IE, Windows Explorer not working , system slow

[XML_Prgrm]

Hi,
I have downloaded and ran a scan of MSSpyware Beta.
I removed all the files which were reported as spyware
by the program.
My result was a slow system, IE and windows explorer opens
after 5 minutes. and Search Files feature doesnt work any
more. Everything else runs ok.
I have windows 2000 running on Intel celeron 2GHz processor.
Please help, i dont want to install everything again.

thanks
Varun

 

[Ron Kinner]

Can't promise anything but get HijackThis:

http://tomcoyote.org/hjt/hjt199//HijackThis.exe

(It will fit on a floppy if you can't download it on your
own PC.)

Save then Open it and select the SCAN AND SAVE LOG option.

Note where you save the log and then send it to me. Maybe
I can see what is going wrong.

Ron Kinner MVP

rkinner AT att DOT net
" AT " = "@"
" DOT " = "."

 

[Andre Da Costa]

It runs a bit slow on my system too after a scan. But I believe this beta
release is probably not optimized for performance, probably we will see this
in a future update of the beta. I would recommend, defragging and doing a
disk clean up of your hard disk in Safe Mode.

 

[XML_Prgrm]

hi,
The log file is given below. One more thing, as i noticed
that IE , windows explorer are opening after 5 mts, i
installed IE 6.0 again, but nothing changed. so this log
file comes out of my screwed up system , courtsey spyware.
thanks for you reply ....
------------------------
Logfile of HijackThis v1.99.0
Scan saved at 6:56:33 PM, on 2/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AIUpdate\AIUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\KERB\SideCar.exe
C:\KERB\krbcc32s.exe
C:\Program Files\The Weather Channel\The Weather Channel.exe
C:\Program Files\Arcane Software\Vermillion FTP
Daemon\vftpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) -
{01B5BF6B-E699-4BD7-BEA1-786FA05B83AB} - C:\Program
Files\AITwo\AdMediaPlugin.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{A083EA96-4797-3933-CB48-F3BC0D9B5C59} -
C:\WINNT\system32\mfcnc32.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) -
{86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program
Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SprintPort] "D:\Program
Files\Sprint\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdkvj.exe] C:\WINNT\system32\sdkvj.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AITwoUpdater] "C:\Program
Files\AIUpdate\AIUpdate.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = D:\Program
Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: SideCar.lnk = C:\KERB\SideCar.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer
Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O21 - SSODL: eplrr - {ED7E9F84-EFA3-4772-981E-14B1CEFAB693}
- C:\WINNT\system32\eplrr3.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service
- VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network
Associates, Inc. - C:\Program Files\Network
Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
O23 - Service: OSCM Utility Service - Unknown - D:\Program
Files\Sprint\OSCMUtilityService.exe (file missing)



----------------------------------

 

[Bill Sanderson]

It might also be useful to see your cleaner.log from the directory Microsoft
Antispyware was installed in--typically c:\program files\microsoft
antispyware. That'd show what was removed which may give a clue.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

hi,
The log file is given below. One more thing, as i noticed
that IE , windows explorer are opening after 5 mts, i
installed IE 6.0 again, but nothing changed. so this log
file comes out of my screwed up system , courtsey spyware.
thanks for you reply ....
------------------------
Logfile of HijackThis v1.99.0
Scan saved at 6:56:33 PM, on 2/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AIUpdate\AIUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\KERB\SideCar.exe
C:\KERB\krbcc32s.exe
C:\Program Files\The Weather Channel\The Weather Channel.exe
C:\Program Files\Arcane Software\Vermillion FTP
Daemon\vftpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) -
{01B5BF6B-E699-4BD7-BEA1-786FA05B83AB} - C:\Program
Files\AITwo\AdMediaPlugin.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{A083EA96-4797-3933-CB48-F3BC0D9B5C59} -
C:\WINNT\system32\mfcnc32.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) -
{86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program
Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SprintPort] "D:\Program
Files\Sprint\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdkvj.exe] C:\WINNT\system32\sdkvj.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AITwoUpdater] "C:\Program
Files\AIUpdate\AIUpdate.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = D:\Program
Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: SideCar.lnk = C:\KERB\SideCar.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer
Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O21 - SSODL: eplrr - {ED7E9F84-EFA3-4772-981E-14B1CEFAB693}
- C:\WINNT\system32\eplrr3.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service
- VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network
Associates, Inc. - C:\Program Files\Network
Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
O23 - Service: OSCM Utility Service - Unknown - D:\Program
Files\Sprint\OSCMUtilityService.exe (file missing)



----------------------------------

-----Original Message-----
Can't promise anything but get HijackThis:

http://tomcoyote.org/hjt/hjt199//HijackThis.exe

(It will fit on a floppy if you can't download it on your
own PC.)

Save then Open it and select the SCAN AND SAVE LOG option.

Note where you save the log and then send it to me. Maybe
I can see what is going wrong.

Ron Kinner MVP

rkinner AT att DOT net
" AT " = "@"
" DOT " = "."



.

 

[XML_Prgrm]

