Here's the Webroot log. I will do the Hijack This log now. So far my computer seems to be working better.
********
12:48 AM: | Start of Session, Thursday, October 27, 2005 |
12:48 AM: Spy Sweeper started
12:48 AM: Sweep initiated using definitions version 562
12:48 AM: Starting Memory Sweep
12:48 AM: Found Adware: safesurf
12:48 AM: Detected running threat: C:\WINDOWS\system32\pkshdqhy.dll (ID = 138109)
12:48 AM: Found Trojan Horse: trojan downloader pops-stop
12:48 AM: Detected running threat: C:\WINDOWS\system32\italmvga.dll (ID = 156497)
12:48 AM: Found Adware: maxifiles
12:48 AM: Detected running threat: C:\Program Files\DNS\Catcher.dll (ID = 156267)
12:48 AM: Found Adware: abetterinternet
12:48 AM: Detected running threat: C:\WINDOWS\nmjtinv.exe (ID = 93)
12:48 AM: Found Adware: shopathomeselect
12:48 AM: Detected running threat: C:\WINDOWS\system32\81vqpr7q.dll (ID = 157332)
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: Detected running threat: C:\Program Files\iTunes\iTunesHelper.exe (ID = 93)
12:48 AM: Detected running threat: C:\Program Files\QuickTime\qttask.exe (ID = 93)
12:48 AM: Found Adware: ie driver
12:48 AM: Detected running threat: C:\WINDOWS\system32\avifil32.exe (ID = 14)
12:49 AM: Detected running threat: C:\WINDOWS\system32\bitsprx3.exe (ID = 14)
12:49 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 5eb0c15fe81c (ID = 0)
12:49 AM: Detected running threat: C:\WINDOWS\system32\nfomon\nfomon.exe (ID = 93)
12:49 AM: Detected running threat: C:\WINDOWS\system32\vidmon\vidmon.exe (ID = 93)
12:49 AM: Detected running threat: C:\WINDOWS\system32\pfudt92c.exe (ID = 157330)
12:49 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
12:49 AM: Detected running threat: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (ID = 93)
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: Found Adware: surfsidekick
12:49 AM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 163865)
12:49 AM: Detected running threat: C:\Program Files\Dell Support\DSAgnt.exe (ID = 93)
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: Detected running threat: C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID = 93)
12:49 AM: Found Adware: cas
12:49 AM: Detected running threat: C:\Program Files\FCEngine\FCEngine.exe (ID = 154760)
12:49 AM: Detected running threat: C:\Program Files\CMSystem\CMSystem.exe (ID = 154757)
12:50 AM: Detected running threat: C:\Program Files\AIM\aim.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\netlanm.dll (ID = 138227)
12:50 AM: Detected running threat: C:\WINDOWS\system32\pdrpdb.dll (ID = 156482)
12:50 AM: Detected running threat: C:\WINDOWS\explorer.exe (ID = 63)
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: Detected running threat: C:\WINDOWS\system32\lmgklkz.exe (ID = 138872)
12:50 AM: Detected running threat: C:\Program Files\Analog Devices\Core\smax4pnp.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\hkcmd.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\dla\tfswctrl.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Norton AntiVirus\NAVAPW32.EXE (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\Real\Update_OB\realsched.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\767A7D7E7D8380.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (ID = 93)
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: Detected running threat: C:\Program Files\SoftwareOnline\soproc.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\cmd.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\Windows\services32.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\services.exe (ID = 69312)
12:51 AM: Detected running threat: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (ID = 93)
12:51 AM: Found Adware: visfx
12:51 AM: Detected running threat: C:\WINDOWS\dljrkwg.exe (ID = 99)
12:51 AM: Memory Sweep Complete, Elapsed Time: 00:02:45
12:51 AM: Starting Registry Sweep
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: Spy Installation Shield: found: Adware: abetterinternet, version 1.1.1.1 -- Execution Denied
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: Found Adware: begin2search
12:52 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
12:52 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
12:52 AM: Found Adware: hotsearchbar toolbar
12:52 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
12:52 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
12:52 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
12:52 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
12:52 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
12:52 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
12:52 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
12:52 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
12:52 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
12:52 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
12:52 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
12:52 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
12:52 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
12:52 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
12:52 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
12:52 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
12:52 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
12:52 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
12:52 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
12:52 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
12:52 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
12:52 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
12:52 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
12:52 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
12:52 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
12:52 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
12:52 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
12:52 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
12:52 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
12:52 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
12:52 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
12:52 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
12:52 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
12:52 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
12:52 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
12:52 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
12:52 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
12:52 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
12:52 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
12:52 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
12:52 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
12:52 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
12:52 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
12:52 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
12:52 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
12:52 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
12:52 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
12:52 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
12:52 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
12:52 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
12:52 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
12:52 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
12:52 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
12:52 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: Found Adware: elitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: Found Adware: drsnsrch.com hijack
12:56 AM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 128208)
12:56 AM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 128209)
12:56 AM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 128210)
12:56 AM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 128211)
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134851)
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134852)
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134853)
12:59 AM: HKLM\software\classes\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134854)
12:59 AM: HKLM\software\classes\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134855)
12:59 AM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar\ (2 subtraces) (ID = 134857)
12:59 AM: HKCR\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134864)
12:59 AM: HKCR\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134865)
12:59 AM: HKCR\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134866)
12:59 AM: HKCR\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134867)
12:59 AM: HKCR\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134868)
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: Found Adware: search fast communicator toolbar
1:01 AM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140681)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
1:01 AM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
1:01 AM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
1:01 AM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
1:01 AM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
1:01 AM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140692)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
1:01 AM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140697)
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: HKU\.default\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143384)
1:03 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
1:03 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
1:03 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
1:03 AM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
1:03 AM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
1:03 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: Found Trojan Horse: trojan-backdoor-soundcheck
1:04 AM: HKLM\system\currentcontrolset\services\msdirectx\ (11 subtraces) (ID = 144200)
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: HKLM\system\currentcontrolset\control\print\monitors\zepmon\ (1 subtraces) (ID = 146139)
1:04 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: HKLM\software\microsoft\windows\currentversion\run\ || stb (ID = 201920)
1:05 AM: Found Adware: delfin
1:05 AM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: Found Adware: quicklink search toolbar
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
1:06 AM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
1:06 AM: Found Adware: drsnsrch hijacker
1:06 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
1:06 AM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
1:06 AM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
1:06 AM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
1:06 AM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
1:06 AM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
1:06 AM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
1:06 AM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
1:06 AM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
1:06 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
1:06 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
1:06 AM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
1:06 AM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
1:06 AM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
1:06 AM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
1:06 AM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
1:06 AM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
1:06 AM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
1:06 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
1:06 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
1:06 AM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
1:06 AM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
1:06 AM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
1:06 AM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
1:06 AM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
1:06 AM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
1:06 AM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
1:06 AM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
1:06 AM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
1:06 AM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
1:06 AM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
1:06 AM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
1:06 AM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
1:06 AM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
1:06 AM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
1:06 AM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
1:06 AM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
1:06 AM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
1:06 AM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
1:06 AM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
1:06 AM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 646382)
1:06 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\related sites toolbar\ (2 subtraces) (ID = 652841)
1:06 AM: HKLM\software\microsoft\windows\currentversion\run\ || dinst (ID = 705664)
1:06 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
1:06 AM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
1:06 AM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
1:06 AM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
1:06 AM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
1:06 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
1:06 AM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
1:06 AM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
1:06 AM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
1:06 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
1:06 AM: HKLM\software\picshow\ (48 subtraces) (ID = 730989)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (ID = 730994)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: Found Adware: ezula ilookup
1:06 AM: HKCR\bho.adware\ (5 subtraces) (ID = 819079)
1:06 AM: HKCR\bho.adware.1\ (3 subtraces) (ID = 819085)
1:06 AM: HKCR\bho.hider\ (5 subtraces) (ID = 819089)
1:06 AM: HKCR\bho.hider.1\ (3 subtraces) (ID = 819095)
1:06 AM: HKLM\software\classes\bho.adware\ (5 subtraces) (ID = 819212)
1:06 AM: HKLM\software\classes\bho.adware.1\ (3 subtraces) (ID = 819218)
1:06 AM: HKLM\software\classes\bho.hider\ (5 subtraces) (ID = 819222)
1:06 AM: HKLM\software\classes\bho.hider.1\ (3 subtraces) (ID = 819228)
1:06 AM: HKCR\var8.talmgr\ (5 subtraces) (ID = 820332)
1:06 AM: HKCR\var8.talmgr.1\ (3 subtraces) (ID = 820338)
1:06 AM: HKCR\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820354)
1:06 AM: HKCR\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820366)
1:06 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
1:06 AM: HKCR\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820397)
1:06 AM: HKLM\software\italmanager\ (38 subtraces) (ID = 820452)
1:06 AM: HKLM\software\classes\var8.talmgr\ (5 subtraces) (ID = 820485)
1:06 AM: HKLM\software\classes\var8.talmgr.1\ (3 subtraces) (ID = 820491)
1:06 AM: HKLM\software\classes\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820507)
1:06 AM: HKLM\software\classes\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820519)
1:06 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
1:06 AM: HKLM\software\classes\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820550)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\italmgr\ (2 subtraces) (ID = 820572)
1:06 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ichckupd.exe\ (1 subtraces) (ID = 820614)
1:06 AM: HKCR\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829231)
1:06 AM: HKCR\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829237)
1:06 AM: HKCR\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829241)
1:06 AM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
1:06 AM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
1:06 AM: HKLM\software\classes\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829292)
1:06 AM: HKLM\software\classes\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829298)
1:06 AM: HKLM\software\classes\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829302)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (2 subtraces) (ID = 829305)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{70230839-555c-4862-8d42-bb1e2352502c}\ (ID = 831459)
1:06 AM: HKLM\software\microsoft\windows\currentversion\app paths\italm\ (2 subtraces) (ID = 831468)
1:06 AM: HKLM\software\microsoft\windows\currentversion\app paths\ichckupd\ (2 subtraces) (ID = 831816)
1:06 AM: HKCR\grinstall7.installer.1\ (3 subtraces) (ID = 836062)
1:06 AM: HKCR\grinstall7.installer\ (5 subtraces) (ID = 836066)
1:06 AM: HKCR\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836072)
1:06 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
1:06 AM: HKLM\software\classes\grinstall7.installer.1\ (3 subtraces) (ID = 836095)
1:06 AM: HKLM\software\classes\grinstall7.installer\ (5 subtraces) (ID = 836099)
1:06 AM: HKLM\software\classes\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836105)
1:06 AM: HKCR\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860940)
1:06 AM: HKLM\software\classes\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860969)
1:06 AM: Found Trojan Horse: hackerdefender
1:06 AM: HKLM\system\currentcontrolset\services\msfiedrv1\ (8 subtraces) (ID = 890482)
1:06 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\msfie\ (1 subtraces) (ID = 890506)
1:06 AM: HKLM\system\currentcontrolset\control\safeboot\network\msfie\ (1 subtraces) (ID = 890508)
1:06 AM: HKLM\system\currentcontrolset\services\msfie\ (13 subtraces) (ID = 890567)
1:06 AM: HKCR\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926729)
1:06 AM: HKCR\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926741)
1:06 AM: HKCR\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926753)
1:06 AM: HKLM\software\classes\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926763)
1:06 AM: HKLM\software\classes\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926775)
1:06 AM: HKLM\software\classes\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926787)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\searchurl\ (ID = 128212)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\xbtb07618\ (63 subtraces) (ID = 134858)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\communicator toolbar\ (9 subtraces) (ID = 140688)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\surfsidekick3\ (3 subtraces) (ID = 143412)
1:06 AM: Found Trojan Horse: trojan downloader matcash
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || dns (ID = 144713)
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\aurora\ (27 subtraces) (ID = 360174)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\ (13 subtraces) (ID = 381792)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmapp (ID = 381808)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\dsrch\ (11 subtraces) (ID = 509156)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\client\ || registered (ID = 724012)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || pshower (ID = 730935)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmsystem\ (9 subtraces) (ID = 820421)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || ichckupd (ID = 820435)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmsystem (ID = 820436)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || fcengine (ID = 820437)
1:06 AM: Found Adware: elitebar quicksearch360.com hijack
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\ || searchurl (ID = 829214)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\main\ || search bar (ID = 829215)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ (ID = 128212)
1:06 AM: HKU\S-1-5-18\software\xbtb07618\ (59 subtraces) (ID = 134858)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:06 AM: Found Adware: xosearchox.com hijack
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 820943)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 820944)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 820945)
1:06 AM: Registry Sweep Complete, Elapsed Time:00:15:42
1:06 AM: Starting Cookie Sweep
1:06 AM: Found Spy Cookie: 888 cookie
1:07 AM: anyuser@888[1].txt (ID = 2019)
1:07 AM: Found Spy Cookie: azjmp cookie
1:07 AM: anyuser@azjmp[1].txt (ID = 2270)
1:07 AM: Found Spy Cookie: goldenpalace cookie
1:07 AM: anyuser@goldenpalace[2].txt (ID = 2734)
1:07 AM: Found Spy Cookie: partypoker cookie
1:07 AM: anyuser@partypoker[2].txt (ID = 3111)
1:07 AM: Found Spy Cookie: 735 cookie
1:07 AM: joey@735[1].txt (ID = 2009)
1:07 AM: joey@888[2].txt (ID = 2019)
1:07 AM: Found Spy Cookie: websponsors cookie
1:07 AM:
[email protected][2].txt (ID = 3665)
1:07 AM: Found Spy Cookie: abetterinternet cookie
1:07 AM: joey@abetterinternet[1].txt (ID = 2035)
1:07 AM: Found Spy Cookie: reunion cookie
1:07 AM:
[email protected][1].txt (ID = 3256)
1:07 AM: Found Spy Cookie: yieldmanager cookie
1:07 AM:
[email protected][2].txt (ID = 3751)
1:07 AM: Found Spy Cookie: adecn cookie
1:07 AM: joey@adecn[2].txt (ID = 2063)
1:07 AM: Found Spy Cookie: adknowledge cookie
1:07 AM: joey@adknowledge[1].txt (ID = 2072)
1:07 AM: Found Spy Cookie: hbmediapro cookie
1:07 AM:
[email protected][2].txt (ID = 2768)
1:07 AM: Found Spy Cookie: hotbar cookie
1:07 AM:
[email protected][1].txt (ID = 4207)
1:07 AM: Found Spy Cookie: specificclick.com cookie
1:07 AM:
[email protected][2].txt (ID = 3400)
1:07 AM: Found Spy Cookie: adprofile cookie
1:07 AM: joey@adprofile[1].txt (ID = 2084)
1:07 AM: Found Spy Cookie: cc214142 cookie
1:07 AM:
[email protected][1].txt (ID = 2367)
1:07 AM: Found Spy Cookie: adultfriendfinder cookie
1:07 AM: joey@adultfriendfinder[2].txt (ID = 2165)
1:07 AM: Found Spy Cookie: x10 cookie
1:07 AM:
[email protected][1].txt (ID = 3712)
1:07 AM: Found Spy Cookie: alt cookie
1:07 AM: joey@alt[1].txt (ID = 2217)
1:07 AM: Found Spy Cookie: apmebf cookie
1:07 AM: joey@apmebf[2].txt (ID = 2229)
1:07 AM: Found Spy Cookie: atwola cookie
1:07 AM:
[email protected][2].txt (ID = 2256)
1:07 AM: Found Spy Cookie: ask cookie
1:07 AM: joey@ask[1].txt (ID = 2245)
1:07 AM: Found Spy Cookie: belnk cookie
1:07 AM:
[email protected][2].txt (ID = 2293)
1:07 AM: joey@atwola[2].txt (ID = 2255)
1:07 AM: joey@azjmp[1].txt (ID = 2270)
1:07 AM: Found Spy Cookie: a cookie
1:07 AM: joey@a[10].txt (ID = 2027)
1:07 AM: joey@a[11].txt (ID = 2027)
1:07 AM: joey@a[12].txt (ID = 2027)
1:07 AM: joey@a[13].txt (ID = 2027)
1:07 AM: joey@a[14].txt (ID = 2027)
1:07 AM: joey@a[15].txt (ID = 2027)
1:07 AM: joey@a[16].txt (ID = 2027)
1:07 AM: joey@a[17].txt (ID = 2027)
1:07 AM: joey@a[18].txt (ID = 2027)
1:07 AM: joey@a[19].txt (ID = 2027)
1:07 AM: joey@a[1].txt (ID = 2027)
1:07 AM: joey@a[20].txt (ID = 2027)
1:07 AM: joey@a[21].txt (ID = 2027)
1:07 AM: joey@a[22].txt (ID = 2027)
1:07 AM: joey@a[23].txt (ID = 2027)
1:07 AM: joey@a[24].txt (ID = 2027)
1:07 AM: joey@a[25].txt (ID = 2027)
1:07 AM: joey@a[26].txt (ID = 2027)
1:07 AM: joey@a[27].txt (ID = 2027)
1:07 AM: joey@a[28].txt (ID = 2027)
1:07 AM: joey@a[29].txt (ID = 2027)
1:07 AM: joey@a[2].txt (ID = 2027)
1:07 AM: joey@a[30].txt (ID = 2027)
1:07 AM: joey@a[31].txt (ID = 2027)
1:07 AM: joey@a[32].txt (ID = 2027)
1:07 AM: joey@a[33].txt (ID = 2027)
1:07 AM: joey@a[34].txt (ID = 2027)
1:07 AM: joey@a[35].txt (ID = 2027)
1:07 AM: joey@a[36].txt (ID = 2027)
1:07 AM: joey@a[37].txt (ID = 2027)
1:07 AM: joey@a[38].txt (ID = 2027)
1:07 AM: joey@a[39].txt (ID = 2027)
1:07 AM: joey@a[3].txt (ID = 2027)
1:07 AM: joey@a[40].txt (ID = 2027)
1:07 AM: joey@a[41].txt (ID = 2027)
1:07 AM: joey@a[42].txt (ID = 2027)
1:07 AM: joey@a[43].txt (ID = 2027)
1:07 AM: joey@a[44].txt (ID = 2027)
1:07 AM: joey@a[45].txt (ID = 2027)
1:07 AM: joey@a[4].txt (ID = 2027)
1:07 AM: joey@a[5].txt (ID = 2027)
1:07 AM: joey@a[6].txt (ID = 2027)
1:07 AM: joey@a[7].txt (ID = 2027)
1:07 AM: joey@a[8].txt (ID = 2027)
1:07 AM: joey@a[9].txt (ID = 2027)
1:07 AM: joey@belnk[1].txt (ID = 2292)
1:07 AM: Found Spy Cookie: btgrab cookie
1:07 AM:
[email protected][11].txt (ID = 2333)
1:07 AM:
[email protected][1].txt (ID = 2333)
1:07 AM:
[email protected][2].txt (ID = 2333)
1:07 AM:
[email protected][3].txt (ID = 2333)
1:07 AM:
[email protected][4].txt (ID = 2333)
1:07 AM:
[email protected][5].txt (ID = 2333)
1:07 AM:
[email protected][6].txt (ID = 2333)
1:07 AM:
[email protected][7].txt (ID = 2333)
1:07 AM:
[email protected][8].txt (ID = 2333)
1:07 AM:
[email protected][9].txt (ID = 2333)
1:07 AM: Found Spy Cookie: burstnet cookie
1:07 AM: joey@burstnet[2].txt (ID = 2336)
1:07 AM: Found Spy Cookie: enhance cookie
1:07 AM:
[email protected][1].txt (ID = 2614)
1:07 AM: Found Spy Cookie: goclick cookie
1:07 AM:
[email protected][1].txt (ID = 2733)
1:07 AM: Found Spy Cookie: carsbelowinvoice cookie
1:07 AM: joey@carsbelowinvoice[1].txt (ID = 2352)
1:07 AM: Found Spy Cookie: classmates cookie
1:07 AM: joey@classmates[2].txt (ID = 2384)
1:07 AM: Found Spy Cookie: cliks cookie
1:07 AM: joey@cliks[1].txt (ID = 2414)
1:07 AM: joey@cliks[2].txt (ID = 2414)
1:07 AM: joey@cliks[3].txt (ID = 2414)
1:07 AM: joey@cliks[4].txt (ID = 2414)
1:07 AM: joey@cliks[6].txt (ID = 2414)
1:07 AM: joey@cliks[7].txt (ID = 2414)
1:07 AM: Found Spy Cookie: commission junction cookie
1:07 AM: joey@commission-junction[2].txt (ID = 2455)
1:07 AM: Found Spy Cookie: delfinproject cookie
1:07 AM: joey@delfinproject[1].txt (ID = 2509)
1:07 AM: Found Spy Cookie: directtrack cookie
1:07 AM: joey@directtrack[1].txt (ID = 2527)
1:07 AM:
[email protected][2].txt (ID = 2293)
1:07 AM: Found Spy Cookie: webservicehosts cookie
1:07 AM:
[email protected][1].txt (ID = 3663)
1:07 AM: Found Spy Cookie: empnads cookie
1:07 AM: joey@empnads[2].txt (ID = 5012)
1:07 AM: Found Spy Cookie: 2o7.net cookie
1:07 AM:
[email protected][2].txt (ID = 1958)
1:07 AM:
[email protected][1].txt (ID = 2528)
1:07 AM: Found Spy Cookie: clickandtrack cookie
1:07 AM:
[email protected][2].txt (ID = 2397)
1:07 AM: Found Spy Cookie: hotmatch cookie
1:07 AM: joey@hotmatch[2].txt (ID = 3854)
1:07 AM: Found Spy Cookie: kmpads cookie
1:07 AM: joey@kmpads[1].txt (ID = 2909)
1:07 AM: Found Spy Cookie: mygeek cookie
1:07 AM: joey@mygeek[1].txt (ID = 3041)
1:07 AM: Found Spy Cookie: nextag cookie
1:07 AM: joey@nextag[1].txt (ID = 5014)
1:07 AM: Found Spy Cookie: offeroptimizer cookie
1:07 AM: joey@offeroptimizer[10].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[11].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[12].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[13].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[14].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[15].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[16].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[17].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[18].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[19].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[1].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[2].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[3].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[4].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[5].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[6].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[7].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[8].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[9].txt (ID = 3087)
1:07 AM: joey@partypoker[2].txt (ID = 3111)
1:07 AM: Found Spy Cookie: passion cookie
1:07 AM: joey@passion[2].txt (ID = 3113)
1:07 AM: Found Spy Cookie: paypopup cookie
1:07 AM: joey@paypopup[1].txt (ID = 3119)
1:07 AM: Found Spy Cookie: stamps.com cookie
1:07 AM:
[email protected][1].txt (ID = 3438)
1:07 AM: Found Spy Cookie: pokerroom cookie
1:07 AM: joey@pokerroom[2].txt (ID = 3149)
1:07 AM:
[email protected][2].txt (ID = 2528)
1:07 AM: joey@reunion[1].txt (ID = 3255)
1:07 AM: Found Spy Cookie: rn11 cookie
1:07 AM: joey@rn11[2].txt (ID = 3261)
1:07 AM: Found Spy Cookie: adjuggler cookie
1:07 AM:
[email protected][1].txt (ID = 2071)
1:07 AM: Found Spy Cookie: search123 cookie
1:07 AM: joey@search123[1].txt (ID = 3305)
1:07 AM: Found Spy Cookie: web-stat cookie
1:07 AM:
[email protected][1].txt (ID = 3649)
1:07 AM: Found Spy Cookie: shop@home cookie
1:07 AM: joey@shopathomeselect[2].txt (ID = 3367)
1:07 AM: joey@stamps[2].txt (ID = 3437)
1:07 AM: Found Spy Cookie: reliablestats cookie
1:07 AM:
[email protected][1].txt (ID = 3254)
1:07 AM: Found Spy Cookie: trafficmp cookie
1:07 AM: joey@trafficmp[2].txt (ID = 3581)
1:07 AM: Found Spy Cookie: burstbeacon cookie
1:07 AM:
[email protected][2].txt (ID = 2335)
1:07 AM: Found Spy Cookie: www.maxifiles cookie
1:07 AM:
[email protected][2].txt (ID = 3707)
1:07 AM: Found Spy Cookie: redzip cookie
1:07 AM:
[email protected][2].txt (ID = 3250)
1:07 AM:
[email protected][2].txt (ID = 3256)
1:07 AM: Found Spy Cookie: superlogy cookie
1:07 AM:
[email protected][2].txt (ID = 3470)
1:07 AM: Found Spy Cookie: winantiviruspro cookie
1:07 AM:
[email protected][2].txt (ID = 3690)
1:07 AM: joey@yieldmanager[2].txt (ID = 3749)
1:07 AM: Found Spy Cookie: adserver cookie
1:07 AM:
[email protected][1].txt (ID = 2142)
1:07 AM: Found Spy Cookie: zedo cookie
1:07 AM: joey@zedo[1].txt (ID = 3762)
1:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
1:07 AM: Starting File Sweep
1:07 AM: c:\program files\fcengine (4 subtraces) (ID = -2147471607)
1:07 AM: c:\program files\cmsystem (6 subtraces) (ID = -2147471610)
1:07 AM: Found Adware: fatpickle toolbar
1:07 AM: c:\program files\fatpickle toolbar (7 subtraces) (ID = -2147468828)
1:07 AM: c:\program files\surfsidekick 3 (4 subtraces) (ID = -2147480186)
1:07 AM: c:\windows\etb (18 subtraces) (ID = -2147476235)
1:07 AM: c:\program files\cmapp (7 subtraces) (ID = -2147477896)
1:07 AM: c:\program files\fatpickle toolbar\cache (ID = -2147468827)
1:07 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
1:07 AM: c:\program files\communicator toolbar (82 subtraces) (ID = -2147480362)
1:07 AM: c:\program files\related sites toolbar (2 subtraces) (ID = -2147475069)
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: zfxedct97.exe (ID = 157336)
1:07 AM: x.bmp (ID = 69314)
1:07 AM: 65812_308_524_1824_75.41.tmp1 (ID = 162545)
1:07 AM: u3d.tmp (ID = 166386)
1:07 AM: cwebpage.dll (ID = 69301)
1:07 AM: mxdefdrv.sys (ID = 156562)
1:07 AM: grinstall7.dll (ID = 161539)
1:07 AM: mc-59-627-0000166.exe (ID = 156269)
1:07 AM: e2c39.tmp (ID = 131317)
1:07 AM: greenmovie2313asaadsasfad112341231adsfa1[1].ico (ID = 51033)
1:07 AM: sskupdater3.exe (ID = 166386)
1:07 AM: mainsafe.exe (ID = 157404)
1:07 AM: bingo_big3123[1].ico (ID = 51022)
1:07 AM: 1507588_2504_356_3300_75.41.tmp1 (ID = 162545)
1:07 AM: 65936_1204_608_520_75.41.tmp1 (ID = 162545)
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: 131468_1364_764_3720_75.41.tmp1 (ID = 162545)
1:07 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-011411-00.mdmp". The system cannot find the file specified
1:07 AM: Found Trojan Horse: fu rootkit components
1:07 AM: msdirectx.sys (ID = 134168)
1:08 AM: 65920_1280_484_1372_75.41.tmp1 (ID = 162545)
1:08 AM: 65960_1160_252_3632_75.41.tmp1 (ID = 162545)
1:08 AM: 0nr9vi84.exe (ID = 157331)
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: bundlelite.exe (ID = 166149)
1:08 AM: ssk3repairinstall.exe (ID = 158470)
1:08 AM: autoit3.exe (ID = 119348)
1:08 AM: 65822_492_624_2180_75.41.tmp1 (ID = 162545)
1:08 AM: 196884_1132_624_2332_75.41.tmp1 (ID = 162545)
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: 131468_1364_764_4020_75.41.tmp1 (ID = 162545)
1:08 AM: 65828_636_1404_496_75.41.tmp1 (ID = 162545)
1:09 AM: cmappsetup[1].exe (ID = 115280)
1:09 AM: sntaudio.tmp (ID = 138228)
1:09 AM: norisuni.exe (ID = 138284)
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: ssk3_b5.exe (ID = 131314)
1:09 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-083303-00.mdmp". The system cannot find the file specified
1:09 AM: toolbar_installer.exe (ID = 164824)
1:09 AM: nahbluff.exe (ID = 154779)
1:09 AM: setup1050.exe (ID = 166207)
1:09 AM: 65942_1276_848_3800_75.41.tmp1 (ID = 162545)
1:09 AM: nrmsp6v7.exe (ID = 130510)
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: 65944_1156_356_3764_75.41.tmp1 (ID = 162545)
1:09 AM: 65940_1212_636_3644_75.41.tmp1 (ID = 162545)
1:09 AM: 65942_1280_612_3828_75.41.tmp1 (ID = 162545)
1:09 AM: 459000_3852_4044_2636_75.41.tmp1 (ID = 162545)
1:10 AM: preuninstallcom.exe (ID = 74818)
1:10 AM: 65974_1208_612_1864_75.41.tmp1 (ID = 162545)
1:10 AM: uninst.exe (ID = 73428)
1:10 AM: mon2007.dbd (ID = 57693)
1:10 AM: mon0104.dbd (ID = 57676)
1:10 AM: mon1920.dbd (ID = 57692)
1:10 AM: kw[1].exe (ID = 166307)
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: preuninstallql.exe (ID = 131326)
1:10 AM: lmgklkz.exe (ID = 138872)
1:10 AM: fatpickle.exe (ID = 166140)
1:10 AM: uninst.exe (ID = 73428)
1:10 AM: 65988_1356_928_1752_75.41.tmp1 (ID = 162545)
1:10 AM: 65956_1372_856_1756_75.41.tmp1 (ID = 162545)
1:10 AM: 65988_1356_928_2052_75.41.tmp1 (ID = 162545)
1:10 AM: 65950_1200_532_836_75.41.tmp1 (ID = 162545)
1:10 AM: kw[1].exe (ID = 166307)
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: s2gg.3.exe (ID = 164538)
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: 65966_1404_584_1760_75.41.tmp1 (ID = 162545)
1:11 AM: 131374_580_1360_1612_75.41.tmp1 (ID = 162545)
1:11 AM: mc-60-550-0000166.exe (ID = 156269)
1:11 AM: crptclrs.tmp (ID = 156483)
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: 65994_1536_920_3752_75.41.tmp1 (ID = 162545)
1:12 AM: bho.dll (ID = 167068)
1:12 AM: mon1215.dbd (ID = 57687)
1:12 AM: mainsafe.empty.ini (ID = 166338)
1:12 AM: watch_free_porn.exe (ID = 156913)
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: adsetup.silent.1.13.exe (ID = 167465)
1:12 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
1:12 AM: 1.exe (ID = 144062)
1:13 AM: cmappsetup.exe (ID = 115280)
1:13 AM: kw[1].exe (ID = 166307)
1:13 AM: wincmapp.exe (ID = 145805)
1:13 AM: 111419.exe (ID = 156165)
1:13 AM: cmapp13.exe (ID = 156523)
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: vfx3.exe (ID = 155627)
1:13 AM: plugin.dll (ID = 154761)
1:13 AM: upd0002.exe (ID = 156532)
1:13 AM: pinkkas2123.ico (ID = 51041)
1:13 AM: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
1:13 AM: sskknwrd.dll (ID = 77733)
1:13 AM: nsa12f6.dll (ID = 51054)
1:13 AM: 99_app99.exe (ID = 164538)
1:13 AM: adwsetup_upd.exe (ID = 161596)
1:13 AM: installerv5.exe (ID = 162519)
1:13 AM: pf78.exe (ID = 164525)
1:13 AM: ssk3_b5.exe (ID = 162654)
1:13 AM: ssk3_installerv5.exe (ID = 162632)
1:13 AM: installerv5.exe (ID = 162519)
1:13 AM: Found Adware: apropos
1:13 AM: wingenerics.dll (ID = 50187)
1:13 AM: bk.exe (ID = 162785)
1:13 AM: repairs302972949.dll (ID = 163735)
1:13 AM: u4ce.tmp (ID = 166386)
1:13 AM: communicator.dll (ID = 131321)
1:13 AM: w181609.stub.exe (ID = 107248)
1:13 AM: plugin.dll (ID = 154758)
1:13 AM: dsr.exe (ID = 121121)
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: mc-62-602-0000156.exe (ID = 156269)
1:13 AM: qlink32.dll (ID = 73425)
1:13 AM: qldf.bin (ID = 131688)
1:13 AM: grinstall7.dll (ID = 161539)
1:14 AM: ssk.exe (ID = 163864)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
1:14 AM: sskbho.dll (ID = 163865)
1:14 AM: stb.exe (ID = 94666)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || stb (ID = 0)
1:14 AM: pfudt92c.exe (ID = 157330)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
1:14 AM: pokapoka78.exe (ID = 179560)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || System service78 (ID = 0)
1:14 AM: sskcore.dll (ID = 163866)
1:14 AM: pshwr.exe (ID = 138228)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || pshower (ID = 0)
1:14 AM: cmappclient.exe (ID = 123418)
1:14 AM: netlanm.dll (ID = 138227)
1:14 AM: fcengine.exe (ID = 154760)
1:14 AM: cmsystem.exe (ID = 154757)
1:14 AM: ichckupd.exe (ID = 156483)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || ichckupd (ID = 0)
1:14 AM: pdrpdb.dll (ID = 156482)
1:14 AM: 81vqpr7q.dll (ID = 157332)
1:14 AM: pkshdqhy.dll (ID = 138109)
1:14 AM: italmvga.dll (ID = 156497)
1:14 AM: mc-60-550-0000166.exe (ID = 156275)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || DNS (ID = 0)
1:14 AM: services.exe (ID = 69312)
1:14 AM: catcher.dll (ID = 156267)
1:14 AM: dsr.dll (ID = 115632)
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: mon0315.ddx (ID = 57680)
1:14 AM: mon0504.ddx (ID = 57680)
1:14 AM: mon1204.ddx (ID = 57680)
1:14 AM: mon1125.ddx (ID = 57685)
1:14 AM: mon1909.ddx (ID = 57684)
1:14 AM: sf[1].txt (ID = 110126)
1:14 AM: sf.txt (ID = 110126)
1:14 AM: rf[1].txt (ID = 110125)
1:14 AM: rf.txt (ID = 110125)
1:14 AM: mon0106.ddx (ID = 57679)
1:14 AM: mon0204.ddx (ID = 57680)
1:14 AM: mon0904.ddx (ID = 57684)
1:14 AM: mon0412.ddx (ID = 57680)
1:14 AM: sf.txt (ID = 110126)
1:14 AM: rf.txt (ID = 110125)
1:14 AM: install.inf (ID = 161519)
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: File Sweep Complete, Elapsed Time: 00:07:45
1:14 AM: Full Sweep has completed. Elapsed time 00:26:26
1:14 AM: Traces Found: 2216
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: Removal process initiated
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: Quarantining All Traces: elitebar
1:16 AM: elitebar is in use. It will be removed on reboot.
1:16 AM: c:\windows\etb is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: trojan downloader matcash
1:16 AM: Quarantining All Traces: trojan downloader pops-stop
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: trojan downloader pops-stop is in use. It will be removed on reboot.
1:16 AM: pdrpdb.dll is in use. It will be removed on reboot.
1:16 AM: italmvga.dll is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: trojan-backdoor-soundcheck
1:16 AM: Quarantining All Traces: trojan-downloader-mainstreamdollars
1:16 AM: Quarantining All Traces: visfx
1:16 AM: Quarantining All Traces: apropos
1:16 AM: apropos is in use. It will be removed on reboot.
1:16 AM: wingenerics.dll is in use. It will b