Spy Sweeper:
********
13:39: | Start of Session, 13 February 2006 |
13:39: Spy Sweeper started
13:39: Sweep initiated using definitions version 613
13:39: Found Adware: surfsidekick
13:39: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055336)
13:39: Ssk.exe (ID = 1055336)
13:39: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\inprocserver32\ (2 subtraces) (ID = 1055337)
13:39: SskBho.dll (ID = 1055337)
13:39: Found Adware: findthewebsiteyouneed hijacker
13:39: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1145796)
13:39: winsysupd7.exe (ID = 1145796)
13:39: HKLM\software\microsoft\windows\currentversion\run\ || winsysban (ID = 1145797)
13:39: winsysban7.exe (ID = 1145797)
13:39: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
13:39: Ssk.exe (ID = 1055335)
13:39: Starting Memory Sweep
13:39: Detected running threat: C:\WINDOWS\system32\repairs302972994.dll (ID = 242406)
13:39: Found Adware: command
13:39: Detected running threat: C:\WINDOWS\anVzdGluIGZpZWxk\asappsrv.dll (ID = 144945)
13:40: Detected running threat: C:\WINDOWS\anVzdGluIGZpZWxk\command.exe (ID = 144946)
13:42: Detected running threat: C:\Program Files\Network Monitor\netmon.exe (ID = 231443)
13:45: Found Adware: effective-i toolbar
13:45: Detected running threat: C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (ID = 106574)
13:45: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 242398)
13:45: Detected running threat: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 242399)
13:46: Detected running threat: C:\Program Files\Common Files\VCClient\VCMain.exe (ID = 212830)
13:46: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
13:47: Detected running threat: C:\Program Files\Common Files\VCClient\VCClient.exe (ID = 212828)
13:47: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
13:47: Memory Sweep Complete, Elapsed Time: 00:07:59
13:47: Starting Registry Sweep
13:47: Found Adware: findthewebsiteyouneed hijack
13:47: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
13:47: HKCR\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (6 subtraces) (ID = 125653)
13:47: HKLM\software\classes\clsid\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (6 subtraces) (ID = 125656)
13:47: HKLM\software\effective-i\ (26 subtraces) (ID = 125658)
13:47: HKLM\software\microsoft\internet explorer\toolbar\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125665)
13:47: HKLM\software\microsoft\windows\currentversion\uninstall\ucmore - the search accelerator\ (9 subtraces) (ID = 125671)
13:47: Found Adware: internetoptimizer
13:47: HKCR\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128885)
13:47: HKLM\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}\ (8 subtraces) (ID = 128896)
13:47: HKLM\software\microsoft\windows\currentversion\uninstall\rotue\ (ID = 128925)
13:47: Found Adware: moneytree
13:47: HKCR\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}\ (8 subtraces) (ID = 135185)
13:48: Found Adware: elitemediagroup-mediamotor
13:48: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (23 subtraces) (ID = 140032)
13:48: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\inprocserver32\ (2 subtraces) (ID = 140081)
13:48: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\miscstatus\ (3 subtraces) (ID = 140082)
13:48: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\progid\ (1 subtraces) (ID = 140083)
13:48: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\toolboxbitmap32\ (1 subtraces) (ID = 140084)
13:48: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\typelib\ (1 subtraces) (ID = 140085)
13:48: HKLM\software\classes\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\version\ (1 subtraces) (ID = 140086)
13:48: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140131)
13:48: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (18 subtraces) (ID = 140223)
13:48: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
13:48: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
13:48: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
13:48: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
13:48: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
13:48: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
13:48: Found Adware: enbrowser
13:48: HKLM\software\system\sysold\ (3 subtraces) (ID = 926808)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
