[Rawe]

[EDIT]New instructions[/EDIT]

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

Edited by Rawe, 18 October 2005 - 12:20 AM.

[Advertisements]

********
8:30 PM: | Start of Session, Tuesday, 18 October 2005 |
8:30 PM: Spy Sweeper started
8:30 PM: Sweep initiated using definitions version 556
8:30 PM: Found Adware: icannnews
8:30 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\dynamic directory\ || dllname (ID = 359348)
8:30 PM: cciconfg.dll (ID = 359348)
8:30 PM: Starting Memory Sweep
8:31 PM: Detected running threat: C:\WINDOWS\system32\iisetup.dll (ID = 125214)
8:32 PM: Detected running threat: C:\WINDOWS\system32\cciconfg.dll (ID = 125214)
8:34 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:35 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:35 PM: Memory Sweep Complete, Elapsed Time: 00:04:59
8:35 PM: Starting Registry Sweep
8:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:36 PM: Found Adware: purityscan
8:36 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (ID = 137986)
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
8:36 PM: Found Adware: relatedlinks bho
8:36 PM: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (7 subtraces) (ID = 139367)
8:36 PM: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (7 subtraces) (ID = 139376)
8:36 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
8:36 PM: Found Adware: winad
8:36 PM: HKCR\prevadx.installer\ (2 subtraces) (ID = 147161)
8:36 PM: HKLM\software\classes\prevadx.installer\ (2 subtraces) (ID = 147175)
8:36 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
8:36 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
8:36 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\dynamic directory\ (6 subtraces) (ID = 359346)
8:36 PM: Found Trojan Horse: trojan-backdoor-zubox_1
8:36 PM: HKCR\acpi.acpi.1\ (3 subtraces) (ID = 484081)
8:36 PM: HKCR\acpi.acpi.1\clsid\ (1 subtraces) (ID = 484083)
8:36 PM: HKCR\acpi.ext\ (5 subtraces) (ID = 484085)
8:36 PM: HKCR\*\shellex\contextmenuhandlers\sysacpildap\ (1 subtraces) (ID = 484093)
8:36 PM: HKCR\typelib\{5e2121e1-0300-11d4-8d3b-444553540000}\ (9 subtraces) (ID = 484124)
8:36 PM: HKLM\software\classes\acpi.acpi.1\ (3 subtraces) (ID = 484140)
8:36 PM: HKLM\software\classes\acpi.ext\ (5 subtraces) (ID = 484144)
8:36 PM: HKLM\software\classes\*\shellex\contextmenuhandlers\sysacpildap\ (1 subtraces) (ID = 484152)
8:36 PM: HKLM\software\classes\typelib\{5e2121e1-0300-11d4-8d3b-444553540000}\ (9 subtraces) (ID = 484210)
8:36 PM: Found Adware: hotbar
8:36 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (2 subtraces) (ID = 484423)
8:36 PM: Found Trojan Horse: trojan-downloader-2pursuit
8:36 PM: HKCR\clsid\{b212d577-05b7-4963-911e-4a8588160dfa}\ (5 subtraces) (ID = 511619)
8:36 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {b212d577-05b7-4963-911e-4a8588160dfa} (ID = 514158)
8:36 PM: Found Adware: winantispyware 2005
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\crxml.dll (ID = 528187)
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\pcheck.dll (ID = 528188)
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hbinstie.dll (ID = 655022)
8:36 PM: Found Trojan Horse: trojan-phisher-egold
8:36 PM: HKLM\system\currentcontrolset\enum\root\legacy_msudp4\ (9 subtraces) (ID = 658004)
8:36 PM: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774223)
8:36 PM: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (7 subtraces) (ID = 774241)
8:36 PM: HKCR\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (7 subtraces) (ID = 774322)
8:36 PM: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774358)
8:36 PM: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774394)
8:36 PM: HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (7 subtraces) (ID = 774403)
8:36 PM: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774412)
8:36 PM: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774457)
8:36 PM: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774499)
8:36 PM: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (7 subtraces) (ID = 774517)
8:36 PM: HKLM\software\classes\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (7 subtraces) (ID = 774598)
8:36 PM: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774634)
8:36 PM: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774670)
8:36 PM: HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (7 subtraces) (ID = 774679)
8:36 PM: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774688)
8:36 PM: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774733)
8:36 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\windows\system32\mdms.exe (ID = 812317)
8:36 PM: HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\ (7 subtraces) (ID = 480808)
8:36 PM: HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\mzu\ || pt (ID = 656825)
8:36 PM: Found Trojan Horse: trojan-downloader-pr-corp
8:36 PM: HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\classes\clsid\{f33812fb-f35c-4674-90f6-fd757c419c51}\ (3 subtraces) (ID = 725483)
8:37 PM: Found Adware: ezula ilookup
8:37 PM: HKU\WRSS_Profile_S-1-5-21-3150264513-1181600528-1028485384-1007\software\ezula\setup\ (ID = 386817)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-3150264513-1181600528-1028485384-1007\software\ezula\ (1 subtraces) (ID = 466658)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-3150264513-1181600528-1028485384-1007\software\ezula\ (1 subtraces) (ID = 639279)
8:37 PM: Registry Sweep Complete, Elapsed Time:00:01:32
8:37 PM: Starting Cookie Sweep
8:37 PM: Found Spy Cookie: abcsearch cookie
8:37 PM: sharif@abcsearch[1].txt (ID = 2033)
8:37 PM: Found Spy Cookie: yieldmanager cookie
8:37 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:37 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:37 PM: [email protected][1].txt (ID = 3751)
8:37 PM: Found Spy Cookie: falkag cookie
8:37 PM: [email protected][1].txt (ID = 2650)
8:37 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:37 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:37 PM: Found Spy Cookie: starware.com cookie
8:37 PM: [email protected][2].txt (ID = 3442)
8:37 PM: Found Spy Cookie: screensavers.com cookie
8:37 PM: [email protected][1].txt (ID = 3298)
8:37 PM: Found Spy Cookie: paypopup cookie
8:37 PM: sharif@paypopup[2].txt (ID = 3119)
8:37 PM: Found Spy Cookie: rn11 cookie
8:37 PM: sharif@rn11[2].txt (ID = 3261)
8:37 PM: sharif@starware[2].txt (ID = 3441)
8:37 PM: Found Spy Cookie: reliablestats cookie
8:37 PM: [email protected][1].txt (ID = 3254)
8:37 PM: Found Spy Cookie: xiti cookie
8:37 PM: sharif@xiti[1].txt (ID = 3717)
8:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
8:37 PM: Starting File Sweep
8:38 PM: c:\documents and settings\sharif\application data\hbtools (5 subtraces) (ID = -2147480879)
8:38 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:38 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:38 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:38 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:38 PM: backup-20051013-210406-574.inf (ID = 73158)
8:39 PM: Found Adware: azsearch toolbar
8:39 PM: ztoolbar.xml (ID = 50365)
8:40 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:40 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:40 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:40 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\hpwirelessmgr.exe.20040923-195610-00.mdmp". Access is denied
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:46 PM: guard.tmp (ID = 125214)
8:46 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:46 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:46 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:46 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:47 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:47 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:47 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:47 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\hpwirelessmgr.exe.20040924-152558-00.mdmp". Access is denied
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:50 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:50 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:50 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:50 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\hpwirelessmgr.exe.20040923-122347-00.mdmp". Access is denied
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:53 PM: iisetup.dll (ID = 125214)
