********
7:54 PM: | Start of Session, Sunday, October 16, 2005 |
7:54 PM: Spy Sweeper started
7:54 PM: Sweep initiated using definitions version 555
7:54 PM: Starting Memory Sweep
7:56 PM: Memory Sweep Complete, Elapsed Time: 00:01:10
7:56 PM: Starting Registry Sweep
7:56 PM: Found Adware: apropos
7:56 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
7:56 PM: Found Adware: begin2search
7:56 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
7:56 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
7:56 PM: Found Adware: hotsearchbar toolbar
7:56 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
7:56 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
7:56 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
7:56 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
7:56 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
7:56 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
7:56 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
7:56 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
7:56 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
7:56 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
7:56 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
7:56 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
7:56 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
7:56 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
7:56 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
7:56 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
7:56 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
7:56 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
7:56 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
7:56 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
7:56 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
7:56 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
7:56 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
7:56 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
7:56 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
7:56 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
7:56 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
7:56 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
7:56 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
7:56 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
7:56 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
7:56 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
7:56 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
7:56 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
7:56 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
7:56 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
7:56 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
7:56 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
7:56 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
7:56 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
7:56 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
7:56 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
7:56 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
7:56 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
7:56 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
7:56 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
7:56 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
7:56 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
7:56 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
7:56 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
7:56 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
7:56 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
7:56 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
7:56 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
7:56 PM: Found Adware: cws_easy-search.biz hijacker
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || games acceleration (ID = 117153)
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || internet connection wizard (ID = 117154)
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || internet mail and news (ID = 117155)
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || microsoft internet acceleration utility (ID = 117156)
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || microsoft management console (ID = 117157)
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || multimedia extensions (ID = 117158)
7:56 PM: Found Adware: drsnsrch.com hijack
7:56 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 128209)
7:56 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 128210)
7:56 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 128211)
7:56 PM: Found Adware: mirar webband
7:56 PM: HKLM\software\relatedpageinstall\ (6 subtraces) (ID = 135120)
7:56 PM: Found Trojan Horse: trojan-downloader-pacisoft
7:56 PM: HKLM\software\microsoft\code store database\distribution units\{972bb342-14a7-4660-83c1-51ddbee171db}\ (8 subtraces) (ID = 136524)
7:56 PM: Found Adware: purityscan
7:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
7:56 PM: Found Adware: media-motor
7:56 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
7:56 PM: Found Adware: search fast communicator toolbar
7:56 PM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
7:56 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
7:56 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
7:56 PM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
7:56 PM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
7:56 PM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
7:56 PM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
7:56 PM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
7:56 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
7:56 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
7:56 PM: HKU\.default\software\communicator toolbar\ (9 subtraces) (ID = 140696)