13:48: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
13:48: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (8 subtraces) (ID = 1016064)
13:48: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (10 subtraces) (ID = 1016072)
13:48: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
13:48: Found Adware: mirar webband
13:48: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
13:48: Found Trojan Horse: trojan-downloader-dh
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\dh\ (2 subtraces) (ID = 1057035)
13:48: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (2 subtraces) (ID = 1066860)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756)
13:48: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1121711)
13:48: HKLM\software\microsoft\windows\currentversion\run\ || winsysban (ID = 1121712)
13:48: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
13:48: Found Adware: winantispyware 2005
13:48: HKLM\software\winfixer_2006\ (ID = 1137189)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\effective-i\ (7 subtraces) (ID = 125657)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 subtraces) (ID = 125661)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\internet explorer\toolbar\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125662)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\surfsidekick3\ (3 subtraces) (ID = 143412)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\internet explorer\urlsearchhooks\ || _{02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 165102)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\system\sysuid\ (1 subtraces) (ID = 731748)
13:48: Found Adware: zquest
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\internet explorer\desktop\components\0\ || source (ID = 1140816)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965)
13:48: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966)
13:48: Registry Sweep Complete, Elapsed Time:00:01:08
13:48: Starting Cookie Sweep
13:48: Found Spy Cookie: burstbeacon cookie
13:48:
administrator@www.burstbeacon[1].txt (ID = 2335)
13:48: Found Spy Cookie: myaffiliateprogram.com cookie
13:48:
administrator@www.myaffiliateprogram[1].txt (ID = 3032)
13:49: Found Spy Cookie: 2o7.net cookie
13:49: justin@112.2o7[2].txt (ID = 1958)
13:49: Found Spy Cookie: 50881381 cookie
13:49: justin@50881381[2].txt (ID = 1981)
13:49: Found Spy Cookie: 64.62.232 cookie
13:49: justin@64.62.232[2].txt (ID = 1987)
13:49: Found Spy Cookie: 66.70.21 cookie
13:49: justin@66.70.21[1].txt (ID = 1999)
13:49: Found Spy Cookie: 888 cookie
13:49: justin@888[1].txt (ID = 2019)
13:49: justin@888[2].txt (ID = 2019)
13:49: Found Spy Cookie: websponsors cookie
13:49:
justin@a.websponsors[1].txt (ID = 3665)
13:49: Found Spy Cookie: aa cookie
13:49: justin@aa[2].txt (ID = 2029)
13:49: Found Spy Cookie: go.com cookie
13:49:
justin@abcnews.go[1].txt (ID = 2729)
13:49: Found Spy Cookie: about cookie
13:49: justin@about[1].txt (ID = 2037)
13:49: Found Spy Cookie: yieldmanager cookie
13:49:
justin@ad.yieldmanager[1].txt (ID = 3751)
13:49: Found Spy Cookie: epilot cookie
13:49:
justin@adcenter.epilot[1].txt (ID = 2622)
13:49: Found Spy Cookie: hbmediapro cookie
13:49:
justin@adopt.hbmediapro[1].txt (ID = 2768)
13:49: Found Spy Cookie: hotbar cookie
13:49:
justin@adopt.hotbar[2].txt (ID = 4207)
13:49: Found Spy Cookie: specificclick.com cookie
13:49:
justin@adopt.specificclick[1].txt (ID = 3400)
13:49: Found Spy Cookie: ads.businessweek cookie
13:49:
justin@ads.businessweek[1].txt (ID = 2113)
13:50: Found Spy Cookie: searchingbooth cookie
13:50:
justin@ads.searchingbooth[1].txt (ID = 3322)
13:50: Found Spy Cookie: revenue.net cookie
13:50:
justin@ads1.revenue[1].txt (ID = 3258)
13:50: Found Spy Cookie: hyperbanner cookie
13:50:
justin@ads12.hyperbanner[2].txt (ID = 2816)
13:50: Found Spy Cookie: bpath cookie
13:50:
justin@ads18.bpath[1].txt (ID = 2321)
13:50: Found Spy Cookie: aff6007 cookie
13:50: justin@aff6007[1].txt (ID = 2193)
13:50: Found Spy Cookie: affiliate cookie
13:50: justin@affiliate[1].txt (ID = 2199)
13:50: justin@affiliate[3].txt (ID = 2199)
13:50: Found Spy Cookie: anm.co.uk cookie
13:50:
justin@anm.co[2].txt (ID = 2223)
13:50: Found Spy Cookie: gostats cookie
13:50:
justin@as.gostats[2].txt (ID = 2748)
13:50: Found Spy Cookie: ask cookie
13:50: justin@ask[2].txt (ID = 2245)
13:50: Found Spy Cookie: atlas dmt cookie
13:50: justin@atdmt[2].txt (ID = 2253)
13:50: Found Spy Cookie: atwola cookie
13:50: justin@atwola[1].txt (ID = 2255)
13:50: Found Spy Cookie: azjmp cookie
13:50: justin@azjmp[2].txt (ID = 2270)
13:50: Found Spy Cookie: a cookie
13:50: justin@a[1].txt (ID = 2027)
13:50: Found Spy Cookie: paypopup cookie
13:50:
justin@banner.paypopup[1].txt (ID = 3120)
13:50:
justin@banners.searchingbooth[1].txt (ID = 3322)
13:50: Found Spy Cookie: bannerspace cookie
13:50: justin@bannerspace[2].txt (ID = 2284)
13:50: Found Spy Cookie: banners cookie
13:50: justin@banners[1].txt (ID = 2282)
13:50: justin@banners[2].txt (ID = 2282)
13:50: Found Spy Cookie: banner cookie
13:50: justin@banner[1].txt (ID = 2276)
13:50: justin@banner[3].txt (ID = 2276)
13:50: Found Spy Cookie: belnk cookie
13:50: justin@belnk[1].txt (ID = 2292)
13:50: Found Spy Cookie: bizrate cookie
13:50: justin@bizrate[1].txt (ID = 2308)
13:50: Found Spy Cookie: touchclarity cookie
13:50:
justin@bmw.touchclarity[1].txt (ID = 3566)
13:50:
justin@btow.touchclarity[1].txt (ID = 3566)
13:50: Found Spy Cookie: burstnet cookie
13:50: justin@burstnet[1].txt (ID = 2336)
13:50: Found Spy Cookie: enhance cookie
13:50:
justin@c.enhance[1].txt (ID = 2614)
13:50:
justin@c3.gostats[2].txt (ID = 2748)
13:50: Found Spy Cookie: cassava cookie
13:50: justin@cassava[1].txt (ID = 2362)
13:50: Found Spy Cookie: controlsearch cookie
13:50: justin@controlsearch[1].txt (ID = 2463)
13:50: Found Spy Cookie: tickle cookie
13:50:
justin@cookie.tickle[1].txt (ID = 3530)
13:50: Found Spy Cookie: customer cookie
13:50: justin@customer[1].txt (ID = 2481)
13:50: justin@customer[2].txt (ID = 2481)
13:50: justin@customer[3].txt (ID = 2481)
13:50: justin@customer[4].txt (ID = 2481)
13:50: justin@customer[5].txt (ID = 2481)
13:50: Found Spy Cookie: webtrendslive cookie
13:50: justin@dcsklxjd7oifwzramfu7ehxd9_2j2f[1].txt (ID = 3676)
13:50: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie
13:50: justin@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt (ID = 2501)
13:51: Found Spy Cookie: dealhelper cookie
13:51: justin@dealhelper[1].txt (ID = 2503)
13:51: Found Spy Cookie: dealtime cookie
13:51: justin@dealtime[1].txt (ID = 2505)
13:51: Found Spy Cookie: webtrends cookie
13:51:
justin@demo.webtrends[2].txt (ID = 3669)
13:51: Found Spy Cookie: did-it cookie
13:51: justin@did-it[2].txt (ID = 2523)
13:51:
justin@disney.store.go[1].txt (ID = 2729)
13:51:
justin@dist.belnk[2].txt (ID = 2293)
13:51: Found Spy Cookie: exitexchange cookie
13:51: justin@exitexchange[1].txt (ID = 2633)
13:51:
justin@experts.about[1].txt (ID = 2038)
13:51: Found Spy Cookie: fe.lea.lycos.com cookie
13:51:
justin@fe.lea.lycos[1].txt (ID = 2660)
13:51:
justin@ford.touchclarity[1].txt (ID = 3566)
13:51: Found Spy Cookie: gamespy cookie
13:51: justin@gamespy[1].txt (ID = 2719)
13:51: Found Spy Cookie: go2net.com cookie
13:51: justin@go2net[1].txt (ID = 2730)
13:51: Found Spy Cookie: goldenpalace cookie
13:51: justin@goldenpalace[2].txt (ID = 2734)
13:51: justin@gostats[2].txt (ID = 2747)
13:51: Found Spy Cookie: gotoast cookie
13:51: justin@gotoast[1].txt (ID = 2751)
13:51: justin@go[2].txt (ID = 2728)
13:51: justin@go[3].txt (ID = 2728)
13:51:
justin@graphicssoft.about[1].txt (ID = 2038)
13:51: Found Spy Cookie: starware.com cookie
13:51:
justin@h.starware[2].txt (ID = 3442)
13:51: Found Spy Cookie: clickandtrack cookie
13:51:
justin@hits.clickandtrack[1].txt (ID = 2397)
13:51: Found Spy Cookie: homestore cookie
13:51: justin@homestore[1].txt (ID = 2793)
13:51: Found Spy Cookie: hpm001 cookie
13:51: justin@hpm001[1].txt (ID = 2807)
13:51: Found Spy Cookie: hypertracker.com cookie
13:51: justin@hypertracker[2].txt (ID = 2817)
13:51: Found Spy Cookie: screensavers.com cookie
13:51:
justin@i.screensavers[1].txt (ID = 3298)
13:51:
justin@javascript.about[1].txt (ID = 2038)
13:51: Found Spy Cookie: kmpads cookie
13:51: justin@kmpads[2].txt (ID = 2909)
13:51: Found Spy Cookie: techtarget cookie
13:51:
justin@knowledgestorm.techtarget[1].txt (ID = 3500)
13:51: Found Spy Cookie: kount cookie
13:51: justin@kount[1].txt (ID = 2911)
13:51: Found Spy Cookie: linkexchange cookie
13:51: justin@linkexchange[1].txt (ID = 2920)
13:51: Found Spy Cookie: top-banners cookie
13:51:
justin@media.top-banners[1].txt (ID = 3548)
13:51: Found Spy Cookie: ugo cookie
13:51:
justin@mediamgr.ugo[2].txt (ID = 3609)
13:51: Found Spy Cookie: qsrch cookie
13:51:
justin@moniker.qsrch[2].txt (ID = 3216)
13:51:
justin@msn.touchclarity[2].txt (ID = 3566)
13:51: Found Spy Cookie: nextag cookie
13:51: justin@nextag[2].txt (ID = 5014)
13:51:
justin@ondemand.webtrends[2].txt (ID = 3669)
13:51: justin@partygaming.122.2o7[1].txt (ID = 1958)
13:51: Found Spy Cookie: partypoker cookie
13:51: justin@partypoker[1].txt (ID = 3111)
13:51: justin@paypopup[1].txt (ID = 3119)
13:51: Found Spy Cookie: mircx cookie
13:51:
justin@pop.mircx[2].txt (ID = 2998)
13:51: Found Spy Cookie: pricegrabber cookie
13:51: justin@pricegrabber[1].txt (ID = 3185)
13:51:
justin@product.webtrends[1].txt (ID = 3669)
13:51: Found Spy Cookie: rc cookie
13:51: justin@rc[1].txt (ID = 3231)
13:51: Found Spy Cookie: rightmedia cookie
13:51: justin@rightmedia[2].txt (ID = 3259)
13:51: Found Spy Cookie: rn11 cookie
13:51: justin@rn11[2].txt (ID = 3261)
13:51: Found Spy Cookie: co cookie
13:51:
justin@rs0.co[1].txt (ID = 2430)
13:51: Found Spy Cookie: s152531 cookie
13:51: justin@S152531[2].txt (ID = 3273)
13:51:
justin@search.about[1].txt (ID = 2038)
13:51: Found Spy Cookie: domain sponsor cookie
13:51:
justin@search.domainsponsor[1].txt (ID = 2534)
13:51:
justin@searchcio.techtarget[1].txt (ID = 3500)
13:51: justin@searchingbooth[2].txt (ID = 3321)
13:51:
justin@searchportal.domainsponsor[1].txt (ID = 2534)
13:51: Found Spy Cookie: overture cookie
13:51:
justin@secure.overture[1].txt (ID = 3106)
13:51: Found Spy Cookie: web-stat cookie
13:51:
justin@server3.web-stat[2].txt (ID = 3649)
13:51: Found Spy Cookie: servlet cookie
13:51: justin@servlet[2].txt (ID = 3345)
13:51:
justin@sitematch.overture[1].txt (ID = 3106)
13:51:
justin@smac.sitematch.overture[1].txt (ID = 3106)
13:51:
justin@stat.dealtime[2].txt (ID = 2506)
13:51: Found Spy Cookie: clicktracks cookie
13:51:
justin@stats.clicktracks[2].txt (ID = 2407)
13:51: Found Spy Cookie: stats.klsoft.com cookie
13:51:
justin@stats.klsoft[1].txt (ID = 3451)
13:51: Found Spy Cookie: reliablestats cookie
13:51:
justin@stats1.reliablestats[1].txt (ID = 3254)
13:51: Found Spy Cookie: tacoda cookie
13:51: justin@tacoda[1].txt (ID = 6444)
13:51: justin@techtarget[1].txt (ID = 3499)
13:51:
justin@theaa.touchclarity[1].txt (ID = 3566)
13:51: Found Spy Cookie: tracking cookie
13:51: justin@tracking[1].txt (ID = 3571)
13:51:
justin@webtracking.touchclarity[1].txt (ID = 3566)
13:51: Found Spy Cookie: trb.com cookie
13:51:
justin@wgntv.trb[1].txt (ID = 3588)
13:51: Found Spy Cookie: wizzle cookie
13:51: justin@wizzle[1].txt (ID = 3695)
13:51: justin@www.888[2].txt (ID = 2020)
13:51:
justin@www.burstbeacon[1].txt (ID = 2335)
13:51:
justin@www.clicktracks[2].txt (ID = 2407)
13:51: Found Spy Cookie: clickxchange adware cookie
13:51:
justin@www.clickxchange[1].txt (ID = 2409)
13:51: Found Spy Cookie: clickz cookie
13:51:
justin@www.clickz[1].txt (ID = 2411)
13:51: Found Spy Cookie: directtrack cookie
13:51:
justin@www.directtrack[1].txt (ID = 2528)
13:51:
justin@www.epilot[2].txt (ID = 2622)
13:51: Found Spy Cookie: findwhat cookie
13:51:
justin@www.findwhat[1].txt (ID = 2675)
13:51: Found Spy Cookie: dbbsrv cookie
13:51:
justin@www.fun.com.18345.fb.dbbsrv[2].txt (ID = 2500)
13:51:
justin@www.go[1].txt (ID = 2729)
13:51:
justin@www.hypertracker[2].txt (ID = 2818)
13:51: Found Spy Cookie: jumptothat cookie
13:51:
justin@www.jumptothat[1].txt (ID = 2894)
13:51:
justin@www.myaffiliateprogram[2].txt (ID = 3032)
13:51: Found Spy Cookie: mytemplatestorage cookie
13:51:
justin@www.mytemplatestorage[1].txt (ID = 3050)
13:51: Found Spy Cookie: popuptraffic cookie
13:51:
justin@www.popuptraffic[2].txt (ID = 3164)
13:51: Found Spy Cookie: portland.co cookie
13:51:
justin@www.portland.co[2].txt (ID = 3180)
13:51:
justin@www.screensavers[2].txt (ID = 3298)
13:51:
justin@www.searchingbooth[2].txt (ID = 3322)
13:51: Found Spy Cookie: seek-zone cookie
13:51:
justin@www.seek-zone[1].txt (ID = 3330)
13:51:
justin@www.starware[1].txt (ID = 3442)
13:51:
justin@www.ugo[1].txt (ID = 3609)
13:51:
justin@www.web-stat[1].txt (ID = 3649)
13:51: Found Spy Cookie: wesearchall cookie
13:51:
