Here's the Spysweeper log...
5:47 PM: | End of Session, Thursday, December 07, 2006 |
5:43 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
5:43 PM: Your spyware definitions have been updated.
5:42 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
5:41 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
5:41 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
5:41 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:39 PM: Shield States
5:39 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
5:39 PM: Spyware Definitions: 804
5:39 PM: Spy Sweeper 5.2.3.2132 started
5:39 PM: Spy Sweeper 5.2.3.2132 started
5:39 PM: | Start of Session, Thursday, December 07, 2006 |
********
8:09 PM: Removal process completed. Elapsed time 00:00:47
8:09 PM: Preparing to restart your computer. Please wait...
8:08 PM: Quarantining All Traces: 180search assistant/zango
8:08 PM: Quarantining All Traces: seekmo search assistant
8:08 PM: Quarantining All Traces: xren_cj cookie
8:08 PM: Quarantining All Traces: gamespy cookie
8:08 PM: Quarantining All Traces: go.com cookie
8:08 PM: Quarantining All Traces: adknowledge cookie
8:08 PM: Quarantining All Traces: about cookie
8:08 PM: c:\program files\messenger\saqymyh.html is in use. It will be removed on reboot.
8:08 PM: c:\program files\windows media player\visep.html is in use. It will be removed on reboot.
8:08 PM: deskwizz is in use. It will be removed on reboot.
8:08 PM: Quarantining All Traces: deskwizz
8:08 PM: Quarantining All Traces: mirar webband
8:08 PM: Quarantining All Traces: drsnsrch.com hijack
8:08 PM: Quarantining All Traces: engage sidebar
8:08 PM: Quarantining All Traces: zquest
8:08 PM: Quarantining All Traces: trojan-dropper-joiner
8:08 PM: Quarantining All Traces: surfsidekick
8:08 PM: Quarantining All Traces: trojan-dropper-mendoza
8:08 PM: Quarantining All Traces: trojan-downloader-basebar
8:08 PM: Quarantining All Traces: bookedspace
8:08 PM: Quarantining All Traces: zenosearchassistant
8:08 PM: Quarantining All Traces: purityscan
8:08 PM: Quarantining All Traces: trojan-downloader-iframecash.biz
8:08 PM: Quarantining All Traces: fullcontext
8:08 PM: Quarantining All Traces: trojan-downloader-zlob
8:08 PM: Quarantining All Traces: icannnews
8:08 PM: Removal process initiated
8:06 PM: Traces Found: 80
8:06 PM: Custom Sweep has completed. Elapsed time 02:18:11
8:06 PM: File Sweep Complete, Elapsed Time: 02:16:31
8:05 PM: C:\Documents and Settings\Killbomb\Start Menu\Programs\HQ Codec\Uninstall.lnk (1 subtraces) (ID = 2147528296)
8:01 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
8:01 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
8:01 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
8:01 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:46 PM: Warning: Unable to sweep compressed file: "c:\program files\vid_0e8fpid_0003\data1.cab": File not found
7:46 PM: Warning: Unable to sweep compressed file: External exception C0000006
7:44 PM: Warning: Stream read error
7:41 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:41 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
7:41 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:41 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
7:31 PM: Warning: Unable to sweep compressed file: External exception C0000006
7:30 PM: Warning: Unable to sweep compressed file: External exception C0000006
7:30 PM: Warning: Unable to sweep compressed file: External exception C0000006
7:21 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
7:21 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
7:21 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:21 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:04 PM: C:\Program Files\Netscape\Netscape\components\npclntax.xpt (ID = 146238)
7:04 PM: Found Adware: 180search assistant/zango
7:03 PM: C:\WINDOWS\system32\msnav32.ax (ID = 220229)
7:01 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
7:01 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
7:01 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:01 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
7:00 PM: C:\Documents and Settings\Killbomb\Application Data\Sskcwrd.dll (ID = 77712)
6:59 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\vid_0e8f&pid_0003\setup.exe". "c:\program files\vid_0e8fpid_0003\setup.exe": File not found
6:59 PM: C:\WINDOWS\system32\nt68rrtc12.sys (ID = 220230)
6:59 PM: Found Adware: zenosearchassistant
6:59 PM: Warning: Failed to open file "c:\documents and settings\killbomb\application data\mozilla\firefox\profiles\4vrvhtu6.default\parent.lock". The operation completed successfully
6:41 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
6:41 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
6:41 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
6:41 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
6:40 PM: Warning: Failed to read file "c:\program files\vivendi universal games\the simpsons hit run\art\frontend\scrooby2\bootup.p3d". Data error (cyclic redundancy check)
6:36 PM: c:\program files\?ecurity\n?lookup.exe (ID = 450)
6:36 PM: Found Adware: purityscan
6:35 PM: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run || PSHope (ID = 0)
6:35 PM: C:\Program Files\PSHope\PSHope.exe (ID = 319341)
6:35 PM: C:\!KillBox\user32.exe( 2) (ID = 430)
6:35 PM: C:\Program Files\Netscape\Netscape\plugins\npclntax.dll (ID = 311129)
6:35 PM: Found Adware: seekmo search assistant
6:35 PM: C:\!KillBox\user32.exe (ID = 430)
6:35 PM: Found Trojan Horse: trojan-downloader-iframecash.biz
6:32 PM: C:\Program Files\Messenger\saqymyh.html (ID = 310472)
6:32 PM: C:\Program Files\Windows Media Player\visep.html (ID = 323861)
6:32 PM: Found Adware: deskwizz
6:30 PM: C:\hjt\backups\backup-20060626-210743-321.dll (ID = 294098)
6:29 PM: C:\!KillBox\VSL02.exe (ID = 290920)
6:29 PM: Found Adware: zquest
6:29 PM: C:\!KillBox\VSL05.exe (ID = 299775)
6:29 PM: Found Trojan Horse: trojan-dropper-joiner
6:26 PM: C:\!KillBox\lt.exe (ID = 319946)
6:25 PM: Warning: Failed to read file "c:\program files\geneforge 2\data\scripts\z11smarsh.txt". Data error (cyclic redundancy check)
6:24 PM: C:\Documents and Settings\Killbomb\Application Data\Sskknwrd.dll (ID = 77733)
6:24 PM: Found Adware: surfsidekick
6:21 PM: Warning: Failed to read file "c:\program files\kalonline\map\tomb7\tex\d02_pat_07.gtx". Data error (cyclic redundancy check)
6:21 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
6:21 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
6:21 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
6:21 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
6:20 PM: C:\!KillBox\Mendoza1.exe (ID = 318893)
6:20 PM: Found Trojan Horse: trojan-dropper-mendoza
6:18 PM: Warning: Failed to read file "c:\documents and settings\killbomb\application data\real\realone player\history\nixflix.com presents- the mostly-daily site blogger.lnk". Data error (cyclic redundancy check)
6:18 PM: C:\System Volume Information\_restore{77300b5a-1c75-4ba0-96c1-0f7c2721f979}\RP1003\A0230452.exe (ID = 319960)
6:18 PM: Found Adware: mirar webband
6:17 PM: C:\System Volume Information\_restore{77300b5a-1c75-4ba0-96c1-0f7c2721f979}\RP1003\A0230454.exe (ID = 301842)
6:14 PM: Warning: Failed to read file "c:\program files\firaxis games\sid meier's civilization 4 demo\assets\python\system\wx\html.pyc". Data error (cyclic redundancy check)
6:14 PM: C:\!KillBox\ssqbn.exe (ID = 323511)
6:14 PM: Found Trojan Horse: trojan-downloader-basebar
6:13 PM: Warning: Could not scan c:\windows\microsoft.net\framework\v2.0.50727\microsoft.jscript.tlb with file offset match. Error: External exception C0000006
6:13 PM: C:\!KillBox\srvhirwxjg.exe (ID = 303274)
6:12 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\vid_0e8f&pid_0003\_setup.dll". "c:\program files\vid_0e8fpid_0003\_setup.dll": File not found
6:12 PM: Warning: Failed to read file "c:\windows\$ntservicepackuninstall$\arialbd.ttf". Data error (cyclic redundancy check)
6:11 PM: Warning: Failed to read file "c:\program files\mdickie\wrestling mpire demo\items\weapons\belt.3ds". Data error (cyclic redundancy check)
6:11 PM: Warning: Could not scan c:\vundofix\vundofix\unzip.exe with file offset match. Error: External exception C0000006
6:11 PM: Warning: Failed to read file "c:\documents and settings\killbomb\my documents\my games\dungeon siege 2\save\prefs.gas". Data error (cyclic redundancy check)
6:10 PM: Warning: Failed to read file "c:\program files\ea sports\tiger woods pga tour 2004\sounds\commentary\f_2k4_if81_04_a.mp3". Data error (cyclic redundancy check)
6:06 PM: C:\Program Files\PSHope (2 subtraces) (ID = 2147523606)
6:06 PM: C:\Program Files\HQ Codec (1 subtraces) (ID = 2147528296)
6:06 PM: C:\WINDOWS\zAbstract (4 subtraces) (ID = 2147518024)
6:06 PM: Found Adware: bookedspace
6:06 PM: C:\Documents and Settings\Killbomb\Start Menu\Programs\HQ Codec (1 subtraces) (ID = 2147531231)
6:05 PM: Warning: DDA Failure, error reading MFT: 401611. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0xCFACA3C00 Len :0x400
6:05 PM: Warning: DDA Failure, error reading MFT: 401610. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0xCFACA3800 Len :0x400
6:05 PM: Warning: DDA Failure, error reading MFT: 401609. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0xCFACA3400 Len :0x400
6:04 PM: Warning: DDA Failure, error reading MFT: 401608. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0xCFACA3000 Len :0x400
6:02 PM: Warning: DDA Failure, error reading MFT: 360767. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x20092FC00 Len :0x400
6:02 PM: Warning: DDA Failure, error reading MFT: 360766. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x20092F800 Len :0x400
6:01 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
6:01 PM: The Internet Communication shield has blocked access to: MEDIA.TOP-BANNERS.COM
6:01 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
6:01 PM: The Internet Communication shield has blocked access to: BANNERS.SEARCHINGBOOTH.COM
6:01 PM: Warning: DDA Failure, error reading MFT: 360765. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x20092F400 Len :0x400
6:00 PM: Warning: DDA Failure, error reading MFT: 347836. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x2189F2000 Len :0x400
5:57 PM: Warning: DDA Failure, error reading MFT: 339589. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x1FA239400 Len :0x400
5:56 PM: Warning: DDA Failure, error reading MFT: 339450. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x1FA216800 Len :0x400
5:55 PM: Warning: DDA Failure, error reading MFT: 339449. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x1FA216400 Len :0x400
5:55 PM: Warning: DDA Failure, error reading MFT: 339448. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x1FA216000 Len :0x400
5:53 PM: Warning: DDA Failure, error reading MFT: 332868. of: 498832. Fragments: 850. TVolumeNtNTFS.Read failed 1: Read starts at: 0x27BD78000 Len :0x400
5:49 PM: Starting File Sweep
5:49 PM: Warning: Failed to access drive A:
5:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@xren_cj[3].txt (ID = 3723)
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@xren_cj[2].txt (ID = 3723)
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@xren_cj[1].txt (ID = 3723)
5:49 PM: Found Spy Cookie: xren_cj cookie
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2038)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2729)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2038)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2729)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2038)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][2].txt (ID = 2719)
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@go[1].txt (ID = 2728)
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@gamespy[2].txt (ID = 2719)
5:49 PM: Found Spy Cookie: gamespy cookie
5:49 PM: c:\documents and settings\killbomb\cookies\
[email protected][1].txt (ID = 2729)
5:49 PM: Found Spy Cookie: go.com cookie
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@adknowledge[2].txt (ID = 2072)
5:49 PM: Found Spy Cookie: adknowledge cookie
5:49 PM: c:\documents and settings\killbomb\cookies\killbomb@about[1].txt (ID = 2037)
5:49 PM: Found Spy Cookie: about cookie
5:49 PM: Starting Cookie Sweep
5:49 PM: Registry Sweep Complete, Elapsed Time:00:00:20
5:49 PM: HKU\S-1-5-18\software\microsoft\windows\currentversion\run\ || pshope (ID = 1526036)
5:49 PM: HKU\S-1-5-18\software\pshope\ (ID = 1526026)
5:49 PM: HKU\S-1-5-18\software\pecarlin\ (ID = 1344833)
5:49 PM: Found Adware: fullcontext
5:49 PM: HKU\S-1-5-21-1409082233-1767777339-725345543-1004\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:49 PM: Found Adware: drsnsrch.com hijack
5:49 PM: HKLM\software\classes\appid\{a2b24a8e-c615-4be8-b33e-1803306422c2}\ (ID = 1628542)
5:49 PM: HKLM\software\classes\appid\dittosidebar.dll\ (ID = 1628540)
5:49 PM: HKCR\appid\{a2b24a8e-c615-4be8-b33e-1803306422c2}\ (ID = 1628419)
5:49 PM: HKCR\appid\dittosidebar.dll\ (ID = 1628417)
5:49 PM: HKLM\software\classes\hqcodec\ (ID = 1614023)
5:49 PM: HKCR\hqcodec\ (ID = 1613985)
5:49 PM: Found Trojan Horse: trojan-downloader-zlob
5:49 PM: HKLM\software\classes\typelib\{e3c9bd06-00f5-47b0-adac-9437c0b26270}\ (ID = 1526603)
5:49 PM: HKLM\software\classes\effectivebar.effbarbho.1\ (ID = 1526599)
5:49 PM: HKLM\software\classes\effectivebar.effbarbho\ (ID = 1526593)
5:49 PM: HKCR\typelib\{e3c9bd06-00f5-47b0-adac-9437c0b26270}\ (ID = 1526551)
5:49 PM: HKCR\effectivebar.effbarbho.1\ (ID = 1526547)
5:49 PM: HKCR\effectivebar.effbarbho\ (ID = 1526541)
5:49 PM: Found Adware: engage sidebar
5:49 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (ID = 169463)
5:49 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (ID = 169462)
5:49 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (ID = 169461)
5:49 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (ID = 169456)
5:49 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (ID = 169455)
5:49 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (ID = 169454)
5:49 PM: Found Adware: icannnews
5:49 PM: Starting Registry Sweep
5:49 PM: Memory Sweep Complete, Elapsed Time: 00:01:21
5:47 PM: Starting Memory Sweep
5:47 PM: Start Custom Sweep
5:47 PM: Sweep initiated using definitions version 817
5:47 PM: Spy Sweeper 5.2.3.2132 started
5:47 PM: | Start of Session, Thursday, December 07, 2006 |
********
Sign In
Create Account