7:56 PM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140697)
7:56 PM: Found Adware: surfsidekick
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
7:56 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
7:56 PM: Found Adware: delfin
7:56 PM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
7:56 PM: Found Adware: winad
7:56 PM: HKLM\software\media gateway\ (2 subtraces) (ID = 359545)
7:56 PM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
7:56 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
7:56 PM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
7:56 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
7:56 PM: Found Adware: drsnsrch hijacker
7:56 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
7:56 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
7:56 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
7:56 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
7:56 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
7:56 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (ID = 513230)
7:56 PM: Found Adware: clkoptimizer
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsync (ID = 601545)
7:56 PM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
7:56 PM: Found Adware: visfx
7:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
7:56 PM: Found Adware: abetterinternet
7:56 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
7:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm81.ocx\ (2 subtraces) (ID = 762354)
7:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
7:56 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
7:56 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
7:56 PM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815132)
7:56 PM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815145)
7:56 PM: Found Adware: 180search assistant/zango
7:56 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
7:56 PM: Found Adware: shopathomeselect
7:56 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
7:56 PM: HKLM\software\microsoft\windows\currentversion\run\ || apd123 (ID = 861469)
7:56 PM: HKLM\software\qstat\ || brr (ID = 877670)
7:56 PM: HKU\WRSS_Profile_S-1-5-21-2801439982-3646181656-3495054330-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
7:56 PM: HKU\WRSS_Profile_S-1-5-21-2801439982-3646181656-3495054330-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
7:56 PM: HKU\WRSS_Profile_S-1-5-21-2801439982-3646181656-3495054330-500\software\surfsidekick3\ (3 subtraces) (ID = 143412)
7:56 PM: Found Adware: cws-aboutblank
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\psof1\ (10 subtraces) (ID = 136530)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\communicator toolbar\ (9 subtraces) (ID = 140688)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\surfsidekick3\ (3 subtraces) (ID = 143412)
7:56 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
7:56 PM: HKU\S-1-5-18\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
7:56 PM: HKU\S-1-5-18\software\communicator toolbar\ (9 subtraces) (ID = 140688)
7:56 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
7:56 PM: HKU\S-1-5-18\software\dsrch\ (7 subtraces) (ID = 509156)
7:56 PM: Registry Sweep Complete, Elapsed Time:00:00:31
7:56 PM: Starting Cookie Sweep
7:56 PM: Found Spy Cookie: 888 cookie
7:56 PM: owner@888[1].txt (ID = 2019)
7:56 PM: Found Spy Cookie: yieldmanager cookie
7:56 PM:
[email protected][2].txt (ID = 3751)
7:56 PM: Found Spy Cookie: adknowledge cookie
7:56 PM: owner@adknowledge[1].txt (ID = 2072)
7:56 PM: Found Spy Cookie: adrevolver cookie
7:56 PM: owner@adrevolver[2].txt (ID = 2088)
7:56 PM: owner@adrevolver[3].txt (ID = 2088)
7:56 PM: Found Spy Cookie: adserver cookie
7:56 PM: owner@adserver[2].txt (ID = 2141)
7:56 PM: Found Spy Cookie: advertising cookie
7:56 PM: owner@advertising[1].txt (ID = 2175)
7:56 PM: Found Spy Cookie: ask cookie
7:56 PM: owner@ask[1].txt (ID = 2245)
7:56 PM: Found Spy Cookie: atlas dmt cookie
7:56 PM: owner@atdmt[2].txt (ID = 2253)
7:56 PM: Found Spy Cookie: belnk cookie
7:56 PM:
[email protected][2].txt (ID = 2293)
7:56 PM: Found Spy Cookie: banner cookie
7:56 PM: owner@banner[1].txt (ID = 2276)
7:56 PM: owner@belnk[1].txt (ID = 2292)
7:56 PM: Found Spy Cookie: bluestreak cookie
7:56 PM: owner@bluestreak[1].txt (ID = 2314)
7:56 PM: Found Spy Cookie: casalemedia cookie
7:56 PM: owner@casalemedia[2].txt (ID = 2354)
7:56 PM:
[email protected][2].txt (ID = 2293)
7:56 PM: Found Spy Cookie: fastclick cookie
7:56 PM: owner@fastclick[1].txt (ID = 2651)
7:56 PM: Found Spy Cookie: overture cookie
7:56 PM:
[email protected][1].txt (ID = 3106)
7:56 PM: Found Spy Cookie: questionmarket cookie
7:56 PM: owner@questionmarket[1].txt (ID = 3217)
7:56 PM: Found Spy Cookie: realmedia cookie
7:56 PM: owner@realmedia[1].txt (ID = 3235)
7:56 PM: Found Spy Cookie: adjuggler cookie
7:56 PM:
[email protected][1].txt (ID = 2071)
7:56 PM: Found Spy Cookie: servedby advertising cookie
7:56 PM:
[email protected][2].txt (ID = 3335)
7:56 PM: Found Spy Cookie: reliablestats cookie
7:56 PM:
[email protected][2].txt (ID = 3254)
7:56 PM: Found Spy Cookie: tradedoubler cookie
7:56 PM: owner@tradedoubler[1].txt (ID = 3575)
7:56 PM: Found Spy Cookie: trafficmp cookie
7:56 PM: owner@trafficmp[2].txt (ID = 3581)
7:56 PM: Found Spy Cookie: myaffiliateprogram.com cookie
7:56 PM:
[email protected][2].txt (ID = 3032)
7:56 PM: Found Spy Cookie: zedo cookie
7:56 PM: owner@zedo[2].txt (ID = 3762)
7:56 PM: system@casalemedia[1].txt (ID = 2354)
7:56 PM: system@zedo[2].txt (ID = 3762)
7:56 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
7:56 PM: Starting File Sweep
7:57 PM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
7:57 PM: Found Adware: cws_ns3
7:57 PM: wmprfptb.prx:ypgwmu (ID = 56287)
7:57 PM: preuninstallcom.exe (ID = 74818)
7:57 PM: Found Adware: coolwebsearch (cws)
7:57 PM: wmprfjpn.prx:foorkk (ID = 54051)
7:57 PM: vmmreg32.dll:jmucx (ID = 56447)
7:57 PM: Found Trojan Horse: lzio
7:57 PM: qekrmujx.exe (ID = 159311)
7:57 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || qekrmujx (ID = 0)
7:57 PM: blue lace 16.bmp:pyxtq (ID = 56447)
7:58 PM: Found Adware: winantispyware 2005
7:58 PM: uwfx5lp_0001_0715netinstaller.exe (ID = 114990)
7:58 PM: wmprfesp.prx:qnkqv (ID = 56447)
7:58 PM: wmprfheb.prx:incwp (ID = 56447)
7:58 PM: wmprfkor.prx:bovbr (ID = 56447)
7:58 PM: uclvf.exe (ID = 159311)
7:58 PM: sskknwrd.dll (ID = 77733)
7:58 PM: msnavpklog.txt:vcelr (ID = 56711)
7:58 PM: mnlwmv.exe (ID = 159311)
7:58 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || mnlwmv (ID = 0)
7:58 PM: m67m.inf (ID = 74028)
7:58 PM: ocgen.log:faalko (ID = 56287)
7:59 PM: stb.exe (ID = 94666)
7:59 PM: ssk.exe (ID = 163864)
7:59 PM: uwfx5lp_0001_0715netinstaller.exe (ID = 114990)
7:59 PM: mediagatewayx.dll (ID = 156819)
7:59 PM: mediaticketsinstaller.inf (ID = 73158)
8:00 PM: sskknwrd.dll (ID = 77733)
8:00 PM: msxmidi.exe.js:gwqvn (ID = 55098)
8:01 PM: auhccup1.dll:jpxurb (ID = 56287)
8:01 PM: active setup log.txt:rofppq (ID = 54051)
8:01 PM: Found Trojan Horse: trojan-downloader-mainstreamdollars
8:01 PM: btnetw3-995329.exe (ID = 155333)
8:01 PM: rifqr.exe (ID = 159311)
8:01 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || rifqr (ID = 0)
8:02 PM: wingenerics.dll (ID = 50187)
8:02 PM: comsetup.log:xdsnj (ID = 53966)
8:02 PM: ocmsn.log:jsouf (ID = 56447)
8:02 PM: orun32.isu:uurmb (ID = 53966)
8:03 PM: wmprfrus.prx:vpdtr (ID = 56447)
8:03 PM: mqjwnm.exe (ID = 159311)
8:03 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || mqjwnm (ID = 0)
8:04 PM: sskcwrd.dll (ID = 77712)
8:04 PM: Warning: Failed to access drive F:
8:04 PM: File Sweep Complete, Elapsed Time: 00:08:08
8:04 PM: Full Sweep has completed. Elapsed time 00:09:59
8:04 PM: Traces Found: 844
********
7:36 PM: | Start of Session, Sunday, October 16, 2005 |
7:36 PM: Spy Sweeper started
7:36 PM: Sweep initiated using definitions version 555
7:36 PM: Starting Memory Sweep
7:36 PM: Sweep Canceled
7:36 PM: Memory Sweep Complete, Elapsed Time: 00:00:07
7:36 PM: Traces Found: 0
7:54 PM: Program Version 4.5.3 (Build 560) Using Spyware Definitions 555
7:54 PM: | End of Session, Sunday, October 16, 2005 |
********
9:25 PM: | Start of Session, Friday, October 14, 2005 |
9:25 PM: Spy Sweeper started
9:25 PM: Sweep initiated using definitions version 555
9:25 PM: Starting Memory Sweep
9:27 PM: Sweep Canceled
9:27 PM: Memory Sweep Complete, Elapsed Time: 00:01:36
9:27 PM: Traces Found: 0
9:40 AM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
9:40 AM: Detected running threat: lzio
11:21 AM: Ignored memory-resident threat: lzio
11:21 AM: The Spy Communication shield has blocked access to: paypopup.com
11:21 AM: The Spy Communication shield has blocked access to: paypopup.com
11:26 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
11:26 AM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
4:36 PM: ActiveX Shield: found: Adware: winad, version 1.0.0.0 -- Installation denied
4:37 PM: Spy Installation Shield: found: Adware: winad, version 1.0.0.0 -- Execution Denied
4:37 PM: Processing Startup Alerts
4:37 PM: Removed Startup entry: mnlwmv
5:27 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
5:27 PM: Detected running threat: lzio
5:27 PM: Ignored memory-resident threat: lzio
7:38 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
7:38 PM: Detected running threat: lzio
7:38 PM: Ignored memory-resident threat: lzio
7:50 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
7:50 PM: Detected running threat: lzio
7:50 PM: Ignored memory-resident threat: lzio
9:06 PM: The Spy Communication shield has blocked access to: updates.lzio.com
9:06 PM: The Spy Communication shield has blocked access to: updates.lzio.com
9:08 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:08 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:14 PM: The Spy Communication shield has blocked access to: paypopup.com
9:14 PM: The Spy Communication shield has blocked access to: paypopup.com
9:17 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
9:17 PM: Detected running threat: lzio
9:17 PM: Ignored memory-resident threat: lzio
9:27 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
9:27 PM: Detected running threat: lzio
9:27 PM: Ignored memory-resident threat: lzio
12:25 AM: The Spy Communication shield has blocked access to: paypopup.com
12:25 AM: The Spy Communication shield has blocked access to: paypopup.com
2:25 AM: The Spy Communication shield has blocked access to: paypopup.com
2:25 AM: The Spy Communication shield has blocked access to: paypopup.com
5:25 AM: The Spy Communication shield has blocked access to: paypopup.com
5:25 AM: The Spy Communication shield has blocked access to: paypopup.com
9:25 AM: The Spy Communication shield has blocked access to: paypopup.com
9:25 AM: The Spy Communication shield has blocked access to: paypopup.com
11:58 AM: IE Security Shield: found: C:\WINDOWS\SYSTEM32\RUNDLL32.EXE -- IE Security modification allowed at user request
12:10 PM: Error: Access violation at address 0055E852 in module 'WRSSSDK.exe'. Read of address 00000004.
3:45 PM: Updating spyware definitions
3:45 PM: Your definitions are up to date.
3:45 PM: Updating spyware definitions
3:45 PM: Your definitions are up to date.
3:45 PM: Updating spyware definitions
3:45 PM: Your definitions are up to date.
3:49 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
3:49 PM: Detected running threat: lzio
3:49 PM: Ignored memory-resident threat: lzio
7:35 PM: Updating spyware definitions
7:35 PM: Your definitions are up to date.
7:35 PM: Updating spyware definitions
7:35 PM: Your definitions are up to date.