justin@www.wesearchall[2].txt (ID = 3684)
13:51: Found Spy Cookie: xiti cookie
13:51: justin@xiti[1].txt (ID = 3717)
13:51: Found Spy Cookie: yadro cookie
13:51: justin@yadro[2].txt (ID = 3743)
13:51: Cookie Sweep Complete, Elapsed Time: 00:03:14
13:52: Starting File Sweep
13:52: Found Adware: orbit explorer
13:52: c:\program files\common files\oe (1 subtraces) (ID = -2147480516)
13:52: Found Adware: dealhelper
13:52: c:\documents and settings\all users\start menu\programs\d-helper web driver (1 subtraces) (ID = -2147481151)
13:52: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186)
13:52: c:\program files\common files\vcclient (9 subtraces) (ID = -2147461290)
13:52: c:\program files\thesearchaccelerator (7 subtraces) (ID = -2147481059)
13:52: c:\documents and settings\justin\start menu\programs\ucmore - the search accelerator (3 subtraces) (ID = -2147481062)
13:52: c:\program files\network monitor (1 subtraces) (ID = -2147459771)
13:53: Found Adware: deskwizz
13:53: a0121444.exe (ID = 240959)
13:53: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp403\a0121414.dll". Access is denied
13:54: a0122465.exe (ID = 240959)
13:54: Found Adware: look2me
13:54: a0121349.dll (ID = 159)
13:54: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp403\a0121396.dll". Access is denied
13:54: Found Adware: dollarrevenue
13:54: dc2571.exe (ID = 216545)
13:54: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0121441.dll". Access is denied
13:54: a0121386.exe (ID = 240959)
13:55: a0122487.dll (ID = 59843)
13:55: Found Trojan Horse: lzio
13:55: wintask.vir (ID = 81002)
13:55: a0122501.exe (ID = 216718)
13:55: vcclient.exe (ID = 212828)
13:55: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
13:56: iucmore.dll (ID = 59843)
13:56: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp403\a0121376.ocx". Access is denied
13:56: Found Adware: purityscan
13:56: a0123185.exe (ID = 73191)
13:56: a0122512.exe (ID = 133210)
13:56: repairs302972994.dll (ID = 242406)
13:56: installer.exe (ID = 73121)
13:56: ss1001.exe (ID = 216718)
13:56: vcupdate.exe.config (ID = 212361)
13:56: installer.exe (ID = 168558)
13:57: a0121418.exe (ID = 240959)
13:57: a0119485.exe (ID = 212830)
13:57: a0121399.exe (ID = 240959)
13:57: dc2570.exe (ID = 216545)
13:57: mt-uninstaller.exe (ID = 73191)
13:58: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122494.exe". Access is denied
13:58: vcmain.exe (ID = 212830)
13:58: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
13:58: a0123214.exe (ID = 242087)
13:58: vcupdate.exe (ID = 212831)
13:58: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122528.dll". Access is denied
13:58: mvr6l99s1.dll (ID = 159)
13:58: dh9013.exe (ID = 208497)
13:58: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0121458.dll". Access is denied
13:58: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122455.dll". Access is denied
14:00: a0122503.exe (ID = 59853)
14:00: sskbho.dll (ID = 242398)
14:00: Found Adware: targetsaver
14:00: a0122510.exe (ID = 193501)
14:00: a0123208.exe (ID = 242116)
14:00: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp402\a0120304.ocx". Access is denied
14:01: a0123212.exe (ID = 125346)
14:01: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp402\a0121355.ocx". Access is denied
14:01: a0123216.exe (ID = 242088)
14:01: sskknwrd.dll (ID = 77733)
14:02: a0123240.dll (ID = 159)
14:02: ucmoreiex.exe (ID = 59853)
14:03: a0121435.dll (ID = 159)
14:03: ssk.exe (ID = 242428)
14:03: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
14:03: HKU\S-1-5-21-1344734455-1439202154-709122288-1266\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
14:05: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122496.exe". Access is denied
14:05: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp401\a0119713.ocx". Access is denied
14:05: a0122504.exe (ID = 133208)
14:05: a0121390.dll (ID = 159)
14:06: backup-20060209-103502-897.dll (ID = 208226)
14:06: a0123184.dll (ID = 133227)
14:06: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122499.exe". Access is denied
14:07: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp402\a0120327.ocx". Access is denied
14:07: a0119486.exe (ID = 212831)
14:08: a0123210.ocx (ID = 74058)
14:08: a0122493.dll (ID = 163672)
14:09: a0122509.dll (ID = 163672)
14:09: bk.exe (ID = 242377)
14:10: tsupdate2[1].ini (ID = 193498)
14:13: ucmtsaie.dll (ID = 106574)
14:13: a0123215.exe (ID = 239527)
14:14: a0121408.dll (ID = 159)
14:14: a0122522.dll (ID = 144945)
14:14: a0119484.config (ID = 212361)
14:15: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122477.exe". Access is denied
14:15: a0120298.dll (ID = 215893)
14:15: a0121452.dll (ID = 159)
14:15: a0121329.dll (ID = 159)
14:16: a0120294.exe (ID = 216230)
14:16: a0122520.dll (ID = 159)
14:16: a0123203.exe (ID = 242116)
14:16: a0120291.dll (ID = 240920)
14:17: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122500.exe". Access is denied
14:17: uninstall_nmon.vbs (ID = 231442)
14:18: a0122521.exe (ID = 144946)
14:19: a0123213.exe (ID = 239528)
14:19: a0122519.dll (ID = 159)
14:20: a0123224.dll (ID = 159)
14:20: r08slal71dq.dll (ID = 159)
14:20: a0120293.exe (ID = 216712)
14:21: wgnbrand.dll (ID = 159)
14:21: a0123207.exe (ID = 242087)
14:24: a0123188.dll (ID = 159)
14:24: a0122490.dll (ID = 106574)
14:25: a0122511.dll (ID = 70014)
14:26: temp.fr7ab1 (ID = 159)
14:26: rgsmxs.dll (ID = 159)
14:26: temp.frea2a (ID = 159)
14:27: a0123220.dll (ID = 159)
14:28: a0123222.exe (ID = 81002)
14:28: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122478.exe". Access is denied
14:29: winsysupd6.exe (ID = 243652)
14:29: a0122514.exe (ID = 212828)
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp403\a0121378.dll". Access is denied
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122479.exe". Access is denied
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122506.dll". Access is denied
14:29: netmon.exe (ID = 231443)
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122480.exe". Access is denied
14:29: command.exe (ID = 144946)
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122498.exe". Access is denied
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122481.exe". Access is denied
14:29: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122482.exe". Access is denied
14:29: wallpap.exe (ID = 240959)
14:29: a0121405.dll (ID = 208226)
14:30: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122513.dll". Access is denied
14:30: asappsrv.dll (ID = 144945)
14:30: a0121368.dll (ID = 159)
14:30: winsysban6.exe (ID = 243651)
14:31: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122483.exe". Access is denied
14:31: a0122497.dll (ID = 195129)
14:31: Found Adware: apropos
14:31: a0122508.dll (ID = 166754)
14:31: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122502.exe". Access is denied
14:31: a0123236.dll (ID = 159)
14:32: Warning: Failed to open file "c:\system volume information\_restore{c7314aa2-e842-4091-b22f-b766d3876805}\rp404\a0122505.exe". Access is denied
14:32: cobview.dll (ID = 159)
14:32: atmtd.dll (ID = 166754)
14:32: a0122495.exe (ID = 168558)
14:32: vocabulary (ID = 78283)
14:32: class-barrel (ID = 78229)
14:33: iejp81k.dll (ID = 159)
14:33: srgina.dll (ID = 159)
14:33: atmtd.dll._ (ID = 166754)
14:33: a0122451.dll (ID = 159)
14:33: a0121451.dll (ID = 159)
14:34: q4ps0e77eh.dll (ID = 159)
14:35: sskcore.dll (ID = 242399)
14:38: redirector.dll (ID = 71705)
14:38: a0123228.dll (ID = 163672)
14:38: wantrust.dll (ID = 159)
14:38: a0120292.dll (ID = 216713)
14:39: newfrn[1].ini (ID = 239476)
14:39: a0119712.ini (ID = 238253)
14:39: setup[1].ini (ID = 238253)
14:39: a0121385.ini (ID = 238253)
14:39: clientupdater.bat (ID = 212353)
14:39: vcclient.exe.config (ID = 212358)
14:39: myupdates.dat (ID = 198788)
14:39: ucmore tour.lnk (ID = 59855)
14:39: how to uninstall.lnk (ID = 59838)
14:39: backup-20060209-103502-897.inf (ID = 208224)
14:39: a0119236.ini (ID = 238253)
14:39: a0122492.bat (ID = 212353)
14:39: a0122515.config (ID = 212358)
14:39: ubpwx35rk3tdtqu4.vbs (ID = 185675)
14:39: a0122486.lnk (ID = 59855)
14:39: a0122484.lnk (ID = 59838)
14:41: Warning: Unhandled Archive Type
14:44: Warning: Cannot create file "C:\WINDOWS\Temp\1433SST4B.0\include\pclzip\". The system cannot find the path specified
14:47: Warning: Unhandled Archive Type
14:54: Warning: Unhandled Archive Type
14:56: File Sweep Complete, Elapsed Time: 01:04:14
14:56: Full Sweep has completed. Elapsed time 01:17:00
14:56: Traces Found: 595
15:07: Removal process initiated
15:07: Quarantining All Traces: look2me
15:08: look2me is in use. It will be removed on reboot.
15:08: mvr6l99s1.dll is in use. It will be removed on reboot.
15:08: rgsmxs.dll is in use. It will be removed on reboot.
15:08: q4ps0e77eh.dll is in use. It will be removed on reboot.
15:08: Quarantining All Traces: lzio
15:08: Quarantining All Traces: purityscan
15:08: Quarantining All Traces: apropos
15:08: Quarantining All Traces: dollarrevenue
15:08: Quarantining All Traces: enbrowser
15:08: Quarantining All Traces: internetoptimizer
15:08: Quarantining All Traces: orbit explorer
15:08: Quarantining All Traces: surfsidekick
15:10: Warning: QF[866]: CmprsF(): The operation completed successfully
15:10: surfsidekick is in use. It will be removed on reboot.
15:10: Ssk.exe is in use. It will be removed on reboot.
15:10: SskBho.dll is in use. It will be removed on reboot.
15:10: Ssk.exe is in use. It will be removed on reboot.
15:10: c:\program files\surfsidekick 3 is in use. It will be removed on reboot.
15:10: repairs302972994.dll is in use. It will be removed on reboot.
15:10: vcmain.exe is in use. It will be removed on reboot.
15:10: sskbho.dll is in use. It will be removed on reboot.
15:10: ssk.exe is in use. It will be removed on reboot.
15:10: sskcore.dll is in use. It will be removed on reboot.
15:10: C:\WINDOWS\system32\repairs302972994.dll is in use. It will be removed on reboot.
15:10: C:\Program Files\SurfSideKick 3\SskBho.dll is in use. It will be removed on reboot.
15:10: C:\Program Files\SurfSideKick 3\SskCore.dll is in use. It will be removed on reboot.
15:10: C:\Program Files\Common Files\VCClient\VCMain.exe is in use. It will be removed on reboot.
15:10: C:\Program Files\Common Files\VCClient\VCClient.exe is in use. It will be removed on reboot.
15:10: Quarantining All Traces: trojan-downloader-dh
15:10: Quarantining All Traces: zquest
15:10: Quarantining All Traces: command
15:10: command is in use. It will be removed on reboot.
15:10: netmon.exe is in use. It will be removed on reboot.
15:10: command.exe is in use. It will be removed on reboot.
15:10: asappsrv.dll is in use. It will be removed on reboot.
15:10: C:\WINDOWS\anVzdGluIGZpZWxk\asappsrv.dll is in use. It will be removed on reboot.
15:10: C:\WINDOWS\anVzdGluIGZpZWxk\command.exe is in use. It will be removed on reboot.
15:10: C:\Program Files\Network Monitor\netmon.exe is in use. It will be removed on reboot.
15:10: Quarantining All Traces: dealhelper
15:10: Quarantining All Traces: deskwizz
15:10: Quarantining All Traces: effective-i toolbar
15:11: effective-i toolbar is in use. It will be removed on reboot.
15:11: ucmtsaie.dll is in use. It will be removed on reboot.
15:11: Quarantining All Traces: elitemediagroup-mediamotor
15:11: Quarantining All Traces: findthewebsiteyouneed hijacker
15:11: Quarantining All Traces: findthewebsiteyouneed hijack
15:11: Quarantining All Traces: mirar webband
15:11: Quarantining All Traces: moneytree
15:11: Quarantining All Traces: targetsaver
15:11: Quarantining All Traces: 2o7.net cookie
15:11: Quarantining All Traces: 50881381 cookie
15:11: Quarantining All Traces: 64.62.232 cookie
15:11: Quarantining All Traces: 66.70.21 cookie
15:11: Quarantining All Traces: 888 cookie
15:11: Quarantining All Traces: a cookie
15:11: Quarantining All Traces: aa cookie
15:11: Quarantining All Traces: about cookie
15:11: Quarantining All Traces: ads.businessweek cookie
15:11: Quarantining All Traces: aff6007 cookie
15:11: Quarantining All Traces: affiliate cookie
15:11: Quarantining All Traces: anm.co.uk cookie
15:11: Quarantining All Traces: ask cookie
15:11: Quarantining All Traces: atlas dmt cookie
15:11: Quarantining All Traces: atwola cookie
15:11: Quarantining All Traces: azjmp cookie
15:11: Quarantining All Traces: banner cookie
15:11: Quarantining All Traces: banners cookie
15:11: Quarantining All Traces: bannerspace cookie
15:11: Quarantining All Traces: belnk cookie
15:11: Quarantining All Traces: bizrate cookie
15:11: Quarantining All Traces: bpath cookie
15:11: Quarantining All Traces: burstbeacon cookie
15:11: Quarantining All Traces: burstnet cookie
15:11: Quarantining All Traces: cassava cookie
15:11: Quarantining All Traces: clickandtrack cookie
15:11: Quarantining All Traces: clicktracks cookie
15:11: Quarantining All Traces: clickxchange adware cookie
15:11: Quarantining All Traces: clickz cookie
15:11: Quarantining All Traces: co cookie
15:11: Quarantining All Traces: controlsearch cookie
15:11: Quarantining All Traces: customer cookie
15:11: Quarantining All Traces: dbbsrv cookie
15:11: Quarantining All Traces: dcskqeg2voifwznnd6alhtnei_8f3u cookie
15:11: Quarantining All Traces: dealhelper cookie
15:11: Quarantining All Traces: dealtime cookie
15:11: Quarantining All Traces: did-it cookie
15:11: Quarantining All Traces: directtrack cookie
15:11: Quarantining All Traces: domain sponsor cookie
15:11: Quarantining All Traces: enhance cookie
15:11: Quarantining All Traces: epilot cookie
15:11: Quarantining All Traces: exitexchange cookie
15:11: Quarantining All Traces: fe.lea.lycos.com cookie
15:11: Quarantining All Traces: findwhat cookie
15:11: Quarantining All Traces: gamespy cookie
15:11: Quarantining All Traces: go.com cookie
15:11: Quarantining All Traces: go2net.com cookie
15:11: Quarantining All Traces: goldenpalace cookie
15:11: Quarantining All Traces: gostats cookie
15:11: Quarantining All Traces: gotoast cookie
15:11: Quarantining All Traces: hbmediapro cookie
15:11: Quarantining All Traces: homestore cookie
15:11: Quarantining All Traces: hotbar cookie
15:11: Quarantining All Traces: hpm001 cookie
15:11: Quarantining All Traces: hyperbanner cookie
15:11: Quarantining All Traces: hypertracker.com cookie
15:11: Quarantining All Traces: jumptothat cookie
15:11: Quarantining All Traces: kmpads cookie
15:11: Quarantining All Traces: kount cookie
15:11: Quarantining All Traces: linkexchange cookie
15:11: Quarantining All Traces: mircx cookie
15:11: Quarantining All Traces: myaffiliateprogram.com cookie
15:11: Quarantining All Traces: mytemplatestorage cookie
15:11: Quarantining All Traces: nextag cookie
15:11: Quarantining All Traces: overture cookie
15:11: Quarantining All Traces: partypoker cookie
15:11: Quarantining All Traces: paypopup cookie
15:11: Quarantining All Traces: popuptraffic cookie
15:11: Quarantining All Traces: portland.co cookie
15:11: Quarantining All Traces: pricegrabber cookie
15:11: Quarantining All Traces: qsrch cookie
15:11: Quarantining All Traces: rc cookie
15:11: Quarantining All Traces: reliablestats cookie
15:11: Quarantining All Traces: revenue.net cookie
15:11: Quarantining All Traces: rightmedia cookie
15:11: Quarantining All Traces: rn11 cookie
15:11: Quarantining All Traces: s152531 cookie
15:11: Quarantining All Traces: screensavers.com cookie
15:11: Quarantining All Traces: searchingbooth cookie
15:11: Quarantining All Traces: seek-zone cookie
15:11: Quarantining All Traces: servlet cookie
15:11: Quarantining All Traces: specificclick.com cookie
15:11: Quarantining All Traces: starware.com cookie
15:11: Quarantining All Traces: stats.klsoft.com cookie
15:11: Quarantining All Traces: tacoda cookie
15:11: Quarantining All Traces: techtarget cookie
15:11: Quarantining All Traces: tickle cookie
15:11: Quarantining All Traces: top-banners cookie
15:11: Quarantining All Traces: touchclarity cookie
15:11: Quarantining All Traces: tracking cookie
15:11: Quarantining All Traces: trb.com cookie
15:11: Quarantining All Traces: ugo cookie
15:11: Quarantining All Traces: websponsors cookie
15:11: Quarantining All Traces: web-stat cookie
15:11: Quarantining All Traces: webtrends cookie
15:11: Quarantining All Traces: webtrendslive cookie
15:11: Quarantining All Traces: wesearchall cookie
15:11: Quarantining All Traces: winantispyware 2005
15:11: Quarantining All Traces: wizzle cookie
15:11: Quarantining All Traces: xiti cookie
15:11: Quarantining All Traces: yadro cookie
15:11: Quarantining All Traces: yieldmanager cookie
15:12: Preparing to restart your computer. Please wait...
15:12: Removal process completed. Elapsed time 00:04:42
********
13:34: | Start of Session, 13 February 2006 |
13:34: Spy Sweeper started
13:37: Your spyware definitions have been updated.
13:39: | End of Session, 13 February 2006 |