Hi,
Here is the portion from cleaner.log... This contains the
actions taken on 2/5/2005 after which my system got slow.
-----------------------------------------
2/5/2005 2:12:37
AM::------------------------------------------------------------------
2/5/2005 2:12:37 AM::Initializing Clean - (ScanID:
36AC1DAD-3E3B-444E-B759-1E08B0)
2/5/2005 2:12:38 AM::Unititializing Clean
2/5/2005 2:12:38
AM::------------------------------------------------------------------
2/5/2005 6:50:32
AM::------------------------------------------------------------------
2/5/2005 6:50:32 AM::Initializing Clean - (ScanID:
36AC1DAD-3E3B-444E-B759-1E08B0)
2/5/2005 6:50:32 AM::Remove Threat (ID:14903)
2/5/2005 6:50:32 AM::Clean Threat eXact.BullseyeNetwork
(ID:14903)
2/5/2005 6:50:33 AM::Suspending 365 process thread(s) for
C:\Program Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:50:33 AM::Removing file C:\Program
Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:50:34 AM::Removed registry auto start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[BullsEye Network=C:\Program Files\BullsEye
Network\bin\bargains.exe]
2/5/2005 6:50:34 AM::Terminating process C:\Program
Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:50:34 AM:isable file C:\Program Files\BullsEye
Network\bin\bargains.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\238857E1-073F-4791-BDF2-CC5F9F\14F7F19F-9985-467A-98B5-5BF613
2/5/2005 6:50:34 AM::Clean Threat eXact.BullseyeNetwork
(ID:14903) Complete
2/5/2005 6:50:35 AM::Remove Threat (ID:14903) Complete
2/5/2005 6:50:35 AM::Remove Threat (ID:14902)
2/5/2005 6:50:35 AM::Clean Threat eXact.NaviSearch (ID:14902)
2/5/2005 6:50:35 AM::Suspending 363 process thread(s) for
C:\Program Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:36 AM::Removing file C:\Program
Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:36 AM::Removed registry auto start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[NaviSearch=C:\Program Files\NaviSearch\bin\nls.exe]
2/5/2005 6:50:36 AM::Terminating process C:\Program
Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:37 AM:isable file C:\Program
Files\NaviSearch\bin\nls.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\9CF60D39-BFC7-433B-8A72-D02173
2/5/2005 6:50:37 AM::Removing file c:\program
files\navisearch\uninstall.exe
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\uninstall.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\84F54761-1529-4B6E-9A41-35B54E
2/5/2005 6:50:39 AM::Removing file c:\program
files\navisearch\ub.dat
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\ub.dat and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\C57AB9DD-4A47-465D-A278-DB3B4A
2/5/2005 6:50:39 AM::Removing file c:\program
files\navisearch\ad.dat
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\ad.dat and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\880E1601-D123-4DEE-9334-196E83
2/5/2005 6:50:39 AM::Removing file c:\program
files\navisearch\t1107586579.dec
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\t1107586579.dec and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\045321AF-F8EF-489B-ACFC-CADF47
2/5/2005 6:50:39 AM:elete folder c:\program files\navisearch\
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[DisplayName=NaviSearch
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[UninstallString=C:\Program Files\NaviSearch\Uninstall.exe
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[Publisher=eXact Advertising
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[DisplayVersion=8.0.3.4
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[URLInfoAbout=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[Readme=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[DisplayIcon=C:\Program Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[HelpLink=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[NoModify=1
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[NoRepair=1
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
2/5/2005 6:50:39 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [MainDir=C:\Program
Files\NaviSearch
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [Binary=bin
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ConfigUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ADDataUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[SoftwareUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ServerName=adpopper.outblaze.com
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ServerPath=/scripts/adpopper/webservice.main?type=upload
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[TrackingServerPath=/scripts/adpopper/webservice.main?type=tracking
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[TrackingGIFURL=[URL]http://www.bullseye-network.com/dcs_trk/MEDIAWHIZ3/nls/nls_install.gif[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ErrLandingURL=[URL]http://www.navisearch.net/search.php[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ErrLandingQuery=?Keywords=%s&partner=BB
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [ADDataVersion=100
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [ServerPort=80
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[UpdateQueryDuration=86400
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[UpdateQueryFailedDuration=3600
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [BuildNumber=8034
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [TrackingURLCount=2
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [TrackingURLEnable=1
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [TrackingFileFlag=0
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [UseSearchAsst=no
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[SearchAssistant=[URL]http://ie.search.msn.com/[/URL]{SUB_RFC1766}/srchasst/srchcust.htm
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [FirstHit=0
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [PartnerID=453
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [PartnerName=MEDIAWHIZ3
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[SystemInstallTime=1106450161
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[UniqueKey=<MEDIAWHIZ3>113243361:16032:8034:2
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [ConfigVersion=5
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[LastQueryTime=1107524633
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
2/5/2005 6:50:39 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
2/5/2005 6:50:39 AM::Clean Threat eXact.NaviSearch
(ID:14902) Complete
2/5/2005 6:50:39 AM::Remove Threat (ID:14902) Complete
2/5/2005 6:50:39 AM::Remove Threat (ID:15002)
2/5/2005 6:50:39 AM::Clean Threat eXact.Downloader (ID:15002)
2/5/2005 6:50:40 AM::Removing file c:\winnt\system32\nvms.dll
2/5/2005 6:50:48 AM::Removing BHO
{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} for file
c:\winnt\system32\nvms.dll
2/5/2005 6:50:48 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} [=
2/5/2005 6:50:48 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:48 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:50 AM::Unregistering COM entry points for
file c:\winnt\system32\nvms.dll
2/5/2005 6:50:50 AM:isable file
c:\winnt\system32\nvms.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\7D47F488-94BA-4FBC-8A58-FFAC5F\552ACD3A-216C-401A-B089-1DE845
2/5/2005 6:50:50 AM::Removing file c:\winnt\system32\msbe.dll
2/5/2005 6:50:56 AM::Removing BHO
{F4E04583-354E-4076-BE7D-ED6A80FD66DA} for file
c:\winnt\system32\msbe.dll
2/5/2005 6:50:56 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} [=
2/5/2005 6:50:56 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:56 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:59 AM::Unregistering COM entry points for
file c:\winnt\system32\msbe.dll
2/5/2005 6:50:59 AM:isable file
c:\winnt\system32\msbe.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\7D47F488-94BA-4FBC-8A58-FFAC5F\BDF4C3FB-853F-4AEF-ACDB-66D5A2
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
[=C:\WINNT\system32\nvms.dll
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
[ThreadingModel=Apartment
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\ProgID
[=NLS.UrlCatcher.1
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\ProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\Programmable
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\VersionIndependentProgID
[=NLS.UrlCatcher
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\VersionIndependentProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
[=NLS UrlCatcher Class
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:59 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
[=C:\WINNT\system32\msbe.dll
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
[ThreadingModel=Apartment
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID
[=ADP.UrlCatcher.1
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\Programmable
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID
[=ADP.UrlCatcher
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
[=ADP UrlCatcher Class
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:59 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:59 AM::Clean Threat eXact.Downloader
(ID:15002) Complete
2/5/2005 6:51:00 AM::Remove Threat (ID:15002) Complete
2/5/2005 6:51:00 AM::Remove Threat (ID:2861)
2/5/2005 6:51:00 AM::Clean Threat eXact.BargainBuddy (ID:2861)
2/5/2005 6:51:02 AM::Removing file c:\winnt\system32\bbchk.exe
2/5/2005 6:51:03 AM:isable file
c:\winnt\system32\bbchk.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\DF4F0616-4DF5-43FD-96A0-294C7A
2/5/2005 6:51:03 AM::Removing file c:\program
files\bullseye network\uninstall.exe
2/5/2005 6:51:04 AM:isable file c:\program files\bullseye
network\uninstall.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\B0534DE7-4EFC-4FCA-9F15-3197D8
2/5/2005 6:51:04 AM::Removing file c:\program
files\bullseye network\bin\adv.exe
2/5/2005 6:51:05 AM:isable file c:\program files\bullseye
network\bin\adv.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\DBC5500C-AA8E-493F-9B6B-F18738
2/5/2005 6:51:05 AM::Removing file c:\program
files\bullseye network\bin\adx.exe
2/5/2005 6:51:05 AM:isable file c:\program files\bullseye
network\bin\adx.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\3C43FCD0-7223-46BF-B6B3-F31D71
2/5/2005 6:51:05 AM::Removing file c:\winnt\system32\mscb.dll
2/5/2005 6:51:11 AM::Removing BHO
{CE188402-6EE7-4022-8868-AB25173A3E14} for file
c:\winnt\system32\mscb.dll
2/5/2005 6:51:11 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14} [=
2/5/2005 6:51:11 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:11 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:13 AM::Unregistering COM entry points for
file c:\winnt\system32\mscb.dll
2/5/2005 6:51:13 AM:isable file
c:\winnt\system32\mscb.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\11D52AC0-38B5-499F-9152-278A15
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_auto_wider.swf
2/5/2005 6:51:13 AM:isable file c:\temp\bb_auto_wider.swf
and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\74AC403C-643D-4FD2-A2E2-CF864D
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_click_wider.swf
2/5/2005 6:51:13 AM:isable file
c:\temp\bb_click_wider.swf and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\FA245D66-65FA-4CD6-B868-5D2E1E
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_welcome.html
2/5/2005 6:51:13 AM:isable file c:\temp\bb_welcome.html
and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\5307BA61-6B08-4D4E-9FA5-98343D
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_welcome1.swf
2/5/2005 6:51:13 AM:isable file c:\temp\bb_welcome1.swf
and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\5C66E034-DD43-4CDC-8FCC-BC87B9
2/5/2005 6:51:13 AM::Removing file c:\program
files\bullseye network\ub.dat
2/5/2005 6:51:13 AM:isable file c:\program files\bullseye
network\ub.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\12862B52-EE31-4125-990A-FFB644
2/5/2005 6:51:13 AM::Removing file c:\program
files\bullseye network\ad.dat
2/5/2005 6:51:13 AM:isable file c:\program files\bullseye
network\ad.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\366A7DF5-5BF1-4997-AB7F-945523
2/5/2005 6:51:13 AM:elete folder c:\program
files\bullseye network\
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
[=C:\WINNT\system32\mscb.dll
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
[ThreadingModel=Apartment
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\ProgID
[=CB.UrlCatcher.1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\ProgID
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\Programmable
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\VersionIndependentProgID
[=CB.UrlCatcher
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\VersionIndependentProgID
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
[=CB UrlCatcher Class
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MainDir=C:\Program
Files\BullsEye Network
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [Binary=bin
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ConfigUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ADDataUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[SoftwareUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ServerName=adpopper.outblaze.com
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ServerPath=/scripts/adpopper/webservice.main?type=upload
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[TrackingServerPath=/scripts/adpopper/webservice.main?type=tracking
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[TrackingGIFURL=[URL]http://www.bullseye-network.com/dcs_trk/MEDIAWHIZ3/be/be_install.gif[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[SliderLegalText=Bullseye Network Offer
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [ServerPort=80
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [UpdateQueryDuration=86400
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[UpdateQueryFailedDuration=1200
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [BuildNumber=8034
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [AdvDelaySec=15
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [TrackingFileFlag=0
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [FirstHit=0
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [PartnerID=453
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [PartnerName=MEDIAWHIZ3
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[SystemInstallTime=1106450161
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[UniqueKey=<MEDIAWHIZ3>113243363:15886:8034:1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [IdleMinutesThreshold=5
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MinMinutesBetweenTwoADs=2
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MaxDomainCap=3
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[MinCountOfUrlsBetweenTwoADs=4
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MaxDailyCapPerUSer=20
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [ConfigVersion=7
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [ADDataVersion=1107415936
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [LastQueryTime=1107524668
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\software\bargains
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy [



=
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy [Changed=0
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[DisplayName=The BullsEye Network
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[UninstallString=C:\Program Files\BullsEye
Network\Uninstall.exe
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[Publisher=eXact Advertising
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[URLInfoAbout=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[DisplayVersion=8.0.3.4
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[DisplayIcon=C:\Program Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[NoModify=1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[NoRepair=1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
2/5/2005 6:51:13 AM::Clean Threat eXact.BargainBuddy
(ID:2861) Complete
2/5/2005 6:51:14 AM::Remove Threat (ID:2861) Complete
2/5/2005 6:51:14 AM::Remove Threat (ID:15030)
2/5/2005 6:51:14 AM::Clean Threat eXact.ISEXEng (ID:15030)
2/5/2005 6:51:15 AM::Removing file c:\winnt\autoheal.exe
2/5/2005 6:51:16 AM:isable file c:\winnt\autoheal.exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\3093E076-4F4E-4E1E-9584-F768D8\3CDCD165-7E20-4341-BD87-685EC8
2/5/2005 6:51:16 AM::Clean Threat eXact.ISEXEng (ID:15030)
Complete
2/5/2005 6:51:16 AM::Remove Threat (ID:15030) Complete
2/5/2005 6:51:16 AM::Remove Threat (ID:9466)
2/5/2005 6:51:16 AM::Clean Threat Altnet P2P Networking
(ID:9466)
2/5/2005 6:51:17 AM::Removing file c:\documents and
settings\administrator\local settings\temp\p2psetup.exe
2/5/2005 6:51:18 AM:isable file c:\documents and
settings\administrator\local settings\temp\p2psetup.exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\A3322678-9542-4A0C-9194-8B4475\4A6DA402-C507-47A7-A477-472FC6
2/5/2005 6:51:18 AM::Removing file c:\documents and
settings\administrator\local settings\temp\temporary
internet files\content.ie5\klwr05w7\p2psetup[1].exe
2/5/2005 6:51:19 AM:isable file c:\documents and
settings\administrator\local settings\temp\temporary
internet files\content.ie5\klwr05w7\p2psetup[1].exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\A3322678-9542-4A0C-9194-8B4475\5162A74D-3793-4632-BC59-622CF6
2/5/2005 6:51:20 AM::Clean Threat Altnet P2P Networking
(ID:9466) Complete
2/5/2005 6:51:20 AM::Remove Threat (ID:9466) Complete
2/5/2005 6:51:20 AM::Remove Threat (ID:9636)
2/5/2005 6:51:20 AM::Clean Threat PeopleOnPage (ID:9636)
2/5/2005 6:51:21 AM::Removing file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atla.dll
2/5/2005 6:51:29 AM:isable file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atla.dll and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\E5B536D3-6934-4C57-A3F4-549B2F
2/5/2005 6:51:29 AM::Removing file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atlw.dll
2/5/2005 6:51:38 AM:isable file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atlw.dll and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\0B4B1266-6F7F-4BD2-8DC3-AC9EB7
2/5/2005 6:51:38 AM::Removing file c:\program
files\aitwo\ace.dll
2/5/2005 6:51:46 AM:isable file c:\program
files\aitwo\ace.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\217A97BF-8300-496A-B888-5D77CD
2/5/2005 6:51:46 AM::Removing file c:\program
files\aitwo\atl.dll
2/5/2005 6:51:55 AM:isable file c:\program
files\aitwo\atl.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\9146EEE9-C852-49A1-AE85-F15BC0
2/5/2005 6:51:55 AM::Clean Threat PeopleOnPage (ID:9636)
Complete
2/5/2005 6:51:55 AM::Remove Threat (ID:9636) Complete
2/5/2005 6:51:55 AM::Remove Threat (ID:14108)
2/5/2005 6:51:55 AM::Clean Threat Web P2P Installer (ID:14108)
2/5/2005 6:51:56 AM::Removing file c:\documents and
settings\ankur\desktop\backup-20041221-173828-633.dll
2/5/2005 6:52:04 AM:isable file c:\documents and
settings\ankur\desktop\backup-20041221-173828-633.dll and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\0AA3652B-E434-4C1D-B197-7B8CD2\EEA17204-0D59-4776-BFDF-84206C
2/5/2005 6:52:04 AM::Clean Threat Web P2P Installer
(ID:14108) Complete
2/5/2005 6:52:05 AM::Remove Threat (ID:14108) Complete
2/5/2005 6:52:05 AM::Remove Threat (ID:14137)
2/5/2005 6:52:05 AM::Clean Threat MyWebSearch Toolbar
(ID:14137)
2/5/2005 6:52:05 AM::Removing file c:\program files\msn
messenger\riched20.dll
2/5/2005 6:52:14 AM:isable file c:\program files\msn
messenger\riched20.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\4F9EA4E1-9879-4AC5-A5D6-5B3170\48E6EA35-9D8B-4D73-9ECF-2ADDCC
2/5/2005 6:52:14 AM::Clean Threat MyWebSearch Toolbar
(ID:14137) Complete
2/5/2005 6:52:14 AM::Remove Threat (ID:14137) Complete
2/5/2005 6:52:14 AM::Remove Threat (ID:4992)
2/5/2005 6:52:14 AM::Clean Threat eXact Search Bar (ID:4992)
2/5/2005 6:52:15 AM::Removing file c:\program
files\cashback\uninstall.exe
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\uninstall.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\356D603E-325F-412B-96B4-847B62
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\template.html
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\template.html and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\C438CA91-FF9E-446D-A35C-65E938
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\template2.html
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\template2.html and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\1A3782AA-2355-4D6A-B4EB-C02035
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_click_wider.swf
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_click_wider.swf and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\256E9EC2-EC26-4625-BCF9-220806
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_auto_wider.swf
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_auto_wider.swf and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\B6CF722D-08E4-4B8B-9A5A-BCDC16
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_welcome.html
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_welcome.html and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\32B327B1-D2AD-49D7-BCF7-6AFC89
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_welcome1.swf
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_welcome1.swf and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\B3EE8088-A9AA-4876-8A11-1AE936
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\blank.gif
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\blank.gif and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\17214216-E3D3-4124-A5CC-50D388
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\icon.gif
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\icon.gif and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\797951EC-F739-4020-8277-E247FA
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\logo.gif
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\logo.gif and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\8DA56765-1DF5-46E3-930B-BCF074
2/5/2005 6:52:16 AM:elete folder c:\program files\cashback\
2/5/2005 6:52:16 AM::Clean Threat eXact Search Bar
(ID:4992) Complete
2/5/2005 6:52:16 AM::Remove Threat (ID:4992) Complete
2/5/2005 6:52:16 AM::Remove Threat (ID:14901)
2/5/2005 6:52:16 AM::Clean Threat eXact.CashBack (ID:14901)
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [MainDir=C:\Program
Files\CashBack
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [Binary=bin
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ConfigUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ADDataUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SoftwareUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ServerName=adpopper.outblaze.com
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ServerPath=/scripts/adpopper/webservice.main?type=upload
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[TrackingServerPath=/scripts/adpopper/webservice.main?type=tracking
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[TrackingGIFURL=[URL]http://www.bullseye-network.com/dcs_trk/MEDIAWHIZ3/cb/cb_install.gif[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [AffiliateURLUID=p002%s
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [AutoFlashParam=10 2
%s 300 140 1 0 1 5 1 0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[AutoSwfURL=bb_auto_wider.swf
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [ClickFlashParam=10 3
%s 300 140 1 0 1 25 1 0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ClickSwfURL=bb_click_wider.swf
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBUpdateAccParam=email=%s&pass=%s
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBSignupWelcomeParam=17 1 c:\temp\bb_welcome.html 300 200
1 0 1 60 1 0 %s %s %s %s %s %d %s
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBBalance=0.0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML00=<HTML><HEAD><meta http-equiv=Content-Type
content="text/html;
charset=ISO-8859-1"><TITLE>bb_auto</TITLE></HEAD><BODY
bgcolor="#FFFFFF" leftmargin="0" topmargin="0"
marginwidth="0" marginheight="0">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML01=<OBJECT
classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="[URL]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0[/URL]"
WIDTH="300" HEIGHT="140" id="bb_auto_wider" ALIGN="">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML02=<PARAM
NAME=movie VALUE="%s?merchant=%s&money=%s"><PARAM
NAME=quality VALUE=high><PARAM NAME=bgcolor VALUE=#FFFFFF>
<EMBED src="%s" quality=high bgcolor=#FFFFFF WIDTH="300"
HEIGHT="140"
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML03=NAME="bb_auto_wider" ALIGN=""
TYPE="application/x-shockwave-flash"
PLUGINSPAGE="[URL]http://www.macromedia.com/go/getflashplayer[/URL]"></EMBED></OBJECT></BODY></HTML>
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML04=
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML05=<HTML><HEAD><meta http-equiv=Content-Type
content="text/html;
charset=ISO-8859-1"><TITLE>bb_click</TITLE><script
language="javascript">function openWin(){var
myWin=window.open("%s","","width="+screen.width+",
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML06=height="+screen.height+
",top=0,left=0,menubar=1,scrollbars=1,toolbar=1,status=0,resizable=1,location=1");}</script></HEAD><BODY
bgcolor="#FFFFFF" leftmargin="0" topmargin="0"
marginwidth="0" arginheight="0">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML07=<OBJECT
classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="[URL]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0[/URL]"
WIDTH="300" HEIGHT="140" id="bb_click_wider" ALIGN="">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML08=<PARAM
NAME=movie VALUE="%s?dURL=%s&merchant=%s&money=%s"> <PARAM
NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE=#FFFFFF>
<EMBED src="%s"
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML09=quality=high bgcolor=#FFFFFF WIDTH="300"
HEIGHT="140" NAME="bb_click_wider" ALIGN=""
TYPE="application/x-shockwave-flash"
PLUGINSPAGE="[URL]http://www.macromedia.com/go/getflashplayer[/URL]"></EMBED></OBJECT></BODY></HTML>
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBSignUpURL=pid=%s&info[first]=&info[last]=&info[password_in]=%s&info[password2_in]=%s&info[agree]=1&info[want_lottery]=1&submit1=1&text=1&no_email=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBServer=[URL="http://www.cashbackbuddy.com"]www.cashbackbuddy.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [ServerPort=80
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [Referral=0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [UpdateQueryDuration=86400
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[UpdateQueryFailedDuration=1200
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [BuildNumber=8034
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBSignupFailedDuration=1200
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBIconAnimationEnable=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBSliderEnable=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBBalloonMsgEnable=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBSignUpDelay=600
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [TrackingFileFlag=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [FirstHit=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [PartnerName=MEDIAWHIZ3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [PartnerID=453
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
2/5/2005 6:52:17 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [BuildNumber=8034
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[FirstHitUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UninstallUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UniqueKeyUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UtilFolder=C:\WINNT\system32
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[InstallOccurUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[AlreadyInstalledUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PartnerName=MEDIAWHIZ3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PartnerID=453
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[NewPartnerName=MEDIAWHIZ3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [System=1,2,3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
2/5/2005 6:52:17 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
2/5/2005 6:52:17 AM:elete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[CashBack=C:\Program Files\CashBack\bin\cashback.exe]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[DisplayName=CashBack by BargainBuddy
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[UninstallString=C:\Program Files\CashBack\Uninstall.exe
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[Publisher=eXact Advertising
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[DisplayVersion=8.0.3.4
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[URLInfoAbout=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[Readme=[URL]http://www.cashbackbuddy.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[HelpLink=[URL]http://www.cashbackbuddy.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[DisplayIcon=C:\Program Files\CashBack\bin\cb.exe
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[NoModify=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[NoRepair=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
2/5/2005 6:52:17 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
2/5/2005 6:52:17 AM::Clean Threat eXact.CashBack (ID:14901)
Complete
2/5/2005 6:52:17 AM::Remove Threat (ID:14901) Complete
2/5/2005 6:52:18 AM::Unititializing Clean
2/5/2005 6:52:18
AM::------------------------------------------------------------------
2/5/2005 10:14:13
PM::------------------------------------------------
2/5/2005 10:14:13 PM::Starting GIANT AS Cleaner
2/5/2005 10:14:13 PM::Running all Cleaner deletes
2/5/2005 10:14:13 PM::---Starting Quick Cleaner DelFolders
2/5/2005 10:14:13 PM::---Starting Quick Cleaner DelRegKeys
2/5/2005 10:14:13 PM::---Starting Quick Cleaner DelRegValues
2/5/2005 10:14:13 PM::Checking threats to clean
2/5/2005 10:14:13 PM::Ending GIANT AS Cleaner
2/5/2005 10:14:13
PM::------------------------------------------------



-----------------------------------------------



[QUOTE]
-----Original Message-----
It might also be useful to see your cleaner.log from the directory Microsoft
Antispyware was installed in--typically c:\program files\microsoft
antispyware. That'd show what was removed which may give a clue.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

hi,
The log file is given below. One more thing, as i noticed
that IE , windows explorer are opening after 5 mts, i
installed IE 6.0 again, but nothing changed. so this log
file comes out of my screwed up system , courtsey spyware.
thanks for you reply ....
------------------------
Logfile of HijackThis v1.99.0
Scan saved at 6:56:33 PM, on 2/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AIUpdate\AIUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\KERB\SideCar.exe
C:\KERB\krbcc32s.exe
C:\Program Files\The Weather Channel\The Weather Channel.exe
C:\Program Files\Arcane Software\Vermillion FTP
Daemon\vftpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) -
{01B5BF6B-E699-4BD7-BEA1-786FA05B83AB} - C:\Program
Files\AITwo\AdMediaPlugin.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{A083EA96-4797-3933-CB48-F3BC0D9B5C59} -
C:\WINNT\system32\mfcnc32.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) -
{86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program
Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SprintPort] "D:\Program
Files\Sprint\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdkvj.exe] C:\WINNT\system32\sdkvj.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AITwoUpdater] "C:\Program
Files\AIUpdate\AIUpdate.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = D:\Program
Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: SideCar.lnk = C:\KERB\SideCar.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer
Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O21 - SSODL: eplrr - {ED7E9F84-EFA3-4772-981E-14B1CEFAB693}
- C:\WINNT\system32\eplrr3.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service
- VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network
Associates, Inc. - C:\Program Files\Network
Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
O23 - Service: OSCM Utility Service - Unknown - D:\Program
Files\Sprint\OSCMUtilityService.exe (file missing)



----------------------------------

-----Original Message-----
Can't promise anything but get HijackThis:

http://tomcoyote.org/hjt/hjt199//HijackThis.exe

(It will fit on a floppy if you can't download it on your
own PC.)