7:36 PM: Only Sweep Folders Where Threats Are Known to Reside
7:36 PM: | End of Session, Sunday, October 16, 2005 |
********
9:25 PM: | Start of Session, Friday, October 14, 2005 |
9:25 PM: Spy Sweeper started
9:25 PM: Sweep initiated using definitions version 555
9:25 PM: Starting Memory Sweep
9:25 PM: Sweep Canceled
9:25 PM: Memory Sweep Complete, Elapsed Time: 00:00:19
9:25 PM: Traces Found: 0
9:25 PM: Only Sweep Folders Where Threats Are Known to Reside
9:25 PM: | End of Session, Friday, October 14, 2005 |
********
6:15 PM: | Start of Session, Friday, October 14, 2005 |
6:15 PM: Spy Sweeper started
6:15 PM: Sweep initiated using definitions version 555
6:15 PM: Starting Memory Sweep
6:15 PM: Sweep Canceled
6:15 PM: Memory Sweep Complete, Elapsed Time: 00:00:03
6:15 PM: Traces Found: 0
9:06 PM: The Spy Communication shield has blocked access to: updates.lzio.com
9:06 PM: The Spy Communication shield has blocked access to: updates.lzio.com
9:06 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:06 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:07 PM: Processing Startup Alerts
9:07 PM: Removed Startup entry: mnlwmv
9:08 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:08 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
9:12 PM: The Spy Communication shield has blocked access to: paypopup.com
9:12 PM: The Spy Communication shield has blocked access to: paypopup.com
9:13 PM: Memory Shield: Found: Memory-resident threat lzio, version 1.0.0.0
9:13 PM: Detected running threat: lzio
9:15 PM: Ignored memory-resident threat: lzio
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:15 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
9:24 PM: Updating spyware definitions
9:24 PM: Your definitions are up to date.
9:25 PM: | End of Session, Friday, October 14, 2005 |
********
4:46 PM: | Start of Session, Friday, October 14, 2005 |
4:46 PM: Spy Sweeper started
4:46 PM: Sweep initiated using definitions version 555
4:46 PM: Starting Memory Sweep
4:46 PM: Found Adware: abetterinternet
4:46 PM: Detected running threat: C:\WINDOWS\SYSTEM32\ypowlt.exe (ID = 158592)
4:48 PM: Found Trojan Horse: lzio
4:48 PM: Detected running threat: C:\WINDOWS\SYSTEM32\whecdwm\qekrmujx.exe (ID = 159311)
4:48 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || qekrmujx (ID = 0)
4:48 PM: Detected running threat: C:\WINDOWS\SYSTEM32\uudmzf.exe (ID = 158592)
4:48 PM: Detected running threat: C:\WINDOWS\explorer.exe (ID = 63)
4:48 PM: Detected running threat: C:\WINDOWS\SYSTEM32\fhlyvp.exe (ID = 158592)
4:49 PM: Memory Sweep Complete, Elapsed Time: 00:02:33
4:49 PM: Starting Registry Sweep
4:49 PM: Found Adware: apropos
4:49 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
4:49 PM: Found Adware: begin2search
4:49 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
4:49 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
4:49 PM: Found Adware: hotsearchbar toolbar
4:49 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
4:49 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
4:49 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
4:49 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
4:49 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
4:49 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
4:49 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
4:49 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
4:49 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
4:49 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
4:49 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
4:49 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
4:49 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
4:49 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
4:49 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
4:49 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
4:49 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
4:49 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
4:49 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
4:49 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
4:49 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
4:49 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
4:49 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
4:49 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
4:49 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
4:49 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
4:49 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
4:49 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
4:49 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
4:49 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
4:49 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
4:49 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
4:49 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
4:49 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
4:49 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
4:49 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
4:49 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
4:49 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
4:49 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
4:49 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
4:49 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
4:49 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
4:49 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
4:49 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
4:49 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
4:49 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
4:49 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
4:49 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
4:49 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
4:49 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
4:49 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
4:49 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
4:49 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
4:49 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
4:49 PM: Found Adware: coolwebsearch (cws)
4:49 PM: HKCR\clsid\{899a5903-19a8-847c-427c-8f50787644ae}\ (2 subtraces) (ID = 107683)
4:49 PM: HKLM\software\classes\clsid\{899a5903-19a8-847c-427c-8f50787644ae}\ (2 subtraces) (ID = 109067)
4:49 PM: Found Adware: cws_ns3
4:49 PM: HKCR\clsid\{aef3e64a-b4fc-fc2a-5ef9-4fc735f322d9}\ (2 subtraces) (ID = 118827)
4:49 PM: HKCR\clsid\{b26e0da6-7964-2b58-9b4b-94cbaa3aff83}\ (2 subtraces) (ID = 118859)
4:49 PM: HKLM\software\classes\clsid\{aef3e64a-b4fc-fc2a-5ef9-4fc735f322d9}\ (2 subtraces) (ID = 120666)
4:49 PM: HKLM\software\classes\clsid\{b26e0da6-7964-2b58-9b4b-94cbaa3aff83}\ (2 subtraces) (ID = 120698)
4:49 PM: Found Adware: delfin
4:49 PM: HKLM\software\motoin\ (2 subtraces) (ID = 124883)
4:49 PM: Found Adware: elitebar
4:49 PM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
4:49 PM: Found Adware: drsnsrch.com hijack
4:49 PM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 128208)
4:49 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 128209)
4:49 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 128210)
4:49 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 128211)
4:49 PM: Found Adware: mirar webband
4:49 PM: HKLM\software\relatedpageinstall\ (6 subtraces) (ID = 135120)
4:49 PM: Found Trojan Horse: trojan-downloader-pacisoft
4:49 PM: HKLM\software\microsoft\code store database\distribution units\{972bb342-14a7-4660-83c1-51ddbee171db}\ (8 subtraces) (ID = 136524)
4:49 PM: Found Adware: purityscan
4:49 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
4:49 PM: Found Adware: media-motor
4:49 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
4:49 PM: Found Adware: search fast communicator toolbar
4:49 PM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
4:49 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
4:49 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
4:49 PM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
4:49 PM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
4:49 PM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
4:49 PM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
4:49 PM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
4:49 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
4:49 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
4:49 PM: HKU\.default\software\communicator toolbar\ (9 subtraces) (ID = 140696)
4:49 PM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140697)
4:49 PM: Found Adware: surfsidekick
4:49 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
4:49 PM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
4:49 PM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
4:49 PM: Found Adware: quicklink search toolbar
4:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
4:49 PM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
4:49 PM: Found Adware: winad
4:49 PM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
4:49 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
4:49 PM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
4:49 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
4:49 PM: Found Adware: drsnsrch hijacker
4:49 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
4:49 PM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
4:49 PM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
4:49 PM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
4:49 PM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
4:49 PM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
4:49 PM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
4:49 PM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
4:49 PM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
4:49 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
4:49 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
4:49 PM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
4:49 PM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
4:49 PM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
4:49 PM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
4:49 PM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
4:49 PM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
4:49 PM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
4:49 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
4:49 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
4:49 PM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
4:49 PM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
4:49 PM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
4:49 PM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
4:49 PM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
4:49 PM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
4:49 PM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
4:49 PM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
4:49 PM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
4:49 PM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
4:49 PM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
4:49 PM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
4:49 PM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
4:49 PM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
4:49 PM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
4:49 PM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
4:49 PM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
4:49 PM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
4:49 PM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
4:49 PM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
4:49 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (ID = 513230)
4:49 PM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 646382)
4:49 PM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
4:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\related sites toolbar\ (2 subtraces) (ID = 652841)
4:49 PM: Found Adware: bookedspace
4:49 PM: HKLM\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com\ (3 subtraces) (ID = 662284)
4:49 PM: HKLM\software\microsoft\windows\currentversion\run\ || dinst (ID = 705664)
4:49 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
4:49 PM: Found Adware: visfx
4:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
4:49 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
4:49 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
4:49 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mm81.ocx\ (2 subtraces) (ID = 762354)
4:49 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
4:49 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
4:49 PM: Found Adware: clkoptimizer
4:49 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
4:49 PM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815132)
4:49 PM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815145)
4:49 PM: Found Adware: 180search assistant/zango
4:49 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
4:49 PM: Found Adware: shopathomeselect
4:49 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
4:49 PM: HKLM\software\qstat\ || brr (ID = 877670)
4:49 PM: HKU\WRSS_Profile_S-1-5-21-2801439982-3646181656-3495054330-500\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
4:49 PM: HKU\WRSS_Profile_S-1-5-21-2801439982-3646181656-3495054330-500\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
4:49 PM: HKU\WRSS_Profile_S-1-5-21-2801439982-3646181656-3495054330-500\software\surfsidekick3\ (3 subtraces) (ID = 143412)
4:49 PM: Found Adware: cws-aboutblank
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search page (ID = 128207)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\searchurl\ (ID = 128212)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\psof1\ (10 subtraces) (ID = 136530)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\communicator toolbar\ (9 subtraces) (ID = 140688)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\surfsidekick3\ (3 subtraces) (ID = 143412)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\aurora\ (27 subtraces) (ID = 360174)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\dsrch\ (11 subtraces) (ID = 509156)
4:49 PM: HKU\S-1-5-21-2801439982-3646181656-3495054330-1003\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
4:49 PM: HKU\S-1-5-18\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
4:49 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 128206)
4:49 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page (ID = 128207)
4:49 PM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ (ID = 128212)
4:49 PM: HKU\S-1-5-18\software\communicator toolbar\ (9 subtraces) (ID = 140688)
4:49 PM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
4:49 PM: HKU\S-1-5-18\software\dsrch\ (7 subtraces) (ID = 509156)
4:49 PM: Registry Sweep Complete, Elapsed Time:00:00:45
4:49 PM: Starting Cookie Sweep
4:49 PM: Found Spy Cookie: 2o7.net cookie
4:49 PM: owner@2o7[2].txt (ID = 1957)
4:49 PM: Found Spy Cookie: 888 cookie
4:49 PM: owner@888[1].txt (ID = 2019)
4:49 PM: Found Spy Cookie: yieldmanager cookie
4:49 PM:
[email protected][1].txt (ID = 3751)
4:49 PM: Found Spy Cookie: adknowledge cookie
4:49 PM: owner@adknowledge[2].txt (ID = 2072)
4:49 PM: Found Spy Cookie: hbmediapro cookie
4:49 PM:
