2506)
12:03 AM: Found Spy Cookie: clicktracks cookie
12:03 AM: greg boylan@stats2.clicktracks[1].txt (ID = 2407)
12:03 AM: Found Spy Cookie: promaxtraffic cookie
12:03 AM: greg boylan@tds.promaxtraffic[1].txt (ID = 3200)
12:03 AM: Found Spy Cookie: tgp16 cookie
12:03 AM: greg boylan@tgp16[1].txt (ID = 3519)
12:03 AM: Found Spy Cookie: toplist cookie
12:03 AM: greg boylan@toplist[2].txt (ID = 3557)
12:03 AM: greg boylan@video.movies.go[1].txt (ID = 2729)
12:03 AM: greg boylan@volleyball.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: webpower cookie
12:03 AM: greg boylan@webpower[2].txt (ID = 3660)
12:03 AM: greg boylan@womenshistory.about[1].txt (ID = 2038)
12:03 AM: Found Spy Cookie: www.club-nikki cookie
12:03 AM: greg boylan@www.club-nikki[1].txt (ID = 2420)
12:03 AM: Found Spy Cookie: coolsearch cookie
12:03 AM: greg boylan@www.coolsearch[1].txt (ID = 2467)
12:03 AM: greg boylan@www.coolsearch[2].txt (ID = 2467)
12:03 AM: greg boylan@www.danni[2].txt (ID = 2494)
12:03 AM: greg boylan@www.disney.go[2].txt (ID = 2729)
12:03 AM: Found Spy Cookie: fetcj cookie
12:03 AM: greg boylan@www.fetcj[1].txt (ID = 2663)
12:03 AM: Found Spy Cookie: frenchcum cookie
12:03 AM: greg boylan@www.frenchcum[1].txt (ID = 2707)
12:03 AM: Found Spy Cookie: www.mature-post cookie
12:03 AM: greg boylan@www.mature-post[1].txt (ID = 3703)
12:03 AM: greg boylan@www.mrskin[2].txt (ID = 3021)
12:03 AM: Found Spy Cookie: screensavers.com cookie
12:03 AM: greg boylan@www.screensavers[1].txt (ID = 3298)
12:03 AM: greg boylan@www.seeq[2].txt (ID = 3332)
12:03 AM: Found Spy Cookie: teenax cookie
12:03 AM: greg boylan@www.teenax[2].txt (ID = 3504)
12:03 AM: Found Spy Cookie: xxx69 cookie
12:03 AM: greg boylan@www.xxx69[2].txt (ID = 3732)
12:03 AM: Found Spy Cookie: xiti cookie
12:03 AM: greg boylan@xiti[1].txt (ID = 3717)
12:03 AM: Found Spy Cookie: xren_cj cookie
12:03 AM: greg boylan@xren_cj[10].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[11].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[12].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[14].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[15].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[1].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[2].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[3].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[4].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[5].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[6].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[7].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[8].txt (ID = 3723)
12:03 AM: greg boylan@xren_cj[9].txt (ID = 3723)
12:03 AM: Found Spy Cookie: tinyamerica cookie
12:03 AM: greg boylan@zuzana.tinyamerica[1].txt (ID = 3534)
12:03 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
12:03 AM: Starting File Sweep
12:07 AM: minigolf_affiliate.exe (ID = 69949)
12:09 AM: miniclipgameloader.dll (ID = 81259)
12:11 AM: Found Adware: 180search assistant/zango
12:11 AM: o (ID = 70587)
12:11 AM: o.bat (ID = 70586)
12:11 AM: Found Adware: netpal
12:11 AM: gamehouse games.url (ID = 70891)
12:11 AM: Found Adware: coolwebsearch (cws)
12:11 AM: !!! exclusive youngest porn !!!.url (ID = 53889)
12:11 AM: !!! exclusive youngest porn !!!.url (ID = 53889)
12:11 AM: 80 old daddies brutally ****ing their daughters.url (ID = 53931)
12:11 AM: 80 old daddies brutally ****ing their daughters.url (ID = 53931)
12:11 AM: ****ing young virginz !!!.url (ID = 54150)
12:11 AM: ****ing young virginz !!!.url (ID = 54150)
12:11 AM: young masha sucking huge dick until her lips teared open.url (ID = 54679)
12:11 AM: young masha sucking huge dick until her lips teared open.url (ID = 54679)
12:11 AM: xx y.o. girls getting brutally ****ed by huge dick.url (ID = 54660)
12:11 AM: xx y.o. girls getting brutally ****ed by huge dick.url (ID = 54660)
12:11 AM: censored youngest porn.url (ID = 54005)
12:11 AM: censored youngest porn.url (ID = 54005)
12:11 AM: little bitches getting ****ed.url (ID = 54247)
12:11 AM: little bitches getting ****ed.url (ID = 54247)
12:11 AM: virgin girls in action.url (ID = 54573)
12:11 AM: virgin girls in action.url (ID = 54573)
12:11 AM: youngest girls only.url (ID = 54677)
12:11 AM: youngest girls only.url (ID = 54677)
12:11 AM: youngest hardcore action.url (ID = 54678)
12:11 AM: youngest hardcore action.url (ID = 54678)
12:11 AM: innocent girls brutally ****ed.url (ID = 54209)
12:11 AM: innocent girls brutally ****ed.url (ID = 54209)
12:11 AM: fresh xxx pics & movie.url (ID = 54149)
12:11 AM: fresh xxx pics & movie.url (ID = 54149)
12:11 AM: big fish games.url (ID = 70885)
12:11 AM: flyordie games.url (ID = 70890)
12:11 AM: Found Adware: blazefind
12:11 AM: bridge.inf (ID = 51438)
12:11 AM: bridge.inf (ID = 51438)
12:11 AM: bridge.inf (ID = 51438)
12:11 AM: backup-20060317-172831-465.inf (ID = 69911)
12:11 AM: data sources (odbc).lnk (ID = 70587)
12:11 AM: on-screen keyboard.lnk (ID = 70587)
12:11 AM: on-screen keyboard.lnk (ID = 70587)
12:11 AM: bridge.inf.lnk (ID = 51438)
12:11 AM: File Sweep Complete, Elapsed Time: 00:08:13
12:11 AM: Full Sweep has completed. Elapsed time 00:11:27
12:11 AM: Traces Found: 362
12:29 AM: | End of Session, Wednesday, 22 March 2006 |
********
11:57 PM: | Start of Session, Tuesday, 21 March 2006 |
11:57 PM: Spy Sweeper started
11:57 PM: Messenger service has been disabled.
11:57 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:00 AM: | End of Session, Wednesday, 22 March 2006 |

-- there's some pretty horrible porn-related stuff in there & I know my husband well enough to know that he wouldn't have deliberately accessed such sites (ordinary porn yes ... this no).

I also ran Hijack This -- log follows: -

Logfile of HijackThis v1.99.1
Scan saved at 11:48:25 AM, on 23/03/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\sistray.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Plaxo\2.3.4.2\InstallStub.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.qut.edu.au:3128
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.2\InstallStub.exe -a
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\asnsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\aventail\connect\aslsp.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142816318093
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.13.14/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\System32\Tablet.exe

... & for good measure, I also ran Ewido: -

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:54:34 AM, 20/03/2006
+ Report-Checksum: 459F9339

+ Scan result:

C:\Documents and Settings\Brian Vining\Cookies\greg boylan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Brian Vining\Cookies\greg boylan@vip.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup

::Report End

We're still experiencing constant intrusion detection notices when parental controls are off ...Thanks again.
Ria

**VopThis** · 23-03-2006

-- there's some pretty horrible porn-related stuff in there & I know my husband well enough to know that he wouldn't have deliberately accessed such sites (ordinary porn yes ... this no).

This is what can happen when you mistakenly click on an inadvisable link. Often such results are not the fault of any inappropriate user behavior.

Additionally, you have restrictions set with these lines which may be responsible for intrusion detection events. Could try fixing these lines:

Quote:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

**It just occurred to me -- did you mean "fix" through Highjack This??

YES - try fixing those lines in HijackThis.

REBOOT.

If still no joy,
Review the following links:
http://www.google.ca/search?hl=en&q=...G=Search&meta=

OR,
Try uninstalling the parental control application and reinstalling. Something may have gotten corrupted.

**Ria** · 24-03-2006

Hallelujah!
I think that I've finally beaten it.
I fixed those two things in HJT -- no change ...
Then I removed & reinstalled Norton Internet Security (making sure I didn't save my settings) and that seems to have done it.

I must say that our computer is probably cleaner than it's been in a long time & seems to be running more efficiently.
The next thing I need to do is sit down with my son & remove all the un-used or expired games from the hard drive.

Thanks so much for all of your help.
I am only on a scholarship at the moment & can't spare much, but once I have "PayPal" account I'll make a donation to the site.

Thanks again,
Ria

Please help me decipher my Hijack This Log (RESOLVED)

Re: Please help me decipher my Hijack This Log

Similar Threads

Hijack This Log (RESOLVED)

Hijack this log.(RESOLVED)

Error Code to decipher ?

Hijack This Log (Resolved)

Hijack looking-for.cc (Resolved)