8:53 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:53 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:53 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:53 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:56 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:56 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:56 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:56 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 PM: backup-20051011-204848-558.inf (ID = 73158)
9:01 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:06 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:06 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:11 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:11 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:11 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:11 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: Found System Monitor: ufp 007 spy
9:16 PM: unins000.exe (ID = 48061)
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: cciconfg.dll (ID = 125214)
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:21 PM: lbbho.ini (ID = 73732)
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:22 PM: today's specials.url (ID = 131129)
9:22 PM: birdihuy.dll (ID = 145094)
9:22 PM: hbtools.inf (ID = 62333)
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: uninstall context.lnk (ID = 48061)
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: File Sweep Complete, Elapsed Time: 00:46:05
9:23 PM: Full Sweep has completed. Elapsed time 00:53:02
9:23 PM: Traces Found: 290
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:35 PM: Removal process initiated
11:35 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:35 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:36 PM: Quarantining All Traces: trojan-backdoor-zubox_1
11:36 PM: Quarantining All Traces: ufp 007 spy
11:36 PM: Quarantining All Traces: icannnews
11:36 PM: icannnews is in use. It will be removed on reboot.
11:36 PM: cciconfg.dll is in use. It will be removed on reboot.
11:36 PM: iisetup.dll is in use. It will be removed on reboot.
11:36 PM: cciconfg.dll is in use. It will be removed on reboot.
11:36 PM: C:\WINDOWS\system32\iisetup.dll is in use. It will be removed on reboot.
11:36 PM: C:\WINDOWS\system32\cciconfg.dll is in use. It will be removed on reboot.
11:36 PM: Quarantining All Traces: purityscan
11:36 PM: Quarantining All Traces: trojan-downloader-2pursuit
11:36 PM: Quarantining All Traces: trojan-downloader-pr-corp
11:36 PM: Quarantining All Traces: trojan-phisher-egold
11:36 PM: Quarantining All Traces: azsearch toolbar
11:36 PM: Quarantining All Traces: ezula ilookup
11:36 PM: Quarantining All Traces: hotbar
11:37 PM: Quarantining All Traces: relatedlinks bho
11:37 PM: Quarantining All Traces: winad
11:37 PM: Quarantining All Traces: winantispyware 2005
11:37 PM: Quarantining All Traces: abcsearch cookie
11:37 PM: Quarantining All Traces: falkag cookie
11:37 PM: Quarantining All Traces: paypopup cookie
11:37 PM: Quarantining All Traces: reliablestats cookie
11:37 PM: Quarantining All Traces: rn11 cookie
11:37 PM: Quarantining All Traces: screensavers.com cookie
11:37 PM: Quarantining All Traces: starware.com cookie
11:37 PM: Quarantining All Traces: xiti cookie
11:37 PM: Quarantining All Traces: yieldmanager cookie
11:37 PM: Warning: Launched explorer.exe
11:37 PM: Warning: Quarantine process could not restart Explorer.
11:37 PM: Warning: Quarantine could not read registry value for HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\mzu\pt\. Failed to export registry value "S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\mzu\pt". Key/Value does not exist
11:37 PM: Warning: TAllUserItem.Unmap().FlushChanges.LoadKey
11:37 PM: Warning: Failed to quarantine registry items for: S-1-5-21-3150264513-1181600528-1028485384-1012
11:37 PM: Preparing to restart your computer. Please wait...
11:37 PM: Removal process completed. Elapsed time 00:02:14
10:04 PM: Your spyware definitions have been updated.
********
8:24 PM: | Start of Session, Tuesday, 18 October 2005 |
8:24 PM: Spy Sweeper started
8:25 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:25 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:27 PM: Your spyware definitions have been updated.
8:30 PM: | End of Session, Tuesday, 18 October 2005 |

[samy]

********
8:30 PM: | Start of Session, Tuesday, 18 October 2005 |
8:30 PM: Spy Sweeper started
8:30 PM: Sweep initiated using definitions version 556
8:30 PM: Found Adware: icannnews
8:30 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\dynamic directory\ || dllname (ID = 359348)
8:30 PM: cciconfg.dll (ID = 359348)
8:30 PM: Starting Memory Sweep
8:31 PM: Detected running threat: C:\WINDOWS\system32\iisetup.dll (ID = 125214)
8:32 PM: Detected running threat: C:\WINDOWS\system32\cciconfg.dll (ID = 125214)
8:34 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:35 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:35 PM: Memory Sweep Complete, Elapsed Time: 00:04:59
8:35 PM: Starting Registry Sweep
8:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:36 PM: Found Adware: purityscan
8:36 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (ID = 137986)
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
8:36 PM: Found Adware: relatedlinks bho
8:36 PM: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (7 subtraces) (ID = 139367)
8:36 PM: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (7 subtraces) (ID = 139376)
8:36 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
8:36 PM: Found Adware: winad
8:36 PM: HKCR\prevadx.installer\ (2 subtraces) (ID = 147161)
8:36 PM: HKLM\software\classes\prevadx.installer\ (2 subtraces) (ID = 147175)
8:36 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
8:36 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
8:36 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\dynamic directory\ (6 subtraces) (ID = 359346)
8:36 PM: Found Trojan Horse: trojan-backdoor-zubox_1
8:36 PM: HKCR\acpi.acpi.1\ (3 subtraces) (ID = 484081)
8:36 PM: HKCR\acpi.acpi.1\clsid\ (1 subtraces) (ID = 484083)
8:36 PM: HKCR\acpi.ext\ (5 subtraces) (ID = 484085)
8:36 PM: HKCR\*\shellex\contextmenuhandlers\sysacpildap\ (1 subtraces) (ID = 484093)
8:36 PM: HKCR\typelib\{5e2121e1-0300-11d4-8d3b-444553540000}\ (9 subtraces) (ID = 484124)
8:36 PM: HKLM\software\classes\acpi.acpi.1\ (3 subtraces) (ID = 484140)
8:36 PM: HKLM\software\classes\acpi.ext\ (5 subtraces) (ID = 484144)
8:36 PM: HKLM\software\classes\*\shellex\contextmenuhandlers\sysacpildap\ (1 subtraces) (ID = 484152)
8:36 PM: HKLM\software\classes\typelib\{5e2121e1-0300-11d4-8d3b-444553540000}\ (9 subtraces) (ID = 484210)
8:36 PM: Found Adware: hotbar
8:36 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/hbinstie.dll\ (2 subtraces) (ID = 484423)
8:36 PM: Found Trojan Horse: trojan-downloader-2pursuit
8:36 PM: HKCR\clsid\{b212d577-05b7-4963-911e-4a8588160dfa}\ (5 subtraces) (ID = 511619)
8:36 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {b212d577-05b7-4963-911e-4a8588160dfa} (ID = 514158)
8:36 PM: Found Adware: winantispyware 2005
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\crxml.dll (ID = 528187)
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\pcheck.dll (ID = 528188)
8:36 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\hbinstie.dll (ID = 655022)
8:36 PM: Found Trojan Horse: trojan-phisher-egold
8:36 PM: HKLM\system\currentcontrolset\enum\root\legacy_msudp4\ (9 subtraces) (ID = 658004)
8:36 PM: HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774223)
8:36 PM: HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (7 subtraces) (ID = 774241)
8:36 PM: HKCR\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (7 subtraces) (ID = 774322)
8:36 PM: HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774358)
8:36 PM: HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774394)
8:36 PM: HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (7 subtraces) (ID = 774403)
8:36 PM: HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774412)
8:36 PM: HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774457)
8:36 PM: HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\ (7 subtraces) (ID = 774499)
8:36 PM: HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\ (7 subtraces) (ID = 774517)
8:36 PM: HKLM\software\classes\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (7 subtraces) (ID = 774598)
8:36 PM: HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\ (7 subtraces) (ID = 774634)
8:36 PM: HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\ (7 subtraces) (ID = 774670)
8:36 PM: HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\ (7 subtraces) (ID = 774679)
8:36 PM: HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\ (7 subtraces) (ID = 774688)
8:36 PM: HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\ (7 subtraces) (ID = 774733)
8:36 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\windows\system32\mdms.exe (ID = 812317)
8:36 PM: HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\ (7 subtraces) (ID = 480808)
8:36 PM: HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\mzu\ || pt (ID = 656825)
8:36 PM: Found Trojan Horse: trojan-downloader-pr-corp
8:36 PM: HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\classes\clsid\{f33812fb-f35c-4674-90f6-fd757c419c51}\ (3 subtraces) (ID = 725483)
8:37 PM: Found Adware: ezula ilookup
8:37 PM: HKU\WRSS_Profile_S-1-5-21-3150264513-1181600528-1028485384-1007\software\ezula\setup\ (ID = 386817)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-3150264513-1181600528-1028485384-1007\software\ezula\ (1 subtraces) (ID = 466658)
8:37 PM: HKU\WRSS_Profile_S-1-5-21-3150264513-1181600528-1028485384-1007\software\ezula\ (1 subtraces) (ID = 639279)
8:37 PM: Registry Sweep Complete, Elapsed Time:00:01:32
8:37 PM: Starting Cookie Sweep
8:37 PM: Found Spy Cookie: abcsearch cookie
8:37 PM: sharif@abcsearch[1].txt (ID = 2033)
8:37 PM: Found Spy Cookie: yieldmanager cookie
8:37 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:37 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:37 PM: [email protected][1].txt (ID = 3751)
8:37 PM: Found Spy Cookie: falkag cookie
8:37 PM: [email protected][1].txt (ID = 2650)
8:37 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:37 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:37 PM: Found Spy Cookie: starware.com cookie
8:37 PM: [email protected][2].txt (ID = 3442)
8:37 PM: Found Spy Cookie: screensavers.com cookie
8:37 PM: [email protected][1].txt (ID = 3298)
8:37 PM: Found Spy Cookie: paypopup cookie
8:37 PM: sharif@paypopup[2].txt (ID = 3119)
8:37 PM: Found Spy Cookie: rn11 cookie
8:37 PM: sharif@rn11[2].txt (ID = 3261)
8:37 PM: sharif@starware[2].txt (ID = 3441)
8:37 PM: Found Spy Cookie: reliablestats cookie
8:37 PM: [email protected][1].txt (ID = 3254)
8:37 PM: Found Spy Cookie: xiti cookie
8:37 PM: sharif@xiti[1].txt (ID = 3717)
8:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
8:37 PM: Starting File Sweep
8:38 PM: c:\documents and settings\sharif\application data\hbtools (5 subtraces) (ID = -2147480879)
8:38 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:38 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:38 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:38 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:38 PM: backup-20051013-210406-574.inf (ID = 73158)
8:39 PM: Found Adware: azsearch toolbar
8:39 PM: ztoolbar.xml (ID = 50365)
8:40 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:40 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:40 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:40 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\hpwirelessmgr.exe.20040923-195610-00.mdmp". Access is denied
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:45 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:46 PM: guard.tmp (ID = 125214)
8:46 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:46 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:46 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:46 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:47 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:47 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:47 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:47 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:48 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\hpwirelessmgr.exe.20040924-152558-00.mdmp". Access is denied
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:49 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:50 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:50 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:50 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:50 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:51 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\hpwirelessmgr.exe.20040923-122347-00.mdmp". Access is denied
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:52 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:53 PM: iisetup.dll (ID = 125214)
8:53 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:53 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:53 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:53 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:54 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:55 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:56 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:56 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:56 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:56 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:57 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:58 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:59 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
8:59 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:00 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 PM: backup-20051011-204848-558.inf (ID = 73158)
9:01 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:01 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:01 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:02 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:03 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:04 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:04 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:05 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:06 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:06 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:06 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:07 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:08 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:09 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:09 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:10 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:11 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:11 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:11 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:11 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:12 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:13 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:14 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:14 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:15 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:15 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: Found System Monitor: ufp 007 spy
9:16 PM: unins000.exe (ID = 48061)
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:16 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: cciconfg.dll (ID = 125214)
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:17 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:18 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:19 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:20 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:21 PM: lbbho.ini (ID = 73732)
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:22 PM: today's specials.url (ID = 131129)
9:22 PM: birdihuy.dll (ID = 145094)
9:22 PM: hbtools.inf (ID = 62333)
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: uninstall context.lnk (ID = 48061)
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: File Sweep Complete, Elapsed Time: 00:46:05
9:23 PM: Full Sweep has completed. Elapsed time 00:53:02
9:23 PM: Traces Found: 290
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
9:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:35 PM: Removal process initiated
11:35 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:35 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:35 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:36 PM: The Spy Communication shield has blocked access to: www.icannnews.com
11:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:36 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
11:36 PM: Quarantining All Traces: trojan-backdoor-zubox_1
11:36 PM: Quarantining All Traces: ufp 007 spy
11:36 PM: Quarantining All Traces: icannnews
11:36 PM: icannnews is in use. It will be removed on reboot.
11:36 PM: cciconfg.dll is in use. It will be removed on reboot.
11:36 PM: iisetup.dll is in use. It will be removed on reboot.
11:36 PM: cciconfg.dll is in use. It will be removed on reboot.
11:36 PM: C:\WINDOWS\system32\iisetup.dll is in use. It will be removed on reboot.
11:36 PM: C:\WINDOWS\system32\cciconfg.dll is in use. It will be removed on reboot.
11:36 PM: Quarantining All Traces: purityscan
11:36 PM: Quarantining All Traces: trojan-downloader-2pursuit
11:36 PM: Quarantining All Traces: trojan-downloader-pr-corp
11:36 PM: Quarantining All Traces: trojan-phisher-egold
11:36 PM: Quarantining All Traces: azsearch toolbar
11:36 PM: Quarantining All Traces: ezula ilookup
11:36 PM: Quarantining All Traces: hotbar
11:37 PM: Quarantining All Traces: relatedlinks bho
11:37 PM: Quarantining All Traces: winad
11:37 PM: Quarantining All Traces: winantispyware 2005
11:37 PM: Quarantining All Traces: abcsearch cookie
11:37 PM: Quarantining All Traces: falkag cookie
11:37 PM: Quarantining All Traces: paypopup cookie
11:37 PM: Quarantining All Traces: reliablestats cookie
11:37 PM: Quarantining All Traces: rn11 cookie
11:37 PM: Quarantining All Traces: screensavers.com cookie
11:37 PM: Quarantining All Traces: starware.com cookie
11:37 PM: Quarantining All Traces: xiti cookie
11:37 PM: Quarantining All Traces: yieldmanager cookie
11:37 PM: Warning: Launched explorer.exe
11:37 PM: Warning: Quarantine process could not restart Explorer.
11:37 PM: Warning: Quarantine could not read registry value for HKU\S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\mzu\pt\. Failed to export registry value "S-1-5-21-3150264513-1181600528-1028485384-1013\software\mzs\mdms\mzu\pt". Key/Value does not exist
11:37 PM: Warning: TAllUserItem.Unmap().FlushChanges.LoadKey
11:37 PM: Warning: Failed to quarantine registry items for: S-1-5-21-3150264513-1181600528-1028485384-1012
11:37 PM: Preparing to restart your computer. Please wait...
11:37 PM: Removal process completed. Elapsed time 00:02:14
10:04 PM: Your spyware definitions have been updated.
********
8:24 PM: | Start of Session, Tuesday, 18 October 2005 |
8:24 PM: Spy Sweeper started
8:25 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:25 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
8:27 PM: Your spyware definitions have been updated.
8:30 PM: | End of Session, Tuesday, 18 October 2005 |

[samy]

Hi Rawe

Looks like the pop ups have stopped.

Thanks

[Rawe]

Hi, can I see a one final HijackThis log please

[samy]

Logfile of HijackThis v1.99.1
Scan saved at 4:45:00 PM, on 22/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://qau8l.hpwis.com/
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129332238148
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[samy]

Hi Rawe

I have also realised that windows starts up a bit slower now and the cpu memory is heavily used during startup. Any tips to help this.

[Rawe]

Hi, you can go ahead and uninstall Webroot SpySweeper & Ewido if you want.

Do you have a firewall installed?