Save then Open it and select the SCAN AND SAVE LOG option.

Note where you save the log and then send it to me. Maybe
I can see what is going wrong.

Ron Kinner MVP

rkinner AT att DOT net
" AT " = "@"
" DOT " = "."



.

.
[/QUOTE]

 

[Bill Sanderson]

Thanks.

I don't have a simple answer here. You haven't completely lost any
functionality, and the fixes I know about--the winsock fix and resetting
TCP/IP are usually useful for complete losses of functionality.

What firewall or router protects your Internet connection?

Have you done a virus scan with current definitions?
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Hi,
Here is the portion from cleaner.log... This contains the
actions taken on 2/5/2005 after which my system got slow.
-----------------------------------------
2/5/2005 2:12:37
AM::------------------------------------------------------------------
2/5/2005 2:12:37 AM::Initializing Clean - (ScanID:
36AC1DAD-3E3B-444E-B759-1E08B0)
2/5/2005 2:12:38 AM::Unititializing Clean
2/5/2005 2:12:38
AM::------------------------------------------------------------------
2/5/2005 6:50:32
AM::------------------------------------------------------------------
2/5/2005 6:50:32 AM::Initializing Clean - (ScanID:
36AC1DAD-3E3B-444E-B759-1E08B0)
2/5/2005 6:50:32 AM::Remove Threat (ID:14903)
2/5/2005 6:50:32 AM::Clean Threat eXact.BullseyeNetwork
(ID:14903)
2/5/2005 6:50:33 AM::Suspending 365 process thread(s) for
C:\Program Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:50:33 AM::Removing file C:\Program
Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:50:34 AM::Removed registry auto start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[BullsEye Network=C:\Program Files\BullsEye
Network\bin\bargains.exe]
2/5/2005 6:50:34 AM::Terminating process C:\Program
Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:50:34 AM:isable file C:\Program Files\BullsEye
Network\bin\bargains.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\238857E1-073F-4791-BDF2-CC5F9F\14F7F19F-9985-467A-98B5-5BF613
2/5/2005 6:50:34 AM::Clean Threat eXact.BullseyeNetwork
(ID:14903) Complete
2/5/2005 6:50:35 AM::Remove Threat (ID:14903) Complete
2/5/2005 6:50:35 AM::Remove Threat (ID:14902)
2/5/2005 6:50:35 AM::Clean Threat eXact.NaviSearch (ID:14902)
2/5/2005 6:50:35 AM::Suspending 363 process thread(s) for
C:\Program Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:36 AM::Removing file C:\Program
Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:36 AM::Removed registry auto start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[NaviSearch=C:\Program Files\NaviSearch\bin\nls.exe]
2/5/2005 6:50:36 AM::Terminating process C:\Program
Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:37 AM:isable file C:\Program
Files\NaviSearch\bin\nls.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\9CF60D39-BFC7-433B-8A72-D02173
2/5/2005 6:50:37 AM::Removing file c:\program
files\navisearch\uninstall.exe
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\uninstall.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\84F54761-1529-4B6E-9A41-35B54E
2/5/2005 6:50:39 AM::Removing file c:\program
files\navisearch\ub.dat
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\ub.dat and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\C57AB9DD-4A47-465D-A278-DB3B4A
2/5/2005 6:50:39 AM::Removing file c:\program
files\navisearch\ad.dat
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\ad.dat and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\880E1601-D123-4DEE-9334-196E83
2/5/2005 6:50:39 AM::Removing file c:\program
files\navisearch\t1107586579.dec
2/5/2005 6:50:39 AM:isable file c:\program
files\navisearch\t1107586579.dec and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\B6ED9F47-A769-46BD-8103-CCB0D6\045321AF-F8EF-489B-ACFC-CADF47
2/5/2005 6:50:39 AM:elete folder c:\program files\navisearch\
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[DisplayName=NaviSearch
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[UninstallString=C:\Program Files\NaviSearch\Uninstall.exe
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[Publisher=eXact Advertising
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[DisplayVersion=8.0.3.4
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[URLInfoAbout=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[Readme=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[DisplayIcon=C:\Program Files\NaviSearch\bin\nls.exe
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[HelpLink=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[NoModify=1
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
[NoRepair=1
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
2/5/2005 6:50:39 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [MainDir=C:\Program
Files\NaviSearch
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [Binary=bin
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ConfigUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ADDataUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[SoftwareUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ServerName=adpopper.outblaze.com
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ServerPath=/scripts/adpopper/webservice.main?type=upload
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[TrackingServerPath=/scripts/adpopper/webservice.main?type=tracking
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[TrackingGIFURL=[URL]http://www.bullseye-network.com/dcs_trk/MEDIAWHIZ3/nls/nls_install.gif[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ErrLandingURL=[URL]http://www.navisearch.net/search.php[/URL]
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[ErrLandingQuery=?Keywords=%s&partner=BB
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [ADDataVersion=100
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [ServerPort=80
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[UpdateQueryDuration=86400
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[UpdateQueryFailedDuration=3600
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [BuildNumber=8034
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [TrackingURLCount=2
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [TrackingURLEnable=1
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [TrackingFileFlag=0
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [UseSearchAsst=no
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[SearchAssistant=[URL]http://ie.search.msn.com/[/URL]{SUB_RFC1766}/srchasst/srchcust.htm
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [FirstHit=0
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [PartnerID=453
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [PartnerName=MEDIAWHIZ3
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[SystemInstallTime=1106450161
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[UniqueKey=<MEDIAWHIZ3>113243361:16032:8034:2
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch [ConfigVersion=5
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
[LastQueryTime=1107524633
2/5/2005 6:50:39 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
2/5/2005 6:50:39 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
2/5/2005 6:50:39 AM::Clean Threat eXact.NaviSearch
(ID:14902) Complete
2/5/2005 6:50:39 AM::Remove Threat (ID:14902) Complete
2/5/2005 6:50:39 AM::Remove Threat (ID:15002)
2/5/2005 6:50:39 AM::Clean Threat eXact.Downloader (ID:15002)
2/5/2005 6:50:40 AM::Removing file c:\winnt\system32\nvms.dll
2/5/2005 6:50:48 AM::Removing BHO
{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} for file
c:\winnt\system32\nvms.dll
2/5/2005 6:50:48 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} [=
2/5/2005 6:50:48 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:48 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:50 AM::Unregistering COM entry points for
file c:\winnt\system32\nvms.dll
2/5/2005 6:50:50 AM:isable file
c:\winnt\system32\nvms.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\7D47F488-94BA-4FBC-8A58-FFAC5F\552ACD3A-216C-401A-B089-1DE845
2/5/2005 6:50:50 AM::Removing file c:\winnt\system32\msbe.dll
2/5/2005 6:50:56 AM::Removing BHO
{F4E04583-354E-4076-BE7D-ED6A80FD66DA} for file
c:\winnt\system32\msbe.dll
2/5/2005 6:50:56 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} [=
2/5/2005 6:50:56 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:56 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:59 AM::Unregistering COM entry points for
file c:\winnt\system32\msbe.dll
2/5/2005 6:50:59 AM:isable file
c:\winnt\system32\msbe.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\7D47F488-94BA-4FBC-8A58-FFAC5F\BDF4C3FB-853F-4AEF-ACDB-66D5A2
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
[=C:\WINNT\system32\nvms.dll
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
[ThreadingModel=Apartment
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\ProgID
[=NLS.UrlCatcher.1
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\ProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\Programmable
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\VersionIndependentProgID
[=NLS.UrlCatcher
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\VersionIndependentProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
[=NLS UrlCatcher Class
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:59 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
[=C:\WINNT\system32\msbe.dll
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
[ThreadingModel=Apartment
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID
[=ADP.UrlCatcher.1
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\Programmable
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID
[=ADP.UrlCatcher
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
[=ADP UrlCatcher Class
2/5/2005 6:50:59 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:59 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
2/5/2005 6:50:59 AM::Clean Threat eXact.Downloader
(ID:15002) Complete
2/5/2005 6:51:00 AM::Remove Threat (ID:15002) Complete
2/5/2005 6:51:00 AM::Remove Threat (ID:2861)
2/5/2005 6:51:00 AM::Clean Threat eXact.BargainBuddy (ID:2861)
2/5/2005 6:51:02 AM::Removing file c:\winnt\system32\bbchk.exe
2/5/2005 6:51:03 AM:isable file
c:\winnt\system32\bbchk.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\DF4F0616-4DF5-43FD-96A0-294C7A
2/5/2005 6:51:03 AM::Removing file c:\program
files\bullseye network\uninstall.exe
2/5/2005 6:51:04 AM:isable file c:\program files\bullseye
network\uninstall.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\B0534DE7-4EFC-4FCA-9F15-3197D8
2/5/2005 6:51:04 AM::Removing file c:\program
files\bullseye network\bin\adv.exe
2/5/2005 6:51:05 AM:isable file c:\program files\bullseye
network\bin\adv.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\DBC5500C-AA8E-493F-9B6B-F18738
2/5/2005 6:51:05 AM::Removing file c:\program
files\bullseye network\bin\adx.exe
2/5/2005 6:51:05 AM:isable file c:\program files\bullseye
network\bin\adx.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\3C43FCD0-7223-46BF-B6B3-F31D71
2/5/2005 6:51:05 AM::Removing file c:\winnt\system32\mscb.dll
2/5/2005 6:51:11 AM::Removing BHO
{CE188402-6EE7-4022-8868-AB25173A3E14} for file
c:\winnt\system32\mscb.dll
2/5/2005 6:51:11 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14} [=
2/5/2005 6:51:11 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:11 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:13 AM::Unregistering COM entry points for
file c:\winnt\system32\mscb.dll
2/5/2005 6:51:13 AM:isable file
c:\winnt\system32\mscb.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\11D52AC0-38B5-499F-9152-278A15
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_auto_wider.swf
2/5/2005 6:51:13 AM:isable file c:\temp\bb_auto_wider.swf
and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\74AC403C-643D-4FD2-A2E2-CF864D
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_click_wider.swf
2/5/2005 6:51:13 AM:isable file
c:\temp\bb_click_wider.swf and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\FA245D66-65FA-4CD6-B868-5D2E1E
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_welcome.html
2/5/2005 6:51:13 AM:isable file c:\temp\bb_welcome.html
and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\5307BA61-6B08-4D4E-9FA5-98343D
2/5/2005 6:51:13 AM::Removing file c:\temp\bb_welcome1.swf
2/5/2005 6:51:13 AM:isable file c:\temp\bb_welcome1.swf
and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\5C66E034-DD43-4CDC-8FCC-BC87B9
2/5/2005 6:51:13 AM::Removing file c:\program
files\bullseye network\ub.dat
2/5/2005 6:51:13 AM:isable file c:\program files\bullseye
network\ub.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\12862B52-EE31-4125-990A-FFB644
2/5/2005 6:51:13 AM::Removing file c:\program
files\bullseye network\ad.dat
2/5/2005 6:51:13 AM:isable file c:\program files\bullseye
network\ad.dat and quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\E7F87728-1E19-46F1-B7D1-762F6E\366A7DF5-5BF1-4997-AB7F-945523
2/5/2005 6:51:13 AM:elete folder c:\program
files\bullseye network\
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
[=C:\WINNT\system32\mscb.dll
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
[ThreadingModel=Apartment
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\ProgID
[=CB.UrlCatcher.1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\ProgID
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\Programmable
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\VersionIndependentProgID
[=CB.UrlCatcher
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\VersionIndependentProgID
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
[=CB UrlCatcher Class
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MainDir=C:\Program
Files\BullsEye Network
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [Binary=bin
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ConfigUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ADDataUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[SoftwareUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ServerName=adpopper.outblaze.com
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[ServerPath=/scripts/adpopper/webservice.main?type=upload
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[TrackingServerPath=/scripts/adpopper/webservice.main?type=tracking
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[TrackingGIFURL=[URL]http://www.bullseye-network.com/dcs_trk/MEDIAWHIZ3/be/be_install.gif[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[SliderLegalText=Bullseye Network Offer
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [ServerPort=80
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [UpdateQueryDuration=86400
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[UpdateQueryFailedDuration=1200
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [BuildNumber=8034
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [AdvDelaySec=15
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [TrackingFileFlag=0
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [FirstHit=0
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [PartnerID=453
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [PartnerName=MEDIAWHIZ3
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[SystemInstallTime=1106450161
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[UniqueKey=<MEDIAWHIZ3>113243363:15886:8034:1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [IdleMinutesThreshold=5
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MinMinutesBetweenTwoADs=2
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MaxDomainCap=3
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
[MinCountOfUrlsBetweenTwoADs=4
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [MaxDailyCapPerUSer=20
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [ConfigVersion=7
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [ADDataVersion=1107415936
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains [LastQueryTime=1107524668
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\software\bargains
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\software\bargains
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy [



=
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy [Changed=0
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App
Management\ARPCache\BargainBuddy
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[DisplayName=The BullsEye Network
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[UninstallString=C:\Program Files\BullsEye
Network\Uninstall.exe
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[Publisher=eXact Advertising
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[URLInfoAbout=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[DisplayVersion=8.0.3.4
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[DisplayIcon=C:\Program Files\BullsEye Network\bin\bargains.exe
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[NoModify=1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
[NoRepair=1
2/5/2005 6:51:13 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
2/5/2005 6:51:13 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
2/5/2005 6:51:13 AM::Clean Threat eXact.BargainBuddy
(ID:2861) Complete
2/5/2005 6:51:14 AM::Remove Threat (ID:2861) Complete
2/5/2005 6:51:14 AM::Remove Threat (ID:15030)
2/5/2005 6:51:14 AM::Clean Threat eXact.ISEXEng (ID:15030)
2/5/2005 6:51:15 AM::Removing file c:\winnt\autoheal.exe
2/5/2005 6:51:16 AM:isable file c:\winnt\autoheal.exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\3093E076-4F4E-4E1E-9584-F768D8\3CDCD165-7E20-4341-BD87-685EC8
2/5/2005 6:51:16 AM::Clean Threat eXact.ISEXEng (ID:15030)
Complete
2/5/2005 6:51:16 AM::Remove Threat (ID:15030) Complete
2/5/2005 6:51:16 AM::Remove Threat (ID:9466)
2/5/2005 6:51:16 AM::Clean Threat Altnet P2P Networking
(ID:9466)
2/5/2005 6:51:17 AM::Removing file c:\documents and
settings\administrator\local settings\temp\p2psetup.exe
2/5/2005 6:51:18 AM:isable file c:\documents and
settings\administrator\local settings\temp\p2psetup.exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\A3322678-9542-4A0C-9194-8B4475\4A6DA402-C507-47A7-A477-472FC6
2/5/2005 6:51:18 AM::Removing file c:\documents and
settings\administrator\local settings\temp\temporary
internet files\content.ie5\klwr05w7\p2psetup[1].exe
2/5/2005 6:51:19 AM:isable file c:\documents and
settings\administrator\local settings\temp\temporary
internet files\content.ie5\klwr05w7\p2psetup[1].exe and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\A3322678-9542-4A0C-9194-8B4475\5162A74D-3793-4632-BC59-622CF6
2/5/2005 6:51:20 AM::Clean Threat Altnet P2P Networking
(ID:9466) Complete
2/5/2005 6:51:20 AM::Remove Threat (ID:9466) Complete
2/5/2005 6:51:20 AM::Remove Threat (ID:9636)
2/5/2005 6:51:20 AM::Clean Threat PeopleOnPage (ID:9636)
2/5/2005 6:51:21 AM::Removing file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atla.dll
2/5/2005 6:51:29 AM:isable file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atla.dll and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\E5B536D3-6934-4C57-A3F4-549B2F
2/5/2005 6:51:29 AM::Removing file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atlw.dll
2/5/2005 6:51:38 AM:isable file c:\documents and
settings\ankur\local settings\Temp\~admedia0\atlw.dll and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\0B4B1266-6F7F-4BD2-8DC3-AC9EB7
2/5/2005 6:51:38 AM::Removing file c:\program
files\aitwo\ace.dll
2/5/2005 6:51:46 AM:isable file c:\program
files\aitwo\ace.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\217A97BF-8300-496A-B888-5D77CD
2/5/2005 6:51:46 AM::Removing file c:\program
files\aitwo\atl.dll
2/5/2005 6:51:55 AM:isable file c:\program
files\aitwo\atl.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F863C4B3-AC6D-40FF-861B-ED1AC2\9146EEE9-C852-49A1-AE85-F15BC0
2/5/2005 6:51:55 AM::Clean Threat PeopleOnPage (ID:9636)
Complete
2/5/2005 6:51:55 AM::Remove Threat (ID:9636) Complete
2/5/2005 6:51:55 AM::Remove Threat (ID:14108)
2/5/2005 6:51:55 AM::Clean Threat Web P2P Installer (ID:14108)
2/5/2005 6:51:56 AM::Removing file c:\documents and
settings\ankur\desktop\backup-20041221-173828-633.dll
2/5/2005 6:52:04 AM:isable file c:\documents and
settings\ankur\desktop\backup-20041221-173828-633.dll and
quarantine to C:\Program Files\Microsoft
AntiSpyware\Quarantine\0AA3652B-E434-4C1D-B197-7B8CD2\EEA17204-0D59-4776-BFDF-84206C
2/5/2005 6:52:04 AM::Clean Threat Web P2P Installer
(ID:14108) Complete
2/5/2005 6:52:05 AM::Remove Threat (ID:14108) Complete
2/5/2005 6:52:05 AM::Remove Threat (ID:14137)
2/5/2005 6:52:05 AM::Clean Threat MyWebSearch Toolbar
(ID:14137)
2/5/2005 6:52:05 AM::Removing file c:\program files\msn
messenger\riched20.dll
2/5/2005 6:52:14 AM:isable file c:\program files\msn
messenger\riched20.dll and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\4F9EA4E1-9879-4AC5-A5D6-5B3170\48E6EA35-9D8B-4D73-9ECF-2ADDCC
2/5/2005 6:52:14 AM::Clean Threat MyWebSearch Toolbar
(ID:14137) Complete
2/5/2005 6:52:14 AM::Remove Threat (ID:14137) Complete
2/5/2005 6:52:14 AM::Remove Threat (ID:4992)
2/5/2005 6:52:14 AM::Clean Threat eXact Search Bar (ID:4992)
2/5/2005 6:52:15 AM::Removing file c:\program
files\cashback\uninstall.exe
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\uninstall.exe and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\356D603E-325F-412B-96B4-847B62
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\template.html
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\template.html and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\C438CA91-FF9E-446D-A35C-65E938
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\template2.html
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\template2.html and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\1A3782AA-2355-4D6A-B4EB-C02035
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_click_wider.swf
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_click_wider.swf and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\256E9EC2-EC26-4625-BCF9-220806
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_auto_wider.swf
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_auto_wider.swf and quarantine to
C:\Program Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\B6CF722D-08E4-4B8B-9A5A-BCDC16
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_welcome.html
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_welcome.html and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\32B327B1-D2AD-49D7-BCF7-6AFC89
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\bb_welcome1.swf
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\bb_welcome1.swf and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\B3EE8088-A9AA-4876-8A11-1AE936
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\blank.gif
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\blank.gif and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\17214216-E3D3-4124-A5CC-50D388
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\icon.gif
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\icon.gif and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\797951EC-F739-4020-8277-E247FA
2/5/2005 6:52:16 AM::Removing file c:\program
files\cashback\logo.gif
2/5/2005 6:52:16 AM:isable file c:\program
files\cashback\logo.gif and quarantine to C:\Program
Files\Microsoft
AntiSpyware\Quarantine\F3F1D839-A505-46D4-8E99-7332D6\8DA56765-1DF5-46E3-930B-BCF074
2/5/2005 6:52:16 AM:elete folder c:\program files\cashback\
2/5/2005 6:52:16 AM::Clean Threat eXact Search Bar
(ID:4992) Complete
2/5/2005 6:52:16 AM::Remove Threat (ID:4992) Complete
2/5/2005 6:52:16 AM::Remove Threat (ID:14901)
2/5/2005 6:52:16 AM::Clean Threat eXact.CashBack (ID:14901)
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [MainDir=C:\Program
Files\CashBack
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [Binary=bin
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ConfigUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=config&sys=%d[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ADDataUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=data&checksum=%s&sys=%d[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SoftwareUpdateQueryUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&type=software&sys=%d[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ServerName=adpopper.outblaze.com
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ServerPath=/scripts/adpopper/webservice.main?type=upload
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[TrackingServerPath=/scripts/adpopper/webservice.main?type=tracking
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[TrackingGIFURL=[URL]http://www.bullseye-network.com/dcs_trk/MEDIAWHIZ3/cb/cb_install.gif[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [AffiliateURLUID=p002%s
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [AutoFlashParam=10 2
%s 300 140 1 0 1 5 1 0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[AutoSwfURL=bb_auto_wider.swf
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [ClickFlashParam=10 3
%s 300 140 1 0 1 25 1 0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[ClickSwfURL=bb_click_wider.swf
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBUpdateAccParam=email=%s&pass=%s
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBSignupWelcomeParam=17 1 c:\temp\bb_welcome.html 300 200
1 0 1 60 1 0 %s %s %s %s %s %d %s
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBBalance=0.0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML00=<HTML><HEAD><meta http-equiv=Content-Type
content="text/html;
charset=ISO-8859-1"><TITLE>bb_auto</TITLE></HEAD><BODY
bgcolor="#FFFFFF" leftmargin="0" topmargin="0"
marginwidth="0" marginheight="0">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML01=<OBJECT
classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="[URL]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0[/URL]"
WIDTH="300" HEIGHT="140" id="bb_auto_wider" ALIGN="">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML02=<PARAM
NAME=movie VALUE="%s?merchant=%s&money=%s"><PARAM
NAME=quality VALUE=high><PARAM NAME=bgcolor VALUE=#FFFFFF>
<EMBED src="%s" quality=high bgcolor=#FFFFFF WIDTH="300"
HEIGHT="140"
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML03=NAME="bb_auto_wider" ALIGN=""
TYPE="application/x-shockwave-flash"
PLUGINSPAGE="[URL]http://www.macromedia.com/go/getflashplayer[/URL]"></EMBED></OBJECT></BODY></HTML>
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML04=
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML05=<HTML><HEAD><meta http-equiv=Content-Type
content="text/html;
charset=ISO-8859-1"><TITLE>bb_click</TITLE><script
language="javascript">function openWin(){var
myWin=window.open("%s","","width="+screen.width+",
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML06=height="+screen.height+
",top=0,left=0,menubar=1,scrollbars=1,toolbar=1,status=0,resizable=1,location=1");}</script></HEAD><BODY
bgcolor="#FFFFFF" leftmargin="0" topmargin="0"
marginwidth="0" arginheight="0">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML07=<OBJECT
classid="clsid27CDB6E-AE6D-11cf-96B8-444553540000"
codebase="[URL]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0[/URL]"
WIDTH="300" HEIGHT="140" id="bb_click_wider" ALIGN="">
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [SliderHTML08=<PARAM
NAME=movie VALUE="%s?dURL=%s&merchant=%s&money=%s"> <PARAM
NAME=quality VALUE=high> <PARAM NAME=bgcolor VALUE=#FFFFFF>
<EMBED src="%s"
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[SliderHTML09=quality=high bgcolor=#FFFFFF WIDTH="300"
HEIGHT="140" NAME="bb_click_wider" ALIGN=""
TYPE="application/x-shockwave-flash"
PLUGINSPAGE="[URL]http://www.macromedia.com/go/getflashplayer[/URL]"></EMBED></OBJECT></BODY></HTML>
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBSignUpURL=pid=%s&info[first]=&info[last]=&info[password_in]=%s&info[password2_in]=%s&info[agree]=1&info[want_lottery]=1&submit1=1&text=1&no_email=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBServer=[URL="http://www.cashbackbuddy.com"]www.cashbackbuddy.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [ServerPort=80
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [Referral=0
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [UpdateQueryDuration=86400
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[UpdateQueryFailedDuration=1200
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [BuildNumber=8034
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
[CBSignupFailedDuration=1200
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBIconAnimationEnable=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBSliderEnable=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBBalloonMsgEnable=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [CBSignUpDelay=600
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [TrackingFileFlag=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [FirstHit=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [PartnerName=MEDIAWHIZ3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack [PartnerID=453
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
2/5/2005 6:52:17 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [BuildNumber=8034
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[FirstHitUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=first_hit[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UninstallUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%d&survey=%s&type=uninstall[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UniqueKeyUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=partner_query[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[UtilFolder=C:\WINNT\system32
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[InstallOccurUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&sys=%s&type=install_occur[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[AlreadyInstalledUrl=[URL]http://adpopper.outblaze.com/scripts/adpopper/webservice.main?version=%d&pid=%s&expid=%s&type=already_installed&sys=%s[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PartnerName=MEDIAWHIZ3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [PartnerID=453
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
[NewPartnerName=MEDIAWHIZ3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil [System=1,2,3
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
2/5/2005 6:52:17 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
2/5/2005 6:52:17 AM:elete registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[CashBack=C:\Program Files\CashBack\bin\cashback.exe]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[DisplayName=CashBack by BargainBuddy
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[UninstallString=C:\Program Files\CashBack\Uninstall.exe
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[Publisher=eXact Advertising
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[DisplayVersion=8.0.3.4
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[URLInfoAbout=[URL]http://www.exactadvertising.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[Readme=[URL]http://www.cashbackbuddy.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[HelpLink=[URL]http://www.cashbackbuddy.com[/URL]
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[DisplayIcon=C:\Program Files\CashBack\bin\cb.exe
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[NoModify=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
[NoRepair=1
2/5/2005 6:52:17 AM::Removing registry value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
2/5/2005 6:52:17 AM::Removing registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
2/5/2005 6:52:17 AM::Clean Threat eXact.CashBack (ID:14901)
Complete
2/5/2005 6:52:17 AM::Remove Threat (ID:14901) Complete
2/5/2005 6:52:18 AM::Unititializing Clean
2/5/2005 6:52:18
AM::------------------------------------------------------------------
2/5/2005 10:14:13
PM::------------------------------------------------
2/5/2005 10:14:13 PM::Starting GIANT AS Cleaner
2/5/2005 10:14:13 PM::Running all Cleaner deletes
2/5/2005 10:14:13 PM::---Starting Quick Cleaner DelFolders
2/5/2005 10:14:13 PM::---Starting Quick Cleaner DelRegKeys
2/5/2005 10:14:13 PM::---Starting Quick Cleaner DelRegValues
2/5/2005 10:14:13 PM::Checking threats to clean
2/5/2005 10:14:13 PM::Ending GIANT AS Cleaner
2/5/2005 10:14:13
PM::------------------------------------------------



-----------------------------------------------



[QUOTE]
-----Original Message-----
It might also be useful to see your cleaner.log from the directory Microsoft
Antispyware was installed in--typically c:\program files\microsoft
antispyware. That'd show what was removed which may give a clue.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

hi,
The log file is given below. One more thing, as i noticed
that IE , windows explorer are opening after 5 mts, i
installed IE 6.0 again, but nothing changed. so this log
file comes out of my screwed up system , courtsey spyware.
thanks for you reply ....
------------------------
Logfile of HijackThis v1.99.0
Scan saved at 6:56:33 PM, on 2/9/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common
Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common
Framework\UpdaterUI.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
D:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\AIUpdate\AIUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\KERB\SideCar.exe
C:\KERB\krbcc32s.exe
C:\Program Files\The Weather Channel\The Weather Channel.exe
C:\Program Files\Arcane Software\Vermillion FTP
Daemon\vftpd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
{87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) -
{01B5BF6B-E699-4BD7-BEA1-786FA05B83AB} - C:\Program
Files\AITwo\AdMediaPlugin.dll
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -
{A083EA96-4797-3933-CB48-F3BC0D9B5C59} -
C:\WINNT\system32\mfcnc32.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) -
{86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program
Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SprintPort] "D:\Program
Files\Sprint\SprintPort\SprintPortA.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdkvj.exe] C:\WINNT\system32\sdkvj.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [AITwoUpdater] "C:\Program
Files\AIUpdate\AIUpdate.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Image Transfer.lnk = D:\Program
Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: SideCar.lnk = C:\KERB\SideCar.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program
Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: AIM -
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O15 - Trusted IP range: (HKLM)
O16 - DPF: Yahoo! Bridge -
http://download.games.yahoo.com/games/clients/y/bt1_x.cab
O16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer
Control) - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O21 - SSODL: eplrr - {ED7E9F84-EFA3-4772-981E-14B1CEFAB693}
- C:\WINNT\system32\eplrr3.dll (file missing)
O23 - Service: Logical Disk Manager Administrative Service
- VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service - Network
Associates, Inc. - C:\Program Files\Network
Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network
Associates, Inc. - C:\Program Files\Network
Associates\VirusScan\vstskmgr.exe
O23 - Service: OSCM Utility Service - Unknown - D:\Program
Files\Sprint\OSCMUtilityService.exe (file missing)



----------------------------------

-----Original Message-----
Can't promise anything but get HijackThis:

http://tomcoyote.org/hjt/hjt199//HijackThis.exe

(It will fit on a floppy if you can't download it on your
own PC.)

Save then Open it and select the SCAN AND SAVE LOG option.

Note where you save the log and then send it to me. Maybe
I can see what is going wrong.

Ron Kinner MVP

rkinner AT att DOT net
" AT " = "@"
" DOT " = "."



.

.
[/QUOTE]