Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware Infection: WinFixer, 213paypopup and Zeno


  • Please log in to reply

#1
thechamp96

thechamp96

    New Member

  • Member
  • Pip
  • 4 posts
Hi Guys,

I am constantly getting popups and popunders from WinFixer, 213paypopup Zeno and other adware companies. I have tried running Spybot S&D, AdAware and Norton Antivirus with no luck.

Here is my HJT file, I hope you can help!!

Thanks in advance!!!

Mike.


Logfile of HijackThis v1.99.1
Scan saved at 11:03:25 AM, on 2005-10-18
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\NavNT\defwatch.exe
C:\WINNT\etlisrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\mspmspsv.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\PROGRA~1\PEREGR~1\DESKTO~1\bin\iftlsnr.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\control.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\6k79vp7r.exe
C:\WINNT\system32\vidmon\vidmon.exe
C:\WINNT\system32\nfomon\nfomon.exe
C:\WINNT\system32\ASYCFILT.exe
C:\WINNT\system32\polo.exe
C:\WINNT\system32\Xgjpcs.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\services\svchost.exe
C:\WINNT\system32\etlitr50.exe
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\control.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINNT\system32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hc-sc.gc.ca
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hc-sc.gc.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINNT\system32\communicator.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [6k79vp7r] C:\WINNT\system32\6k79vp7r.exe
O4 - HKLM\..\Run: [stb] C:\WINNT\system32\stb.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\syshelp.exe
O4 - HKLM\..\Run: [vidmon] C:\WINNT\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Nfo] C:\WINNT\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [9e6a77b3c291] C:\WINNT\system32\ASYCFILT.exe
O4 - HKLM\..\Run: [polo.exe] polo.exe
O4 - HKLM\..\Run: [version] C:\WINNT\system32\Axwfcn.exe
O4 - HKLM\..\Run: [secure] C:\WINNT\system32\Xgjpcs.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [wincin] C:\WINNT\TEMP\w181609.stub.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [winservice] C:\WINNT\services\svchost.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zstart.lnk = C:\WINNT\system32\cxdxregt.exe
O4 - Global Startup: BackupFavorites.lnk = C:\WINNT\hcapps\BackupFavorites.exe
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: NalDesk.lnk = C:\WINNT\system32\NALDESK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .wpd: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQ00532.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hc-sc.gc.ca
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/d.../int_ver32b.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126717627848
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - http://www.placepro....ents/wspell.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O17 - HKLM\System\CS1\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O17 - HKLM\System\CS2\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINNT\system32\qlink32.dll
O20 - AppInit_DLLs: repairs.dll,repairs302972949.dll
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\autxprxy.dll
O21 - SSODL: MsTIHM - {64BFF390-CE15-593A-EBBC-EC207BF5FC9A} - C:\WINNT\system32\fzp.dll (file missing)
O23 - Service: Peregrine Listener 6.0.1 (agtlsnr601) - Peregrine Systems, Inc. - C:\PROGRA~1\PEREGR~1\DESKTO~1\bin\iftlsnr.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - c:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust Technologies Ltd. - C:\WINNT\etlisrv.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#3
thechamp96

thechamp96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello didom,

The SpySweeper Session Log is very long, but I will paste it as requested. Thanks!

********
12:18 PM: | Start of Session, October 19, 2005 |
12:18 PM: Spy Sweeper started
12:18 PM: Sweep initiated using definitions version 557
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: Starting Memory Sweep
12:18 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
12:19 PM: Found Adware: surfsidekick
12:19 PM: Detected running threat: C:\WINNT\system32\repairs302972949.dll (ID = 163735)
12:19 PM: Found Adware: icannnews
12:19 PM: Detected running threat: C:\WINNT\system32\autxprxy.dll (ID = 125214)
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: Detected running threat: C:\WINNT\system32\mqc40.dll (ID = 125214)
12:19 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 163865)
12:19 PM: Found Adware: shopathomeselect
12:19 PM: Detected running threat: C:\WINNT\system32\hihrrije.dll (ID = 130512)
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
12:20 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:21 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:21 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:21 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:21 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:22 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:23 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: Found Adware: ie driver
12:24 PM: Detected running threat: C:\WINNT\system32\avifil32.exe (ID = 14)
12:24 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:24 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: Detected running threat: C:\WINNT\system32\6k79vp7r.exe (ID = 130517)
12:25 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 6k79vp7r (ID = 0)
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:25 PM: Detected running threat: C:\WINNT\system32\ASYCFILT.exe (ID = 14)
12:25 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 9e6a77b3c291 (ID = 0)
12:25 PM: Found Adware: zenosearchassistant
12:25 PM: Detected running threat: C:\WINNT\system32\rsyszq2d.exe (ID = 126122)
12:25 PM: Found Adware: search fast communicator toolbar
12:25 PM: Detected running threat: C:\WINNT\system32\communicator.dll (ID = 131321)
12:25 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 163866)
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: Memory Sweep Complete, Elapsed Time: 00:06:45
12:25 PM: Starting Registry Sweep
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:25 PM: Found Trojan Horse: daemonize
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || systems (ID = 124552)
12:25 PM: Found Adware: dealhelper
12:25 PM: HKLM\software\dealhelper\ (6 subtraces) (ID = 124791)
12:25 PM: Found Adware: keyhost hijacker - jraun
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || version (ID = 124800)
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || version (ID = 124800)
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dealhelper\ (3 subtraces) (ID = 124815)
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
12:25 PM: Found Adware: delfin
12:25 PM: HKLM\software\mvu\ (2 subtraces) (ID = 124885)
12:25 PM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
12:25 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140681)
12:25 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
12:25 PM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
12:25 PM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
12:25 PM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
12:25 PM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
12:25 PM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
12:25 PM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
12:25 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140692)
12:25 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
12:25 PM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
12:25 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140698)
12:25 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
12:25 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
12:25 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
12:25 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || sysstart (ID = 147932)
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || stb (ID = 201920)
12:25 PM: Found Adware: surf accuracy
12:25 PM: HKLM\software\sacc\ (6 subtraces) (ID = 203068)
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sacc\ (2 subtraces) (ID = 203070)
12:25 PM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
12:25 PM: Found Adware: quicklink search toolbar
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
12:25 PM: HKLM\software\ql\ (4 subtraces) (ID = 359458)
12:25 PM: Found Adware: winad
12:25 PM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
12:25 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
12:25 PM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
12:25 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno browser enhancer\ (2 subtraces) (ID = 513784)
12:25 PM: Found Adware: wefed
12:25 PM: HKLM\software\microsoft\windows\currentversion\run\ || polo.exe (ID = 604904)
12:25 PM: HKLM\software\ddate\ (1 subtraces) (ID = 636618)
12:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\related sites toolbar\ (2 subtraces) (ID = 652841)
12:25 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 775720)
12:25 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
12:25 PM: Found Adware: 7adpower
12:25 PM: HKCR\progetto1.int_ver32\ (3 subtraces) (ID = 831501)
12:25 PM: HKCR\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (27 subtraces) (ID = 831505)
12:25 PM: HKCR\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (9 subtraces) (ID = 831589)
12:25 PM: HKLM\software\classes\progetto1.int_ver32\ (3 subtraces) (ID = 831690)
12:25 PM: HKLM\software\classes\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (27 subtraces) (ID = 831694)
12:25 PM: HKLM\software\classes\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (9 subtraces) (ID = 831778)
12:25 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\mediagatewayx.dll (ID = 838612)
12:25 PM: Found Adware: fatpickle toolbar
12:25 PM: HKLM\software\classes\typelib\{13090792-d4c2-433e-91ba-5ac36aa33fcb}\ (9 subtraces) (ID = 885885)
12:26 PM: Found Adware: ieplugin
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: Found Adware: upspiral toolbar
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: Found Adware: redzip toolbar
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\intexp\ (4 subtraces) (ID = 128173)
12:26 PM: Found Adware: ieplugin hijacker
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\microsoft\internet explorer\main\ || search bar (ID = 128214)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\microsoft\internet explorer\main\ || search page (ID = 128215)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\microsoft\internet explorer\searchurl\ (ID = 128220)
12:26 PM: Found Adware: winantispyware 2005
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-500\software\winsoftware\winfixer 2005\ (8 subtraces) (ID = 528169)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\intexp\ (90 subtraces) (ID = 128173)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\microsoft\internet explorer\main\ || search bar (ID = 128214)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\microsoft\internet explorer\main\ || search page (ID = 128215)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\microsoft\internet explorer\searchurl\ (ID = 128220)
12:26 PM: Found Adware: 180search assistant/zango
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\sac\ (14 subtraces) (ID = 135786)
12:26 PM: Found Adware: abetterinternet
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1009\software\ceres\ (1 subtraces) (ID = 145851)
12:26 PM: Found Adware: ie driver searchx.htm hijack
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\microsoft\internet explorer\main\ || search bar (ID = 127908)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\communicator toolbar\ (10 subtraces) (ID = 140688)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
12:26 PM: HKU\S-1-5-21-84809141-54343164-424434361-1008\software\surfsidekick3\ (3 subtraces) (ID = 143412)
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\dsktb\ (6 subtraces) (ID = 128171)
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\communicator toolbar\ (10 subtraces) (ID = 140688)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\surfsidekick3\ (3 subtraces) (ID = 143412)
12:26 PM: HKU\WRSS_Profile_S-1-5-21-84809141-54343164-424434361-1000\software\winsoftware\winfixer 2005\ (19 subtraces) (ID = 528169)
12:26 PM: Registry Sweep Complete, Elapsed Time:00:00:43
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: Starting Cookie Sweep
12:26 PM: Found Spy Cookie: yieldmanager cookie
12:26 PM: administrator@ad.yieldmanager[1].txt (ID = 3751)
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: Found Spy Cookie: mygeek cookie
12:26 PM: administrator@mygeek[1].txt (ID = 3041)
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: Found Spy Cookie: primaryads cookie
12:26 PM: mdonalds@1.primaryads[2].txt (ID = 3190)
12:26 PM: Found Spy Cookie: 80503492 cookie
12:26 PM: mdonalds@80503492[1].txt (ID = 2013)
12:26 PM: Found Spy Cookie: 888 cookie
12:26 PM: mdonalds@888[1].txt (ID = 2019)
12:26 PM: Found Spy Cookie: websponsors cookie
12:26 PM: mdonalds@a.websponsors[1].txt (ID = 3665)
12:26 PM: Found Spy Cookie: about cookie
12:26 PM: mdonalds@about[1].txt (ID = 2037)
12:26 PM: mdonalds@ad.yieldmanager[2].txt (ID = 3751)
12:26 PM: Found Spy Cookie: adknowledge cookie
12:26 PM: mdonalds@adknowledge[1].txt (ID = 2072)
12:26 PM: Found Spy Cookie: adlegend cookie
12:26 PM: mdonalds@adlegend[2].txt (ID = 2074)
12:26 PM: Found Spy Cookie: hbmediapro cookie
12:26 PM: mdonalds@adopt.hbmediapro[2].txt (ID = 2768)
12:26 PM: Found Spy Cookie: specificclick.com cookie
12:26 PM: mdonalds@adopt.specificclick[2].txt (ID = 3400)
12:26 PM: Found Spy Cookie: addynamix cookie
12:26 PM: mdonalds@ads.addynamix[2].txt (ID = 2062)
12:26 PM: Found Spy Cookie: cc214142 cookie
12:26 PM: mdonalds@ads.cc214142[2].txt (ID = 2367)
12:26 PM: Found Spy Cookie: apmebf cookie
12:26 PM: mdonalds@apmebf[2].txt (ID = 2229)
12:26 PM: Found Spy Cookie: ask cookie
12:26 PM: mdonalds@ask[1].txt (ID = 2245)
12:26 PM: Found Spy Cookie: atwola cookie
12:26 PM: mdonalds@atwola[1].txt (ID = 2255)
12:26 PM: Found Spy Cookie: azjmp cookie
12:26 PM: mdonalds@azjmp[1].txt (ID = 2270)
12:26 PM: Found Spy Cookie: banner cookie
12:26 PM: mdonalds@banner[1].txt (ID = 2276)
12:26 PM: Found Spy Cookie: belnk cookie
12:26 PM: mdonalds@belnk[1].txt (ID = 2292)
12:26 PM: Found Spy Cookie: bizrate cookie
12:26 PM: mdonalds@bizrate[1].txt (ID = 2308)
12:26 PM: mdonalds@blues.about[1].txt (ID = 2038)
12:26 PM: Found Spy Cookie: burstnet cookie
12:26 PM: mdonalds@burstnet[1].txt (ID = 2336)
12:26 PM: Found Spy Cookie: enhance cookie
12:26 PM: mdonalds@c.enhance[2].txt (ID = 2614)
12:26 PM: Found Spy Cookie: carsbelowinvoice cookie
12:26 PM: mdonalds@carsbelowinvoice[1].txt (ID = 2352)
12:26 PM: Found Spy Cookie: centralmedia cookie
12:26 PM: mdonalds@centralmedia[2].txt (ID = 2373)
12:26 PM: Found Spy Cookie: classmates cookie
12:26 PM: mdonalds@classmates[1].txt (ID = 2384)
12:26 PM: Found Spy Cookie: coolsavings cookie
12:26 PM: mdonalds@coolsavings[1].txt (ID = 2465)
12:26 PM: Found Spy Cookie: dealhelper cookie
12:26 PM: mdonalds@dealhelper[2].txt (ID = 2503)
12:26 PM: Found Spy Cookie: dealtime cookie
12:26 PM: mdonalds@dealtime[1].txt (ID = 2505)
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:26 PM: Found Spy Cookie: delfinproject cookie
12:26 PM: mdonalds@delfinproject[1].txt (ID = 2509)
12:26 PM: mdonalds@dist.belnk[1].txt (ID = 2293)
12:26 PM: mdonalds@dist.belnk[2].txt (ID = 2293)
12:26 PM: Found Spy Cookie: exitexchange cookie
12:26 PM: mdonalds@exitexchange[1].txt (ID = 2633)
12:26 PM: mdonalds@guitar.about[2].txt (ID = 2038)
12:26 PM: Found Spy Cookie: starware.com cookie
12:26 PM: mdonalds@h.starware[2].txt (ID = 3442)
12:26 PM: Found Spy Cookie: 2o7.net cookie
12:26 PM: mdonalds@highbeam.122.2o7[2].txt (ID = 1958)
12:26 PM: Found Spy Cookie: clickandtrack cookie
12:26 PM: mdonalds@hits.clickandtrack[2].txt (ID = 2397)
12:26 PM: Found Spy Cookie: hitstats.net cookie
12:26 PM: mdonalds@hitstats[1].txt (ID = 2791)
12:26 PM: Found Spy Cookie: hypertracker.com cookie
12:26 PM: mdonalds@hypertracker[1].txt (ID = 2817)
12:26 PM: Found Spy Cookie: screensavers.com cookie
12:26 PM: mdonalds@i.screensavers[1].txt (ID = 3298)
12:26 PM: Found Spy Cookie: ic-live cookie
12:26 PM: mdonalds@ic-live[1].txt (ID = 2821)
12:26 PM: Found Spy Cookie: kmpads cookie
12:26 PM: mdonalds@kmpads[2].txt (ID = 2909)
12:26 PM: Found Spy Cookie: metareward.com cookie
12:26 PM: mdonalds@metareward[1].txt (ID = 2990)
12:26 PM: mdonalds@msnportal.112.2o7[2].txt (ID = 1958)
12:26 PM: Found Spy Cookie: aptimus cookie
12:26 PM: mdonalds@network.aptimus[1].txt (ID = 2235)
12:26 PM: Found Spy Cookie: nuker cookie
12:26 PM: mdonalds@nuker[2].txt (ID = 3085)
12:26 PM: Found Spy Cookie: partypoker cookie
12:26 PM: mdonalds@partypoker[1].txt (ID = 3111)
12:26 PM: Found Spy Cookie: passion cookie
12:26 PM: mdonalds@passion[2].txt (ID = 3113)
12:26 PM: Found Spy Cookie: paypopup cookie
12:26 PM: mdonalds@paypopup[2].txt (ID = 3119)
12:26 PM: Found Spy Cookie: overture cookie
12:26 PM: mdonalds@perf.overture[1].txt (ID = 3106)
12:26 PM: Found Spy Cookie: pokerroom cookie
12:26 PM: mdonalds@pokerroom[1].txt (ID = 3149)
12:26 PM: Found Spy Cookie: pricegrabber cookie
12:26 PM: mdonalds@pricegrabber[2].txt (ID = 3185)
12:26 PM: Found Spy Cookie: pro-market cookie
12:26 PM: mdonalds@pro-market[2].txt (ID = 3197)
12:26 PM: Found Spy Cookie: qksrv cookie
12:26 PM: mdonalds@qksrv[2].txt (ID = 3213)
12:26 PM: mdonalds@quotations.about[1].txt (ID = 2038)
12:26 PM: Found Spy Cookie: rednova cookie
12:26 PM: mdonalds@rednova[2].txt (ID = 3245)
12:26 PM: Found Spy Cookie: rn11 cookie
12:26 PM: mdonalds@rn11[1].txt (ID = 3261)
12:26 PM: Found Spy Cookie: adjuggler cookie
12:26 PM: mdonalds@rotator.adjuggler[2].txt (ID = 2071)
12:26 PM: mdonalds@sav.coolsavings[1].txt (ID = 2466)
12:26 PM: Found Spy Cookie: search123 cookie
12:26 PM: mdonalds@search123[1].txt (ID = 3305)
12:26 PM: Found Spy Cookie: web-stat cookie
12:26 PM: mdonalds@server3.web-stat[1].txt (ID = 3649)
12:26 PM: mdonalds@sonymediasoftware.122.2o7[1].txt (ID = 1958)
12:26 PM: mdonalds@starware[2].txt (ID = 3441)
12:26 PM: mdonalds@stat.dealtime[1].txt (ID = 2506)
12:26 PM: Found Spy Cookie: reliablestats cookie
12:26 PM: mdonalds@stats1.reliablestats[2].txt (ID = 3254)
12:26 PM: Found Spy Cookie: tracking cookie
12:26 PM: mdonalds@tracking[1].txt (ID = 3571)
12:26 PM: mdonalds@tracking[3].txt (ID = 3571)
12:26 PM: Found Spy Cookie: videodome cookie
12:26 PM: mdonalds@videodome[1].txt (ID = 3638)
12:26 PM: Found Spy Cookie: burstbeacon cookie
12:26 PM: mdonalds@www.burstbeacon[2].txt (ID = 2335)
12:26 PM: Found Spy Cookie: epilot cookie
12:26 PM: mdonalds@www.epilot[1].txt (ID = 2622)
12:26 PM: Found Spy Cookie: mytemplatestorage cookie
12:26 PM: mdonalds@www.mytemplatestorage[1].txt (ID = 3050)
12:26 PM: mdonalds@www.rednova[1].txt (ID = 3246)
12:26 PM: Found Spy Cookie: redzip cookie
12:26 PM: mdonalds@www.redzip[1].txt (ID = 3250)
12:26 PM: mdonalds@www.screensavers[2].txt (ID = 3298)
12:26 PM: mdonalds@www.starware[1].txt (ID = 3442)
12:26 PM: Found Spy Cookie: upspiral cookie
12:26 PM: mdonalds@www.upspiral[2].txt (ID = 3615)
12:26 PM: Found Spy Cookie: winantiviruspro cookie
12:26 PM: mdonalds@www.winantiviruspro[1].txt (ID = 3690)
12:26 PM: Found Spy Cookie: xiti cookie
12:26 PM: mdonalds@xiti[1].txt (ID = 3717)
12:26 PM: Found Spy Cookie: yadro cookie
12:26 PM: mdonalds@yadro[2].txt (ID = 3743)
12:26 PM: mdonalds@yieldmanager[1].txt (ID = 3749)
12:26 PM: Found Spy Cookie: zenotecnico cookie
12:26 PM: mdonalds@zenotecnico[2].txt (ID = 3858)
12:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:08
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: Starting File Sweep
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: c:\winnt\system32\sahimages (4 subtraces) (ID = -2147480329)
12:26 PM: c:\program files\surfaccuracy (3 subtraces) (ID = -2147478266)
12:26 PM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
12:26 PM: Found Trojan Horse: 2nd-thought
12:26 PM: c:\winnt\system32\newmsrdk (ID = -2147481534)
12:26 PM: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186)
12:26 PM: c:\program files\related sites toolbar (2 subtraces) (ID = -2147475069)
12:26 PM: c:\program files\communicator toolbar (121 subtraces) (ID = -2147480362)
12:26 PM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.icannnews.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has blocked access to: www.licenseverify.com
12:26 PM: The Spy Communication shield has block
  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Ok, please post a fresh HijackThis log now!
  • 0

#5
thechamp96

thechamp96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok! Here is the updated HJT file:
How does it look?!

Logfile of HijackThis v1.99.1
Scan saved at 4:27:13 PM, on 2005-10-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\NavNT\defwatch.exe
C:\WINNT\etlisrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\mspmspsv.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\PROGRA~1\PEREGR~1\DESKTO~1\bin\iftlsnr.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINNT\system32\control.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\vidmon\vidmon.exe
C:\WINNT\system32\nfomon\nfomon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\services\svchost.exe
C:\WINNT\system32\etlitr50.exe
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\control.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\namgr.EXE
C:\Lotus\Notes\nhldaemn.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hc-sc.gc.ca
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hc-sc.gc.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vidmon] C:\WINNT\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Nfo] C:\WINNT\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [HCPOPUP] c:\program files\hcpopup\popmesg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [winservice] C:\WINNT\services\svchost.exe
O4 - Startup: Zstart.lnk = C:\WINNT\system32\cxdxregt.exe
O4 - Global Startup: BackupFavorites.lnk = C:\WINNT\hcapps\BackupFavorites.exe
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: NalDesk.lnk = C:\WINNT\system32\NALDESK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .wpd: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQ00532.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hc-sc.gc.ca
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/d.../int_ver32b.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126717627848
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - http://www.placepro....ents/wspell.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O17 - HKLM\System\CS1\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O17 - HKLM\System\CS2\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O21 - SSODL: MsTIHM - {64BFF390-CE15-593A-EBBC-EC207BF5FC9A} - C:\WINNT\system32\fzp.dll (file missing)
O23 - Service: Peregrine Listener 6.0.1 (agtlsnr601) - Peregrine Systems, Inc. - C:\PROGRA~1\PEREGR~1\DESKTO~1\bin\iftlsnr.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - c:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust Technologies Ltd. - C:\WINNT\etlisrv.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
  • 0

#6
thechamp96

thechamp96

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok! Here is my updated HJT Log:
How's it look!?

Logfile of HijackThis v1.99.1
Scan saved at 4:27:13 PM, on 2005-10-19
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\NavNT\defwatch.exe
C:\WINNT\etlisrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\NALNTSRV.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wm.exe
C:\WINNT\System32\mspmspsv.exe
C:\NOVELL\ZENRC\WUOLService.exe
C:\PROGRA~1\PEREGR~1\DESKTO~1\bin\iftlsnr.exe
C:\NOVELL\ZENRC\wuser32.exe
C:\WINNT\system32\control.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\dpmw32.exe
C:\WINNT\system32\NWTRAY.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\vidmon\vidmon.exe
C:\WINNT\system32\nfomon\nfomon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\services\svchost.exe
C:\WINNT\system32\etlitr50.exe
C:\WINNT\system32\NALDESK.EXE
C:\WINNT\system32\control.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\namgr.EXE
C:\Lotus\Notes\nhldaemn.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hc-sc.gc.ca
R3 - Default URLSearchHook is missing
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.hc-sc.gc.ca"); (C:\Program Files\Netscape\Users\default\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NDPS] C:\WINNT\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [vptray] c:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] zentray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [vidmon] C:\WINNT\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Nfo] C:\WINNT\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [HCPOPUP] c:\program files\hcpopup\popmesg.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [winservice] C:\WINNT\services\svchost.exe
O4 - Startup: Zstart.lnk = C:\WINNT\system32\cxdxregt.exe
O4 - Global Startup: BackupFavorites.lnk = C:\WINNT\hcapps\BackupFavorites.exe
O4 - Global Startup: Entrust.lnk = C:\WINNT\system32\etlitr50.exe
O4 - Global Startup: NalDesk.lnk = C:\WINNT\system32\NALDESK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .wpd: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQ00532.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hc-sc.gc.ca
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} - http://advnt01.com/d.../int_ver32b.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126717627848
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} (WSpell Spelling Checker Control) - http://www.placepro....ents/wspell.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rcabinstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O17 - HKLM\System\CS1\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O17 - HKLM\System\CS2\Services\Tcpip\..\{31453EA3-BB02-4A87-95CF-D12EED249DFC}: Domain = HC-SC.GC.CA
O21 - SSODL: MsTIHM - {64BFF390-CE15-593A-EBBC-EC207BF5FC9A} - C:\WINNT\system32\fzp.dll (file missing)
O23 - Service: Peregrine Listener 6.0.1 (agtlsnr601) - Peregrine Systems, Inc. - C:\PROGRA~1\PEREGR~1\DESKTO~1\bin\iftlsnr.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - c:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Entrust Login Interface (ELIService) - Entrust Technologies Ltd. - C:\WINNT\etlisrv.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\WINNT\System32\NALNTSRV.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Remote management (Novell WUser Agent) - Novell, Inc. - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Novell Workstation Manager (WM) - Novell, Inc. - C:\WINNT\System32\wm.exe
O23 - Service: WUOLservice (WUOLService) - Novell, Inc. - C:\NOVELL\ZENRC\WUOLService.exe
  • 0

#7
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Hello, Thanks for your patience, if your still in need of assistance and are not recieving it at another forum the next step is a fresh hijackthis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP