1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

SurfSideKick Pop-Ups and more.....

Discussion in 'Virus & Other Malware Removal' started by mando2123, Jul 23, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    My computer is giving me some SurfSideKick 3 pop-ups. Can someone help me out with this HJT Log. It's putting Icons on my desktop about travel saving, online dating, etc......Thanks for you help...:D

    Here it is.......

    Logfile of HijackThis v1.99.1
    Scan saved at 3:12:23 PM, on 7/22/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\spoolsv.exe
    C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\mptft.exe
    C:\WINDOWS\System32\ssn6tuu.exe
    C:\windows\system32\oodsregp.exe
    C:\WINDOWS\System32\redistributor.exe
    C:\Program Files\System Files\System.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\swinppez.exe
    C:\WINDOWS\System32\ssec.exe
    C:\WINDOWS\System32\nr1rnqm8.exe
    C:\WINDOWS\System32\tfthot.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Armando\Desktop\HijackThis.exe
    C:\PROGRA~1\YAHOO!\BROWSER\YBROWSER.EXE
    C:\WINDOWS\cfg32a.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\PROGRA~1\Yahoo!\YUM\yum.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\prbwa.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,amhaluo.exe
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
    O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\System32\x3cqp0.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
    O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
    O4 - HKLM\..\Run: [{E9-90-09-9B-ZN}] C:\windows\system32\oodsregp.exe CORN003
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\swinppez.exe CORN003
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinppez.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
    O20 - AppInit_DLLs: repairs303169587.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\System32\redist.dll
    O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\s8puli7918.dll
    O23 - Service: AolSoftware (aolsoftware) - Unknown owner - C:\WINDOWS\spoolsv.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    start with

    Please download Look2Me-Destroyer.exe to your desktop.

    * Close all windows before continuing.
    * Double-click Look2Me-Destroyer.exe to run it.
    * Put a check next to Run this program as a task.
    * You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
    * When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
    * Once it's done scanning, click the Remove L2M button.
    * You will receive a Done Scanning message, click OK.
    * When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    * Your computer will then shutdown.
    * Turn your computer back on.
    * Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

    If you receive a message from your firewall about this program accessing the internet please allow it.

    If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
     
  3. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 7/23/2006 11:43:02 AM

    Infected! C:\WINDOWS\system32\mv2ml9f11.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016402.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016452.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016462.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016468.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016474.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016485.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016497.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016505.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016531.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016532.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016533.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016534.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016535.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016536.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016537.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016538.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016557.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016570.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016577.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016585.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016608.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016630.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016634.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016642.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016653.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP160\A0017681.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018702.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018703.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018710.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0021731.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021772.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021773.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021786.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021790.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021807.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021808.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021820.dll
    Infected! C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021821.dll
    Infected! C:\WINDOWS\system32\anmparse.dll
    Infected! C:\WINDOWS\system32\cjpbk32.dll
    Infected! C:\WINDOWS\system32\cposys.dll
    Infected! C:\WINDOWS\system32\dn8o01l3e.dll
    Infected! C:\WINDOWS\system32\e6200gfme62a0.dll
    Infected! C:\WINDOWS\system32\j2n2lc5o1f.dll
    Infected! C:\WINDOWS\system32\jtju0719e.dll
    Infected! C:\WINDOWS\system32\mirdim.dll
    Infected! C:\WINDOWS\system32\mv2ml9f11.dll
    Infected! C:\WINDOWS\system32\mzc71.dll
    Infected! C:\WINDOWS\system32\sqsvcs.dll
    Infected! C:\WINDOWS\system32\uahisapi.dll
    Infected! C:\WINDOWS\system32\wcn32spl.dll
    Infected! C:\WINDOWS\System32\guard.tmp

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\mv2ml9f11.dll
    C:\WINDOWS\system32\mv2ml9f11.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016402.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016402.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016452.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016452.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016462.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016462.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016468.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016468.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016474.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016474.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016485.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016485.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016497.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016497.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016505.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016505.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016531.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016531.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016532.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016532.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016533.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016533.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016534.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016534.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016535.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016535.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016536.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016536.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016537.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016537.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016538.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP156\A0016538.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016557.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016557.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016570.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016570.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016577.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP157\A0016577.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016585.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016585.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016608.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016608.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016630.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016630.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016634.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016634.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016642.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016642.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016653.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP158\A0016653.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP160\A0017681.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP160\A0017681.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018702.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018702.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018703.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018703.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018710.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0018710.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0021731.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP161\A0021731.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021772.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021772.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021773.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021773.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021786.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021786.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021790.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021790.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021807.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021807.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021808.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021808.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021820.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021820.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021821.dll
    C:\System Volume Information\_restore{1B9FBC77-A6E8-445F-8384-0A2040A44D1E}\RP165\A0021821.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\anmparse.dll
    C:\WINDOWS\system32\anmparse.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cjpbk32.dll
    C:\WINDOWS\system32\cjpbk32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cposys.dll
    C:\WINDOWS\system32\cposys.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dn8o01l3e.dll
    C:\WINDOWS\system32\dn8o01l3e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\e6200gfme62a0.dll
    C:\WINDOWS\system32\e6200gfme62a0.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\j2n2lc5o1f.dll
    C:\WINDOWS\system32\j2n2lc5o1f.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\jtju0719e.dll
    C:\WINDOWS\system32\jtju0719e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mirdim.dll
    C:\WINDOWS\system32\mirdim.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mv2ml9f11.dll
    C:\WINDOWS\system32\mv2ml9f11.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mzc71.dll
    C:\WINDOWS\system32\mzc71.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\sqsvcs.dll
    C:\WINDOWS\system32\sqsvcs.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\uahisapi.dll
    C:\WINDOWS\system32\uahisapi.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wcn32spl.dll
    C:\WINDOWS\system32\wcn32spl.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\System32\guard.tmp
    C:\WINDOWS\System32\guard.tmp Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{79EEFA4E-2ACC-4A88-8625-C5C2D1ED5501}"
    HKCR\Clsid\{79EEFA4E-2ACC-4A88-8625-C5C2D1ED5501}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9DB78B6C-BC1C-4E09-A8E2-9194637AC0FA}"
    HKCR\Clsid\{9DB78B6C-BC1C-4E09-A8E2-9194637AC0FA}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F809C50C-CAF6-4728-BF52-CE5453EFC07C}"
    HKCR\Clsid\{F809C50C-CAF6-4728-BF52-CE5453EFC07C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{84E5C9CC-DEBC-4430-A957-A57E00D08016}"
    HKCR\Clsid\{84E5C9CC-DEBC-4430-A957-A57E00D08016}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{32A4C0E1-FEBC-41D6-9227-9B8EFDDB4D23}"
    HKCR\Clsid\{32A4C0E1-FEBC-41D6-9227-9B8EFDDB4D23}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3B5C59B6-F90B-4245-ABA6-9C9B949AD8DE}"
    HKCR\Clsid\{3B5C59B6-F90B-4245-ABA6-9C9B949AD8DE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{25A9C42E-5C5B-4663-93C6-1EEE68E8B923}"
    HKCR\Clsid\{25A9C42E-5C5B-4663-93C6-1EEE68E8B923}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4169601D-5A0C-4338-9F78-44D10CFD80C5}"
    HKCR\Clsid\{4169601D-5A0C-4338-9F78-44D10CFD80C5}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E3EB1DEC-9C3F-4448-9FCE-93889DC10F4D}"
    HKCR\Clsid\{E3EB1DEC-9C3F-4448-9FCE-93889DC10F4D}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{142F3247-3D11-45BB-89DF-7545C24140D9}"
    HKCR\Clsid\{142F3247-3D11-45BB-89DF-7545C24140D9}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{51FB28A3-6197-4879-9F41-7B2B18CF3850}"
    HKCR\Clsid\{51FB28A3-6197-4879-9F41-7B2B18CF3850}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A20319D3-DD35-498D-BD8C-753FEA320B6B}"
    HKCR\Clsid\{A20319D3-DD35-498D-BD8C-753FEA320B6B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{117121C2-04B8-4BF4-80DC-A2B0E5A2DAB9}"
    HKCR\Clsid\{117121C2-04B8-4BF4-80DC-A2B0E5A2DAB9}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded


    Logfile of HijackThis v1.99.1
    Scan saved at 12:01:42 PM, on 7/23/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\spoolsv.exe
    C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
    C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\mptft.exe
    C:\WINDOWS\System32\ssec.exe
    C:\WINDOWS\System32\ssn6tuu.exe
    C:\windows\system32\oodsregp.exe
    C:\WINDOWS\System32\redistributor.exe
    C:\Program Files\System Files\System.exe
    C:\WINDOWS\System32\tfthot.exe
    C:\WINDOWS\System32\nr1rnqm8.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\swinppez.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\cfg32a.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Documents and Settings\Armando\Desktop\HijackThis.exe
    C:\WINDOWS\yezyhzxv.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\prbwa.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,amhaluo.exe
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll
    O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll
    O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\System32\x3cqp0.dll
    O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll
    O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\System32\WinNB58.dll
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
    O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
    O4 - HKLM\..\Run: [{E9-90-09-9B-ZN}] C:\windows\system32\oodsregp.exe CORN003
    O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\swinppez.exe CORN003
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\swinppez.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\System32\x3cqp0.dll
    O20 - AppInit_DLLs: repairs303169587.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\System32\redist.dll
    O23 - Service: AolSoftware (aolsoftware) - Unknown owner - C:\WINDOWS\spoolsv.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    next

    download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop
    right click the file and select install, that will reset the zone settings that have been altered

    and also

    Download: ResetProtocolDefaults.reg
    http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

    Locate "ResetProtocolDefaults.reg"
    Right-click and select: Merge (Ok the prompt)

    then uninstall newdot net by following advice here http://www.newdotnet.com/removal.html

    then lets see what these can fix

    first you have the old version of ewido so uninstall it &

    * Download the Trial/Demo version of Ewido Anti Spyware When the trial period expires it becomes freeware with reduced functions but still worth keeping or you have the option of buying a licence for the full version


    EWIDO DOWNLOAD

    * Install ewido.
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the top of the main screen click update
    * Click on Start and let it update.
    * now boot to safe mode by following advice here http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
    * Now run Ewido:
    * Click on scanner then click on settings tab , select all options allowed & set the how to act to recommended actions and set recommended actions to quarantine then set automatically generate reports after every scan & only if threats were found
    * Now press the scan tab. Click the Complete System Scan button to start the scan.
    * When the scan is done you will see a list of infected objects (if any found) At the bottom of the list, Please click on "recommended action"/and choose to Set all Elements to quarantine and check the box "Perform action with all infections".
    If you get a warning about a file being in an archive, please choose *yes* to quarantine the entire archive
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop

    Post back with the ewido scan log

    reboot &

    Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
    • Click the Free Trial link under "Downloads/SpySweeper" to download the program.
    • Install it. Once the program is installed, it will open.
    • It will prompt you to update to the latest definitions, click Yes.
    • Once the definitions are installed, click Options on the left side.
    • Click the Sweep Options tab.
    • Under What to Sweep please put a check next to the following:
      • Sweep Memory
      • Sweep Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Contents of Compressed Files
      • Sweep for Rootkits
      • Please UNCHECK Do not Sweep System Restore Folder.
    • Click Sweep Now on the left side.
    • Click the Start button.
    • When it's done scanning, click the Next button.
    • Make sure everything has a check next to it, then click the Next button.
    • It will remove all of the items found.
    • Click Session Log in the upper right corner, copy everything in that window.
    • Click the Summary tab and click Finish.
    • Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  5. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    the link to remove the newdotnet.com doesn't seem to work....is there another link you can send me to try to remove it?
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    it was down but seems to be working now but ift not skip that part and we can do that afterwards
     
  7. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:19 PM, on 7/23/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\spoolsv.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Documents and Settings\Armando\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\prbwa.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,amhaluo.exe
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [YBrowser] "C:\Program Files\Yahoo!\browser\ybrwicon.exe"
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [{E9-90-09-9B-ZN}] "C:\windows\system32\oodsregp.exe" CORN003
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\Run: [xynkam] C:\WINDOWS\System32\yhjsao.exe reg_run
    O4 - HKCU\..\Run: [Yahoo! Pager] 1
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\JavaSoft\JRE\1.3.1_18\bin\npjava131_18.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - (no file)
    O20 - AppInit_DLLs: repairs303169587.dll
    O20 - Winlogon Notify: logons - C:\WINDOWS\
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AolSoftware (aolsoftware) - Unknown owner - C:\WINDOWS\spoolsv.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 4:46:30 PM 7/23/2006

    + Scan result:



    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\ILCJUL21\AppWrap[1].exe -> Adware.AdURL : No action taken.
    C:\WINDOWS\icont.exe -> Adware.AdURL : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\cfg32[1].exe -> Adware.BookedSpace : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\stub_venthh[1].exe -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\cfg32p.dll -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\cfg32r.dll -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\cfg32s.dll -> Adware.BookedSpace : No action taken.
    C:\WINDOWS\yezyhzxv.exe -> Adware.BookedSpace : No action taken.
    C:\stub_sca3.exe -> Adware.BookedSpace : No action taken.
    C:\stub_venthh.exe -> Adware.BookedSpace : No action taken.
    HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : No action taken.
    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : No action taken.
    HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : No action taken.
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : No action taken.
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : No action taken.
    C:\Program Files\System Files\plugin.dll -> Adware.CASClient : No action taken.
    C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll -> Adware.CommAd : No action taken.
    C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe -> Adware.CommAd : No action taken.
    C:\WINDOWS\system32\sgcdb289.dll -> Adware.IEHelper : No action taken.
    C:\WINDOWS\System32ftuninst.exe -> Adware.Linkmaker : No action taken.
    C:\WINDOWS\system32\ftuninst.exe -> Adware.Linkmaker : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\Installer[1].exe -> Adware.Look2Me : No action taken.
    C:\Installer.exe -> Adware.Look2Me : No action taken.
    C:\Installer3.exe -> Adware.Look2Me : No action taken.
    C:\warebundle.exe -> Adware.Look2Me : No action taken.
    C:\warebundle3.exe -> Adware.Look2Me : No action taken.
    C:\warebundlenewer.exe -> Adware.Look2Me : No action taken.
    C:\WINDOWS\system32\WinDmy.dll -> Adware.Mirar : No action taken.
    C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : No action taken.
    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\RB9KNVMF\NNSCAA638[1].EXE -> Adware.NewDotNet : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\NNSCAA638[1].EXE -> Adware.NewDotNet : No action taken.
    C:\NNSCAA638.EXE -> Adware.NewDotNet : No action taken.
    C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
    C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : No action taken.
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : No action taken.
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : No action taken.
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : No action taken.
    C:\WINDOWS\system32\rmbjbap.dll -> Adware.PurityScan : No action taken.
    C:\WINDOWS\System32tfthot.exe -> Adware.SearchAssistant : No action taken.
    C:\WINDOWS\system32\tfthot.exe -> Adware.SearchAssistant : No action taken.
    C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : No action taken.
    C:\WINDOWS\system32\ssn6tuu.exe -> Adware.Suggestor : No action taken.
    C:\WINDOWS\system32\x3cqp0.dll -> Adware.Suggestor : No action taken.
    C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
    C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
    C:\WINDOWS\system32\repairs303169587.dll -> Adware.Surfside : No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
    HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
    [296] C:\WINDOWS\system32\repairs303169587.dll -> Adware.Surfside : No action taken.
    [308] C:\WINDOWS\system32\repairs303169587.dll -> Adware.Surfside : No action taken.
    [488] C:\WINDOWS\system32\repairs303169587.dll -> Adware.Surfside : No action taken.
    [516] C:\WINDOWS\system32\repairs303169587.dll -> Adware.Surfside : No action taken.
    C:\Program Files\Common Files\mqfo\mqfod\mqfoc.dll -> Adware.TargetServer : No action taken.
    C:\WINDOWS\system32\ZICORN003.exe -> Adware.ZenoSearch : No action taken.
    C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : No action taken.
    C:\WINDOWS\system32\oodsregp.exe -> Adware.ZenoSearch : No action taken.
    C:\WINDOWS\system32\swinppez.exe -> Adware.ZenoSearch : No action taken.
    C:\WINDOWS\iconu.exe -> Adware.Zestyfind : No action taken.
    C:\WINDOWS\spoolsv.exe -> Backdoor.SdBot.xd : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\keyboard22[1].exe -> Backdoor.VB.ary : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\drsmartload46a[1].exe -> Downloader.Adload.bo : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drma[1].exe -> Downloader.Adload.bo : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\drsmartload45a[1].exe -> Downloader.Adload.bo : No action taken.
    C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bo : No action taken.
    C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bo : No action taken.
    C:\drma.exe -> Downloader.Adload.bo : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drsmartload[1].exe -> Downloader.Adload.br : No action taken.
    C:\kybrded_7.exe -> Downloader.Adload.cu : No action taken.
    C:\nwnmed_7.exe -> Downloader.Adload.cy : No action taken.
    C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : No action taken.
    C:\dist13.exe -> Downloader.Agent.aaf : No action taken.
    C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : No action taken.
    C:\wd7gi8nnew.exe -> Downloader.Agent.ala : No action taken.
    C:\Documents and Settings\LocalService\Application Data\sуmbols\dvdplay.exe -> Downloader.PurityScan.cl : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\!update-3820[1].0000 -> Downloader.PurityScan.cl : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\YX7X7UAO\installerwnus[1].exe -> Downloader.Qoologic.at : No action taken.
    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\2A1X1JXH\installerwnus[1].exe -> Downloader.Qoologic.at : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\installerwnus[1].exe -> Downloader.Qoologic.at : No action taken.
    C:\Documents and Settings\Armando\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : No action taken.
    C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\COIUMBWU\rcverlib[1].exe -> Downloader.Qoologic.ax : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temp\tp7543.exe -> Downloader.Qoologic.ax : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\YX7X7UAO\rcverlib[1].exe -> Downloader.Qoologic.ax : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temp\f4855140.exe -> Downloader.Qoologic.bj : No action taken.
    C:\WINDOWS\system32\efyvm.dat -> Downloader.Qoologic.bj : No action taken.
    [788] C:\WINDOWS\System32\fojsrwy.dll -> Downloader.Qoologic.bj : No action taken.
    C:\WINDOWS\system32\w0087529.dll -> Downloader.Small : No action taken.
    C:\WINDOWS\lt.exe -> Downloader.Small.ajc : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : No action taken.
    C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : No action taken.
    C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : No action taken.
    C:\Program Files\Online Services\horej.dll -> Downloader.Small.ctp : No action taken.
    C:\ac3_0003.exe -> Downloader.Small.cyh : No action taken.
    C:\Program Files\Common Files\mqfo\mqfop.exe -> Downloader.TSUpdate.f : No action taken.
    C:\Program Files\Common Files\mqfo\mqfoa.exe -> Downloader.TSUpdate.l : No action taken.
    C:\Program Files\Common Files\mqfo\mqfom.exe -> Downloader.TSUpdate.n : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : No action taken.
    C:\WINDOWS\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : No action taken.
    C:\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : No action taken.
    C:\Program Files\Common Files\mqfo\mqfol.exe -> Downloader.TSUpdate.p : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\keyboard21[1].exe -> Downloader.VB.ada : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\keyboard20[1].exe -> Downloader.VB.ada : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\newname20[1].exe -> Downloader.VB.adb : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\newname21[1].exe -> Downloader.VB.adb : No action taken.
    C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : No action taken.
    C:\visfx500new.exe -> Dropper.Agent.aie : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\4PQJSPI3\numbsoft[1].exe -> Dropper.Agent.hl : No action taken.
    C:\numbsoft.exe -> Dropper.Agent.hl : No action taken.
    C:\numbsoftnew.exe -> Dropper.Agent.hl : No action taken.
    C:\webnexmknew.exe -> Dropper.Agent.hl : No action taken.
    C:\626_101newer.exe -> Dropper.Agent.mu : No action taken.
    C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\E11EBMPG\SS1001[1].exe -> Dropper.Small.qn : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\SS1001[1].exe -> Dropper.Small.qn : No action taken.
    C:\SS1001.exe -> Dropper.Small.qn : No action taken.
    C:\SS1001newer.exe -> Dropper.Small.qn : No action taken.
    C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : No action taken.
    C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\2XOGQBTO\popup[1].php -> Hijacker.Agent.a : No action taken.
    C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\2XOGQBTO\popup[2].php -> Hijacker.Agent.a : No action taken.
    C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\KPU3SL2B\popup[1].php -> Hijacker.Agent.a : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\4PQJSPI3\popup[2].php -> Hijacker.Agent.a : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\IB13RV5M\popup[2].php -> Hijacker.Agent.a : No action taken.
    C:\WINDOWS\v1201.exe -> Hijacker.Small : No action taken.
    C:\WINDOWS\wallpap.exe -> Hijacker.Small.jf : No action taken.
    C:\WINDOWS\system32\mptft.exe -> Hijacker.StartPage.ajj : No action taken.
    C:\drsmartload45a7d.exe -> Hijacker.VB.fg : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\defender22[1].exe -> Hijacker.VB.ly : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\defender20[1].exe -> Hijacker.VB.ly : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\defender21[1].exe -> Hijacker.VB.ly : No action taken.
    C:\dfndred_7.exe -> Hijacker.VB.nh : No action taken.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\newname22[1].exe -> Hijacker.VB.no : No action taken.
    C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\KVCT5JKQ\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : No action taken.
    C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Kmpads : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Popuptraffic : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Qksrv : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Revenue : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Targetnet : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected]ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Armando\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : No action taken.
    C:\Documents and Settings\Chito\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : No action taken.
    C:\WINDOWS\system32\redist.dll -> Trojan.Agent.sx : No action taken.
    C:\WINDOWS\system32\redistributor.exe -> Trojan.Agent.sx : No action taken.
    [248] C:\WINDOWS\System32\redist.dll -> Trojan.Agent.sx : No action taken.
    C:\WINDOWS\unwn.exe -> Trojan.Qoologic : No action taken.
    C:\WINDOWS\System32ssec.exe -> Trojan.Runner.h : No action taken.
    C:\WINDOWS\system32\ssec.exe -> Trojan.Runner.h : No action taken.
    C:\WINDOWS\system32\nr1rnqm8.exe -> Trojan.Runner.j : No action taken.


    ::Report end
     
  8. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    I have to separate the Spyware Sweeper report since it's too long.....here it goes.....

    9:45 PM: Deletion from quarantine completed. Elapsed time 00:04:56
    9:45 PM: Processing: zedo cookie
    9:45 PM: Processing: zedo cookie
    9:45 PM: Processing: tacoda cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: tickle cookie
    9:45 PM: Processing: atlas dmt cookie
    9:45 PM: Processing: atlas dmt cookie
    9:45 PM: Processing: atlas dmt cookie
    9:45 PM: Processing: top-banners cookie
    9:45 PM: Processing: stopzilla cookie
    9:45 PM: Processing: stlyrics cookie
    9:45 PM: Processing: statcounter cookie
    9:45 PM: Processing: screensavers.com cookie
    9:45 PM: Processing: searchingbooth cookie
    9:45 PM: Processing: searchadnetwork cookie
    9:45 PM: Processing: searchadnetwork cookie
    9:45 PM: Processing: questionmarket cookie
    9:45 PM: Processing: targetnet cookie
    9:45 PM: Processing: partypoker cookie
    9:45 PM: Processing: partypoker cookie
    9:45 PM: Processing: partypoker cookie
    9:45 PM: Processing: specificclick.com cookie
    9:45 PM: Processing: offeroptimizer cookie
    9:45 PM: Processing: revenue.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: myaffiliateprogram.com cookie
    9:45 PM: Processing: tribalfusion cookie
    9:45 PM: Processing: bizrate cookie
    9:45 PM: Processing: nextag cookie
    9:45 PM: Processing: nextag cookie
    9:45 PM: Processing: nextag cookie
    9:45 PM: Processing: maxserving cookie
    9:45 PM: Processing: about cookie
    9:45 PM: Processing: hotbar cookie
    9:45 PM: Processing: trafficmp cookie
    9:45 PM: Processing: trafficmp cookie
    9:45 PM: Processing: valuead cookie
    9:45 PM: Processing: falkag cookie
    9:45 PM: Processing: falkag cookie
    9:45 PM: Processing: falkag cookie
    9:45 PM: Processing: enhance cookie
    9:45 PM: Processing: qksrv cookie
    9:45 PM: Processing: qksrv cookie
    9:45 PM: Processing: zenotecnico cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: adknowledge cookie
    9:45 PM: Processing: adknowledge cookie
    9:45 PM: Processing: adknowledge cookie
    9:45 PM: Processing: upspiral cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: kmpads cookie
    9:45 PM: Processing: kmpads cookie
    9:45 PM: Processing: kmpads cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: directtrack cookie
    9:45 PM: Processing: directtrack cookie
    9:45 PM: Processing: directtrack cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: askmen cookie
    9:45 PM: Processing: askmen cookie
    9:45 PM: Processing: 888 cookie
    9:45 PM: Processing: 888 cookie
    9:45 PM: Processing: 888 cookie
    9:45 PM: Processing: 80503492 cookie
    9:45 PM: Processing: azjmp cookie
    9:45 PM: Processing: azjmp cookie
    9:45 PM: Processing: websponsors cookie
    9:45 PM: Processing: websponsors cookie
    9:45 PM: Processing: popuptraffic cookie
    9:45 PM: Processing: pub cookie
    9:45 PM: Processing: hbmediapro cookie
    9:45 PM: Processing: hbmediapro cookie
    9:45 PM: Processing: cassava cookie
    9:45 PM: Processing: a cookie
    9:45 PM: Processing: banner cookie
    9:45 PM: Processing: banner cookie
    9:45 PM: Processing: atwola cookie
    9:45 PM: Processing: atwola cookie
    9:45 PM: Processing: atwola cookie
    9:45 PM: Processing: ask cookie
    9:45 PM: Processing: ask cookie
    9:45 PM: Processing: ask cookie
    9:45 PM: Processing: burstnet cookie
    9:45 PM: Processing: apmebf cookie
    9:45 PM: Processing: apmebf cookie
    9:45 PM: Processing: overture cookie
    9:45 PM: Processing: adlegend cookie
    9:45 PM: Processing: server.iad.liveperson cookie
    9:45 PM: Processing: tendollars cookie
    9:45 PM: Processing: advertising cookie
    9:45 PM: Processing: advertising cookie
    9:45 PM: Processing: advertising cookie
    9:45 PM: Processing: fastclick cookie
    9:45 PM: Processing: mediaplex cookie
    9:45 PM: Processing: mediaplex cookie
    9:45 PM: Processing: sextracker cookie
    9:45 PM: Processing: sextracker cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: mirar webband
    9:45 PM: Processing: mirar webband
    9:45 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: 7search
    9:44 PM: Processing: 7search
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: trojan-dropper-joiner
    9:43 PM: Processing: trojan-dropper-joiner
    9:43 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: trojan-dh
    9:42 PM: Processing: trojan-dh
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: zquest
    9:42 PM: Processing: zquest
    9:42 PM: Processing: zquest
    9:42 PM: Processing: zquest
    9:42 PM: Processing: trojan-downloader-basebar
    9:42 PM: Processing: trojan-downloader-basebar
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: visfx
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:40 PM: Processing: trojan-downloader-ac2
    9:40 PM: Processing: trojan-downloader-ac2
    9:40 PM: Processing: trojan-downloader-ac2
    9:40 PM: Deletion from quarantine initiated
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:39 PM: Shield States
    9:38 PM: Spyware Definitions: 724
    9:37 PM: Spy Sweeper 5.0.5.1286 started
    5:46 PM: | End of Session, Sunday, July 23, 2006 |
    5:46 PM: Detected running threat: surfsidekick
    5:46 PM: Memory Shield: Found: Memory-resident threat surfsidekick, version 1.0.0.0
    5:46 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:44 PM: The Spy Communication shield has blocked access to: ADS.SURFSIDEKICK.COM
    5:44 PM: The Spy Communication shield has blocked access to: ADS.SURFSIDEKICK.COM
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: Startup Shield: Entry Denied: xynkam
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: Startup Shield: Entry Denied: uvulc
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    5:40 PM: Warning: Access is denied
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    5:39 PM: Shield States
    5:39 PM: Spyware Definitions: 691
    5:38 PM: Spy Sweeper 5.0.5.1286 started
    5:38 PM: Spy Sweeper 5.0.5.1286 started
    5:38 PM: | Start of Session, Sunday, July 23, 2006 |
    ********
    5:58 PM: | End of Session, Sunday, July 23, 2006 |
    5:58 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:58 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:57 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:56 PM: Your spyware definitions have been updated.
    5:54 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:54 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:52 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:51 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\ssk233[2].ssq". The process cannot access the file because it is being used by another process
    5:51 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:50 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:49 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:49 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:49 PM: BHO Shield: found: -- BHO installation denied at user request
    5:49 PM: BHO Shield: found: -- BHO installation denied at user request
    5:48 PM: Sweep Status: 5 Items Found
    5:48 PM: Traces Found: 24
    5:48 PM: Memory Sweep Complete, Elapsed Time: 00:00:55
    5:48 PM: Sweep Canceled
    5:48 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:48 PM: ActiveX Shield: found: Adware: bookedspace, version 1.0.0.0 -- Installation denied
    5:48 PM: Detected running threat: C:\WINDOWS\cfg32o.dll (ID = 293973)
    5:47 PM: Detected running threat: C:\WINDOWS\cfg32r.dll (ID = 293975)
    5:47 PM: Detected running threat: C:\WINDOWS\cfg32p.dll (ID = 294098)
    5:47 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:47 PM: Starting Memory Sweep
    5:47 PM: C:\Program Files\System Files\System.exe (ID = 1126535)
    5:47 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || cas2 (ID = 1126535)
    5:47 PM: Found Adware: cas
    5:47 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: C:\WINDOWS\cfg32o.dll (ID = 1353164)
    5:47 PM: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\inprocserver32\ (ID = 1353164)
    5:47 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353158)
    5:47 PM: C:\WINDOWS\system32\WinNB58.dll (ID = 1353157)
    5:47 PM: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353157)
    5:47 PM: C:\WINDOWS\system32\WinDmy.dll (ID = 1353156)
    5:47 PM: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\inprocserver32\ (ID = 1353156)
    5:47 PM: Found Adware: mirar webband
    5:47 PM: C:\WINDOWS\cfg32p.dll (ID = 1353135)
    5:47 PM: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\inprocserver32\ (ID = 1353135)
    5:47 PM: Found Adware: bookedspace
    5:47 PM: C:\WINDOWS\system32\swinppez.exe (ID = 1209951)
    5:47 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1209951)
    5:47 PM: Found Adware: zenosearchassistant
    5:47 PM: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 1055337)
    5:47 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\inprocserver32\ (ID = 1055337)
    5:47 PM: C:\Program Files\SurfSideKick 3\Ssk.exe (ID = 1055336)
    5:47 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055336)
    5:47 PM: Found Adware: surfsidekick
    5:46 PM: Sweep initiated using definitions version 691
    5:46 PM: Spy Sweeper 5.0.5.1286 started
    5:46 PM: | Start of Session, Sunday, July 23, 2006 |
    ********
    7:38 PM: Removal process completed. Elapsed time 00:17:22
    7:38 PM: Preparing to restart your computer. Please wait...
    7:38 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:38 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:38 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:38 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:36 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:36 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:36 PM: Warning: Quarantine process could not restart Explorer.
    7:36 PM: Warning: Launched explorer.exe
    7:36 PM: surfsidekick is in use. It will be removed on reboot.
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:34 PM: Quarantining All Traces: surfsidekick
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST793.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
     
  9. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    7:30 PM: Quarantining All Traces: stopzilla cookie
    7:30 PM: Quarantining All Traces: myaffiliateprogram.com cookie
    7:30 PM: Quarantining All Traces: tickle cookie
    7:30 PM: Quarantining All Traces: statcounter cookie
    7:30 PM: Quarantining All Traces: server.iad.liveperson cookie
    7:30 PM: Quarantining All Traces: searchadnetwork cookie
    7:30 PM: Quarantining All Traces: sextracker cookie
    7:30 PM: Quarantining All Traces: enhance cookie
    7:30 PM: Quarantining All Traces: zenotecnico cookie
    7:30 PM: Quarantining All Traces: 80503492 cookie
    7:30 PM: Quarantining All Traces: zedo cookie
    7:30 PM: Quarantining All Traces: upspiral cookie
    7:30 PM: Quarantining All Traces: stlyrics cookie
    7:30 PM: Quarantining All Traces: targetnet cookie
    7:30 PM: Quarantining All Traces: revenue.net cookie
    7:30 PM: Quarantining All Traces: valuead cookie
    7:30 PM: Quarantining All Traces: questionmarket cookie
    7:30 PM: Quarantining All Traces: qksrv cookie
    7:30 PM: Quarantining All Traces: popuptraffic cookie
    7:30 PM: Quarantining All Traces: mediaplex cookie
    7:30 PM: Quarantining All Traces: top-banners cookie
    7:30 PM: Quarantining All Traces: maxserving cookie
    7:30 PM: Quarantining All Traces: kmpads cookie
    7:30 PM: Quarantining All Traces: cassava cookie
    7:30 PM: Quarantining All Traces: directtrack cookie
    7:30 PM: Quarantining All Traces: bizrate cookie
    7:30 PM: Quarantining All Traces: searchingbooth cookie
    7:30 PM: Quarantining All Traces: a cookie
    7:30 PM: Quarantining All Traces: azjmp cookie
    7:30 PM: Quarantining All Traces: falkag cookie
    7:30 PM: Quarantining All Traces: apmebf cookie
    7:30 PM: Quarantining All Traces: hotbar cookie
    7:30 PM: Quarantining All Traces: 888 cookie
    7:30 PM: Quarantining All Traces: tendollars cookie
    7:30 PM: Quarantining All Traces: tacoda cookie
    7:30 PM: Quarantining All Traces: 2o7.net cookie
    7:30 PM: Quarantining All Traces: overture cookie
    7:30 PM: Quarantining All Traces: burstnet cookie
    7:30 PM: Quarantining All Traces: trb.com cookie
    7:30 PM: Quarantining All Traces: banner cookie
    7:30 PM: Quarantining All Traces: specificclick.com cookie
    7:30 PM: Quarantining All Traces: adlegend cookie
    7:30 PM: Quarantining All Traces: websponsors cookie
    7:30 PM: Quarantining All Traces: screensavers.com cookie
    7:30 PM: Quarantining All Traces: tribalfusion cookie
    7:30 PM: Quarantining All Traces: trafficmp cookie
    7:30 PM: Quarantining All Traces: pub cookie
    7:30 PM: Quarantining All Traces: partypoker cookie
    7:30 PM: Quarantining All Traces: offeroptimizer cookie
    7:30 PM: Quarantining All Traces: nextag cookie
    7:30 PM: Quarantining All Traces: realmedia cookie
    7:30 PM: Quarantining All Traces: fastclick cookie
    7:30 PM: Quarantining All Traces: exitexchange cookie
    7:30 PM: Quarantining All Traces: casalemedia cookie
    7:29 PM: Quarantining All Traces: go.com cookie
    7:29 PM: Quarantining All Traces: belnk cookie
    7:29 PM: Quarantining All Traces: atwola cookie
    7:29 PM: Quarantining All Traces: atlas dmt cookie
    7:29 PM: Quarantining All Traces: ask cookie
    7:29 PM: Quarantining All Traces: askmen cookie
    7:29 PM: Quarantining All Traces: advertising cookie
    7:29 PM: Quarantining All Traces: hbmediapro cookie
    7:29 PM: Quarantining All Traces: adknowledge cookie
    7:29 PM: Quarantining All Traces: yieldmanager cookie
    7:29 PM: Quarantining All Traces: about cookie
    7:29 PM: Quarantining All Traces: mrfindalot hijack
    7:29 PM: Quarantining All Traces: findthewebsiteyouneed hijack
    7:29 PM: Quarantining All Traces: powerstrip
    7:29 PM: Quarantining All Traces: 7search
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe is in use. It will be removed on reboot.
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll is in use. It will be removed on reboot.
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll is in use. It will be removed on reboot.
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe is in use. It will be removed on reboot.
    7:29 PM: command is in use. It will be removed on reboot.
    7:29 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:29 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:29 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    7:29 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:29 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    7:28 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:28 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:28 PM: Quarantining All Traces: command
    7:28 PM: Quarantining All Traces: mirar webband
    7:28 PM: Quarantining All Traces: trojan-dh
    7:28 PM: Quarantining All Traces: zquest
    7:27 PM: Quarantining All Traces: trojan-dropper-joiner
    7:27 PM: Quarantining All Traces: trojan-downloader-basebar
    7:27 PM: Quarantining All Traces: siteerror hijacker
    7:27 PM: Quarantining All Traces: dollarrevenue
    7:27 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:27 PM: Quarantining All Traces: forethought
    7:27 PM: Quarantining All Traces: targetsaver
    7:27 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:26 PM: Quarantining All Traces: linkmaker
    7:26 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:26 PM: Quarantining All Traces: cas
    7:26 PM: Quarantining All Traces: bookedspace
    7:26 PM: Quarantining All Traces: visfx
    7:26 PM: Quarantining All Traces: purityscan
    7:26 PM: Quarantining All Traces: trojan-downloader-ac2
    7:25 PM: Quarantining All Traces: look2me
    7:25 PM: C:\WINDOWS\system32\dmonwv.dll is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\yhjsao.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\fojsrwy.dll is in use. It will be removed on reboot.
    7:25 PM: c:\windows\system32\yhjsao.exe is in use. It will be removed on reboot.
    7:25 PM: c:\windows\system32\fojsrwy.dll is in use. It will be removed on reboot.
    7:25 PM: c:\documents and settings\all users\start menu\programs\startup\rpvth.exe is in use. It will be removed on reboot.
    7:25 PM: c:\windows\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: clkoptimizer is in use. It will be removed on reboot.
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:23 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:23 PM: Quarantining All Traces: clkoptimizer
    7:22 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:22 PM: Quarantining All Traces: zenosearchassistant
    7:22 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Execution Denied
    7:21 PM: Removal process initiated
    7:19 PM: Traces Found: 545
    7:19 PM: Full Sweep has completed. Elapsed time 01:20:25
    Trace marked as Always Remove
    7:19 PM: C:\Documents and Settings\Armando\Application Data\Sskuknwrd.dll (ID = 315932)
    Trace marked as Always Remove
    7:19 PM: C:\Documents and Settings\Chito\Application Data\Sskdmns.dll (ID = 315933)
    Trace marked as Always Remove
    7:19 PM: C:\Documents and Settings\Chito\Application Data\Sskuknwrd.dll (ID = 315932)
    7:19 PM: File Sweep Complete, Elapsed Time: 01:00:20
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Zeno.lnk (ID = 1209951)
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Z_Start.lnk (ID = 301896)
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\SiteError Search\Uninstall.lnk (6 subtraces) (ID = 2147524535)
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\SiteError Search\Readme.lnk (6 subtraces) (ID = 2147524535)
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:12 PM: Warning: Failed to access drive E:
    7:12 PM: Warning: Failed to access drive D:
    7:12 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\krLQsqc4vV1nsqc3u3pd.vbs (ID = 185675)
    7:12 PM: C:\WINDOWS\system32\zxdnt3d.cfg (ID = 91140)
    Trace marked as Always Remove
    7:11 PM: C:\Documents and Settings\Guest\Application Data\Sskcwrd.dll (ID = 77712)
    7:10 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Zeno.lnk (ID = 146127)
    7:10 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Z_Start.lnk (ID = 235994)
    7:10 PM: C:\WINDOWS\system32\msnav32.ax (ID = 220229)
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    Trace marked as Always Remove
    7:09 PM: C:\Documents and Settings\Chito\Application Data\Sskcwrd.dll (ID = 77712)
    7:08 PM: C:\wd7gi8nnew.exe (ID = 305263)
    7:08 PM: C:\warebundlenewer.exe (ID = 168558)
    7:08 PM: C:\warebundle.exe (ID = 168558)
    7:08 PM: C:\WINDOWS\wallpap.exe (ID = 309645)
    7:08 PM: C:\WINDOWS\system32\VSL05.exe (ID = 299775)
    7:08 PM: C:\VSL02.exe (ID = 290920)
    7:08 PM: C:\WINDOWS\v1201.exe (ID = 186060)
    7:08 PM: C:\Documents and Settings\Chito\Local Settings\Temp\tp7543.exe (ID = 209705)
    7:08 PM: C:\WINDOWS\system32\ZICORN003.exe (ID = 301896)
    7:08 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tsupdate2[1].ini (ID = 193498)
    Trace marked as Always Remove
    7:08 PM: C:\WINDOWS\system32\bk.exe (ID = 296030)
    7:08 PM: C:\WINDOWS\system32\ssec.exe (ID = 296018)
    Trace marked as Always Remove
    7:08 PM: C:\SS1001newer.exe (ID = 215896)
    Trace marked as Always Remove
    7:08 PM: C:\SS1001.exe (ID = 215896)
    7:08 PM: C:\siteError.exe (ID = 325654)
    7:08 PM: Warning: Failed to open file "c:\documents and settings\armando\local settings\temporary internet files\content.ie5\kpu3sl2b\zx-get-tpa[1].htm". The operation completed successfully
    7:08 PM: C:\RDFX4.exe (ID = 290920)
    7:08 PM: C:\numbsoft.exe (ID = 301341)
    7:08 PM: C:\WINDOWS\system32\nr1rnqm8.exe (ID = 320457)
    7:08 PM: C:\MTE3NDI6ODoxNgnew.exe (ID = 185985)
    7:08 PM: C:\WINDOWS\system32\tfthot.exe (ID = 315430)
    Trace marked as Always Remove
    7:08 PM: C:\Documents and Settings\Armando\Application Data\Sskknwrd.dll (ID = 77733)
    7:08 PM: C:\WINDOWS\system32\gbe90qs.exe (ID = 315432)
    7:08 PM: C:\Documents and Settings\Chito\Local Settings\Temp\f4855140.exe (ID = 268995)
    7:07 PM: C:\WINDOWS\cfg32o.dll (ID = 293973)
    7:07 PM: C:\WINDOWS\system32\x3cqp0.dll (ID = 315431)
    7:07 PM: C:\WINDOWS\cfg32r.dll (ID = 293975)
    7:07 PM: C:\WINDOWS\cfg32p.dll (ID = 294098)
    7:07 PM: C:\WINDOWS\cfg32s.dll (ID = 293976)
    7:07 PM: C:\WINDOWS\system32\dmonwv.dll (ID = 268799)
    7:07 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drsmartload[1].exe (ID = 298760)
    7:07 PM: C:\dist13.exe (ID = 295817)
    7:07 PM: C:\WINDOWS\cfg32a.exe (ID = 310417)
    7:07 PM: C:\Program Files\Cas2Stub\cas2stub.exe (ID = 295817)
    7:07 PM: C:\WINDOWS\876056.exe (ID = 319960)
    7:07 PM: C:\Program Files\Network Monitor\netmon.exe (ID = 231443)
    7:07 PM: C:\WINDOWS\MTE3NDI6ODoxNg.exe (ID = 185985)
    7:07 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\MTE3NDI6ODoxNg[1].exe (ID = 185985)
    7:07 PM: C:\drma.exe (ID = 300404)
    7:07 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drma[1].exe (ID = 300404)
    7:07 PM: C:\Program Files\Online Services\horej.dll (ID = 301391)
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NwCplMonitor (ID = 0)
    7:07 PM: C:\WINDOWS\system32\redistributor.exe (ID = 293590)
    7:07 PM: C:\WINDOWS\system32\oodsregp.exe (ID = 293)
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Hhl7RfpJ (ID = 0)
    7:07 PM: C:\WINDOWS\system32\ssn6tuu.exe (ID = 315428)
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ftexc (ID = 0)
    7:07 PM: C:\WINDOWS\system32\mptft.exe (ID = 315439)
    7:07 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    7:07 PM: c:\windows\system32\yhjsao.exe (ID = 268995)
    7:07 PM: c:\windows\system32\fojsrwy.dll (ID = 268933)
    7:07 PM: C:\WINDOWS\system32\efyvm.dat (ID = 268995)
    7:07 PM: c:\documents and settings\all users\start menu\programs\startup\rpvth.exe (ID = 268995)
    Trace marked as Always Remove
    7:07 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: C:\Program Files\SurfSideKick 3\Ssk.exe (ID = 297346)
    Trace marked as Always Remove
    7:07 PM: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 297347)
    7:07 PM: c:\windows\system32\prbwa.exe (ID = 268934)
    7:07 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll (ID = 144945)
    7:07 PM: c:\windows\system32\amhaluo.exe (ID = 268932)
    7:07 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe (ID = 144946)
    Trace marked as Always Remove
    7:06 PM: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 297348)
    Trace marked as Always Remove
    7:06 PM: C:\WINDOWS\system32\repairs303169587.dll (ID = 296028)
    7:06 PM: C:\WINDOWS\system32\atmtd.dll (ID = 166754)
    7:05 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\Installer[1].exe (ID = 168558)
    7:05 PM: C:\Installer3.exe (ID = 168558)
    7:04 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\YX7X7UAO\rcverlib[1].exe (ID = 209705)
    7:04 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\YX7X7UAO\installerwnus[1].exe (ID = 271215)
    7:03 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\4PQJSPI3\numbsoft[1].exe (ID = 301341)
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:01 PM: C:\warebundle3.exe (ID = 168558)
    7:01 PM: C:\626_101newer.exe (ID = 320775)
    7:01 PM: Found Adware: visfx
    7:01 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\cfg32[1].exe (ID = 294103)
    7:00 PM: C:\webnexmknew.exe (ID = 299757)
    7:00 PM: C:\WINDOWS\system32\tsuninst.exe (ID = 193501)
    Trace marked as Always Remove
    6:59 PM: C:\Documents and Settings\Chito\Application Data\Sskknwrd.dll (ID = 77733)
    6:59 PM: C:\WINDOWS\drsmartload46a.exe (ID = 325944)
    6:59 PM: C:\WINDOWS\drsmartload45a.exe (ID = 325944)
    6:59 PM: C:\Program Files\Common Files\mqfo\mqfod\class-barrel (ID = 78229)
    6:57 PM: C:\Program Files\Common Files\mqfo\mqfop.exe (ID = 195132)
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:53 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\KVCT5JKQ\wallpap[1].exe (ID = 303233)
    6:53 PM: Found Trojan Horse: trojan-dh
    6:52 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\installerwnus[1].exe (ID = 271215)
    6:52 PM: C:\Program Files\Common Files\mqfo\mqfod\vocabulary (ID = 78283)
    6:51 PM: C:\WINDOWS\system32\atmtd.dll._ (ID = 166754)
    6:50 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\installer[1].exe (ID = 231664)
    6:48 PM: C:\Installer.exe (ID = 168558)
    Trace marked as Always Remove
    6:47 PM: C:\Documents and Settings\Guest\Application Data\Sskknwrd.dll (ID = 77733)
    6:46 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\drsmartload45a[1].exe (ID = 325945)
    6:46 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\drsmartload46a[1].exe (ID = 325945)
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:45 PM: C:\Program Files\Common Files\mqfo\mqfoa.exe (ID = 195128)
    6:45 PM: C:\Program Files\Common Files\mqfo\mqfol.exe (ID = 195130)
    6:45 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || mqfo (ID = 0)
    6:45 PM: C:\Program Files\Common Files\mqfo\mqfom.exe (ID = 195131)
    6:45 PM: C:\WINDOWS\stub_113_4_0_4_0.exe (ID = 193995)
    6:45 PM: C:\WINDOWS\uninstall_nmon.vbs (ID = 231442)
    6:43 PM: C:\Documents and Settings\Armando\Local Settings\Temp\tp7543.exe (ID = 209705)
    6:43 PM: C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\2XOGQBTO\rcverlib[1].exe (ID = 209705)
    6:43 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\!update-3820[1].0000 (ID = 296574)
    6:43 PM: C:\Documents and Settings\LocalService\Application Data\s?mbols\dvdplay.exe (ID = 296574)
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:36 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\defender20[1].exe (ID = 295803)
    6:35 PM: C:\WINDOWS\system32\jiub5f27y.hhy (ID = 276229)
    6:35 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\newname20[1].exe (ID = 295805)
    6:34 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\4PQJSPI3\VSL02[1].exe (ID = 290920)
    6:34 PM: Found Adware: zquest
    Trace marked as Always Remove
    6:33 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\SS1001[1].exe (ID = 215896)
    6:33 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\defender22[1].exe (ID = 298754)
    6:33 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || Iccoq (ID = 0)
    6:33 PM: C:\WINDOWS\system32\?ssembly\n?tepad.exe (ID = 450)
    6:33 PM: Found Adware: purityscan
    6:32 PM: C:\Program Files\System Files\plugin.dll (ID = 316428)
    6:32 PM: C:\Program Files\SiteError Search\siteErr.dll (ID = 325673)
    6:32 PM: C:\numbsoftnew.exe (ID = 301341)
    6:32 PM: Found Trojan Horse: trojan-dropper-joiner
    6:32 PM: C:\WINDOWS\system32\sgcdb289.dll (ID = 320289)
    6:31 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\stub_113_4_0_4_0[1].exe (ID = 193995)
    6:31 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\stub_venthh[1].exe (ID = 294169)
    6:30 PM: C:\stub_venthh.exe (ID = 294169)
    6:30 PM: C:\WINDOWS\ssqbn.exe (ID = 323511)
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:29 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\newname22[1].exe (ID = 298758)
    6:29 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\newname21[1].exe (ID = 300306)
    6:29 PM: C:\WINDOWS\system32\w0087529.dll (ID = 320288)
    6:28 PM: C:\WINDOWS\yezyhzxv.exe (ID = 294100)
    6:28 PM: C:\WINDOWS\System32tfthot.exe (ID = 315430)
    6:28 PM: C:\stub_sca3.exe (ID = 294169)
    6:28 PM: C:\WINDOWS\System32ssec.exe (ID = 296018)
    6:27 PM: C:\WINDOWS\lt.exe (ID = 319946)
    6:27 PM: Found Trojan Horse: trojan-downloader-basebar
    6:27 PM: C:\WINDOWS\Uninstall.exe (ID = 301842)
    6:27 PM: C:\WINDOWS\system32\WinDmy.dll (ID = 70014)
    6:27 PM: C:\WINDOWS\system32\ftuninst.exe (ID = 315429)
    6:27 PM: C:\WINDOWS\System32ftuninst.exe (ID = 315429)
    6:25 PM: C:\drsmartload45a7d.exe (ID = 325334)
    6:25 PM: C:\stub_113_4_0_4_0newer.exe (ID = 193995)
    6:25 PM: C:\WINDOWS\system32\nt68rrtc12.sys (ID = 220230)
    6:25 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\keyboard22[1].exe (ID = 298757)
    6:25 PM: C:\Program Files\Common Files\mqfo\mqfod\mqfoc.dll (ID = 195129)
    6:24 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\keyboard20[1].exe (ID = 295804)
    6:23 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\keyboard21[1].exe (ID = 300302)
    6:23 PM: C:\WINDOWS\unwn.exe (ID = 268798)
    6:22 PM: C:\ac3_0003.exe (ID = 319965)
    6:22 PM: Found Trojan Horse: trojan-downloader-ac2
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
     
  10. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    6:20 PM: C:\WINDOWS\iconu.exe (ID = 65721)
    6:20 PM: Found Adware: look2me
    6:20 PM: C:\WINDOWS\system32\dwdsregt.exe (ID = 235995)
    6:19 PM: C:\Program Files\Network Monitor (1 subtraces) (ID = 2147507525)
    6:19 PM: C:\Program Files\SiteError Search (6 subtraces) (ID = 2147524535)
    6:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\SiteError Search (2 subtraces) (ID = 2147524536)
    6:19 PM: C:\WINDOWS\zAbstract (6 subtraces) (ID = 2147518024)
    6:19 PM: C:\Program Files\Cas2Stub (1 subtraces) (ID = 2147500974)
    Trace marked as Always Remove
    6:19 PM: C:\Program Files\SurfSideKick 3 (3 subtraces) (ID = 2147523031)
    6:18 PM: Starting File Sweep
    6:18 PM: Warning: Failed to access drive A:
    6:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:20
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3762)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3466)
    6:18 PM: Found Spy Cookie: stopzilla cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3312)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3032)
    6:18 PM: Found Spy Cookie: myaffiliateprogram.com cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2020)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3529)
    6:18 PM: Found Spy Cookie: tickle cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3447)
    6:18 PM: Found Spy Cookie: statcounter cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3361)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3341)
    6:18 PM: Found Spy Cookie: server.iad.liveperson cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3311)
    6:18 PM: Found Spy Cookie: searchadnetwork cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3235)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3213)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3111)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 6442)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2909)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2909)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected]change[1].txt (ID = 2633)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3362)
    6:18 PM: Found Spy Cookie: sextracker cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2634)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2354)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2614)
    6:18 PM: Found Spy Cookie: enhance cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2270)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2253)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2650)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2229)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2175)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3859)
    6:18 PM: Found Spy Cookie: zenotecnico cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2019)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2013)
    6:18 PM: Found Spy Cookie: 80503492 cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 1957)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3762)
    6:18 PM: Found Spy Cookie: zedo cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3615)
    6:18 PM: Found Spy Cookie: upspiral cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3462)
    6:18 PM: Found Spy Cookie: stlyrics cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3587)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3581)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3489)
    6:18 PM: Found Spy Cookie: targetnet cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3257)
    6:18 PM: Found Spy Cookie: revenue.net cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3627)
    6:18 PM: Found Spy Cookie: valuead cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3235)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3217)
    6:18 PM: Found Spy Cookie: questionmarket cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3213)
    6:18 PM: Found Spy Cookie: qksrv cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3163)
    6:18 PM: Found Spy Cookie: popuptraffic cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3111)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 5014)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 6442)
    6:18 PM: Found Spy Cookie: mediaplex cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3548)
    6:18 PM: Found Spy Cookie: top-banners cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2966)
    6:18 PM: Found Spy Cookie: maxserving cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2909)
    6:18 PM: Found Spy Cookie: kmpads cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2728)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2528)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2633)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2293)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2527)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2362)
    6:18 PM: Found Spy Cookie: cassava cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2354)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3588)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2528)
    6:18 PM: Found Spy Cookie: directtrack cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2308)
    6:18 PM: Found Spy Cookie: bizrate cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2292)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2276)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3322)
    6:18 PM: Found Spy Cookie: searchingbooth cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2027)
    6:18 PM: Found Spy Cookie: a cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2270)
    6:18 PM: Found Spy Cookie: azjmp cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2255)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2293)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2253)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2245)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2247)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2650)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2650)
    6:18 PM: Found Spy Cookie: falkag cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2229)
    6:18 PM: Found Spy Cookie: apmebf cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2175)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 4207)
    6:18 PM: Found Spy Cookie: hotbar cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2768)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2072)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3665)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2019)
    6:18 PM: Found Spy Cookie: 888 cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 6367)
    6:18 PM: Found Spy Cookie: tendollars cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 3587)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected]acoda[2].txt (ID = 6444)
    6:18 PM: Found Spy Cookie: tacoda cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 5014)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2728)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: Found Spy Cookie: 2o7.net cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2293)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 3106)
    6:18 PM: Found Spy Cookie: overture cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2336)
    6:18 PM: Found Spy Cookie: burstnet cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 3588)
    6:18 PM: Found Spy Cookie: trb.com cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2292)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2276)
    6:18 PM: Found Spy Cookie: banner cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2255)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2293)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2245)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2355)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 3400)
    6:18 PM: Found Spy Cookie: specificclick.com cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2074)
    6:18 PM: Found Spy Cookie: adlegend cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2072)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 3665)
    6:18 PM: Found Spy Cookie: websponsors cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
    6:18 PM: Found Spy Cookie: screensavers.com cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3589)
    6:18 PM: Found Spy Cookie: tribalfusion cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3581)
    6:18 PM: Found Spy Cookie: trafficmp cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3235)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3205)
    6:18 PM: Found Spy Cookie: pub cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3111)
    6:18 PM: Found Spy Cookie: partypoker cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3087)
    6:18 PM: Found Spy Cookie: offeroptimizer cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 5014)
    6:18 PM: Found Spy Cookie: nextag cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3236)
    6:18 PM: Found Spy Cookie: realmedia cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2728)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2728)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2651)
    6:18 PM: Found Spy Cookie: fastclick cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2633)
    6:18 PM: Found Spy Cookie: exitexchange cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2293)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2354)
    6:18 PM: Found Spy Cookie: casalemedia cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: Found Spy Cookie: go.com cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2292)
    6:18 PM: Found Spy Cookie: belnk cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2255)
    6:18 PM: Found Spy Cookie: atwola cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2253)
    6:18 PM: Found Spy Cookie: atlas dmt cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2245)
    6:18 PM: Found Spy Cookie: ask cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2247)
    6:18 PM: Found Spy Cookie: askmen cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2175)
    6:18 PM: Found Spy Cookie: advertising cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2768)
    6:18 PM: Found Spy Cookie: hbmediapro cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2072)
    6:18 PM: Found Spy Cookie: adknowledge cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: Found Spy Cookie: yieldmanager cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2037)
    6:18 PM: Found Spy Cookie: about cookie
    6:18 PM: Starting Cookie Sweep
    6:18 PM: Registry Sweep Complete, Elapsed Time:00:01:46
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 1554019)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 1554018)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || Start Page (ID = 1554016)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-18\software\surfsidekick3\ (ID = 143412)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 125239)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || cas2 (ID = 871018)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\cas2\ (ID = 862278)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\surfsidekick3\ (ID = 143412)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
     
  11. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 1554019)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || search bar (ID = 1554018)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || Search Page (ID = 1554017)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || Start Page (ID = 1554016)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\surfsidekick3\ (ID = 143412)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || start page (ID = 125239)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || search page (ID = 125238)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\software\surfsidekick3\ (ID = 143412)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\software\surfsidekick3\ (ID = 143412)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
    Trace marked as Always Remove
    6:17 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\siteerror search\ (ID = 1555470)
    6:17 PM: Found Adware: siteerror hijacker
    6:17 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 1554130)
    6:17 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1554129)
    6:17 PM: HKLM\software\classes\typelib\{5769647e-6937-4390-bc5a-f5a986caa1f2}\ (ID = 1516239)
    6:17 PM: HKCR\typelib\{5769647e-6937-4390-bc5a-f5a986caa1f2}\ (ID = 1516197)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\s7kqhe\ (ID = 1390037)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\run\ || hhl7rfpj (ID = 1390030)
    6:17 PM: HKLM\software\ksr39sj5\ (ID = 1390021)
    6:17 PM: Found Adware: dollarrevenue
    6:17 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\logons\ || dllname (ID = 1359866)
    6:17 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 1354274)
    6:17 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 1354273)
    6:17 PM: Found Adware: mrfindalot hijack
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\treewood\ (ID = 1352578)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\run\ || ftexc (ID = 1352574)
    6:17 PM: Found Adware: forethought
    6:17 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347982)
    6:17 PM: HKLM\software\classes\typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}\ (ID = 1347971)
    6:17 PM: HKLM\software\classes\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347961)
    6:17 PM: HKLM\software\classes\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347946)
    6:17 PM: HKLM\software\classes\cfg32s.search.1\ (ID = 1347940)
    6:17 PM: HKLM\software\classes\cfg32s.search\ (ID = 1347934)
    6:17 PM: HKLM\software\classes\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347932)
    6:17 PM: HKLM\software\classes\appid\cfg32s.dll\ (ID = 1347930)
    6:17 PM: HKCR\typelib\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347910)
    6:17 PM: HKCR\clsid\{7564b020-44e8-4c9b-a887-c6ec41ac67da}\ (ID = 1347895)
    6:17 PM: HKCR\cfg32s.search.1\ (ID = 1347889)
    6:17 PM: HKCR\cfg32s.search\ (ID = 1347883)
    6:17 PM: HKCR\appid\{27a1ca0d-78ce-4e23-8a89-2c95c15954b3}\ (ID = 1347881)
    6:17 PM: HKCR\appid\cfg32s.dll\ (ID = 1347879)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347540)
    6:17 PM: HKLM\software\classes\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347529)
    6:17 PM: HKLM\software\classes\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347516)
    6:17 PM: HKLM\software\classes\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347514)
    6:17 PM: HKLM\software\classes\appid\scaggy.dll\ (ID = 1347512)
    6:17 PM: HKLM\software\classes\scaggy.insert.1\ (ID = 1347508)
    6:17 PM: HKLM\software\classes\scaggy.insert\ (ID = 1347502)
    6:17 PM: HKLM\software\zabstract\ (ID = 1347479)
    6:17 PM: HKCR\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347459)
    6:17 PM: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\ (ID = 1347446)
    6:17 PM: HKCR\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (ID = 1347444)
    6:17 PM: HKCR\appid\scaggy.dll\ (ID = 1347442)
    6:17 PM: HKCR\scaggy.insert.1\ (ID = 1347438)
    6:17 PM: HKCR\scaggy.insert\ (ID = 1347432)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e2a3e7-00fe-4d31-a030-a10799ddca66}\ (ID = 1225497)
    6:17 PM: HKLM\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}\ (ID = 1212690)
    6:17 PM: HKLM\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (ID = 1212686)
    6:17 PM: HKCR\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (ID = 1212684)
    6:17 PM: HKLM\software\classes\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (ID = 1212651)
    6:17 PM: HKCR\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (ID = 1212644)
    6:17 PM: HKLM\software\classes\fseytdc.yvakt.1\ (ID = 1180522)
    6:17 PM: HKLM\software\classes\fseytdc.yvakt\ (ID = 1180518)
    6:17 PM: HKLM\software\classes\fseytdc.ariaqudok.1\ (ID = 1180514)
    6:17 PM: HKLM\software\classes\fseytdc.ariaqudok\ (ID = 1180510)
    6:17 PM: HKCR\fseytdc.yvakt.1\ (ID = 1180472)
    6:17 PM: HKCR\fseytdc.yvakt\ (ID = 1180468)
    6:17 PM: HKCR\fseytdc.ariaqudok.1\ (ID = 1180464)
    6:17 PM: HKCR\fseytdc.ariaqudok\ (ID = 1180460)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (ID = 1110756)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246)
    6:17 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (ID = 1016072)
    6:17 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (ID = 1016064)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webnexus\ (ID = 1006191)
    6:17 PM: HKLM\system\currentcontrolset\services\cmdservice\ (ID = 958670)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (ID = 892523)
    6:17 PM: HKLM\software\qstat\ || brr (ID = 877670)
    6:17 PM: HKLM\software\classes\clsid\{8253d547-38dd-4325-b35a-f1817edfa5f5}\ (ID = 862304)
    6:17 PM: HKCR\clsid\{8253d547-38dd-4325-b35a-f1817edfa5f5}\ (ID = 862263)
    Trace marked as Always Remove
    6:17 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
    6:17 PM: HKLM\software\qstat\ (ID = 769771)
    6:17 PM: HKLM\software\classes\bookedspace.extension.5\ (ID = 746614)
    6:17 PM: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\ (ID = 746549)
    6:17 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
    6:17 PM: Found Adware: findthewebsiteyouneed hijack
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (ID = 147935)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (ID = 147934)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (ID = 147931)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (ID = 147930)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (ID = 143607)
    6:17 PM: Found Adware: targetsaver
    Trace marked as Always Remove
    6:17 PM: HKLM\software\surfsidekick3\ (ID = 143413)
    Trace marked as Always Remove
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (ID = 143408)
    Trace marked as Always Remove
    6:17 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
    Trace marked as Always Remove
    6:17 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
    Trace marked as Always Remove
    6:17 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (ID = 143392)
    Trace marked as Always Remove
    6:17 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (ID = 143389)
    Trace marked as Always Remove
    6:17 PM: HKU\.default\software\surfsidekick3\ (ID = 143387)
    6:17 PM: HKLM\software\classes\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 136863)
    6:17 PM: HKCR\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135122)
    6:17 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135121)
    6:17 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135119)
    6:17 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135098)
    6:17 PM: HKLM\software\classes\typelib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}\ (ID = 135093)
    6:17 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (ID = 135092)
    6:17 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (ID = 135091)
    6:17 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (ID = 135090)
    6:17 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (ID = 135089)
    6:17 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (ID = 135088)
    6:17 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135085)
    6:17 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135084)
    6:17 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135083)
    6:17 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135082)
    6:17 PM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135079)
    6:17 PM: HKLM\software\classes\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135078)
    6:17 PM: HKLM\software\classes\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135077)
    6:17 PM: HKCR\nn_bar_dummy.nn_bardummy\ (ID = 135076)
    6:17 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (ID = 135075)
    6:17 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (ID = 135072)
    6:17 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (ID = 135071)
    6:17 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (ID = 135070)
    6:17 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (ID = 135069)
    6:17 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135066)
    6:17 PM: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\ (ID = 135065)
    6:17 PM: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\ (ID = 135064)
    6:16 PM: HKLM\software\classes\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (ID = 105369)
    6:16 PM: HKCR\typelib\{d4c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (ID = 105366)
    6:16 PM: HKCR\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104884)
    6:16 PM: HKLM\software\classes\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104871)
    6:16 PM: HKLM\software\classes\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}\ (ID = 104870)
    6:16 PM: HKLM\software\classes\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\ (ID = 104868)
    6:16 PM: HKLM\software\classes\bookedspace.extension\ (ID = 104867)
    6:16 PM: HKLM\software\classes\appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104865)
    6:16 PM: HKLM\software\classes\appid\bookedspace.dll\ (ID = 104864)
    6:16 PM: HKCR\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}\ (ID = 104862)
    6:16 PM: HKCR\bookedspace.extension\ (ID = 104859)
    6:16 PM: HKCR\bookedspace.extension.5\ (ID = 104858)
    6:16 PM: HKCR\appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}\ (ID = 104855)
    6:16 PM: HKCR\appid\bookedspace.dll\ (ID = 104854)
    6:16 PM: HKCR\typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}\ (ID = 102349)
    6:16 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {669695bc-a811-4a9d-8cdf-ba8c795f261c} (ID = 102339)
    6:16 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {669695bc-a811-4a9d-8cdf-ba8c795f261c} (ID = 102339)
    6:16 PM: HKCR\interface\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}\ (ID = 102318)
    6:16 PM: HKCR\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 102313)
    6:16 PM: Found Adware: powerstrip
    6:16 PM: HKCR\clsid\{669695bc-a811-4a9d-8cdf-ba8c795f261c}\ (ID = 102313)
    6:16 PM: Found Adware: 7search
    6:16 PM: Starting Registry Sweep
    6:16 PM: Memory Sweep Complete, Elapsed Time: 00:15:45
    6:13 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:13 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:13 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:13 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:13 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:13 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    Trace marked as Always Remove
    6:12 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 297348)
    6:12 PM: Detected running threat: C:\WINDOWS\system32\dmonwv.dll (ID = 268799)
    6:12 PM: Detected running threat: C:\WINDOWS\cfg32p.dll (ID = 294098)
    6:11 PM: Detected running threat: C:\WINDOWS\cfg32s.dll (ID = 293976)
    6:09 PM: Detected running threat: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe (ID = 144946)
    6:05 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:05 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:05 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:05 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:05 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:05 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:04 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    6:04 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    6:04 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    6:04 PM: Detected running threat: C:\WINDOWS\system32\yhjsao.exe (ID = 268995)
    6:04 PM: Detected running threat: C:\WINDOWS\system32\prbwa.exe (ID = 268934)
    6:04 PM: Detected running threat: C:\WINDOWS\system32\prbwa.exe (ID = 268934)
    6:04 PM: Detected running threat: C:\WINDOWS\system32\prbwa.exe (ID = 268934)
    6:03 PM: Detected running threat: C:\WINDOWS\system32\fojsrwy.dll (ID = 268933)
    6:03 PM: Found Adware: clkoptimizer
    Trace marked as Always Remove
    6:03 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 297347)
    6:02 PM: Detected running threat: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll (ID = 144945)
    6:02 PM: Found Adware: command
    Trace marked as Always Remove
    6:02 PM: Detected running threat: C:\WINDOWS\system32\repairs303169587.dll (ID = 296028)
    6:02 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Execution Denied
    6:01 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    6:01 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    6:01 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    6:00 PM: Detected running threat: C:\WINDOWS\cfg32o.dll (ID = 293973)
    6:00 PM: Detected running threat: C:\WINDOWS\system32\x3cqp0.dll (ID = 315431)
    6:00 PM: Found Adware: linkmaker
    6:00 PM: Detected running threat: C:\WINDOWS\cfg32r.dll (ID = 293975)
    6:00 PM: Starting Memory Sweep
    6:00 PM: C:\Program Files\System Files\System.exe (ID = 1126535)
    6:00 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || cas2 (ID = 1126535)
    6:00 PM: Found Adware: cas
    Trace marked as Always Remove
    6:00 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    Trace marked as Always Remove
    6:00 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    Trace marked as Always Remove
    6:00 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    Trace marked as Always Remove
    6:00 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    6:00 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    6:00 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\ssk233[4].ssq". The process cannot access the file because it is being used by another process
    6:00 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\ssk233[4].ssq". The process cannot access the file because it is being used by another process
    5:59 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    5:59 PM: The Spy Communication shield has blocked access to: WWW.CONSUMERALERTSYSTEM.COM
    5:59 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:59 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:59 PM: C:\WINDOWS\cfg32o.dll (ID = 1353164)
    5:59 PM: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\inprocserver32\ (ID = 1353164)
    5:59 PM: Found Adware: bookedspace
    5:59 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353158)
    5:59 PM: C:\WINDOWS\system32\WinNB58.dll (ID = 1353157)
    5:59 PM: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353157)
    5:59 PM: C:\WINDOWS\system32\WinDmy.dll (ID = 1353156)
    5:59 PM: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\inprocserver32\ (ID = 1353156)
    5:59 PM: Found Adware: mirar webband
    5:59 PM: C:\WINDOWS\system32\swinppez.exe (ID = 1209951)
    5:59 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1209951)
    5:59 PM: Found Adware: zenosearchassistant
    5:59 PM: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 1055337)
    5:59 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\inprocserver32\ (ID = 1055337)
    5:59 PM: C:\Program Files\SurfSideKick 3\Ssk.exe (ID = 1055336)
    5:59 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055336)
    5:59 PM: Found Adware: surfsidekick
    5:58 PM: Sweep initiated using definitions version 724
    5:58 PM: Spy Sweeper 5.0.5.1286 started
    5:58 PM: | Start of Session, Sunday, July 23, 2006 |
     