[email protected][2].txt (ID = 2768)
4:49 PM: Found Spy Cookie: adrevolver cookie
4:49 PM: owner@adrevolver[1].txt (ID = 2088)
4:49 PM: owner@adrevolver[2].txt (ID = 2088)
4:49 PM: Found Spy Cookie: adserver cookie
4:49 PM: owner@adserver[1].txt (ID = 2141)
4:49 PM: Found Spy Cookie: advertising cookie
4:49 PM: owner@advertising[2].txt (ID = 2175)
4:49 PM: Found Spy Cookie: falkag cookie
4:49 PM:
[email protected][1].txt (ID = 2650)
4:49 PM:
[email protected][2].txt (ID = 2650)
4:49 PM: Found Spy Cookie: ask cookie
4:49 PM: owner@ask[1].txt (ID = 2245)
4:49 PM: Found Spy Cookie: atlas dmt cookie
4:49 PM: owner@atdmt[2].txt (ID = 2253)
4:49 PM: Found Spy Cookie: belnk cookie
4:49 PM:
[email protected][1].txt (ID = 2293)
4:49 PM: Found Spy Cookie: atwola cookie
4:49 PM: owner@atwola[2].txt (ID = 2255)
4:49 PM: Found Spy Cookie: a cookie
4:49 PM: owner@a[2].txt (ID = 2027)
4:49 PM: Found Spy Cookie: banner cookie
4:49 PM: owner@banner[1].txt (ID = 2276)
4:49 PM: owner@belnk[2].txt (ID = 2292)
4:49 PM: Found Spy Cookie: btgrab cookie
4:49 PM:
[email protected][2].txt (ID = 2333)
4:49 PM: Found Spy Cookie: gostats cookie
4:49 PM:
[email protected][2].txt (ID = 2748)
4:49 PM: Found Spy Cookie: cliks cookie
4:49 PM: owner@cliks[1].txt (ID = 2414)
4:49 PM: Found Spy Cookie: sextracker cookie
4:49 PM:
[email protected][1].txt (ID = 3362)
4:49 PM:
[email protected][1].txt (ID = 2293)
4:49 PM: Found Spy Cookie: ru4 cookie
4:49 PM:
[email protected][2].txt (ID = 3269)
4:49 PM: Found Spy Cookie: fastclick cookie
4:49 PM: owner@fastclick[1].txt (ID = 2651)
4:49 PM: owner@fastclick[2].txt (ID = 2651)
4:49 PM: owner@gostats[2].txt (ID = 2747)
4:49 PM: Found Spy Cookie: clickandtrack cookie
4:49 PM:
[email protected][2].txt (ID = 2397)
4:49 PM: Found Spy Cookie: kmpads cookie
4:49 PM: owner@kmpads[1].txt (ID = 2909)
4:49 PM: Found Spy Cookie: offeroptimizer cookie
4:49 PM: owner@offeroptimizer[2].txt (ID = 3087)
4:49 PM: Found Spy Cookie: overture cookie
4:49 PM:
[email protected][1].txt (ID = 3106)
4:49 PM: Found Spy Cookie: questionmarket cookie
4:49 PM: owner@questionmarket[2].txt (ID = 3217)
4:49 PM: Found Spy Cookie: realmedia cookie
4:49 PM: owner@realmedia[1].txt (ID = 3235)
4:49 PM: Found Spy Cookie: adjuggler cookie
4:49 PM:
[email protected][2].txt (ID = 2071)
4:49 PM: Found Spy Cookie: servedby advertising cookie
4:49 PM:
[email protected][1].txt (ID = 3335)
4:49 PM: owner@sextracker[2].txt (ID = 3361)
4:49 PM: Found Spy Cookie: reliablestats cookie
4:49 PM:
[email protected][2].txt (ID = 3254)
4:49 PM: Found Spy Cookie: targetnet cookie
4:49 PM: owner@targetnet[1].txt (ID = 3489)
4:49 PM: Found Spy Cookie: toplist cookie
4:49 PM: owner@toplist[1].txt (ID = 3557)
4:49 PM: Found Spy Cookie: tradedoubler cookie
4:49 PM: owner@tradedoubler[1].txt (ID = 3575)
4:49 PM: Found Spy Cookie: trafficmp cookie
4:49 PM: owner@trafficmp[1].txt (ID = 3581)
4:49 PM: Found Spy Cookie: tribalfusion cookie
4:49 PM: owner@tribalfusion[2].txt (ID = 3589)
4:49 PM: Found Spy Cookie: myaffiliateprogram.com cookie
4:49 PM:
[email protected][1].txt (ID = 3032)
4:49 PM: owner@yieldmanager[1].txt (ID = 3749)
4:49 PM:
[email protected][1].txt (ID = 2142)
4:49 PM: Found Spy Cookie: casalemedia cookie
4:49 PM: system@casalemedia[2].txt (ID = 2354)
4:49 PM:
[email protected][1].txt (ID = 3269)
4:49 PM: Found Spy Cookie: exitexchange cookie
4:49 PM: system@exitexchange[2].txt (ID = 2633)
4:49 PM: Found Spy Cookie: paypopup cookie
4:49 PM: system@paypopup[2].txt (ID = 3119)
4:49 PM: system@questionmarket[1].txt (ID = 3217)
4:49 PM: Found Spy Cookie: rednova cookie
4:49 PM: system@rednova[2].txt (ID = 3245)
4:49 PM: system@trafficmp[2].txt (ID = 3581)
4:49 PM:
[email protected][1].txt (ID = 3246)
4:49 PM: Found Spy Cookie: zedo cookie
4:49 PM: system@zedo[2].txt (ID = 3762)
4:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
4:49 PM: Starting File Sweep
4:50 PM: Found Adware: webhancer
4:50 PM: c:\program files\whinstall (5 subtraces) (ID = -2147480064)
4:50 PM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
4:50 PM: Found Adware: virtualbouncer
4:50 PM: c:\program files\vbouncer (2 subtraces) (ID = -2147477376)
4:50 PM: c:\program files\surfsidekick 3 (ID = -2147480186)
4:50 PM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
4:50 PM: Found Adware: cas
4:50 PM: c:\program files\cmsystem (ID = -2147471610)
4:50 PM: backup-20051004-233143-932.inf (ID = 144896)
4:50 PM: wmprfptb.prx:ypgwmu (ID = 56287)
4:50 PM: backup-20051004-233142-977.dll.tcf (ID = 115632)
4:50 PM: wmprfchs.prx:byvgwy (ID = 56270)
4:50 PM: preuninstallcom.exe (ID = 74818)
4:50 PM: wmprfjpn.prx:foorkk (ID = 54051)
4:50 PM: backup-20050820-024611-298.dll.tcf (ID = 115632)
4:50 PM: vmmreg32.dll:jmucx (ID = 56447)
4:50 PM: backup-20051014-122146-985.dll (ID = 131321)
4:50 PM: wmsetup.log:bqjpah (ID = 54093)
4:51 PM: qekrmujx.exe (ID = 159311)
4:51 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || qekrmujx (ID = 0)
4:51 PM: fhlyvp.exe (ID = 158592)
4:51 PM: clock.avi:uqanf (ID = 56270)
4:51 PM: pcs_0031.exe (ID = 161706)
4:51 PM: backup-20051004-233142-567.dll (ID = 131321)
4:51 PM: backup-20051004-233143-657.dll (ID = 73425)
4:51 PM: blue lace 16.bmp:pyxtq (ID = 56447)
4:52 PM: 5b490ro6.exe (ID = 157331)
4:52 PM: Found Adware: winantispyware 2005
4:52 PM: uwfx5lp_0001_0715netinstaller.exe (ID = 114990)
4:52 PM: wmprfesp.prx:qnkqv (ID = 56447)
4:52 PM: wmprfheb.prx:incwp (ID = 56447)
4:52 PM: wmprfkor.prx:bovbr (ID = 56447)
4:52 PM: uclvf.exe (ID = 159311)
4:53 PM: music store.ico:drvzty (ID = 56270)
4:53 PM: sskknwrd.dll (ID = 77733)
4:53 PM: t30debuglogfile.txt:trhmf (ID = 56194)
4:53 PM: msnavpklog.txt:vcelr (ID = 56711)
4:53 PM: Found Adware: cws_tiny0
4:53 PM: olx98nt.sys:mrqyr (ID = 56968)
4:53 PM: nsw.log:bpfgu (ID = 56968)
4:53 PM: m67m.inf (ID = 74028)
4:53 PM: sskbho.dll (ID = 163865)
4:53 PM: ocgen.log:faalko (ID = 56287)
4:54 PM: patch.exe:fraet (ID = 55707)
4:54 PM: ntq5e7dn.dll (ID = 157332)
4:54 PM: uudmzf.exe (ID = 158592)
4:54 PM: stb.exe (ID = 94666)
4:54 PM: ssk.exe (ID = 163864)
4:54 PM: uwfx5lp_0001_0715netinstaller.exe (ID = 114990)
4:55 PM: 30r8imok.exe (ID = 157330)
4:55 PM: Found Adware: ist yoursitebar
4:55 PM: backup-20050820-024612-156.dll.tcf (ID = 133888)
4:55 PM: apd123.exe.tcf (ID = 161622)
4:55 PM: uninst.exe (ID = 73428)
4:55 PM: mon2007.dbd (ID = 57693)
4:55 PM: qldf.bin (ID = 131688)
4:55 PM: Found Adware: isearch toolbar
4:55 PM: mte2odm6odoxng.exe.tcf (ID = 145831)
4:55 PM: mediaticketsinstaller.inf (ID = 73158)
4:55 PM: qlink32.dll (ID = 73425)
4:55 PM: ypowlt.exe (ID = 158592)
4:56 PM: preuninstallql.exe (ID = 131326)
4:56 PM: uninst.exe (ID = 73428)
4:56 PM: sskknwrd.dll (ID = 77733)
4:56 PM: Found Trojan Horse: trojan_downloader_tibser
4:56 PM: odbc.ini:jrtka (ID = 81471)
4:57 PM: msxmidi.exe.js:gwqvn (ID = 55098)
4:57 PM: {2cea2f29-8fb4-4414-bc3b-fe8205b3cee1}.dat:yjzri (ID = 56711)
4:58 PM: dsr.exe.tcf (ID = 121121)
4:59 PM: installt.exe (ID = 82806)
4:59 PM: whinstaller.ini (ID = 83848)
4:59 PM: whagent.inf (ID = 83822)
5:00 PM: _default.pif:nmjryt (ID = 81471)
5:00 PM: auhccup1.dll:jpxurb (ID = 56287)
5:00 PM: {3ad02412-f082-4583-b4a2-5888e7e64911}.dat:gnbwse (ID = 56270)
5:00 PM: active setup log.txt:rofppq (ID = 54051)
5:00 PM: Found Trojan Horse: trojan-downloader-mainstreamdollars
5:00 PM: btnetw3-995329.exe (ID = 155333)
5:00 PM: rifqr.exe (ID = 159311)
5:00 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || rifqr (ID = 0)
5:01 PM: msnsetuplog.bak:lrcmzn (ID = 81471)
5:01 PM: notepad.exe.bak:uqcuj (ID = 56711)
5:01 PM: 9b7psqu9.exe.tcf (ID = 130510)
5:01 PM: mon1920.dbd (ID = 57692)
5:01 PM: wingenerics.dll (ID = 50187)
5:02 PM: patch.exe:qtlwgb (ID = 54093)
5:02 PM: dsr.dll.tcf (ID = 115632)
5:02 PM: comsetup.log:xdsnj (ID = 53966)
5:02 PM: ocmsn.log:jsouf (ID = 56447)
5:03 PM: mm81.ocx (ID = 144897)
5:03 PM: orun32.isu:uurmb (ID = 53966)
5:03 PM: wmprfrus.prx:vpdtr (ID = 56447)
5:03 PM: clock.avi:uqanfo (ID = 54093)
5:04 PM: mqjwnm.exe (ID = 159311)
5:05 PM: vminst.log:dpczx (ID = 56966)
5:05 PM: kb885836.log:ilbgrd (ID = 81471)
5:05 PM: kb887822.log:bltlln (ID = 56270)
5:06 PM: mediaticketsinstaller.ocx.tcf (ID = 73164)
5:08 PM: sskcwrd.dll (ID = 77712)
5:08 PM: whagent.ini (ID = 83825)
5:08 PM: mon0204.ddx (ID = 57681)
5:08 PM: mon1125.ddx (ID = 57685)
5:08 PM: mon1909.ddx (ID = 57691)
5:08 PM: mon0504.ddx (ID = 57681)
5:08 PM: mon0904.ddx (ID = 57691)
5:08 PM: mon0412.ddx (ID = 57681)
5:08 PM: mon0106.ddx (ID = 57679)
5:08 PM: mon0315.ddx (ID = 57681)
5:08 PM: mon1204.ddx (ID = 57681)
5:08 PM: Found System Monitor: potentially rootkit-masked files
5:08 PM: 0000409d_4344abe5_0001ab3f (ID = 0)
5:08 PM: 00004dc8_434e0977_0004c4b4 (ID = 0)
5:08 PM: 000039ce_43496744_000ec82e (ID = 0)
5:08 PM: 000022ee_43464335_000a7d8c (ID = 0)
5:08 PM: 00005772_4348e5c1_00066ff3 (ID = 0)
5:08 PM: 000032c1_43462903_000a4083 (ID = 0)
5:08 PM: 00004e45_43461657_00000000 (ID = 0)
5:08 PM: 00000035_4346180f_0001ab3f (ID = 0)
5:09 PM: 0000261e_4343906f_0005f5e1 (ID = 0)
5:09 PM: 00001a49_43438fa8_000d59f8 (ID = 0)
5:09 PM: 00000732_43464221_0006ea05 (ID = 0)
5:09 PM: 00003ef6_434715dd_000a7d8c (ID = 0)
5:09 PM: 00003c61_434da2ea_000c65d4 (ID = 0)
5:09 PM: 00005cfd_4344ab9b_00081b32 (ID = 0)
5:09 PM: 0000441d_4348eeba_0002dc6c (ID = 0)
5:10 PM: 0000691d_434c1e17_000b71b0 (ID = 0)
5:10 PM: 00000f3e_43471514_00090f56 (ID = 0)
5:10 PM: 000072ae_434b3f14_000b71b0 (ID = 0)
5:10 PM: 000022ee_4343f490_00090f56 (ID = 0)
5:10 PM: 00003bf6_434616c7_00066ff3 (ID = 0)
5:10 PM: 00006e5d_4344aada_0001ab3f (ID = 0)
5:10 PM: 0000798b_43461714_0001e848 (ID = 0)
5:10 PM: 00005dd5_4345d2e2_000501bd (ID = 0)
5:10 PM: 00005064_43463d5b_00053ec6 (ID = 0)
5:10 PM: 0000567e_43462a5d_000e1113 (ID = 0)
5:10 PM: 0000409d_43445185_00090f56 (ID = 0)
5:11 PM: 00002b0f_43446c4e_000d59f8 (ID = 0)
5:11 PM: 00005ea5_434b1ebd_0002dc6c (ID = 0)
5:11 PM: 000050bf_434e1280_0005b8d8 (ID = 0)
5:11 PM: 0000759a_434815af_000f0537 (ID = 0)
5:11 PM: 00005d03_434640db_000d59f8 (ID = 0)
5:11 PM: 00006586_43481f1e_0007270e (ID = 0)
5:11 PM: 00000029_434612aa_00007a12 (ID = 0)
5:11 PM: 00007a74_4344ce4e_0009c671 (ID = 0)
5:11 PM: 000039b3_43458b18_00089544 (ID = 0)
5:11 PM: 00001db5_4346ed41_0006