the inet 20099 problem i have has been fixed, thank you to whoever helped me out. Turns out i had about 40 different trojans and worms (check out the ewido logs, its almost scary)
Here is my new HJT:
Logfile of HijackThis v1.99.1
Scan saved at 1:54:48 PM, on 2/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1127848208\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1127848208\ee\AOLServiceHost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\wuauclt.exe
c:\program files\common files\aol\1127848208\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1127848208\ee\AOLServiceHost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Spyware Tools\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127848208\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdq/downloads/msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{793B2A71-4B5E-4238-B190-2E659995CB23}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Here is my spy sweeper log:
********
11:51 AM: | Start of Session, Saturday, February 04, 2006 |
11:51 AM: Spy Sweeper started
11:51 AM: Sweep initiated using definitions version 611
11:52 AM: Starting Memory Sweep
11:53 AM: Memory Sweep Complete, Elapsed Time: 00:01:29
11:53 AM: Starting Registry Sweep
11:53 AM: Found Adware: blazefind
11:53 AM: HKLM\software\microsoft\windows\ || infamous (ID = 104517)
11:53 AM: Found Adware: purityscan
11:53 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
11:53 AM: Found Adware: screensavers
11:53 AM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140550)
11:53 AM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140551)
11:53 AM: HKCR\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140552)
11:53 AM: HKCR\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140553)
11:53 AM: HKCR\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140554)
11:53 AM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (14 subtraces) (ID = 140555)
11:53 AM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (14 subtraces) (ID = 140556)
11:53 AM: HKLM\software\classes\interface\{760aca60-79c3-4875-9d19-b14a5b3fea77}\ (8 subtraces) (ID = 140557)
11:53 AM: HKLM\software\classes\interface\{883ea659-ed80-46f9-9ed2-83327f67789f}\ (8 subtraces) (ID = 140558)
11:53 AM: HKLM\software\classes\interface\{b64c73d7-459e-4816-91f9-1348f8e36984}\ (8 subtraces) (ID = 140559)
11:53 AM: HKLM\software\classes\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140560)
11:53 AM: HKLM\software\classes\screensaversinstaller.installer\ (5 subtraces) (ID = 140561)
11:53 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140562)
11:53 AM: HKLM\software\classes\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140563)
11:53 AM: HKLM\software\classes\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140564)
11:53 AM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140565)
11:53 AM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
11:53 AM: HKCR\screensaversinstaller.installer.1\ (3 subtraces) (ID = 140570)
11:53 AM: HKCR\screensaversinstaller.installer\ (5 subtraces) (ID = 140571)
11:53 AM: HKCR\screensaversinstaller.sinstaller.1\ (3 subtraces) (ID = 140572)
11:53 AM: HKCR\screensaversinstaller.sinstaller.1\clsid\ (1 subtraces) (ID = 140573)
11:53 AM: HKCR\screensaversinstaller.sinstaller\ (5 subtraces) (ID = 140574)
11:53 AM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (9 subtraces) (ID = 140575)
11:53 AM: Found Adware: websearch toolbar
11:53 AM: HKLM\software\microsoft\windows\currentversion\uninstall\wintools_esies\ (4 subtraces) (ID = 146511)
11:53 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
11:53 AM: Found Adware: winad
11:53 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/adtoolsx.dll\ (2 subtraces) (ID = 147188)
11:53 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\adtoolsx.dll (ID = 147215)
11:53 AM: Found Adware: coolwebsearch (cws)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\keywords\ (16 subtraces) (ID = 109820)
11:53 AM: Found Adware: drsnsrch.com hijack
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\searchurl\ (ID = 128212)
11:53 AM: Found Adware: tvmedia
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145309)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:53 AM: Found Adware: wildmedia
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\main\ || updater (ID = 146721)
11:53 AM: Found Adware: highdialer hijack
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\main\ || search page (ID = 1057098)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\main\ || local page (ID = 1057450)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\internet explorer\main\ || search bar (ID = 1058638)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1011\software\microsoft\windows nt\currentversion\windows\ || run (ID = 1062376)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\searchurl\ (ID = 128212)
11:53 AM: Found Adware: searchtoolbar
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (ID = 141347)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145309)
11:53 AM: Found Adware: twain-tech
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\mxtarget\ (6 subtraces) (ID = 145343)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\main\ || updater (ID = 146721)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\main\ || search page (ID = 1057098)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\main\ || local page (ID = 1057450)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\internet explorer\main\ || search bar (ID = 1058638)
11:53 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1010\software\microsoft\windows nt\currentversion\windows\ || run (ID = 1062376)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\sites\ (2 subtraces) (ID = 109822)
11:54 AM: Found Adware: cws_xplugin
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\main\ || sethp (ID = 124467)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\main\ || updater (ID = 146721)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\main\ || search page (ID = 1057098)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\main\ || local page (ID = 1057450)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\internet explorer\main\ || search bar (ID = 1058638)
11:54 AM: HKU\S-1-5-21-3977429315-1877297475-578083254-1009\software\microsoft\windows nt\currentversion\windows\ || run (ID = 1062376)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\keywords\ (16 subtraces) (ID = 109820)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\searchurl\ (ID = 128212)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
11:54 AM: Found Adware: targetsaver
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\tsa\ (8 subtraces) (ID = 143614)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\urlsearchhooks\ || {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} (ID = 145309)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\mxtarget\ (29 subtraces) (ID = 145343)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\toolbar\shellbrowser\ || {339bb23f-a864-48c0-a59f-29ea915965ec} (ID = 146462)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\main\ || updater (ID = 146721)
11:54 AM: Found Adware: sidesearch
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\searchurl\ || provider (ID = 826438)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\main\ || search page (ID = 1057098)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\main\ || local page (ID = 1057450)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\main\ || start page (ID = 1057451)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\internet explorer\main\ || search bar (ID = 1058638)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1008\software\microsoft\windows nt\currentversion\windows\ || run (ID = 1062376)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1007\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1007\software\microsoft\internet explorer\main\ || updater (ID = 146721)
11:54 AM: HKU\WRSS_Profile_S-1-5-21-3977429315-1877297475-578083254-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
11:54 AM: Registry Sweep Complete, Elapsed Time:00:00:43
11:54 AM: Starting Cookie Sweep
11:54 AM: Found Spy Cookie: 2o7.net cookie
11:54 AM: peter f. [email]dwyer@2o7[1].txt[/email] (ID = 1957)
11:54 AM: Found Spy Cookie: 888 cookie
11:54 AM: peter f. [email]dwyer@888[1].txt[/email] (ID = 2019)
11:54 AM: Found Spy Cookie: websponsors cookie
11:54 AM: peter f. [email]dwyer@a.websponsors[1].txt[/email] (ID = 3665)
11:54 AM: Found Spy Cookie: go.com cookie
11:54 AM: peter f. [email]dwyer@abclocal.go[1].txt[/email] (ID = 2729)
11:54 AM: peter f. [email]dwyer@abcnews.go[1].txt[/email] (ID = 2729)
11:54 AM: Found Spy Cookie: yieldmanager cookie
11:54 AM: peter f. [email]dwyer@ad.yieldmanager[2].txt[/email] (ID = 3751)
11:54 AM: Found Spy Cookie: adecn cookie
11:54 AM: peter f. [email]dwyer@adecn[2].txt[/email] (ID = 2063)
11:54 AM: Found Spy Cookie: adlegend cookie
11:54 AM: peter f. [email]dwyer@adlegend[1].txt[/email] (ID = 2074)
11:54 AM: Found Spy Cookie: hbmediapro cookie
11:54 AM: peter f. [email]dwyer@adopt.hbmediapro[2].txt[/email] (ID = 2768)
11:54 AM: Found Spy Cookie: precisead cookie
11:54 AM: peter f. [email]dwyer@adopt.precisead[2].txt[/email] (ID = 3182)
11:54 AM: Found Spy Cookie: specificclick.com cookie
11:54 AM: peter f. [email]dwyer@adopt.specificclick[1].txt[/email] (ID = 3400)
11:54 AM: Found Spy Cookie: adrevolver cookie
11:54 AM: peter f. [email]dwyer@adrevolver[1].txt[/email] (ID = 2088)
11:54 AM: Found Spy Cookie: addynamix cookie
11:54 AM: peter f. [email]dwyer@ads.addynamix[1].txt[/email] (ID = 2062)
11:54 AM: Found Spy Cookie: ads.businessweek cookie
11:54 AM: peter f. [email]dwyer@ads.businessweek[1].txt[/email] (ID = 2113)
11:54 AM: Found Spy Cookie: enliven cookie
11:54 AM: peter f. [email]dwyer@ads.enliven[1].txt[/email] (ID = 2615)
11:54 AM: Found Spy Cookie: pointroll cookie
11:54 AM: peter f. [email]dwyer@ads.pointroll[2].txt[/email] (ID = 3148)
11:54 AM: peter f. [email]dwyer@ads.specificclick[1].txt[/email] (ID = 3400)
11:54 AM: Found Spy Cookie: x10 cookie
11:54 AM: peter f. [email]dwyer@ads.x10[1].txt[/email] (ID = 3712)
11:54 AM: Found Spy Cookie: bpath cookie
11:54 AM: peter f. [email]dwyer@ads18.bpath[1].txt[/email] (ID = 2321)
11:54 AM: Found Spy Cookie: adserver.trb cookie
11:54 AM: peter f. [email]dwyer@adserver.trb[2].txt[/email] (ID = 2147)
11:54 AM: Found Spy Cookie: advertising cookie
11:54 AM: peter f. [email]dwyer@advertising[1].txt[/email] (ID = 2175)
11:54 AM: Found Spy Cookie: apmebf cookie
11:54 AM: peter f. [email]dwyer@apmebf[2].txt[/email] (ID = 2229)
11:54 AM: Found Spy Cookie: about cookie
11:54 AM: peter f. [email]dwyer@arthritis.about[1].txt[/email] (ID = 2038)
11:54 AM: Found Spy Cookie: falkag cookie
11:54 AM: peter f. [email]dwyer@as-eu.falkag[2].txt[/email] (ID = 2650)
11:54 AM: peter f. [email]dwyer@as1.falkag[2].txt[/email] (ID = 2650)
11:54 AM: Found Spy Cookie: ask cookie
11:54 AM: peter f. [email]dwyer@ask[1].txt[/email] (ID = 2245)
11:54 AM: Found Spy Cookie: atlas dmt cookie
11:54 AM: peter f. [email]dwyer@atdmt[2].txt[/email] (ID = 2253)
11:54 AM: Found Spy Cookie: belnk cookie
11:54 AM: peter f. [email]dwyer@ath.belnk[2].txt[/email] (ID = 2293)
11:54 AM: Found Spy Cookie: atwola cookie
11:54 AM: peter f. [email]dwyer@atwola[1].txt[/email] (ID = 2255)
11:54 AM: peter f. [email]dwyer@autorepair.about[1].txt[/email] (ID = 2038)
11:54 AM: Found Spy Cookie: azjmp cookie
11:54 AM: peter f. [email]dwyer@azjmp[1].txt[/email] (ID = 2270)
11:54 AM: peter f. [email]dwyer@belnk[1].txt[/email] (ID = 2292)
11:54 AM: Found Spy Cookie: bizrate cookie
11:54 AM: peter f. [email]dwyer@bizrate[1].txt[/email] (ID = 2308)
11:54 AM: peter f. [email]dwyer@c.as-us.falkag[2].txt[/email] (ID = 2650)
11:54 AM: Found Spy Cookie: gostats cookie
11:54 AM: peter f. [email]dwyer@c2.gostats[1].txt[/email] (ID = 2748)
11:54 AM: Found Spy Cookie: callwave cookie
11:54 AM: peter f. [email]dwyer@callwave[2].txt[/email] (ID = 2342)
11:54 AM: Found Spy Cookie: centralmedia cookie
11:54 AM: peter f. [email]dwyer@centralmedia[1].txt[/email] (ID = 2373)
11:54 AM: Found Spy Cookie: centrport net cookie
11:54 AM: peter f. [email]dwyer@centrport[1].txt[/email] (ID = 2374)
11:54 AM: Found Spy Cookie: classmates cookie
11:54 AM: peter f. [email]dwyer@classmates[1].txt[/email] (ID = 2384)
11:54 AM: Found Spy Cookie: tickle cookie
11:54 AM: peter f. [email]dwyer@cookie.tickle[1].txt[/email] (ID = 3530)
11:54 AM: Found Spy Cookie: hitslink cookie
11:54 AM: peter f. [email]dwyer@counter.hitslink[2].txt[/email] (ID = 2790)
11:54 AM: peter f. [email]dwyer@counter2.hitslink[2].txt[/email] (ID = 2790)
11:54 AM: peter f. [email]dwyer@cruises.about[1].txt[/email] (ID = 2038)
11:54 AM: Found Spy Cookie: 360i cookie
11:54 AM: peter f. [email]dwyer@ct.360i[2].txt[/email] (ID = 1962)
11:54 AM: Found Spy Cookie: overture cookie
11:54 AM: peter f. [email]dwyer@data3.perf.overture[2].txt[/email] (ID = 3106)
11:54 AM: Found Spy Cookie: did-it cookie
11:54 AM: peter f. [email]dwyer@did-it[2].txt[/email] (ID = 2523)
11:54 AM: peter f. [email]dwyer@dist.belnk[1].txt[/email] (ID = 2293)
11:54 AM: Found Spy Cookie: 180solutions cookie
11:54 AM: peter f. [email]dwyer@downloads.180solutions[1].txt[/email] (ID = 1934)
11:54 AM: Found Spy Cookie: emode cookie
11:54 AM: peter f. [email]dwyer@emode[1].txt[/email] (ID = 2603)
11:54 AM: peter f. [email]dwyer@entrepreneur.122.2o7[1].txt[/email] (ID = 1958)
11:54 AM: peter f. [email]dwyer@espn.go[1].txt[/email] (ID = 2729)
11:54 AM: peter f. [email]dwyer@espnradio.espn.go[2].txt[/email] (ID = 2729)
11:54 AM: Found Spy Cookie: exitexchange cookie
11:54 AM: peter f. [email]dwyer@exitexchange[2].txt[/email] (ID = 2633)
11:54 AM: Found Spy Cookie: findwhat cookie
11:54 AM: peter f. [email]dwyer@findwhat[1].txt[/email] (ID = 2674)
11:54 AM: Found Spy Cookie: gator cookie
11:54 AM: peter f. [email]dwyer@gator[1].txt[/email] (ID = 2722)
11:54 AM: peter f. [email]dwyer@go[1].txt[/email] (ID = 2728)
11:54 AM: Found Spy Cookie: clickandtrack cookie
11:54 AM: peter f. [email]dwyer@hits.clickandtrack[1].txt[/email] (ID = 2397)
11:54 AM: Found Spy Cookie: homestore cookie
11:54 AM: peter f. [email]dwyer@homestore[1].txt[/email] (ID = 2793)
11:54 AM: peter f. [email]dwyer@houseandhome.aol.homestore[1].txt[/email] (ID = 2794)
11:54 AM: Found Spy Cookie: screensavers.com cookie
11:54 AM: peter f. [email]dwyer@i.screensavers[2].txt[/email] (ID = 3298)
11:54 AM: Found Spy Cookie: ic-live cookie
11:54 AM: peter f. [email]dwyer@ic-live[1].txt[/email] (ID = 2821)
11:54 AM: Found Spy Cookie: infospace cookie
11:54 AM: peter f. [email]dwyer@infospace[2].txt[/email] (ID = 2865)
11:54 AM: peter f. [email]dwyer@installs.180solutions[1].txt[/email] (ID = 1934)
11:54 AM: Found Spy Cookie: sb01 cookie
11:54 AM: peter f. [email]dwyer@jp1.sb01[1].txt[/email] (ID = 3288)
11:54 AM: Found Spy Cookie: kount cookie
11:54 AM: peter f. [email]dwyer@kount[2].txt[/email] (ID = 2911)
11:54 AM: Found Spy Cookie: l2m.net cookie
11:54 AM: peter f. [email]dwyer@l2m[1].txt[/email] (ID = 2913)
11:54 AM: Found Spy Cookie: netster cookie
11:54 AM: peter f. [email]dwyer@lb1.netster[1].txt[/email] (ID = 3072)
11:54 AM: Found Spy Cookie: directtrack cookie
11:54 AM: peter f. [email]dwyer@lendinghope.directtrack[1].txt[/email] (ID = 2528)
11:54 AM: peter f. [email]dwyer@marketworksinc.122.2o7[1].txt[/email] (ID = 1958)
11:54 AM: Found Spy Cookie: fastclick cookie
11:54 AM: peter f. [email]dwyer@media.fastclick[1].txt[/email] (ID = 2652)
11:54 AM: Found Spy Cookie: mediaplex cookie
11:54 AM: peter f. [email]dwyer@mediaplex[1].txt[/email] (ID = 6442)
11:54 AM: Found Spy Cookie: metareward.com cookie
11:54 AM: peter f. [email]dwyer@metareward[1].txt[/email] (ID = 2990)
11:54 AM: Found Spy Cookie: monstermarketplace cookie
11:54 AM: peter f. [email]dwyer@monstermarketplace[2].txt[/email] (ID = 3006)
11:54 AM: Found Spy Cookie: qsrch cookie
11:54 AM: peter f. [email]dwyer@newnet.qsrch[2].txt[/email] (ID = 3216)
11:54 AM: Found Spy Cookie: nextag cookie
11:54 AM: peter f. [email]dwyer@nextag[1].txt[/email] (ID = 5014)
11:54 AM: Found Spy Cookie: netratingsselect cookie
11:54 AM: peter f. [email]dwyer@nnselect[2].txt[/email] (ID = 3065)
11:54 AM: Found Spy Cookie: offeroptimizer cookie
11:54 AM: peter f. [email]dwyer@offeroptimizer[2].txt[/email] (ID = 3087)
11:54 AM: Found Spy Cookie: one-time-offer cookie
11:54 AM: peter f. [email]dwyer@one-time-offer[2].txt[/email] (ID = 3095)
11:54 AM: peter f. [email]dwyer@orthopedics.about[1].txt[/email] (ID = 2038)
11:54 AM: peter f. [email]dwyer@overture[2].txt[/email] (ID = 3105)
11:54 AM: peter f. [email]dwyer@partygaming.122.2o7[1].txt[/email] (ID = 1958)
11:54 AM: Found Spy Cookie: touchclarity cookie
11:54 AM: peter f. [email]dwyer@partypoker.touchclarity[1].txt[/email] (ID = 3567)
11:54 AM: Found Spy Cookie: partypoker cookie
11:54 AM: peter f. [email]dwyer@partypoker[1].txt[/email] (ID = 3111)
11:54 AM: peter f. [email]dwyer@perf.overture[1].txt[/email] (ID = 3106)
11:54 AM: peter f. [email]dwyer@pointroll[1].txt[/email] (ID = 3147)
11:54 AM: Found Spy Cookie: popups.infostart cookie
11:54 AM: peter f. [email]dwyer@popups.infostart[1].txt[/email] (ID = 3159)
11:54 AM: Found Spy Cookie: pro-market cookie
11:54 AM: peter f. [email]dwyer@pro-market[2].txt[/email] (ID = 3197)
11:54 AM: Found Spy Cookie: reunion cookie
11:54 AM: peter f. [email]dwyer@reunion[1].txt[/email] (ID = 3255)
11:54 AM: Found Spy Cookie: revenue.net cookie
11:54 AM: peter f. [email]dwyer@revenue[2].txt[/email] (ID = 3257)
11:54 AM: Found Spy Cookie: rightmedia cookie
11:54 AM: peter f. [email]dwyer@rightmedia[1].txt[/email] (ID = 3259)
11:54 AM: Found Spy Cookie: rn11 cookie
11:54 AM: peter f. [email]dwyer@rn11[2].txt[/email] (ID = 3261)
11:54 AM: peter f. [email]dwyer@rsi.abcnews.go[1].txt[/email] (ID = 2729)
11:54 AM: peter f. [email]dwyer@rsi.espn.go[1].txt[/email] (ID = 2729)
11:54 AM: Found Spy Cookie: server.iad.liveperson cookie
11:54 AM: peter f. [email]dwyer@server.iad.liveperson[2].txt[/email] (ID = 3341)
11:54 AM: Found Spy Cookie: specificpop cookie
11:54 AM: peter f. [email]dwyer@specificpop[2].txt[/email] (ID = 3401)
11:54 AM: peter f. [email]dwyer@sports.espn.go[1].txt[/email] (ID = 2729)
11:54 AM: Found Spy Cookie: spylog cookie
11:54 AM: peter f. [email]dwyer@spylog[1].txt[/email] (ID = 3415)
11:54 AM: Found Spy Cookie: spywarestormer cookie
11:54 AM: peter f. [email]dwyer@spywarestormer[1].txt[/email] (ID = 3417)
11:54 AM: Found Spy Cookie: st.sageanalyst cookie
11:54 AM: peter f. [email]dwyer@st.sageanalyst[1].txt[/email] (ID = 3436)
11:54 AM: Found Spy Cookie: clicktracks cookie
11:54 AM: peter f. [email]dwyer@stats2.clicktracks[1].txt[/email] (ID = 2407)
11:54 AM: peter f. [email]dwyer@support.tickle[1].txt[/email] (ID = 3530)
11:54 AM: Found Spy Cookie: tacoda cookie
11:54 AM: peter f. [email]dwyer@tacoda[1].txt[/email] (ID = 6444)
11:54 AM: peter f. [email]dwyer@tickle[1].txt[/email] (ID = 3529)
11:54 AM: Found Spy Cookie: toplist cookie
11:54 AM: peter f. [email]dwyer@toplist[1].txt[/email] (ID = 3557)
11:54 AM: Found Spy Cookie: coremetrics cookie
11:54 AM: peter f. [email]dwyer@twci.coremetrics[1].txt[/email] (ID = 2472)
11:54 AM: peter f. [email]dwyer@usmilitary.about[2].txt[/email] (ID = 2038)
11:54 AM: Found Spy Cookie: valuead cookie
11:54 AM: peter f. [email]dwyer@valuead[2].txt[/email] (ID = 3626)
11:54 AM: Found Spy Cookie: realtracker cookie
11:54 AM: peter f. [email]dwyer@web4.realtracker[1].txt[/email] (ID = 3242)
11:54 AM: Found Spy Cookie: clickxchange adware cookie
11:54 AM: peter f. [email]dwyer@www.clickxchange[1].txt[/email] (ID = 2409)
11:54 AM: peter f. [email]dwyer@www.homestore[1].txt[/email] (ID = 2794)
11:54 AM: Found Spy Cookie: maximumcash cookie
11:54 AM: peter f. [email]dwyer@www.maximumcash[1].txt[/email] (ID = 2962)
11:54 AM: Found Spy Cookie: myaffiliateprogram.com cookie
11:54 AM: peter f. [email]dwyer@www.myaffiliateprogram[2].txt[/email] (ID = 3032)
11:54 AM: Found Spy Cookie: rednova cookie
11:54 AM: peter f. [email]dwyer@www.rednova[2].txt[/email] (ID = 3246)
11:54 AM: Found Spy Cookie: redzip cookie
11:54 AM: peter f. [email]dwyer@www.redzip[2].txt[/email] (ID = 3250)
11:54 AM: peter f. [email]dwyer@www.screensavers[1].txt[/email] (ID = 3298)
11:54 AM: Found Spy Cookie: toprebates.com cookie
11:54 AM: peter f. [email]dwyer@www.toprebates[2].txt[/email] (ID = 3562)
11:54 AM: Found Spy Cookie: upspiral cookie
11:54 AM: peter f. [email]dwyer@www.upspiral[2].txt[/email] (ID = 3615)
11:54 AM: Found Spy Cookie: xzoomy cookie
11:54 AM: peter f. [email]dwyer@www.xzoomy[1].txt[/email] (ID = 3742)
11:54 AM: peter f. [email]dwyer@x10[1].txt[/email] (ID = 3711)
11:54 AM: Found Spy Cookie: xiti cookie
11:54 AM: peter f. [email]dwyer@xiti[1].txt[/email] (ID = 3717)
11:54 AM: peter f. [email]dwyer@yieldmanager[2].txt[/email] (ID = 3749)
11:54 AM: peter f. [email]dwyer@ypng.infospace[1].txt[/email] (ID = 2866)
11:54 AM: Found Spy Cookie: zedo cookie
11:54 AM: peter f. [email]dwyer@zedo[1].txt[/email] (ID = 3762)
11:54 AM: Cookie Sweep Complete, Elapsed Time: 00:00:16
11:54 AM: Starting File Sweep
11:55 AM: c:\program files\screensavers.com (8 subtraces) (ID = -2147480365)
11:58 AM: preinstt.exe (ID = 81866)
11:58 AM: polmx.cab (ID = 81854)
11:58 AM: polall1m.exe (ID = 81852)
12:00 PM: Found Adware: ieplugin
12:00 PM: kwv2.dat (ID = 63355)
12:02 PM: shex.exe (ID = 94438)
12:04 PM: tvm.upd (ID = 81654)
12:06 PM: swpstart.exe (ID = 74759)
12:06 PM: key2.txt (ID = 51468)
12:06 PM: twaintec.cab (ID = 81875)
12:08 PM: tsinstall_4_0_3_7.exe (ID = 78266)
12:08 PM: tsinstall_4_0_3_6.exe (ID = 78264)
12:10 PM: lycos sidesearch.lnk (ID = 76058)
12:12 PM: tvmuknwrd.dll (ID = 81759)
12:12 PM: zwipvbh.wzg (ID = 87862)
12:12 PM: polmx.inf (ID = 81856)
12:12 PM: twaintec.inf (ID = 81889)
12:12 PM: twaintec.inf (ID = 81889)
12:12 PM: Warning: Unhandled Archive Type
12:12 PM: Warning: Unhandled Archive Type
12:13 PM: Warning: Unhandled Archive Type
12:13 PM: File Sweep Complete, Elapsed Time: 00:18:50
12:13 PM: Full Sweep has completed. Elapsed time 00:21:43
12:13 PM: Traces Found: 490
12:15 PM: Removal process initiated
12:15 PM: Quarantining All Traces: purityscan
12:15 PM: Quarantining All Traces: websearch toolbar
12:15 PM: Quarantining All Traces: wildmedia
12:15 PM: Quarantining All Traces: blazefind
12:15 PM: Quarantining All Traces: coolwebsearch (cws)
12:15 PM: Quarantining All Traces: sidesearch
12:15 PM: Quarantining All Traces: winad
12:15 PM: Quarantining All Traces: cws_xplugin
12:15 PM: Quarantining All Traces: drsnsrch.com hijack
12:15 PM: Quarantining All Traces: highdialer hijack
12:15 PM: Quarantining All Traces: ieplugin
12:15 PM: Quarantining All Traces: screensavers
12:15 PM: Quarantining All Traces: searchtoolbar
12:15 PM: Quarantining All Traces: targetsaver
12:15 PM: Quarantining All Traces: tvmedia
12:15 PM: Quarantining All Traces: twain-tech
12:15 PM: Quarantining All Traces: 180solutions cookie
12:15 PM: Quarantining All Traces: 2o7.net cookie
12:15 PM: Quarantining All Traces: 360i cookie
12:15 PM: Quarantining All Traces: 888 cookie
12:15 PM: Quarantining All Traces: about cookie
12:15 PM: Quarantining All Traces: addynamix cookie
12:15 PM: Quarantining All Traces: adecn cookie
12:15 PM: Quarantining All Traces: adlegend cookie
12:15 PM: Quarantining All Traces: adrevolver cookie
12:15 PM: Quarantining All Traces: ads.businessweek cookie
12:15 PM: Quarantining All Traces: adserver.trb cookie
12:15 PM: Quarantining All Traces: advertising cookie
12:15 PM: Quarantining All Traces: apmebf cookie
12:15 PM: Quarantining All Traces: ask cookie
12:15 PM: Quarantining All Traces: atlas dmt cookie
12:15 PM: Quarantining All Traces: atwola cookie
12:15 PM: Quarantining All Traces: azjmp cookie
12:15 PM: Quarantining All Traces: belnk cookie
12:15 PM: Quarantining All Traces: bizrate cookie
12:15 PM: Quarantining All Traces: bpath cookie
12:15 PM: Quarantining All Traces: callwave cookie
12:15 PM: Quarantining All Traces: centralmedia cookie
12:15 PM: Quarantining All Traces: centrport net cookie
12:15 PM: Quarantining All Traces: classmates cookie
12:15 PM: Quarantining All Traces: clickandtrack cookie
12:15 PM: Quarantining All Traces: clicktracks cookie
12:15 PM: Quarantining All Traces: clickxchange adware cookie
12:15 PM: Quarantining All Traces: coremetrics cookie
12:15 PM: Quarantining All Traces: did-it cookie
12:15 PM: Quarantining All Traces: directtrack cookie
12:15 PM: Quarantining All Traces: emode cookie
12:15 PM: Quarantining All Traces: enliven cookie
12:15 PM: Quarantining All Traces: exitexchange cookie
12:15 PM: Quarantining All Traces: falkag cookie
12:15 PM: Quarantining All Traces: fastclick cookie
12:15 PM: Quarantining All Traces: findwhat cookie
12:15 PM: Quarantining All Traces: gator cookie
12:15 PM: Quarantining All Traces: go.com cookie
12:15 PM: Quarantining All Traces: gostats cookie
12:15 PM: Quarantining All Traces: hbmediapro cookie
12:15 PM: Quarantining All Traces: hitslink cookie
12:15 PM: Quarantining All Traces: homestore cookie
12:15 PM: Quarantining All Traces: ic-live cookie
12:15 PM: Quarantining All Traces: infospace cookie
12:15 PM: Quarantining All Traces: kount cookie
12:15 PM: Quarantining All Traces: l2m.net cookie
12:15 PM: Quarantining All Traces: maximumcash cookie
12:15 PM: Quarantining All Traces: mediaplex cookie
12:15 PM: Quarantining All Traces: metareward.com cookie
12:15 PM: Quarantining All Traces: monstermarketplace cookie
12:15 PM: Quarantining All Traces: myaffiliateprogram.com cookie
12:15 PM: Quarantining All Traces: netratingsselect cookie
12:15 PM: Quarantining All Traces: netster cookie
12:15 PM: Quarantining All Traces: nextag cookie
12:15 PM: Quarantining All Traces: offeroptimizer cookie
12:15 PM: Quarantining All Traces: one-time-offer cookie
12:15 PM: Quarantining All Traces: overture cookie
12:15 PM: Quarantining All Traces: partypoker cookie
12:15 PM: Quarantining All Traces: pointroll cookie
12:15 PM: Quarantining All Traces: popups.infostart cookie
12:15 PM: Quarantining All Traces: precisead cookie
12:15 PM: Quarantining All Traces: pro-market cookie
12:15 PM: Quarantining All Traces: qsrch cookie
12:15 PM: Quarantining All Traces: realtracker cookie
12:15 PM: Quarantining All Traces: rednova cookie
12:15 PM: Quarantining All Traces: redzip cookie
12:15 PM: Quarantining All Traces: reunion cookie
12:15 PM: Quarantining All Traces: revenue.net cookie
12:15 PM: Quarantining All Traces: rightmedia cookie
12:15 PM: Quarantining All Traces: rn11 cookie
12:15 PM: Quarantining All Traces: sb01 cookie
12:15 PM: Quarantining All Traces: screensavers.com cookie
12:15 PM: Quarantining All Traces: server.iad.liveperson cookie
12:15 PM: Quarantining All Traces: specificclick.com cookie
12:15 PM: Quarantining All Traces: specificpop cookie
12:15 PM: Quarantining All Traces: spylog cookie
12:15 PM: Quarantining All Traces: spywarestormer cookie
12:15 PM: Quarantining All Traces: st.sageanalyst cookie
12:15 PM: Quarantining All Traces: tacoda cookie
12:15 PM: Quarantining All Traces: tickle cookie
12:15 PM: Quarantining All Traces: toplist cookie
12:15 PM: Quarantining All Traces: toprebates.com cookie
12:15 PM: Quarantining All Traces: touchclarity cookie
12:15 PM: Quarantining All Traces: upspiral cookie
12:15 PM: Quarantining All Traces: valuead cookie
12:15 PM: Quarantining All Traces: websponsors cookie
12:15 PM: Quarantining All Traces: x10 cookie
12:15 PM: Quarantining All Traces: xiti cookie
12:15 PM: Quarantining All Traces: xzoomy cookie
12:15 PM: Quarantining All Traces: yieldmanager cookie
12:15 PM: Quarantining All Traces: zedo cookie
12:16 PM: Removal process completed. Elapsed time 00:01:10
Here is my microsoft anti spyware log:
2/4/2006 2:30:43 AM::------------------------------------------------------------------
2/4/2006 2:30:43 AM::Initializing Clean - (ScanID: F5063F67-6487-469F-8946-B80E00)
2/4/2006 2:30:43 AM::Unititializing Clean
2/4/2006 2:30:43 AM::------------------------------------------------------------------
2/4/2006 11:50:02 AM::------------------------------------------------------------------
2/4/2006 11:50:02 AM::Initializing Clean - (ScanID: F5063F67-6487-469F-8946-B80E00)
2/4/2006 11:50:02 AM::Remove Threat (ID:16416)
2/4/2006 11:50:02 AM::Clean Threat BackDoor.Galapop.A (ID:16416)
2/4/2006 11:50:04 AM::Delete registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run [aupd=C:\WINDOWS\System32\symsvcsa.exe]
2/4/2006 11:50:04 AM::Clean Threat BackDoor.Galapop.A (ID:16416) Complete
2/4/2006 11:50:05 AM::Remove Threat (ID:16416) Complete
2/4/2006 11:50:05 AM::Remove Threat (ID:11648)
2/4/2006 11:50:05 AM::Clean Threat StatBlaster (ID:11648)
2/4/2006 11:50:06 AM::Removing file c:\documents and settings\peter j. dwyer\local settings\tempwm_fuins.bat
2/4/2006 11:50:06 AM::Disable file c:\documents and settings\peter j. dwyer\local settings\tempwm_fuins.bat and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\04614DD5-6381-4B18-ACE2-218258\4E3DEF5E-E27D-480B-BF67-A04BCF
2/4/2006 11:50:07 AM::Clean Threat StatBlaster (ID:11648) Complete
2/4/2006 11:50:07 AM::Remove Threat (ID:11648) Complete
2/4/2006 11:50:07 AM::Remove Threat (ID:13770)
2/4/2006 11:50:07 AM::Clean Threat Twain Tech (ID:13770)
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTI7d8OfSInst={5B9E7366-2010-43A6-9F69-D13188399497}
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTC7n8trMsgSDisp=0
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTI7d8OfSDist=THNALL1T
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTT7o8pListSPos=0
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTI7n8ProgSCab=0
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTI7n8ProgSEx=0
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget [MTI7n8ProgSLstest=0
2/4/2006 11:50:08 AM::Removing registry value HKEY_CURRENT_USER\Software\MxTarget
2/4/2006 11:50:08 AM::Removing registry key HKEY_CURRENT_USER\Software\MxTarget
2/4/2006 11:50:08 AM::Clean Threat Twain Tech (ID:13770) Complete
2/4/2006 11:50:09 AM::Remove Threat (ID:13770) Complete
2/4/2006 11:50:09 AM::Unititializing Clean
2/4/2006 11:50:09 AM::------------------------------------------------------------------
2/4/2006 12:20:31 PM::------------------------------------------------
2/4/2006 12:20:31 PM::Starting GIANT AS Cleaner
2/4/2006 12:20:31 PM::Running all Cleaner deletes
2/4/2006 12:20:31 PM::---Starting Quick Cleaner DelRegValues
2/4/2006 12:20:31 PM::Checking threats to clean
2/4/2006 12:20:31 PM::Ending GIANT AS Cleaner
2/4/2006 12:20:31 PM::------------------------------------------------I Had to run ewido anti maleware 3 different times, dont ask my why, but here they are:
EWIDO 1:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 11:02:48 PM, 2/2/2006
+ Report-Checksum: 7C95AF80
+ Scan result:
HKLM\SOFTWARE\Classes\Replace.HBO -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-3977429315-1877297475-578083254-1007\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
C:\counter.cab/counter.exe -> Dropper.Small.ls : Error during cleaning
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050927155718.zip/Program Files/common files/wintools/WToolsB.dll -> Spyware.Wintol : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20050927155718.zip/Program Files/common files/wintools/WSup.exe -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\02fk.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\260.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\cIx.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\k1bm.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\u2kr65r.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\wzg7d0.sys -> Trojan.Delf.cf : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\x80.sys -> Trojan.Kolweb.b : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~359634.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~374043.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~391410.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~394333.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~409058.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~413222.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~418595.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~437203.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~444674.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~502046.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~503843.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~531514.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~561335.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~564229.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~582443.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~595832.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~623648.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~635059.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~635724.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~646402.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~652952.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~656735.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~658156.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~660623.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~664262.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~672095.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~678599.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~706768.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~709401.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~709974.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~728834.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~731163.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~735272.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~744592.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~748831.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~749081.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~771535.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~775566.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~778132.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~781824.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~785012.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~788774.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~814673.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~816670.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~855876.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~871963.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~888187.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~904025.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~912927.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Laura Dwyer\Local Settings\Temp\~919204.tmp -> Spyware.Wintools : Cleaned with backup
::Report End
EWIDO 2:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 6:54:23 AM, 2/3/2006
+ Report-Checksum: 342D7A0D
+ Scan result:
C:\counter.cab/counter.exe -> Dropper.Small.ls : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\!update.exe -> Downloader.PurityScan.be : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\260.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\down.cab/WToolsB.dll -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\ezw.exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\rs.exe -> Downloader.Agent.df : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI384D.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI384D.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI3BE5.tmp\twaintec.cab/twaintec.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI3BE5.tmp\twaintec.cab/preInsTT.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI3BE5.tmp\twaintec.cab/polall1t.exe -> Downloader.Agent.ae : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI5FBB.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI5FBB.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI7568.tmp\mxTarget.cab/mxTarget.dll -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\THI7568.tmp\mxTarget.cab/preInsMt.exe -> Spyware.BiSpy : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\u2kr65r.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~404792.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~434794.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~465986.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~468170.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~470118.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~473757.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~474444.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~475182.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~488215.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~492915.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~505877.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~510058.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~510862.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~567680.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~573186.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~585583.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~590751.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~607813.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~629374.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~631797.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~643393.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~650384.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~655667.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~666227.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~668126.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~677714.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~693249.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~699084.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~702858.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~708609.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~710053.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~722224.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~723382.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~724552.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~745864.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~745921.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~751006.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~752771.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~754192.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~756389.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~759229.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~759718.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~760730.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~761207.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~761614.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~763129.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~774985.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~775452.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~776824.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~776930.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~784270.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~785833.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~787994.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~788637.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~790876.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~792626.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~794327.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~794555.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~799712.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~803020.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~804189.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~809812.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~810381.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~810526.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~815098.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~818570.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~833255.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~833362.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~834781.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~836623.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~841271.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~843168.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~844495.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~847956.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~854180.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~855083.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~856187.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~857505.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~858101.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~858793.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~875847.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~921517.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~923185.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Peter J. Dwyer\Local Settings\Temp\~934820.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\02fk.sys -> Trojan.Kolweb.e : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\260.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\CBz.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\DYm8.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\u2kr65r.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\~338936.tmp -> Downloader.WinTool : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\~409925.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\~416650.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Victoria Dwyer\Local Settings\Temp\~421718.tmp -> Spyware.Wintools : Cle