Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't get rid of "surfsidekick" [RESOLVED]

Started by callisto , Dec 22 2005 09:15 PM

  • This topic is locked This topic is locked

#1
callisto
Posted 22 December 2005 - 09:15 PM

callisto

    Member

  • Member
  • PipPip
  • 42 posts
Hi, I've tried you guys before and you helped, so I was wondering if you can help with this. SurfSideKick and MidAddle (I'm not sure of the spelling) has been on my system and I've tried Spybot, Yahoo Toolbar Anti-spy, and my ISP's spyware removal program, and either they say they cannot get rid of it, or it deletes it but it comes right back. What can I do to get rid of them? These pop-ups are driving me crazy... Oh-I turn on my pop up blocker (on yahoo toolbar and from the Tools menu-Pop up blocker) and they magically turn off again after awhile, lol. :tazz: So... thanks in advance.
  • 0

Advertisements

#2
callisto
Posted 22 December 2005 - 10:22 PM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
here's my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:38 PM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\hsjkhcv.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\kcdpado.exe
C:\WINDOWS\system32\31313A363A3937.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\CMMan\CMMan.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [kcdpado] C:\WINDOWS\kcdpado.exe
O4 - HKLM\..\Run: [64646D696D6C6A72] 31313A363A3937.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.co...pside_web18.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0031.exe
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...e/bridge-c3.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?223
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972979.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hsjkhcv.exe
  • 0

#3
don77
Posted 22 December 2005 - 10:32 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome callisto
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • You can click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into this topic please,

  • 0

#4
callisto
Posted 22 December 2005 - 11:00 PM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
i didn't do it right the other time? well, here's the second one, thanks! :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:03 PM, on 12/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\hsjkhcv.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\kcdpado.exe
C:\WINDOWS\system32\31313A363A3937.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\CMMan\CMMan.exe
C:\Program Files\FCHelp\FCHelp.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [kcdpado] C:\WINDOWS\kcdpado.exe
O4 - HKLM\..\Run: [64646D696D6C6A72] 31313A363A3937.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.co...pside_web18.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0031.exe
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...e/bridge-c3.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?223
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972979.dll
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hsjkhcv.exe
  • 0

#5
don77
Posted 22 December 2005 - 11:21 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
No problem,
Probably a good idea to print out these instructions or save them to notepad on your desk top so you will have them for easy reference

Download and install CleanUp!
Don't run it yet we will use it in a bit,

Next
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close out Ewido once you have downloaded the updates

Next

Make sure you can view all Hidden Files/Folders

Next

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Windows Overlay Components

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.



Next
Go to Add/Remove programs and remove the following

SurfSideKick 3

It should ask you to restart your computer click yes
As your computer is restarting start tapping the F8 key it will bring you to a prompt choose to go into safe mode (just safe mode)

Next
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
- HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\system32\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll
O4 - HKLM\..\Run: [kcdpado] C:\WINDOWS\kcdpado.exe
O4 - HKLM\..\Run: [64646D696D6C6A72] 31313A363A3937.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - HKCU\..\Run: [CMMan] "C:\Program Files\CMMan\CMMan.exe"
O4 - HKCU\..\Run: [FCHelp] "C:\Program Files\FCHelp\FCHelp.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.co...pside_web18.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc...e/bridge-c3.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: repairs302972979.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hsjkhcv.exe



Search for and delete the Folders highlighted in Blue Files highlighted in BOLD
C:\WINDOWS\kcdpado.exe
31313A363A3937.exe
C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
C:\Program Files\CMMan\
C:\Program Files\FCHelp\
C:\Program Files\SurfSideKick 3\
C:\WINDOWS\hsjkhcv.exe

Next

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click No

Next
Click the Ewido icon on your desk top
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Next

Reboot to Normal mode

Please go here ActiveScan Run this online scan, At the end of the scan it gives you the option to save the log please do so and remember where you saved it,

Please rescan with HJT again save the log and post it back here for me please,
Along with the Ewido log and the log from Active scan please
  • 0

#6
callisto
Posted 26 December 2005 - 01:44 AM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi, and thanks. I'm not able to finish the instructions, i'm having a few problems. First, when I log in to safe mode, I am given the option to log in as administrator, or my name, I wasn't sure which one to use, so i used my name, which is the one i'm always on.
I've installed both CleanUp and Ewido okay. In add/remove programs, it was just Surf SidKick, not Surfsidekick 3. I removed it though. The first time I tried to log in safe mode, it came up a black screen, and on it said keyboard failure, and loaded normally but keyboard and mouse was frozen. So, I manually turned the computer off, and then restarted in safe mode successfully(although it still said keyboard failure). I opened HJT, and followed the instructions, but some files you told me to check weren't there. These:
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (WAS there, but after the numbers it said (no file).
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O20 - AppInit_DLLs: repairs302972979.dll

i went on with the instructions though. I tried to search for the next files you told me to, but my mouse and keyboard keep freezing up, and that is where i am now. To search, you go to Start-Search, right? Or am I doing that wrong? So, that is where I stopped, because it keeps freezing up. What should I do? thanks.
  • 0

#7
don77
Posted 26 December 2005 - 07:15 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
You could do it that way

To search, you go to Start-Search, right? Or am I doing that wrong?


Or right click on the start button and then click on explore and then neavigate to the files or folders
  • 0

#8
callisto
Posted 27 December 2005 - 08:38 PM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Hi-unfortunately i can't get that far :tazz: it keeps freezing when i try to search. i try while in safe mode...that is correct right? what should i do?
  • 0

#9
don77
Posted 28 December 2005 - 08:35 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Did the keyboard and mouse issue just start ?
Nothing we have done should have affected them
  • 0

#10
callisto
Posted 29 December 2005 - 07:53 PM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
yes, that just started..it only does it while i'm in safe mode and try to search. i dont know why though. :tazz:
  • 0

Advertisements

#11
don77
Posted 29 December 2005 - 10:10 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Post back a fresh HJT log for me please
  • 0

#12
callisto
Posted 03 January 2006 - 01:20 PM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:19:36 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hjt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\auserinit.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab34120.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcaf...ed/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0031.exe
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab35645.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?223
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
  • 0

#13
don77
Posted 03 January 2006 - 04:28 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Seems to have cleaned up.
Go ahead and run cleanup! and Ewido please, Run them in normal mode, Restart your computer, Then run the Active scan and post back the logs from Ewido and Active scan

Still having the issue with the mouse and key board ?
  • 0

#14
callisto
Posted 05 January 2006 - 02:24 AM

callisto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
hi,
the mouse and keyboard problem was only in safe mode, when i tried to search. in normal mode, it is okay.
here are my ewido and active scan results....

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:31:54 AM, 1/4/2006
+ Report-Checksum: D218D99B

+ Scan result:

HKLM\SOFTWARE\Classes\bsswin.amo -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.amo\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.amo\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.amo.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.dbi -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.dbi\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.dbi\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.dbi.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.iiittt -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.iiittt\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.iiittt\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.iiittt.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.momo -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.momo\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.momo\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.momo.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.ohb -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.ohb\CLSID -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.ohb\CurVer -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\bsswin.ohb.1 -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{74952D20-655F-4E75-A1BA-8DC095DDA42C} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{940CEFA1-F51F-4403-8603-8BE54EA91C68} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA}\ShellEx\PropertySheetHandlers\{978C4EC7-60D1-4005-8CE0-D6A7169E36EA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E36011D7-0094-4093-84BE-24F32DB1FD36} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{530C6CBF-D3AC-43E9-AE3B-F981EAF87F89} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6BC78C8E-6A4E-4316-A997-19C9799699D7} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7973F48E-658F-4E0B-9B71-CCDE3EBEAD48} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BFE8AAA1-40A9-40A6-BA79-9403633871CA} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CD62C2E3-AA86-4EC7-8C9D-B894F2A26DFE} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FEE47AE8-E663-4930-8811-902BEFBD90C5} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9838A0AE-BC2E-465D-8311-6BFA2629E485} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2482482182-2045484499-1825633149-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq10.tmp\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq10.tmp\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq24.tmp\istsvc.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq26.tmp\optimize.exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq27.tmp\ysb.dll -> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq28.tmp\SAcc.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq28.tmp\SAccU.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq29.tmp\uninstall.exe -> Downloader.IstBar.gi : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq30.tmp\istsvc.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq42.tmp\optimize.exe -> Downloader.Dyfuca.EI : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq4B.tmp\MediaAccC.dll -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq4B.tmp\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq4B.tmp\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq4C.tmp\sfbho.dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq4C.tmp\sidefind.dll -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq4C.tmp\update\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq57.tmp\CMMan.exe -> Adware.CASClient : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq57.tmp\mfhlp.dll -> Spyware.CASClient : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq6A.tmp\ysb.dll -> Downloader.IstBar.lv : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq72.tmp\bin\nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq7B.tmp\MediaGateway.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\backups\backup-20051226-012344-199.dll -> Trojan.VB.aft : Cleaned with backup
C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\Program Files\CMMan\CMMan.exe -> Adware.CASClient : Cleaned with backup
C:\Program Files\CMMan\mfhlp.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\Common Files\Download\freeprodtb.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Download\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\InetGet\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\InetGet2\CP.GH2.exe -> Trojan.Crypt.t : Cleaned with backup
C:\Program Files\InetGet2\stubNsbg.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051222180129.zip/WINDOWS/system32/catsrvut.exe -> Spyware.UrlSpy : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp\SskBho.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> Spyware.Cookie.Weborama : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP100\A0023462.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP101\A0023497.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP102\A0023527.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP103\A0023580.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP104\A0024578.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP106\A0024717.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP106\A0024739.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP106\A0025740.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP106\A0025762.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0025786.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0025818.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP108\A0025857.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0025891.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0025905.exe -> Spyware.UrlSpy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP109\A0025917.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0025941.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0025970.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0025986.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0025987.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0025988.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0025993.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0026002.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP110\A0026995.dll -> Trojan.VB.aft : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\A0016915.exe -> Spyware.UrlSpy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\A0016931.exe -> Adware.Sahat : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\A0016932.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\A0016937.dll -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP65\A0016938.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP68\A0017210.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP68\A0017220.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP68\A0017223.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018612.exe -> Downloader.Qoologic.al : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018650.exe -> Spyware.MediaTickets : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018651.exe -> Downloader.Agent.xh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018652.exe -> Dropper.VB.kk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018664.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018665.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP81\A0018666.dll -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0019180.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020179.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020208.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020217.exe -> Adware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020226.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020234.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020236.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP91\A0020237.dll -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP92\A0020256.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP92\A0020296.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP93\A0020392.dll -> Spyware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP93\A0021295.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP93\A0021316.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP95\A0021359.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP96\A0021384.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP97\A0022386.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP97\A0023386.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP97\A0023418.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\WONWebLauncherControl.ocx -> Spyware.OTXMedia : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WONWebLauncherControl.ocx -> Spyware.OTXMedia : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\WONWebLauncherControl.ocx -> Spyware.OTXMedia : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx -> Spyware.OTXMedia : Cleaned with backup
C:\WINDOWS\hsjkhcv.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\kcdpado.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\pwsgefca.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Ruyrlltz.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\SYSTEM32\31313A363A3937.exe -> Trojan.VB.aft : Cleaned with backup
C:\WINDOWS\SYSTEM32\alrsvc51.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\bthci349.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\dist001.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\WINDOWS\SYSTEM32\mc-110-12-0000122.exe -> Spyware.Maxifiles : Cleaned with backup
C:\WINDOWS\SYSTEM32\vgactl.cpl -> Downloader.Qoologic.ad : Cleaned with backup


::Report End


Incident Status Location

Adware:adware/ilookup Not disinfected C:\WINDOWS\SYSTEM32\dice2.ico
Adware:adware/kingporn Not disinfected C:\WINDOWS\SYSTEM32\reg6523.exe
Adware:adware/mirar Not disinfected C:\WINDOWS\SYSTEM32\WinNB57.dll
Adware:adware/ist.yoursitebar Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ysbactivex.dll
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Sarah Thibodeaux\Application Data\Sskcwrd.dll
Adware:adware/isearch Not disinfected C:\WINDOWS\deskbar.ini
Adware:adware/consumeralertsystem Not disinfected C:\PROGRAM FILES\Cas2Stub
Adware:adware/wupd Not disinfected C:\PROGRAM FILES\DeskAd Service
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/beginto Not disinfected C:\WINDOWS\SYSTEM32\cache32_dsktptr
Adware:adware/transponder Not disinfected C:\WINDOWS\inst
Spyware:spyware/safesurf Not disinfected Windows Registry
Possible Virus. Not disinfected C:\Program Files\Common Files\AOL\System Information\iecutil.dll
Possible Virus. Not disinfected C:\Program Files\UltimateBet\UBSoftUpdate.exe
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
Possible Virus. Not disinfected C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
Adware:Adware/Mirar Not disinfected C:\WINDOWS\SYSTEM32\WinNB57.dll
  • 0

#15
don77
Posted 05 January 2006 - 06:30 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Good deal that cleaned a lot
I don't know much about Yahoo's spyware program does it give you an option to delete the Quarantined files ? If so please empty them

*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*In the field labeled Full Path of File to Delete enter the file paths listed below ONE AT A TIME (EXACTLY as it appears, please double check to make sure!):

C:\WINDOWS\SYSTEM32\dice2.ico
C:\WINDOWS\SYSTEM32\reg6523.exe
C:\WINDOWS\SYSTEM32\WinNB57.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\ysbactivex.dll
C:\Documents and Settings\Sarah Thibodeaux\Application Data\Sskcwrd.dll
C:\WINDOWS\deskbar.ini
C:\PROGRAM FILES\Cas2Stub
C:\PROGRAM FILES\DeskAd Service
C:\PROGRAM FILES\MyWay
C:\PROGRAM FILES\COMMON FILES\InetGet
C:\WINDOWS\SYSTEM32\cache32_dsktptr
C:\WINDOWS\inst
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll
C:\WINDOWS\SYSTEM32\WinNB57.dll



Press the button that looks like a red circle with a white X in it after each one. When it asks if you would like to delete on reboot, press the YES button, when it asks if you want to reboot now, press the NO button. Do this after each one until you have entered the LAST file path I have listed above. After that LAST file path has been entered, press the YES button at both prompts so that your computer restarts. If you receive a message and your computer does not restart automatically, please restart it manually.

Rescan again with Active scan and post back what it finds, After you have done that reboot to safe mode and let me know if your still having the issue with the keyboard and mouse
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP