[Trevuren]

Please provide me with the list of uninstallable programs:

To Provide a List of Installed Programs

• Run HijackThis.
• Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
• Save list to Desktop
• Copy the Notepad list and Paste it into this thread.

Trevuren

[Advertisements]

Ad-Aware SE Personal
Adobe Reader 7.0
AOL Instant Messenger
CleanUp!
DING!
ewido security suite
Google Talk (remove only)
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
IBM RecordNow Update Manager
IBM RecordNow!
Intel® Extreme Graphics Driver
InterActual Player
InterVideo WinDVD
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Pro 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Mouse Suite
Mozilla Firefox (1.0.4)
Power Tab Editor 1.7
ProSiteFinder
PShow
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Select CashBack
Sophos Anti-Virus version 3.97.0
Sophos Remote Update
Spybot - Search & Destroy 1.3
Surf Accuracy
Surf SideKick
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows AFA Internet Enhancement
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinMX
Yahoo! Photos Easy Upload Tool 1v6

[chicagochicklett]

Ad-Aware SE Personal
Adobe Reader 7.0
AOL Instant Messenger
CleanUp!
DING!
ewido security suite
Google Talk (remove only)
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
IBM RecordNow Update Manager
IBM RecordNow!
Intel® Extreme Graphics Driver
InterActual Player
InterVideo WinDVD
iPod for Windows 2005-03-23
iTunes
Jasc Paint Shop Pro 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Mouse Suite
Mozilla Firefox (1.0.4)
Power Tab Editor 1.7
ProSiteFinder
PShow
QuickTime
RealPlayer
Realtek AC'97 Audio
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Select CashBack
Sophos Anti-Virus version 3.97.0
Sophos Remote Update
Spybot - Search & Destroy 1.3
Surf Accuracy
Surf SideKick
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows AFA Internet Enhancement
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinMX
Yahoo! Photos Easy Upload Tool 1v6

[Trevuren]

1. I want you to UNINSTALL the following programs through the ADD/REMOVE feature of your Control Panel:

SurfSidekick

2. Now, using Windows Explorer, I need you to DELETE the following folder(s) and all their content:

C:\Program Files\SurfSidekick

3. REBOOT your system

4. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

[chicagochicklett]

I deleted SurfSideKick using Add/Remove programs successfully, but when I went to C:\Program Files\ I couldn't delete the Surf folder because it said again Ssk.exe is being used by another user or program.

Here's the log

Logfile of HijackThis v1.99.1
Scan saved at 6:58:02 AM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.01\cactusspamfilter.exe" -minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: www.ellegirl.com
O15 - Trusted Zone: www.hotelrwanda.com
O15 - Trusted Zone: http://www.stars21.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1107183886500
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{61948E37-F456-45AA-A81F-DC5436FB3927}: NameServer = 199.224.86.15 199.224.86.16
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

[Trevuren]

1. Download Process Explorer from http://www.sysintern...ssExplorer.html

2. Run Process Explorer and find the Process ( Ssk.exe )in the list of Processes.
Select the process and click on the red X in the Toolbar for Process Kill.

3. Run HJT, Scan and place a checkmark beside the following items:

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

Now, with all windows closed, click Fix checked and EXIT HJT

4. Using Windows Explorer, locate and DELETE the folllowing folder:

C:\Program Files\SurfSideKick 3

5. REBOOT your system.

6. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

[chicagochicklett]

Frustrated....

Downloaded Process Explorer, but when I ran it, Ssk.exe didn't show up in the list of processes. I searched for it, but it came up under system32\svhost or something like that, and I couldn't just delete Ssk.exe, I'd have to delete the entire svhost process.

Help??

[Trevuren]

What you said is important. I need you to confirm the exact spelling of the file with its path under which it appears. One can be deleted, the other can't.

Trevuren

[chicagochicklett]

Okay. I searched for Ssk.exe and here are the four processes in which it was found as a "handle."

Process: Handle:
svchost.exe 716 C:\Program Files\SurfSideKick 3\Ssk.exe
svchost.exe 836 C:\Program Files\SurfSide
explorer.exe 1112 C:\Program Files\SurfSide
svchost.exe 1524 C:\Program Files\SurfSide

The C:\Windows\system32\svchost.exe comes underneath
System Idle Processes --> System --> smss.exe --> winlogon.exe --> services.exe --> svchost.exe

If I try to kill the Ssk.exe file, it will kill the entire svchost.exe folder that it is in.

[Trevuren]

After consultation with our Experts, this is the course of action proposed:

1. * Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Ok" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

2. Using Windows Explorer, locate and DELETE the following folder and all its content:

C:\Program Files\SurfSideKick 3


3. REBOOT your system

4. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

[chicagochicklett]

Failed Copied the files and pasted them in Killbox, hit delete, said okay to delete on reboot and yes to reboot now. Then this popped up:

PendingFileRenameOperations Registry Data has been Removed by External Process!

I clicked okay, then restarted and tried to do killbox again but got the same message.

Tried to delete the entire SurfSideKick 3 folder but got the usual message about other program using it.

I hate error messages! Sorry to be a pest.

[Trevuren]

1. Please DOWNLOAD a free-trial of SpySweeper

2. Update the definitions

3. REBOOT into Safe Mode

4. Run SpySweeper

5. Save the log

6. Reboot back into Normal Mode

7. Post the SpySweeper log into your thread.

Regards,

Trevuren

[chicagochicklett]

********
12:06 PM: |··· Start of Session, Sunday, September 04, 2005 ···|
12:06 PM: Spy Sweeper started
12:06 PM: Sweep initiated using definitions version 492
12:06 PM: Starting Memory Sweep
12:07 PM: Memory Sweep Complete, Elapsed Time: 00:00:39
12:07 PM: Starting Registry Sweep
12:07 PM: Found Adware: begin2search
12:07 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 649800)
12:07 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 649802)
12:07 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 649803)
12:07 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 649804)
12:07 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 649815)
12:07 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 649817)
12:07 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 649846)
12:07 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 649848)
12:07 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 649849)
12:07 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 649850)
12:07 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 649861)
12:07 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 649863)
12:07 PM: Found Adware: surfsidekick
12:07 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 688852)
12:07 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 688855)
12:07 PM: HKU\S-1-5-21-1614895754-583907252-725345543-1005\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 688860)
12:07 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-583907252-725345543-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 688860)
12:07 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 688863)
12:07 PM: HKU\S-1-5-21-1614895754-583907252-725345543-1005\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 688866)
12:07 PM: HKU\WRSS_Profile_S-1-5-21-1614895754-583907252-725345543-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 688866)
12:07 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 688869)
12:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 688871)
12:07 PM: HKU\S-1-5-21-1614895754-583907252-725345543-1005\software\surfsidekick3\ (3 subtraces) (ID = 688875)
12:07 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 688876)
12:07 PM: Registry Sweep Complete, Elapsed Time:00:00:08
12:07 PM: Starting Cookie Sweep
12:07 PM: Found Cookie: yieldmanager cookie
12:07 PM: [email protected][1].txt (ID = 27415)
12:07 PM: Found Cookie: adknowledge cookie
12:07 PM: family@adknowledge[1].txt (ID = 25761)
12:07 PM: Found Cookie: hbmediapro cookie
12:07 PM: [email protected][2].txt (ID = 26452)
12:07 PM: Found Cookie: addynamix cookie
12:07 PM: [email protected][1].txt (ID = 25751)
12:07 PM: Found Cookie: atwola cookie
12:07 PM: [email protected][1].txt (ID = 25939)
12:07 PM: family@atwola[1].txt (ID = 25938)
12:07 PM: Found Cookie: belnk cookie
12:07 PM: family@belnk[1].txt (ID = 25975)
12:07 PM: [email protected][2].txt (ID = 25976)
12:07 PM: Found Cookie: fastclick cookie
12:07 PM: family@fastclick[2].txt (ID = 26336)
12:07 PM: Found Cookie: clickandtrack cookie
12:07 PM: [email protected][2].txt (ID = 26080)
12:07 PM: Found Cookie: mygeek cookie
12:07 PM: family@mygeek[2].txt (ID = 26717)
12:07 PM: Found Cookie: touchclarity cookie
12:07 PM: [email protected][1].txt (ID = 27240)
12:07 PM: Found Cookie: partypoker cookie
12:07 PM: family@partypoker[2].txt (ID = 26787)
12:07 PM: Found Cookie: realmedia cookie
12:07 PM: family@realmedia[1].txt (ID = 26909)
12:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:07 PM: Starting File Sweep
12:09 PM: Found Adware: apropos
12:09 PM: wingenerics.dll (ID = 580601)
12:10 PM: sskknwrd.dll (ID = 609890)
12:10 PM: sskcwrd.dll (ID = 609870)
12:10 PM: Found Adware: clearsearch
12:10 PM: 67599164.bin (ID = 583093)
12:10 PM: File Sweep Complete, Elapsed Time: 00:03:31
12:10 PM: Full Sweep has completed. Elapsed time 00:04:26
12:10 PM: Traces Found: 150
********
12:06 PM: |··· Start of Session, Sunday, September 04, 2005 ···|
12:06 PM: Spy Sweeper started
12:06 PM: Program Version 4.0.4 (Build 430) Using Spyware Definitions 492
12:06 PM: |··· End of Session, Sunday, September 04, 2005 ···|

[Trevuren]

1. Download "Registry Search Tool" (RegSrch.vbs) from HERE

2. Start it and paste in surfsidekick.

3. Wait for it to complete the search, click ok at the prompt.

4. Then when wordpad opens, copy the text as a reply into this thread.

Regards,

Trevuren

[chicagochicklett]

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "surfsidekick" 9/5/2005 8:39:30 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02EE5B04-F144-47BB-83FB-A60BD91B74A9}\InprocServer32]
@="C:\\Program Files\\SurfSideKick 3\\SskBho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SurfSideKick 3"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick]
"UninstallString"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe /u"

[HKEY_LOCAL_MACHINE\SOFTWARE\SurfSideKick3]

[HKEY_LOCAL_MACHINE\SOFTWARE\SurfSideKick3\Internet Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Startup\id_16]
"ValueName"="SurfSideKick 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Startup\id_16]
"Value"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Startup\id_6]
"ValueName"="SurfSideKick 3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Startup\id_6]
"Value"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"

[HKEY_USERS\S-1-5-21-1614895754-583907252-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"SurfSideKick 3"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"

[HKEY_USERS\S-1-5-21-1614895754-583907252-725345543-1005\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\SurfSideKick 3\\Ssk.exe"="Ssk"

[HKEY_USERS\S-1-5-21-1614895754-583907252-725345543-1005\Software\SurfSideKick3]

[HKEY_USERS\S-1-5-21-1614895754-583907252-725345543-1005\Software\SurfSideKick3\Internet Explorer]

[Trevuren]

I have asked one of our experts to lokk in and help get us out of this mess. Her name is Michelle.


Trevuren