  12. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    ********
    5:56 PM: Your definitions are up to date.
    5:56 PM: Automated check for program update in progress.
    9:45 PM: Deletion from quarantine completed. Elapsed time 00:04:56
    9:45 PM: Processing: zedo cookie
    9:45 PM: Processing: zedo cookie
    9:45 PM: Processing: tacoda cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: trb.com cookie
    9:45 PM: Processing: tickle cookie
    9:45 PM: Processing: atlas dmt cookie
    9:45 PM: Processing: atlas dmt cookie
    9:45 PM: Processing: atlas dmt cookie
    9:45 PM: Processing: top-banners cookie
    9:45 PM: Processing: stopzilla cookie
    9:45 PM: Processing: stlyrics cookie
    9:45 PM: Processing: statcounter cookie
    9:45 PM: Processing: screensavers.com cookie
    9:45 PM: Processing: searchingbooth cookie
    9:45 PM: Processing: searchadnetwork cookie
    9:45 PM: Processing: searchadnetwork cookie
    9:45 PM: Processing: questionmarket cookie
    9:45 PM: Processing: targetnet cookie
    9:45 PM: Processing: partypoker cookie
    9:45 PM: Processing: partypoker cookie
    9:45 PM: Processing: partypoker cookie
    9:45 PM: Processing: specificclick.com cookie
    9:45 PM: Processing: offeroptimizer cookie
    9:45 PM: Processing: revenue.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: 2o7.net cookie
    9:45 PM: Processing: myaffiliateprogram.com cookie
    9:45 PM: Processing: tribalfusion cookie
    9:45 PM: Processing: bizrate cookie
    9:45 PM: Processing: nextag cookie
    9:45 PM: Processing: nextag cookie
    9:45 PM: Processing: nextag cookie
    9:45 PM: Processing: maxserving cookie
    9:45 PM: Processing: about cookie
    9:45 PM: Processing: hotbar cookie
    9:45 PM: Processing: trafficmp cookie
    9:45 PM: Processing: trafficmp cookie
    9:45 PM: Processing: valuead cookie
    9:45 PM: Processing: falkag cookie
    9:45 PM: Processing: falkag cookie
    9:45 PM: Processing: falkag cookie
    9:45 PM: Processing: enhance cookie
    9:45 PM: Processing: qksrv cookie
    9:45 PM: Processing: qksrv cookie
    9:45 PM: Processing: zenotecnico cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: yieldmanager cookie
    9:45 PM: Processing: adknowledge cookie
    9:45 PM: Processing: adknowledge cookie
    9:45 PM: Processing: adknowledge cookie
    9:45 PM: Processing: upspiral cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: casalemedia cookie
    9:45 PM: Processing: kmpads cookie
    9:45 PM: Processing: kmpads cookie
    9:45 PM: Processing: kmpads cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: exitexchange cookie
    9:45 PM: Processing: directtrack cookie
    9:45 PM: Processing: directtrack cookie
    9:45 PM: Processing: directtrack cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: belnk cookie
    9:45 PM: Processing: askmen cookie
    9:45 PM: Processing: askmen cookie
    9:45 PM: Processing: 888 cookie
    9:45 PM: Processing: 888 cookie
    9:45 PM: Processing: 888 cookie
    9:45 PM: Processing: 80503492 cookie
    9:45 PM: Processing: azjmp cookie
    9:45 PM: Processing: azjmp cookie
    9:45 PM: Processing: websponsors cookie
    9:45 PM: Processing: websponsors cookie
    9:45 PM: Processing: popuptraffic cookie
    9:45 PM: Processing: pub cookie
    9:45 PM: Processing: hbmediapro cookie
    9:45 PM: Processing: hbmediapro cookie
    9:45 PM: Processing: cassava cookie
    9:45 PM: Processing: a cookie
    9:45 PM: Processing: banner cookie
    9:45 PM: Processing: banner cookie
    9:45 PM: Processing: atwola cookie
    9:45 PM: Processing: atwola cookie
    9:45 PM: Processing: atwola cookie
    9:45 PM: Processing: ask cookie
    9:45 PM: Processing: ask cookie
    9:45 PM: Processing: ask cookie
    9:45 PM: Processing: burstnet cookie
    9:45 PM: Processing: apmebf cookie
    9:45 PM: Processing: apmebf cookie
    9:45 PM: Processing: overture cookie
    9:45 PM: Processing: adlegend cookie
    9:45 PM: Processing: server.iad.liveperson cookie
    9:45 PM: Processing: tendollars cookie
    9:45 PM: Processing: advertising cookie
    9:45 PM: Processing: advertising cookie
    9:45 PM: Processing: advertising cookie
    9:45 PM: Processing: fastclick cookie
    9:45 PM: Processing: mediaplex cookie
    9:45 PM: Processing: mediaplex cookie
    9:45 PM: Processing: sextracker cookie
    9:45 PM: Processing: sextracker cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: go.com cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: realmedia cookie
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: command
    9:45 PM: Processing: mirar webband
    9:45 PM: Processing: mirar webband
    9:45 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mirar webband
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: mrfindalot hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: findthewebsiteyouneed hijack
    9:44 PM: Processing: 7search
    9:44 PM: Processing: 7search
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: targetsaver
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:44 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: surfsidekick
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: linkmaker
    9:43 PM: Processing: trojan-dropper-joiner
    9:43 PM: Processing: trojan-dropper-joiner
    9:43 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: trojan-dropper-joiner
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: siteerror hijacker
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: bookedspace
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: cas
    9:42 PM: Processing: trojan-dh
    9:42 PM: Processing: trojan-dh
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: dollarrevenue
    9:42 PM: Processing: zquest
    9:42 PM: Processing: zquest
    9:42 PM: Processing: zquest
    9:42 PM: Processing: zquest
    9:42 PM: Processing: trojan-downloader-basebar
    9:42 PM: Processing: trojan-downloader-basebar
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: forethought
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:42 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: zenosearchassistant
    9:41 PM: Processing: visfx
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: purityscan
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: look2me
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:41 PM: Processing: clkoptimizer
    9:40 PM: Processing: trojan-downloader-ac2
    9:40 PM: Processing: trojan-downloader-ac2
    9:40 PM: Processing: trojan-downloader-ac2
    9:40 PM: Deletion from quarantine initiated
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:39 PM: Shield States
    9:38 PM: Spyware Definitions: 724
    9:37 PM: Spy Sweeper 5.0.5.1286 started
     
  13. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    5:46 PM: | End of Session, Sunday, July 23, 2006 |
    5:46 PM: Detected running threat: surfsidekick
    5:46 PM: Memory Shield: Found: Memory-resident threat surfsidekick, version 1.0.0.0
    5:46 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:44 PM: The Spy Communication shield has blocked access to: ADS.SURFSIDEKICK.COM
    5:44 PM: The Spy Communication shield has blocked access to: ADS.SURFSIDEKICK.COM
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:41 PM: Startup Shield: Entry Denied: xynkam
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:41 PM: Startup Shield: Entry Denied: uvulc
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    5:40 PM: Warning: Access is denied
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    5:39 PM: Shield States
    5:39 PM: Spyware Definitions: 691
    5:38 PM: Spy Sweeper 5.0.5.1286 started
    5:38 PM: Spy Sweeper 5.0.5.1286 started
    5:38 PM: | Start of Session, Sunday, July 23, 2006 |
    ********
    5:58 PM: | End of Session, Sunday, July 23, 2006 |
    5:58 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:58 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:57 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:57 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:56 PM: Your spyware definitions have been updated.
    5:54 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:54 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:52 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:51 PM: Warning: Cannot create file "C:\Program Files\Webroot\Spy Sweeper\Quarantine\ssk233[2].ssq". The process cannot access the file because it is being used by another process
    5:51 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:50 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    5:50 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:49 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:49 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    5:49 PM: BHO Shield: found: -- BHO installation denied at user request
    5:49 PM: BHO Shield: found: -- BHO installation denied at user request
    5:48 PM: Sweep Status: 5 Items Found
    5:48 PM: Traces Found: 24
    5:48 PM: Memory Sweep Complete, Elapsed Time: 00:00:55
    5:48 PM: Sweep Canceled
    5:48 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    5:48 PM: ActiveX Shield: found: Adware: bookedspace, version 1.0.0.0 -- Installation denied
    5:48 PM: Detected running threat: C:\WINDOWS\cfg32o.dll (ID = 293973)
    5:47 PM: Detected running threat: C:\WINDOWS\cfg32r.dll (ID = 293975)
    5:47 PM: Detected running threat: C:\WINDOWS\cfg32p.dll (ID = 294098)
    5:47 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0
    5:47 PM: Starting Memory Sweep
    5:47 PM: C:\Program Files\System Files\System.exe (ID = 1126535)
    5:47 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || cas2 (ID = 1126535)
    5:47 PM: Found Adware: cas
    5:47 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
    5:47 PM: C:\WINDOWS\cfg32o.dll (ID = 1353164)
    5:47 PM: HKCR\clsid\{c68ae9c0-0909-4ddc-b661-c1afb9f59898}\inprocserver32\ (ID = 1353164)
    5:47 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353158)
    5:47 PM: C:\WINDOWS\system32\WinNB58.dll (ID = 1353157)
    5:47 PM: HKCR\clsid\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}\inprocserver32\ (ID = 1353157)
    5:47 PM: C:\WINDOWS\system32\WinDmy.dll (ID = 1353156)
    5:47 PM: HKCR\clsid\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}\inprocserver32\ (ID = 1353156)
    5:47 PM: Found Adware: mirar webband
    5:47 PM: C:\WINDOWS\cfg32p.dll (ID = 1353135)
    5:47 PM: HKCR\clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}\inprocserver32\ (ID = 1353135)
    5:47 PM: Found Adware: bookedspace
    5:47 PM: C:\WINDOWS\system32\swinppez.exe (ID = 1209951)
    5:47 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1209951)
    5:47 PM: Found Adware: zenosearchassistant
    5:47 PM: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 1055337)
    5:47 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\inprocserver32\ (ID = 1055337)
    5:47 PM: C:\Program Files\SurfSideKick 3\Ssk.exe (ID = 1055336)
    5:47 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055336)
    5:47 PM: Found Adware: surfsidekick
    5:46 PM: Sweep initiated using definitions version 691
    5:46 PM: Spy Sweeper 5.0.5.1286 started
    5:46 PM: | Start of Session, Sunday, July 23, 2006 |
    ********
    7:38 PM: Removal process completed. Elapsed time 00:17:22
    7:38 PM: Preparing to restart your computer. Please wait...
    7:38 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:38 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:38 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:38 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D7.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8D8.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:37 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:36 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST8DA.tmp". Reason: The system cannot find the file specified
    7:36 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:36 PM: Warning: Quarantine process could not restart Explorer.
    7:36 PM: Warning: Launched explorer.exe
    7:36 PM: surfsidekick is in use. It will be removed on reboot.
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:36 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:34 PM: Quarantining All Traces: surfsidekick
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST793.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST795.tmp". Reason: The system cannot find the file specified
    7:31 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    7:31 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:30 PM: Quarantining All Traces: stopzilla cookie
    7:30 PM: Quarantining All Traces: myaffiliateprogram.com cookie
    7:30 PM: Quarantining All Traces: tickle cookie
    7:30 PM: Quarantining All Traces: statcounter cookie
    7:30 PM: Quarantining All Traces: server.iad.liveperson cookie
    7:30 PM: Quarantining All Traces: searchadnetwork cookie
    7:30 PM: Quarantining All Traces: sextracker cookie
    7:30 PM: Quarantining All Traces: enhance cookie
    7:30 PM: Quarantining All Traces: zenotecnico cookie
    7:30 PM: Quarantining All Traces: 80503492 cookie
    7:30 PM: Quarantining All Traces: zedo cookie
    7:30 PM: Quarantining All Traces: upspiral cookie
    7:30 PM: Quarantining All Traces: stlyrics cookie
    7:30 PM: Quarantining All Traces: targetnet cookie
    7:30 PM: Quarantining All Traces: revenue.net cookie
    7:30 PM: Quarantining All Traces: valuead cookie
    7:30 PM: Quarantining All Traces: questionmarket cookie
    7:30 PM: Quarantining All Traces: qksrv cookie
    7:30 PM: Quarantining All Traces: popuptraffic cookie
    7:30 PM: Quarantining All Traces: mediaplex cookie
    7:30 PM: Quarantining All Traces: top-banners cookie
    7:30 PM: Quarantining All Traces: maxserving cookie
    7:30 PM: Quarantining All Traces: kmpads cookie
    7:30 PM: Quarantining All Traces: cassava cookie
    7:30 PM: Quarantining All Traces: directtrack cookie
    7:30 PM: Quarantining All Traces: bizrate cookie
    7:30 PM: Quarantining All Traces: searchingbooth cookie
    7:30 PM: Quarantining All Traces: a cookie
    7:30 PM: Quarantining All Traces: azjmp cookie
    7:30 PM: Quarantining All Traces: falkag cookie
    7:30 PM: Quarantining All Traces: apmebf cookie
    7:30 PM: Quarantining All Traces: hotbar cookie
    7:30 PM: Quarantining All Traces: 888 cookie
    7:30 PM: Quarantining All Traces: tendollars cookie
    7:30 PM: Quarantining All Traces: tacoda cookie
    7:30 PM: Quarantining All Traces: 2o7.net cookie
    7:30 PM: Quarantining All Traces: overture cookie
    7:30 PM: Quarantining All Traces: burstnet cookie
    7:30 PM: Quarantining All Traces: trb.com cookie
    7:30 PM: Quarantining All Traces: banner cookie
    7:30 PM: Quarantining All Traces: specificclick.com cookie
    7:30 PM: Quarantining All Traces: adlegend cookie
    7:30 PM: Quarantining All Traces: websponsors cookie
    7:30 PM: Quarantining All Traces: screensavers.com cookie
    7:30 PM: Quarantining All Traces: tribalfusion cookie
    7:30 PM: Quarantining All Traces: trafficmp cookie
    7:30 PM: Quarantining All Traces: pub cookie
    7:30 PM: Quarantining All Traces: partypoker cookie
    7:30 PM: Quarantining All Traces: offeroptimizer cookie
    7:30 PM: Quarantining All Traces: nextag cookie
    7:30 PM: Quarantining All Traces: realmedia cookie
    7:30 PM: Quarantining All Traces: fastclick cookie
    7:30 PM: Quarantining All Traces: exitexchange cookie
    7:30 PM: Quarantining All Traces: casalemedia cookie
    7:29 PM: Quarantining All Traces: go.com cookie
    7:29 PM: Quarantining All Traces: belnk cookie
    7:29 PM: Quarantining All Traces: atwola cookie
    7:29 PM: Quarantining All Traces: atlas dmt cookie
    7:29 PM: Quarantining All Traces: ask cookie
    7:29 PM: Quarantining All Traces: askmen cookie
    7:29 PM: Quarantining All Traces: advertising cookie
    7:29 PM: Quarantining All Traces: hbmediapro cookie
    7:29 PM: Quarantining All Traces: adknowledge cookie
    7:29 PM: Quarantining All Traces: yieldmanager cookie
    7:29 PM: Quarantining All Traces: about cookie
    7:29 PM: Quarantining All Traces: mrfindalot hijack
    7:29 PM: Quarantining All Traces: findthewebsiteyouneed hijack
    7:29 PM: Quarantining All Traces: powerstrip
    7:29 PM: Quarantining All Traces: 7search
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe is in use. It will be removed on reboot.
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll is in use. It will be removed on reboot.
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll is in use. It will be removed on reboot.
    7:29 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe is in use. It will be removed on reboot.
    7:29 PM: command is in use. It will be removed on reboot.
    7:29 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:29 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:29 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    7:29 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:29 PM: Spy Installation Shield: found: Adware: clkoptimizer, version 1.0.0.0
    7:28 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:28 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:28 PM: Quarantining All Traces: command
    7:28 PM: Quarantining All Traces: mirar webband
    7:28 PM: Quarantining All Traces: trojan-dh
    7:28 PM: Quarantining All Traces: zquest
    7:27 PM: Quarantining All Traces: trojan-dropper-joiner
    7:27 PM: Quarantining All Traces: trojan-downloader-basebar
    7:27 PM: Quarantining All Traces: siteerror hijacker
    7:27 PM: Quarantining All Traces: dollarrevenue
    7:27 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:27 PM: Quarantining All Traces: forethought
    7:27 PM: Quarantining All Traces: targetsaver
    7:27 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:26 PM: Quarantining All Traces: linkmaker
    7:26 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:26 PM: Quarantining All Traces: cas
    7:26 PM: Quarantining All Traces: bookedspace
    7:26 PM: Quarantining All Traces: visfx
    7:26 PM: Quarantining All Traces: purityscan
    7:26 PM: Quarantining All Traces: trojan-downloader-ac2
    7:25 PM: Quarantining All Traces: look2me
    7:25 PM: C:\WINDOWS\system32\dmonwv.dll is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\yhjsao.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: C:\WINDOWS\system32\fojsrwy.dll is in use. It will be removed on reboot.
    7:25 PM: c:\windows\system32\yhjsao.exe is in use. It will be removed on reboot.
    7:25 PM: c:\windows\system32\fojsrwy.dll is in use. It will be removed on reboot.
    7:25 PM: c:\documents and settings\all users\start menu\programs\startup\rpvth.exe is in use. It will be removed on reboot.
    7:25 PM: c:\windows\system32\prbwa.exe is in use. It will be removed on reboot.
    7:25 PM: clkoptimizer is in use. It will be removed on reboot.
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:23 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:23 PM: Quarantining All Traces: clkoptimizer
    7:22 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
    7:22 PM: Quarantining All Traces: zenosearchassistant
    7:22 PM: Spy Installation Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Execution Denied
    7:21 PM: Removal process initiated
    7:19 PM: Traces Found: 545
    7:19 PM: Full Sweep has completed. Elapsed time 01:20:25
    Trace marked as Always Remove
    7:19 PM: C:\Documents and Settings\Armando\Application Data\Sskuknwrd.dll (ID = 315932)
    Trace marked as Always Remove
    7:19 PM: C:\Documents and Settings\Chito\Application Data\Sskdmns.dll (ID = 315933)
    Trace marked as Always Remove
    7:19 PM: C:\Documents and Settings\Chito\Application Data\Sskuknwrd.dll (ID = 315932)
    7:19 PM: File Sweep Complete, Elapsed Time: 01:00:20
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Zeno.lnk (ID = 1209951)
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Z_Start.lnk (ID = 301896)
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\SiteError Search\Uninstall.lnk (6 subtraces) (ID = 2147524535)
    7:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\SiteError Search\Readme.lnk (6 subtraces) (ID = 2147524535)
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:18 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:12 PM: Warning: Failed to access drive E:
    7:12 PM: Warning: Failed to access drive D:
    7:12 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\krLQsqc4vV1nsqc3u3pd.vbs (ID = 185675)
    7:12 PM: C:\WINDOWS\system32\zxdnt3d.cfg (ID = 91140)
    Trace marked as Always Remove
    7:11 PM: C:\Documents and Settings\Guest\Application Data\Sskcwrd.dll (ID = 77712)
    7:10 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Zeno.lnk (ID = 146127)
    7:10 PM: C:\Documents and Settings\Armando\Start Menu\Programs\Startup\Z_Start.lnk (ID = 235994)
    7:10 PM: C:\WINDOWS\system32\msnav32.ax (ID = 220229)
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:09 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    Trace marked as Always Remove
    7:09 PM: C:\Documents and Settings\Chito\Application Data\Sskcwrd.dll (ID = 77712)
    7:08 PM: C:\wd7gi8nnew.exe (ID = 305263)
    7:08 PM: C:\warebundlenewer.exe (ID = 168558)
    7:08 PM: C:\warebundle.exe (ID = 168558)
    7:08 PM: C:\WINDOWS\wallpap.exe (ID = 309645)
    7:08 PM: C:\WINDOWS\system32\VSL05.exe (ID = 299775)
    7:08 PM: C:\VSL02.exe (ID = 290920)
    7:08 PM: C:\WINDOWS\v1201.exe (ID = 186060)
    7:08 PM: C:\Documents and Settings\Chito\Local Settings\Temp\tp7543.exe (ID = 209705)
    7:08 PM: C:\WINDOWS\system32\ZICORN003.exe (ID = 301896)
    7:08 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\tsupdate2[1].ini (ID = 193498)
    Trace marked as Always Remove
    7:08 PM: C:\WINDOWS\system32\bk.exe (ID = 296030)
    7:08 PM: C:\WINDOWS\system32\ssec.exe (ID = 296018)
    Trace marked as Always Remove
    7:08 PM: C:\SS1001newer.exe (ID = 215896)
    Trace marked as Always Remove
    7:08 PM: C:\SS1001.exe (ID = 215896)
    7:08 PM: C:\siteError.exe (ID = 325654)
    7:08 PM: Warning: Failed to open file "c:\documents and settings\armando\local settings\temporary internet files\content.ie5\kpu3sl2b\zx-get-tpa[1].htm". The operation completed successfully
    7:08 PM: C:\RDFX4.exe (ID = 290920)
    7:08 PM: C:\numbsoft.exe (ID = 301341)
    7:08 PM: C:\WINDOWS\system32\nr1rnqm8.exe (ID = 320457)
    7:08 PM: C:\MTE3NDI6ODoxNgnew.exe (ID = 185985)
    7:08 PM: C:\WINDOWS\system32\tfthot.exe (ID = 315430)
    Trace marked as Always Remove
    7:08 PM: C:\Documents and Settings\Armando\Application Data\Sskknwrd.dll (ID = 77733)
    7:08 PM: C:\WINDOWS\system32\gbe90qs.exe (ID = 315432)
    7:08 PM: C:\Documents and Settings\Chito\Local Settings\Temp\f4855140.exe (ID = 268995)
     
  14. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    7:07 PM: C:\WINDOWS\cfg32o.dll (ID = 293973)
    7:07 PM: C:\WINDOWS\system32\x3cqp0.dll (ID = 315431)
    7:07 PM: C:\WINDOWS\cfg32r.dll (ID = 293975)
    7:07 PM: C:\WINDOWS\cfg32p.dll (ID = 294098)
    7:07 PM: C:\WINDOWS\cfg32s.dll (ID = 293976)
    7:07 PM: C:\WINDOWS\system32\dmonwv.dll (ID = 268799)
    7:07 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drsmartload[1].exe (ID = 298760)
    7:07 PM: C:\dist13.exe (ID = 295817)
    7:07 PM: C:\WINDOWS\cfg32a.exe (ID = 310417)
    7:07 PM: C:\Program Files\Cas2Stub\cas2stub.exe (ID = 295817)
    7:07 PM: C:\WINDOWS\876056.exe (ID = 319960)
    7:07 PM: C:\Program Files\Network Monitor\netmon.exe (ID = 231443)
    7:07 PM: C:\WINDOWS\MTE3NDI6ODoxNg.exe (ID = 185985)
    7:07 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\MTE3NDI6ODoxNg[1].exe (ID = 185985)
    7:07 PM: C:\drma.exe (ID = 300404)
    7:07 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\drma[1].exe (ID = 300404)
    7:07 PM: C:\Program Files\Online Services\horej.dll (ID = 301391)
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NwCplMonitor (ID = 0)
    7:07 PM: C:\WINDOWS\system32\redistributor.exe (ID = 293590)
    7:07 PM: C:\WINDOWS\system32\oodsregp.exe (ID = 293)
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Hhl7RfpJ (ID = 0)
    7:07 PM: C:\WINDOWS\system32\ssn6tuu.exe (ID = 315428)
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ftexc (ID = 0)
    7:07 PM: C:\WINDOWS\system32\mptft.exe (ID = 315439)
    7:07 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run || uvulc (ID = 0)
    7:07 PM: c:\windows\system32\yhjsao.exe (ID = 268995)
    7:07 PM: c:\windows\system32\fojsrwy.dll (ID = 268933)
    7:07 PM: C:\WINDOWS\system32\efyvm.dat (ID = 268995)
    7:07 PM: c:\documents and settings\all users\start menu\programs\startup\rpvth.exe (ID = 268995)
    Trace marked as Always Remove
    7:07 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKU\WRSS_Profile_S-1-5-21-1659004503-1801674531-1417001333-501\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
    Trace marked as Always Remove
    7:07 PM: C:\Program Files\SurfSideKick 3\Ssk.exe (ID = 297346)
    Trace marked as Always Remove
    7:07 PM: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 297347)
    7:07 PM: c:\windows\system32\prbwa.exe (ID = 268934)
    7:07 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\asappsrv.dll (ID = 144945)
    7:07 PM: c:\windows\system32\amhaluo.exe (ID = 268932)
    7:07 PM: C:\WINDOWS\QXJtYW5kbyBTYW5jaGV6\command.exe (ID = 144946)
    Trace marked as Always Remove
    7:06 PM: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 297348)
    Trace marked as Always Remove
    7:06 PM: C:\WINDOWS\system32\repairs303169587.dll (ID = 296028)
    7:06 PM: C:\WINDOWS\system32\atmtd.dll (ID = 166754)
    7:05 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\Installer[1].exe (ID = 168558)
    7:05 PM: C:\Installer3.exe (ID = 168558)
    7:04 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\YX7X7UAO\rcverlib[1].exe (ID = 209705)
    7:04 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\YX7X7UAO\installerwnus[1].exe (ID = 271215)
    7:03 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\4PQJSPI3\numbsoft[1].exe (ID = 301341)
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:01 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    7:01 PM: C:\warebundle3.exe (ID = 168558)
    7:01 PM: C:\626_101newer.exe (ID = 320775)
    7:01 PM: Found Adware: visfx
    7:01 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\cfg32[1].exe (ID = 294103)
    7:00 PM: C:\webnexmknew.exe (ID = 299757)
    7:00 PM: C:\WINDOWS\system32\tsuninst.exe (ID = 193501)
    Trace marked as Always Remove
    6:59 PM: C:\Documents and Settings\Chito\Application Data\Sskknwrd.dll (ID = 77733)
    6:59 PM: C:\WINDOWS\drsmartload46a.exe (ID = 325944)
    6:59 PM: C:\WINDOWS\drsmartload45a.exe (ID = 325944)
    6:59 PM: C:\Program Files\Common Files\mqfo\mqfod\class-barrel (ID = 78229)
    6:57 PM: C:\Program Files\Common Files\mqfo\mqfop.exe (ID = 195132)
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:53 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:53 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\KVCT5JKQ\wallpap[1].exe (ID = 303233)
    6:53 PM: Found Trojan Horse: trojan-dh
    6:52 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\installerwnus[1].exe (ID = 271215)
    6:52 PM: C:\Program Files\Common Files\mqfo\mqfod\vocabulary (ID = 78283)
    6:51 PM: C:\WINDOWS\system32\atmtd.dll._ (ID = 166754)
    6:50 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\installer[1].exe (ID = 231664)
    6:48 PM: C:\Installer.exe (ID = 168558)
    Trace marked as Always Remove
    6:47 PM: C:\Documents and Settings\Guest\Application Data\Sskknwrd.dll (ID = 77733)
    6:46 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\drsmartload45a[1].exe (ID = 325945)
    6:46 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\drsmartload46a[1].exe (ID = 325945)
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:45 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:45 PM: C:\Program Files\Common Files\mqfo\mqfoa.exe (ID = 195128)
    6:45 PM: C:\Program Files\Common Files\mqfo\mqfol.exe (ID = 195130)
    6:45 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || mqfo (ID = 0)
    6:45 PM: C:\Program Files\Common Files\mqfo\mqfom.exe (ID = 195131)
    6:45 PM: C:\WINDOWS\stub_113_4_0_4_0.exe (ID = 193995)
    6:45 PM: C:\WINDOWS\uninstall_nmon.vbs (ID = 231442)
    6:43 PM: C:\Documents and Settings\Armando\Local Settings\Temp\tp7543.exe (ID = 209705)
    6:43 PM: C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\2XOGQBTO\rcverlib[1].exe (ID = 209705)
    6:43 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\!update-3820[1].0000 (ID = 296574)
    6:43 PM: C:\Documents and Settings\LocalService\Application Data\s?mbols\dvdplay.exe (ID = 296574)
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:37 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:36 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\defender20[1].exe (ID = 295803)
    6:35 PM: C:\WINDOWS\system32\jiub5f27y.hhy (ID = 276229)
    6:35 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\newname20[1].exe (ID = 295805)
    6:34 PM: C:\Documents and Settings\Chito\Local Settings\Temporary Internet Files\Content.IE5\4PQJSPI3\VSL02[1].exe (ID = 290920)
    6:34 PM: Found Adware: zquest
    Trace marked as Always Remove
    6:33 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\SS1001[1].exe (ID = 215896)
    6:33 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\defender22[1].exe (ID = 298754)
    6:33 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || Iccoq (ID = 0)
    6:33 PM: C:\WINDOWS\system32\?ssembly\n?tepad.exe (ID = 450)
    6:33 PM: Found Adware: purityscan
    6:32 PM: C:\Program Files\System Files\plugin.dll (ID = 316428)
    6:32 PM: C:\Program Files\SiteError Search\siteErr.dll (ID = 325673)
    6:32 PM: C:\numbsoftnew.exe (ID = 301341)
    6:32 PM: Found Trojan Horse: trojan-dropper-joiner
    6:32 PM: C:\WINDOWS\system32\sgcdb289.dll (ID = 320289)
    6:31 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\stub_113_4_0_4_0[1].exe (ID = 193995)
    6:31 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OPQRSTUV\stub_venthh[1].exe (ID = 294169)
    6:30 PM: C:\stub_venthh.exe (ID = 294169)
    6:30 PM: C:\WINDOWS\ssqbn.exe (ID = 323511)
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:29 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:29 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\newname22[1].exe (ID = 298758)
    6:29 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\newname21[1].exe (ID = 300306)
    6:29 PM: C:\WINDOWS\system32\w0087529.dll (ID = 320288)
    6:28 PM: C:\WINDOWS\yezyhzxv.exe (ID = 294100)
    6:28 PM: C:\WINDOWS\System32tfthot.exe (ID = 315430)
    6:28 PM: C:\stub_sca3.exe (ID = 294169)
    6:28 PM: C:\WINDOWS\System32ssec.exe (ID = 296018)
    6:27 PM: C:\WINDOWS\lt.exe (ID = 319946)
    6:27 PM: Found Trojan Horse: trojan-downloader-basebar
    6:27 PM: C:\WINDOWS\Uninstall.exe (ID = 301842)
    6:27 PM: C:\WINDOWS\system32\WinDmy.dll (ID = 70014)
    6:27 PM: C:\WINDOWS\system32\ftuninst.exe (ID = 315429)
    6:27 PM: C:\WINDOWS\System32ftuninst.exe (ID = 315429)
    6:25 PM: C:\drsmartload45a7d.exe (ID = 325334)
    6:25 PM: C:\stub_113_4_0_4_0newer.exe (ID = 193995)
    6:25 PM: C:\WINDOWS\system32\nt68rrtc12.sys (ID = 220230)
    6:25 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\keyboard22[1].exe (ID = 298757)
    6:25 PM: C:\Program Files\Common Files\mqfo\mqfod\mqfoc.dll (ID = 195129)
    6:24 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\keyboard20[1].exe (ID = 295804)
    6:23 PM: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\096NGDMJ\keyboard21[1].exe (ID = 300302)
    6:23 PM: C:\WINDOWS\unwn.exe (ID = 268798)
    6:22 PM: C:\ac3_0003.exe (ID = 319965)
    6:22 PM: Found Trojan Horse: trojan-downloader-ac2
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: DL.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:21 PM: The Spy Communication shield has blocked access to: STECH.WEB-NEXUS.NET
    6:20 PM: C:\WINDOWS\iconu.exe (ID = 65721)
    6:20 PM: Found Adware: look2me
    6:20 PM: C:\WINDOWS\system32\dwdsregt.exe (ID = 235995)
    6:19 PM: C:\Program Files\Network Monitor (1 subtraces) (ID = 2147507525)
    6:19 PM: C:\Program Files\SiteError Search (6 subtraces) (ID = 2147524535)
    6:19 PM: C:\Documents and Settings\Armando\Start Menu\Programs\SiteError Search (2 subtraces) (ID = 2147524536)
    6:19 PM: C:\WINDOWS\zAbstract (6 subtraces) (ID = 2147518024)
    6:19 PM: C:\Program Files\Cas2Stub (1 subtraces) (ID = 2147500974)
    Trace marked as Always Remove
    6:19 PM: C:\Program Files\SurfSideKick 3 (3 subtraces) (ID = 2147523031)
     
  15. mando2123

    mando2123 Thread Starter

    Joined:
    Jun 28, 2005
    Messages:
    47
    6:18 PM: Starting File Sweep
    6:18 PM: Warning: Failed to access drive A:
    6:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:20
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3762)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3466)
    6:18 PM: Found Spy Cookie: stopzilla cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3312)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3032)
    6:18 PM: Found Spy Cookie: myaffiliateprogram.com cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2020)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3529)
    6:18 PM: Found Spy Cookie: tickle cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3447)
    6:18 PM: Found Spy Cookie: statcounter cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3361)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3341)
    6:18 PM: Found Spy Cookie: server.iad.liveperson cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3311)
    6:18 PM: Found Spy Cookie: searchadnetwork cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3235)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3213)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3111)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 6442)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2909)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2909)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2633)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3362)
    6:18 PM: Found Spy Cookie: sextracker cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2634)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2354)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2614)
    6:18 PM: Found Spy Cookie: enhance cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2270)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2253)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2650)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 2229)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2175)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 3859)
    6:18 PM: Found Spy Cookie: zenotecnico cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2019)
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][1].txt (ID = 2013)
    6:18 PM: Found Spy Cookie: 80503492 cookie
    6:18 PM: c:\documents and settings\armando\cookies\[email protected][2].txt (ID = 1957)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3762)
    6:18 PM: Found Spy Cookie: zedo cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3615)
    6:18 PM: Found Spy Cookie: upspiral cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3462)
    6:18 PM: Found Spy Cookie: stlyrics cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3587)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3581)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3489)
    6:18 PM: Found Spy Cookie: targetnet cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3257)
    6:18 PM: Found Spy Cookie: revenue.net cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3627)
    6:18 PM: Found Spy Cookie: valuead cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3235)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3217)
    6:18 PM: Found Spy Cookie: questionmarket cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3213)
    6:18 PM: Found Spy Cookie: qksrv cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3163)
    6:18 PM: Found Spy Cookie: popuptraffic cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3111)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 5014)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 6442)
    6:18 PM: Found Spy Cookie: mediaplex cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3548)
    6:18 PM: Found Spy Cookie: top-banners cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2966)
    6:18 PM: Found Spy Cookie: maxserving cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2909)
    6:18 PM: Found Spy Cookie: kmpads cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2728)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2528)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2633)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2293)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2527)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2362)
    6:18 PM: Found Spy Cookie: cassava cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2354)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3588)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2528)
    6:18 PM: Found Spy Cookie: directtrack cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2308)
    6:18 PM: Found Spy Cookie: bizrate cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2292)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2276)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3322)
    6:18 PM: Found Spy Cookie: searchingbooth cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2027)
    6:18 PM: Found Spy Cookie: a cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2270)
    6:18 PM: Found Spy Cookie: azjmp cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2255)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2293)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2253)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2245)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2247)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2650)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2650)
    6:18 PM: Found Spy Cookie: falkag cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2229)
    6:18 PM: Found Spy Cookie: apmebf cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2175)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 4207)
    6:18 PM: Found Spy Cookie: hotbar cookie
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 2768)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2072)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][2].txt (ID = 3665)
    6:18 PM: c:\documents and settings\chito\cookies\[email protected][1].txt (ID = 2019)
    6:18 PM: Found Spy Cookie: 888 cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 6367)
    6:18 PM: Found Spy Cookie: tendollars cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 3587)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 6444)
    6:18 PM: Found Spy Cookie: tacoda cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 5014)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2728)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 1958)
    6:18 PM: Found Spy Cookie: 2o7.net cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2293)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 3106)
    6:18 PM: Found Spy Cookie: overture cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2336)
    6:18 PM: Found Spy Cookie: burstnet cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 3588)
    6:18 PM: Found Spy Cookie: trb.com cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2292)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2276)
    6:18 PM: Found Spy Cookie: banner cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2255)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2293)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2245)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2355)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 3400)
    6:18 PM: Found Spy Cookie: specificclick.com cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2074)
    6:18 PM: Found Spy Cookie: adlegend cookie
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 2072)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\sandee\cookies\[email protected][2].txt (ID = 3665)
    6:18 PM: Found Spy Cookie: websponsors cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3298)
    6:18 PM: Found Spy Cookie: screensavers.com cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3589)
    6:18 PM: Found Spy Cookie: tribalfusion cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3581)
    6:18 PM: Found Spy Cookie: trafficmp cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3235)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3205)
    6:18 PM: Found Spy Cookie: pub cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3111)
    6:18 PM: Found Spy Cookie: partypoker cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 3087)
    6:18 PM: Found Spy Cookie: offeroptimizer cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 5014)
    6:18 PM: Found Spy Cookie: nextag cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3236)
    6:18 PM: Found Spy Cookie: realmedia cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2728)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2728)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2651)
    6:18 PM: Found Spy Cookie: fastclick cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2633)
    6:18 PM: Found Spy Cookie: exitexchange cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2293)
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2354)
    6:18 PM: Found Spy Cookie: casalemedia cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2729)
    6:18 PM: Found Spy Cookie: go.com cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2292)
    6:18 PM: Found Spy Cookie: belnk cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2255)
    6:18 PM: Found Spy Cookie: atwola cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2253)
    6:18 PM: Found Spy Cookie: atlas dmt cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2245)
    6:18 PM: Found Spy Cookie: ask cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2247)
    6:18 PM: Found Spy Cookie: askmen cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 2175)
    6:18 PM: Found Spy Cookie: advertising cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2768)
    6:18 PM: Found Spy Cookie: hbmediapro cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2072)
    6:18 PM: Found Spy Cookie: adknowledge cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][1].txt (ID = 3751)
    6:18 PM: Found Spy Cookie: yieldmanager cookie
    6:18 PM: c:\documents and settings\guest\cookies\[email protected][2].txt (ID = 2037)
    6:18 PM: Found Spy Cookie: about cookie
    6:18 PM: Starting Cookie Sweep
    6:18 PM: Registry Sweep Complete, Elapsed Time:00:01:46
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 1554019)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 1554018)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || Start Page (ID = 1554016)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-18\software\surfsidekick3\ (ID = 143412)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || start page (ID = 125239)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
    6:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || cas2 (ID = 871018)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\cas2\ (ID = 862278)
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\surfsidekick3\ (ID = 143412)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
    Trace marked as Always Remove
    6:18 PM: HKU\S-1-5-21-1659004503-1801674531-1417001333-1003\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - SurfSideKick more
  1. LiveOrRegret
    Replies:
    4
    Views:
    407
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485641

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice