Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacktool.Rootkit help please [CLOSED]

Started by joeyryan , Oct 23 2005 01:28 PM

  • This topic is locked This topic is locked

#1
joeyryan
Posted 23 October 2005 - 01:28 PM

joeyryan

    Member

  • Member
  • PipPip
  • 45 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:27:21 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\dljrkwg.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\bhbsccm.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\dinst.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\767A7D7E7D8380.exe
C:\WINDOWS\nmjtinv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lockx.exe
C:\WINDOWS\system32\bitsprx3.exe
C:\WINDOWS\system32\nfomon\nfomon.exe
C:\WINDOWS\system32\vidmon\vidmon.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\WINDOWS\system32\pfudt92c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\FCEngine\FCEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\WINDOWS\system32\lockx.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.enterthesearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\DOCUME~1\Joey\LOCALS~1\Temp\\xx.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.enterthesearch.com/sp2.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: XBTP07618 - {2296428D-C133-4928-B76A-A200FF409572} - C:\PROGRA~1\FREEPR~1\freeprod.dll
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\system32\pkshdqhy.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italmvga.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [tbvxvlo] C:\WINDOWS\tbvxvlo.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [B1B5B8B9B8BEBBC0] 767A7D7E7D8380.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [amyxmyt] C:\WINDOWS\amyxmyt.exe
O4 - HKLM\..\Run: [nmjtinv] C:\WINDOWS\nmjtinv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [5eb0c15fe81c] C:\WINDOWS\system32\bitsprx3.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\Run: [System service75] C:\WINDOWS\etb\pokapoka75.exe
O4 - HKLM\..\Run: [pfudt92c] C:\WINDOWS\system32\pfudt92c.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ylcrsv] C:\WINDOWS\system32\bhbsccm.exe r
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pshower] C:\WINDOWS\system32\pshwr.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [FCEngine] "C:\Program Files\FCEngine\FCEngine.exe"
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-60-550-0000166.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-60-550-0000166.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.sho...all4110_sp2.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\dljrkwg.exe
  • 0

Advertisements

#2
andydf
Posted 26 October 2005 - 01:45 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi joeyryan
Welcome to Geeks to go

I would like to use an automated scan to start with.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
If you would please, rescan with HijackThis and post a fresh log along with the Spysweeper log in this same topic, and let us know how your system's working. :)

Andy :tazz:
  • 0

#3
joeyryan
Posted 27 October 2005 - 02:23 AM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Here's the Webroot log. I will do the Hijack This log now. So far my computer seems to be working better.

********
12:48 AM: | Start of Session, Thursday, October 27, 2005 |
12:48 AM: Spy Sweeper started
12:48 AM: Sweep initiated using definitions version 562
12:48 AM: Starting Memory Sweep
12:48 AM: Found Adware: safesurf
12:48 AM: Detected running threat: C:\WINDOWS\system32\pkshdqhy.dll (ID = 138109)
12:48 AM: Found Trojan Horse: trojan downloader pops-stop
12:48 AM: Detected running threat: C:\WINDOWS\system32\italmvga.dll (ID = 156497)
12:48 AM: Found Adware: maxifiles
12:48 AM: Detected running threat: C:\Program Files\DNS\Catcher.dll (ID = 156267)
12:48 AM: Found Adware: abetterinternet
12:48 AM: Detected running threat: C:\WINDOWS\nmjtinv.exe (ID = 93)
12:48 AM: Found Adware: shopathomeselect
12:48 AM: Detected running threat: C:\WINDOWS\system32\81vqpr7q.dll (ID = 157332)
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: Detected running threat: C:\Program Files\iTunes\iTunesHelper.exe (ID = 93)
12:48 AM: Detected running threat: C:\Program Files\QuickTime\qttask.exe (ID = 93)
12:48 AM: Found Adware: ie driver
12:48 AM: Detected running threat: C:\WINDOWS\system32\avifil32.exe (ID = 14)
12:49 AM: Detected running threat: C:\WINDOWS\system32\bitsprx3.exe (ID = 14)
12:49 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 5eb0c15fe81c (ID = 0)
12:49 AM: Detected running threat: C:\WINDOWS\system32\nfomon\nfomon.exe (ID = 93)
12:49 AM: Detected running threat: C:\WINDOWS\system32\vidmon\vidmon.exe (ID = 93)
12:49 AM: Detected running threat: C:\WINDOWS\system32\pfudt92c.exe (ID = 157330)
12:49 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
12:49 AM: Detected running threat: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (ID = 93)
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: Found Adware: surfsidekick
12:49 AM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 163865)
12:49 AM: Detected running threat: C:\Program Files\Dell Support\DSAgnt.exe (ID = 93)
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: Detected running threat: C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID = 93)
12:49 AM: Found Adware: cas
12:49 AM: Detected running threat: C:\Program Files\FCEngine\FCEngine.exe (ID = 154760)
12:49 AM: Detected running threat: C:\Program Files\CMSystem\CMSystem.exe (ID = 154757)
12:50 AM: Detected running threat: C:\Program Files\AIM\aim.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\netlanm.dll (ID = 138227)
12:50 AM: Detected running threat: C:\WINDOWS\system32\pdrpdb.dll (ID = 156482)
12:50 AM: Detected running threat: C:\WINDOWS\explorer.exe (ID = 63)
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: Detected running threat: C:\WINDOWS\system32\lmgklkz.exe (ID = 138872)
12:50 AM: Detected running threat: C:\Program Files\Analog Devices\Core\smax4pnp.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\hkcmd.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\dla\tfswctrl.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Norton AntiVirus\NAVAPW32.EXE (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\Real\Update_OB\realsched.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\767A7D7E7D8380.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (ID = 93)
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: Detected running threat: C:\Program Files\SoftwareOnline\soproc.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\cmd.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\Windows\services32.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\services.exe (ID = 69312)
12:51 AM: Detected running threat: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (ID = 93)
12:51 AM: Found Adware: visfx
12:51 AM: Detected running threat: C:\WINDOWS\dljrkwg.exe (ID = 99)
12:51 AM: Memory Sweep Complete, Elapsed Time: 00:02:45
12:51 AM: Starting Registry Sweep
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: Spy Installation Shield: found: Adware: abetterinternet, version 1.1.1.1 -- Execution Denied
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: Found Adware: begin2search
12:52 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
12:52 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
12:52 AM: Found Adware: hotsearchbar toolbar
12:52 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
12:52 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
12:52 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
12:52 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
12:52 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
12:52 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
12:52 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
12:52 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
12:52 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
12:52 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
12:52 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
12:52 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
12:52 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
12:52 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
12:52 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
12:52 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
12:52 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
12:52 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
12:52 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
12:52 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
12:52 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
12:52 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
12:52 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
12:52 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
12:52 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
12:52 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
12:52 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
12:52 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
12:52 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
12:52 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
12:52 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
12:52 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
12:52 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
12:52 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
12:52 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
12:52 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
12:52 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
12:52 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
12:52 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
12:52 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
12:52 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
12:52 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
12:52 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
12:52 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
12:52 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
12:52 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
12:52 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
12:52 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
12:52 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
12:52 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
12:52 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
12:52 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
12:52 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
12:52 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: Found Adware: elitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: Found Adware: drsnsrch.com hijack
12:56 AM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 128208)
12:56 AM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 128209)
12:56 AM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 128210)
12:56 AM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 128211)
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134851)
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134852)
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134853)
12:59 AM: HKLM\software\classes\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134854)
12:59 AM: HKLM\software\classes\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134855)
12:59 AM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar\ (2 subtraces) (ID = 134857)
12:59 AM: HKCR\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134864)
12:59 AM: HKCR\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134865)
12:59 AM: HKCR\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134866)
12:59 AM: HKCR\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134867)
12:59 AM: HKCR\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134868)
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: Found Adware: search fast communicator toolbar
1:01 AM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140681)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
1:01 AM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
1:01 AM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
1:01 AM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
1:01 AM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
1:01 AM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140692)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
1:01 AM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140697)
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: HKU\.default\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143384)
1:03 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
1:03 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
1:03 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
1:03 AM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
1:03 AM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
1:03 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: Found Trojan Horse: trojan-backdoor-soundcheck
1:04 AM: HKLM\system\currentcontrolset\services\msdirectx\ (11 subtraces) (ID = 144200)
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: HKLM\system\currentcontrolset\control\print\monitors\zepmon\ (1 subtraces) (ID = 146139)
1:04 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: HKLM\software\microsoft\windows\currentversion\run\ || stb (ID = 201920)
1:05 AM: Found Adware: delfin
1:05 AM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: Found Adware: quicklink search toolbar
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
1:06 AM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
1:06 AM: Found Adware: drsnsrch hijacker
1:06 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
1:06 AM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
1:06 AM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
1:06 AM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
1:06 AM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
1:06 AM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
1:06 AM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
1:06 AM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
1:06 AM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
1:06 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
1:06 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
1:06 AM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
1:06 AM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
1:06 AM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
1:06 AM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
1:06 AM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
1:06 AM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
1:06 AM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
1:06 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
1:06 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
1:06 AM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
1:06 AM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
1:06 AM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
1:06 AM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
1:06 AM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
1:06 AM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
1:06 AM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
1:06 AM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
1:06 AM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
1:06 AM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
1:06 AM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
1:06 AM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
1:06 AM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
1:06 AM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
1:06 AM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
1:06 AM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
1:06 AM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
1:06 AM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
1:06 AM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
1:06 AM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
1:06 AM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 646382)
1:06 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\related sites toolbar\ (2 subtraces) (ID = 652841)
1:06 AM: HKLM\software\microsoft\windows\currentversion\run\ || dinst (ID = 705664)
1:06 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
1:06 AM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
1:06 AM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
1:06 AM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
1:06 AM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
1:06 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
1:06 AM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
1:06 AM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
1:06 AM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
1:06 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
1:06 AM: HKLM\software\picshow\ (48 subtraces) (ID = 730989)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (ID = 730994)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: Found Adware: ezula ilookup
1:06 AM: HKCR\bho.adware\ (5 subtraces) (ID = 819079)
1:06 AM: HKCR\bho.adware.1\ (3 subtraces) (ID = 819085)
1:06 AM: HKCR\bho.hider\ (5 subtraces) (ID = 819089)
1:06 AM: HKCR\bho.hider.1\ (3 subtraces) (ID = 819095)
1:06 AM: HKLM\software\classes\bho.adware\ (5 subtraces) (ID = 819212)
1:06 AM: HKLM\software\classes\bho.adware.1\ (3 subtraces) (ID = 819218)
1:06 AM: HKLM\software\classes\bho.hider\ (5 subtraces) (ID = 819222)
1:06 AM: HKLM\software\classes\bho.hider.1\ (3 subtraces) (ID = 819228)
1:06 AM: HKCR\var8.talmgr\ (5 subtraces) (ID = 820332)
1:06 AM: HKCR\var8.talmgr.1\ (3 subtraces) (ID = 820338)
1:06 AM: HKCR\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820354)
1:06 AM: HKCR\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820366)
1:06 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
1:06 AM: HKCR\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820397)
1:06 AM: HKLM\software\italmanager\ (38 subtraces) (ID = 820452)
1:06 AM: HKLM\software\classes\var8.talmgr\ (5 subtraces) (ID = 820485)
1:06 AM: HKLM\software\classes\var8.talmgr.1\ (3 subtraces) (ID = 820491)
1:06 AM: HKLM\software\classes\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820507)
1:06 AM: HKLM\software\classes\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820519)
1:06 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
1:06 AM: HKLM\software\classes\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820550)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\italmgr\ (2 subtraces) (ID = 820572)
1:06 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ichckupd.exe\ (1 subtraces) (ID = 820614)
1:06 AM: HKCR\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829231)
1:06 AM: HKCR\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829237)
1:06 AM: HKCR\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829241)
1:06 AM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
1:06 AM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
1:06 AM: HKLM\software\classes\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829292)
1:06 AM: HKLM\software\classes\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829298)
1:06 AM: HKLM\software\classes\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829302)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (2 subtraces) (ID = 829305)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{70230839-555c-4862-8d42-bb1e2352502c}\ (ID = 831459)
1:06 AM: HKLM\software\microsoft\windows\currentversion\app paths\italm\ (2 subtraces) (ID = 831468)
1:06 AM: HKLM\software\microsoft\windows\currentversion\app paths\ichckupd\ (2 subtraces) (ID = 831816)
1:06 AM: HKCR\grinstall7.installer.1\ (3 subtraces) (ID = 836062)
1:06 AM: HKCR\grinstall7.installer\ (5 subtraces) (ID = 836066)
1:06 AM: HKCR\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836072)
1:06 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
1:06 AM: HKLM\software\classes\grinstall7.installer.1\ (3 subtraces) (ID = 836095)
1:06 AM: HKLM\software\classes\grinstall7.installer\ (5 subtraces) (ID = 836099)
1:06 AM: HKLM\software\classes\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836105)
1:06 AM: HKCR\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860940)
1:06 AM: HKLM\software\classes\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860969)
1:06 AM: Found Trojan Horse: hackerdefender
1:06 AM: HKLM\system\currentcontrolset\services\msfiedrv1\ (8 subtraces) (ID = 890482)
1:06 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\msfie\ (1 subtraces) (ID = 890506)
1:06 AM: HKLM\system\currentcontrolset\control\safeboot\network\msfie\ (1 subtraces) (ID = 890508)
1:06 AM: HKLM\system\currentcontrolset\services\msfie\ (13 subtraces) (ID = 890567)
1:06 AM: HKCR\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926729)
1:06 AM: HKCR\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926741)
1:06 AM: HKCR\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926753)
1:06 AM: HKLM\software\classes\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926763)
1:06 AM: HKLM\software\classes\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926775)
1:06 AM: HKLM\software\classes\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926787)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\searchurl\ (ID = 128212)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\xbtb07618\ (63 subtraces) (ID = 134858)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\communicator toolbar\ (9 subtraces) (ID = 140688)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\surfsidekick3\ (3 subtraces) (ID = 143412)
1:06 AM: Found Trojan Horse: trojan downloader matcash
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || dns (ID = 144713)
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\aurora\ (27 subtraces) (ID = 360174)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\ (13 subtraces) (ID = 381792)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmapp (ID = 381808)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\dsrch\ (11 subtraces) (ID = 509156)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\client\ || registered (ID = 724012)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || pshower (ID = 730935)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmsystem\ (9 subtraces) (ID = 820421)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || ichckupd (ID = 820435)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmsystem (ID = 820436)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || fcengine (ID = 820437)
1:06 AM: Found Adware: elitebar quicksearch360.com hijack
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\ || searchurl (ID = 829214)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\main\ || search bar (ID = 829215)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ (ID = 128212)
1:06 AM: HKU\S-1-5-18\software\xbtb07618\ (59 subtraces) (ID = 134858)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:06 AM: Found Adware: xosearchox.com hijack
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 820943)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 820944)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 820945)
1:06 AM: Registry Sweep Complete, Elapsed Time:00:15:42
1:06 AM: Starting Cookie Sweep
1:06 AM: Found Spy Cookie: 888 cookie
1:07 AM: anyuser@888[1].txt (ID = 2019)
1:07 AM: Found Spy Cookie: azjmp cookie
1:07 AM: anyuser@azjmp[1].txt (ID = 2270)
1:07 AM: Found Spy Cookie: goldenpalace cookie
1:07 AM: anyuser@goldenpalace[2].txt (ID = 2734)
1:07 AM: Found Spy Cookie: partypoker cookie
1:07 AM: anyuser@partypoker[2].txt (ID = 3111)
1:07 AM: Found Spy Cookie: 735 cookie
1:07 AM: joey@735[1].txt (ID = 2009)
1:07 AM: joey@888[2].txt (ID = 2019)
1:07 AM: Found Spy Cookie: websponsors cookie
1:07 AM: [email protected][2].txt (ID = 3665)
1:07 AM: Found Spy Cookie: abetterinternet cookie
1:07 AM: joey@abetterinternet[1].txt (ID = 2035)
1:07 AM: Found Spy Cookie: reunion cookie
1:07 AM: [email protected][1].txt (ID = 3256)
1:07 AM: Found Spy Cookie: yieldmanager cookie
1:07 AM: [email protected][2].txt (ID = 3751)
1:07 AM: Found Spy Cookie: adecn cookie
1:07 AM: joey@adecn[2].txt (ID = 2063)
1:07 AM: Found Spy Cookie: adknowledge cookie
1:07 AM: joey@adknowledge[1].txt (ID = 2072)
1:07 AM: Found Spy Cookie: hbmediapro cookie
1:07 AM: [email protected][2].txt (ID = 2768)
1:07 AM: Found Spy Cookie: hotbar cookie
1:07 AM: [email protected][1].txt (ID = 4207)
1:07 AM: Found Spy Cookie: specificclick.com cookie
1:07 AM: [email protected][2].txt (ID = 3400)
1:07 AM: Found Spy Cookie: adprofile cookie
1:07 AM: joey@adprofile[1].txt (ID = 2084)
1:07 AM: Found Spy Cookie: cc214142 cookie
1:07 AM: [email protected][1].txt (ID = 2367)
1:07 AM: Found Spy Cookie: adultfriendfinder cookie
1:07 AM: joey@adultfriendfinder[2].txt (ID = 2165)
1:07 AM: Found Spy Cookie: x10 cookie
1:07 AM: [email protected][1].txt (ID = 3712)
1:07 AM: Found Spy Cookie: alt cookie
1:07 AM: joey@alt[1].txt (ID = 2217)
1:07 AM: Found Spy Cookie: apmebf cookie
1:07 AM: joey@apmebf[2].txt (ID = 2229)
1:07 AM: Found Spy Cookie: atwola cookie
1:07 AM: [email protected][2].txt (ID = 2256)
1:07 AM: Found Spy Cookie: ask cookie
1:07 AM: joey@ask[1].txt (ID = 2245)
1:07 AM: Found Spy Cookie: belnk cookie
1:07 AM: [email protected][2].txt (ID = 2293)
1:07 AM: joey@atwola[2].txt (ID = 2255)
1:07 AM: joey@azjmp[1].txt (ID = 2270)
1:07 AM: Found Spy Cookie: a cookie
1:07 AM: joey@a[10].txt (ID = 2027)
1:07 AM: joey@a[11].txt (ID = 2027)
1:07 AM: joey@a[12].txt (ID = 2027)
1:07 AM: joey@a[13].txt (ID = 2027)
1:07 AM: joey@a[14].txt (ID = 2027)
1:07 AM: joey@a[15].txt (ID = 2027)
1:07 AM: joey@a[16].txt (ID = 2027)
1:07 AM: joey@a[17].txt (ID = 2027)
1:07 AM: joey@a[18].txt (ID = 2027)
1:07 AM: joey@a[19].txt (ID = 2027)
1:07 AM: joey@a[1].txt (ID = 2027)
1:07 AM: joey@a[20].txt (ID = 2027)
1:07 AM: joey@a[21].txt (ID = 2027)
1:07 AM: joey@a[22].txt (ID = 2027)
1:07 AM: joey@a[23].txt (ID = 2027)
1:07 AM: joey@a[24].txt (ID = 2027)
1:07 AM: joey@a[25].txt (ID = 2027)
1:07 AM: joey@a[26].txt (ID = 2027)
1:07 AM: joey@a[27].txt (ID = 2027)
1:07 AM: joey@a[28].txt (ID = 2027)
1:07 AM: joey@a[29].txt (ID = 2027)
1:07 AM: joey@a[2].txt (ID = 2027)
1:07 AM: joey@a[30].txt (ID = 2027)
1:07 AM: joey@a[31].txt (ID = 2027)
1:07 AM: joey@a[32].txt (ID = 2027)
1:07 AM: joey@a[33].txt (ID = 2027)
1:07 AM: joey@a[34].txt (ID = 2027)
1:07 AM: joey@a[35].txt (ID = 2027)
1:07 AM: joey@a[36].txt (ID = 2027)
1:07 AM: joey@a[37].txt (ID = 2027)
1:07 AM: joey@a[38].txt (ID = 2027)
1:07 AM: joey@a[39].txt (ID = 2027)
1:07 AM: joey@a[3].txt (ID = 2027)
1:07 AM: joey@a[40].txt (ID = 2027)
1:07 AM: joey@a[41].txt (ID = 2027)
1:07 AM: joey@a[42].txt (ID = 2027)
1:07 AM: joey@a[43].txt (ID = 2027)
1:07 AM: joey@a[44].txt (ID = 2027)
1:07 AM: joey@a[45].txt (ID = 2027)
1:07 AM: joey@a[4].txt (ID = 2027)
1:07 AM: joey@a[5].txt (ID = 2027)
1:07 AM: joey@a[6].txt (ID = 2027)
1:07 AM: joey@a[7].txt (ID = 2027)
1:07 AM: joey@a[8].txt (ID = 2027)
1:07 AM: joey@a[9].txt (ID = 2027)
1:07 AM: joey@belnk[1].txt (ID = 2292)
1:07 AM: Found Spy Cookie: btgrab cookie
1:07 AM: [email protected][11].txt (ID = 2333)
1:07 AM: [email protected][1].txt (ID = 2333)
1:07 AM: [email protected][2].txt (ID = 2333)
1:07 AM: [email protected][3].txt (ID = 2333)
1:07 AM: [email protected][4].txt (ID = 2333)
1:07 AM: [email protected][5].txt (ID = 2333)
1:07 AM: [email protected][6].txt (ID = 2333)
1:07 AM: [email protected][7].txt (ID = 2333)
1:07 AM: [email protected][8].txt (ID = 2333)
1:07 AM: [email protected][9].txt (ID = 2333)
1:07 AM: Found Spy Cookie: burstnet cookie
1:07 AM: joey@burstnet[2].txt (ID = 2336)
1:07 AM: Found Spy Cookie: enhance cookie
1:07 AM: [email protected][1].txt (ID = 2614)
1:07 AM: Found Spy Cookie: goclick cookie
1:07 AM: [email protected][1].txt (ID = 2733)
1:07 AM: Found Spy Cookie: carsbelowinvoice cookie
1:07 AM: joey@carsbelowinvoice[1].txt (ID = 2352)
1:07 AM: Found Spy Cookie: classmates cookie
1:07 AM: joey@classmates[2].txt (ID = 2384)
1:07 AM: Found Spy Cookie: cliks cookie
1:07 AM: joey@cliks[1].txt (ID = 2414)
1:07 AM: joey@cliks[2].txt (ID = 2414)
1:07 AM: joey@cliks[3].txt (ID = 2414)
1:07 AM: joey@cliks[4].txt (ID = 2414)
1:07 AM: joey@cliks[6].txt (ID = 2414)
1:07 AM: joey@cliks[7].txt (ID = 2414)
1:07 AM: Found Spy Cookie: commission junction cookie
1:07 AM: joey@commission-junction[2].txt (ID = 2455)
1:07 AM: Found Spy Cookie: delfinproject cookie
1:07 AM: joey@delfinproject[1].txt (ID = 2509)
1:07 AM: Found Spy Cookie: directtrack cookie
1:07 AM: joey@directtrack[1].txt (ID = 2527)
1:07 AM: [email protected][2].txt (ID = 2293)
1:07 AM: Found Spy Cookie: webservicehosts cookie
1:07 AM: [email protected][1].txt (ID = 3663)
1:07 AM: Found Spy Cookie: empnads cookie
1:07 AM: joey@empnads[2].txt (ID = 5012)
1:07 AM: Found Spy Cookie: 2o7.net cookie
1:07 AM: [email protected][2].txt (ID = 1958)
1:07 AM: [email protected][1].txt (ID = 2528)
1:07 AM: Found Spy Cookie: clickandtrack cookie
1:07 AM: [email protected][2].txt (ID = 2397)
1:07 AM: Found Spy Cookie: hotmatch cookie
1:07 AM: joey@hotmatch[2].txt (ID = 3854)
1:07 AM: Found Spy Cookie: kmpads cookie
1:07 AM: joey@kmpads[1].txt (ID = 2909)
1:07 AM: Found Spy Cookie: mygeek cookie
1:07 AM: joey@mygeek[1].txt (ID = 3041)
1:07 AM: Found Spy Cookie: nextag cookie
1:07 AM: joey@nextag[1].txt (ID = 5014)
1:07 AM: Found Spy Cookie: offeroptimizer cookie
1:07 AM: joey@offeroptimizer[10].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[11].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[12].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[13].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[14].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[15].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[16].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[17].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[18].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[19].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[1].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[2].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[3].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[4].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[5].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[6].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[7].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[8].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[9].txt (ID = 3087)
1:07 AM: joey@partypoker[2].txt (ID = 3111)
1:07 AM: Found Spy Cookie: passion cookie
1:07 AM: joey@passion[2].txt (ID = 3113)
1:07 AM: Found Spy Cookie: paypopup cookie
1:07 AM: joey@paypopup[1].txt (ID = 3119)
1:07 AM: Found Spy Cookie: stamps.com cookie
1:07 AM: [email protected][1].txt (ID = 3438)
1:07 AM: Found Spy Cookie: pokerroom cookie
1:07 AM: joey@pokerroom[2].txt (ID = 3149)
1:07 AM: [email protected][2].txt (ID = 2528)
1:07 AM: joey@reunion[1].txt (ID = 3255)
1:07 AM: Found Spy Cookie: rn11 cookie
1:07 AM: joey@rn11[2].txt (ID = 3261)
1:07 AM: Found Spy Cookie: adjuggler cookie
1:07 AM: [email protected][1].txt (ID = 2071)
1:07 AM: Found Spy Cookie: search123 cookie
1:07 AM: joey@search123[1].txt (ID = 3305)
1:07 AM: Found Spy Cookie: web-stat cookie
1:07 AM: [email protected][1].txt (ID = 3649)
1:07 AM: Found Spy Cookie: shop@home cookie
1:07 AM: joey@shopathomeselect[2].txt (ID = 3367)
1:07 AM: joey@stamps[2].txt (ID = 3437)
1:07 AM: Found Spy Cookie: reliablestats cookie
1:07 AM: [email protected][1].txt (ID = 3254)
1:07 AM: Found Spy Cookie: trafficmp cookie
1:07 AM: joey@trafficmp[2].txt (ID = 3581)
1:07 AM: Found Spy Cookie: burstbeacon cookie
1:07 AM: [email protected][2].txt (ID = 2335)
1:07 AM: Found Spy Cookie: www.maxifiles cookie
1:07 AM: [email protected][2].txt (ID = 3707)
1:07 AM: Found Spy Cookie: redzip cookie
1:07 AM: [email protected][2].txt (ID = 3250)
1:07 AM: [email protected][2].txt (ID = 3256)
1:07 AM: Found Spy Cookie: superlogy cookie
1:07 AM: [email protected][2].txt (ID = 3470)
1:07 AM: Found Spy Cookie: winantiviruspro cookie
1:07 AM: [email protected][2].txt (ID = 3690)
1:07 AM: joey@yieldmanager[2].txt (ID = 3749)
1:07 AM: Found Spy Cookie: adserver cookie
1:07 AM: [email protected][1].txt (ID = 2142)
1:07 AM: Found Spy Cookie: zedo cookie
1:07 AM: joey@zedo[1].txt (ID = 3762)
1:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
1:07 AM: Starting File Sweep
1:07 AM: c:\program files\fcengine (4 subtraces) (ID = -2147471607)
1:07 AM: c:\program files\cmsystem (6 subtraces) (ID = -2147471610)
1:07 AM: Found Adware: fatpickle toolbar
1:07 AM: c:\program files\fatpickle toolbar (7 subtraces) (ID = -2147468828)
1:07 AM: c:\program files\surfsidekick 3 (4 subtraces) (ID = -2147480186)
1:07 AM: c:\windows\etb (18 subtraces) (ID = -2147476235)
1:07 AM: c:\program files\cmapp (7 subtraces) (ID = -2147477896)
1:07 AM: c:\program files\fatpickle toolbar\cache (ID = -2147468827)
1:07 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
1:07 AM: c:\program files\communicator toolbar (82 subtraces) (ID = -2147480362)
1:07 AM: c:\program files\related sites toolbar (2 subtraces) (ID = -2147475069)
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: zfxedct97.exe (ID = 157336)
1:07 AM: x.bmp (ID = 69314)
1:07 AM: 65812_308_524_1824_75.41.tmp1 (ID = 162545)
1:07 AM: u3d.tmp (ID = 166386)
1:07 AM: cwebpage.dll (ID = 69301)
1:07 AM: mxdefdrv.sys (ID = 156562)
1:07 AM: grinstall7.dll (ID = 161539)
1:07 AM: mc-59-627-0000166.exe (ID = 156269)
1:07 AM: e2c39.tmp (ID = 131317)
1:07 AM: greenmovie2313asaadsasfad112341231adsfa1[1].ico (ID = 51033)
1:07 AM: sskupdater3.exe (ID = 166386)
1:07 AM: mainsafe.exe (ID = 157404)
1:07 AM: bingo_big3123[1].ico (ID = 51022)
1:07 AM: 1507588_2504_356_3300_75.41.tmp1 (ID = 162545)
1:07 AM: 65936_1204_608_520_75.41.tmp1 (ID = 162545)
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: 131468_1364_764_3720_75.41.tmp1 (ID = 162545)
1:07 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-011411-00.mdmp". The system cannot find the file specified
1:07 AM: Found Trojan Horse: fu rootkit components
1:07 AM: msdirectx.sys (ID = 134168)
1:08 AM: 65920_1280_484_1372_75.41.tmp1 (ID = 162545)
1:08 AM: 65960_1160_252_3632_75.41.tmp1 (ID = 162545)
1:08 AM: 0nr9vi84.exe (ID = 157331)
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: bundlelite.exe (ID = 166149)
1:08 AM: ssk3repairinstall.exe (ID = 158470)
1:08 AM: autoit3.exe (ID = 119348)
1:08 AM: 65822_492_624_2180_75.41.tmp1 (ID = 162545)
1:08 AM: 196884_1132_624_2332_75.41.tmp1 (ID = 162545)
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: 131468_1364_764_4020_75.41.tmp1 (ID = 162545)
1:08 AM: 65828_636_1404_496_75.41.tmp1 (ID = 162545)
1:09 AM: cmappsetup[1].exe (ID = 115280)
1:09 AM: sntaudio.tmp (ID = 138228)
1:09 AM: norisuni.exe (ID = 138284)
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: ssk3_b5.exe (ID = 131314)
1:09 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-083303-00.mdmp". The system cannot find the file specified
1:09 AM: toolbar_installer.exe (ID = 164824)
1:09 AM: nahbluff.exe (ID = 154779)
1:09 AM: setup1050.exe (ID = 166207)
1:09 AM: 65942_1276_848_3800_75.41.tmp1 (ID = 162545)
1:09 AM: nrmsp6v7.exe (ID = 130510)
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: 65944_1156_356_3764_75.41.tmp1 (ID = 162545)
1:09 AM: 65940_1212_636_3644_75.41.tmp1 (ID = 162545)
1:09 AM: 65942_1280_612_3828_75.41.tmp1 (ID = 162545)
1:09 AM: 459000_3852_4044_2636_75.41.tmp1 (ID = 162545)
1:10 AM: preuninstallcom.exe (ID = 74818)
1:10 AM: 65974_1208_612_1864_75.41.tmp1 (ID = 162545)
1:10 AM: uninst.exe (ID = 73428)
1:10 AM: mon2007.dbd (ID = 57693)
1:10 AM: mon0104.dbd (ID = 57676)
1:10 AM: mon1920.dbd (ID = 57692)
1:10 AM: kw[1].exe (ID = 166307)
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: preuninstallql.exe (ID = 131326)
1:10 AM: lmgklkz.exe (ID = 138872)
1:10 AM: fatpickle.exe (ID = 166140)
1:10 AM: uninst.exe (ID = 73428)
1:10 AM: 65988_1356_928_1752_75.41.tmp1 (ID = 162545)
1:10 AM: 65956_1372_856_1756_75.41.tmp1 (ID = 162545)
1:10 AM: 65988_1356_928_2052_75.41.tmp1 (ID = 162545)
1:10 AM: 65950_1200_532_836_75.41.tmp1 (ID = 162545)
1:10 AM: kw[1].exe (ID = 166307)
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: s2gg.3.exe (ID = 164538)
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: 65966_1404_584_1760_75.41.tmp1 (ID = 162545)
1:11 AM: 131374_580_1360_1612_75.41.tmp1 (ID = 162545)
1:11 AM: mc-60-550-0000166.exe (ID = 156269)
1:11 AM: crptclrs.tmp (ID = 156483)
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: 65994_1536_920_3752_75.41.tmp1 (ID = 162545)
1:12 AM: bho.dll (ID = 167068)
1:12 AM: mon1215.dbd (ID = 57687)
1:12 AM: mainsafe.empty.ini (ID = 166338)
1:12 AM: watch_free_porn.exe (ID = 156913)
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: adsetup.silent.1.13.exe (ID = 167465)
1:12 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
1:12 AM: 1.exe (ID = 144062)
1:13 AM: cmappsetup.exe (ID = 115280)
1:13 AM: kw[1].exe (ID = 166307)
1:13 AM: wincmapp.exe (ID = 145805)
1:13 AM: 111419.exe (ID = 156165)
1:13 AM: cmapp13.exe (ID = 156523)
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: vfx3.exe (ID = 155627)
1:13 AM: plugin.dll (ID = 154761)
1:13 AM: upd0002.exe (ID = 156532)
1:13 AM: pinkkas2123.ico (ID = 51041)
1:13 AM: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
1:13 AM: sskknwrd.dll (ID = 77733)
1:13 AM: nsa12f6.dll (ID = 51054)
1:13 AM: 99_app99.exe (ID = 164538)
1:13 AM: adwsetup_upd.exe (ID = 161596)
1:13 AM: installerv5.exe (ID = 162519)
1:13 AM: pf78.exe (ID = 164525)
1:13 AM: ssk3_b5.exe (ID = 162654)
1:13 AM: ssk3_installerv5.exe (ID = 162632)
1:13 AM: installerv5.exe (ID = 162519)
1:13 AM: Found Adware: apropos
1:13 AM: wingenerics.dll (ID = 50187)
1:13 AM: bk.exe (ID = 162785)
1:13 AM: repairs302972949.dll (ID = 163735)
1:13 AM: u4ce.tmp (ID = 166386)
1:13 AM: communicator.dll (ID = 131321)
1:13 AM: w181609.stub.exe (ID = 107248)
1:13 AM: plugin.dll (ID = 154758)
1:13 AM: dsr.exe (ID = 121121)
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: mc-62-602-0000156.exe (ID = 156269)
1:13 AM: qlink32.dll (ID = 73425)
1:13 AM: qldf.bin (ID = 131688)
1:13 AM: grinstall7.dll (ID = 161539)
1:14 AM: ssk.exe (ID = 163864)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
1:14 AM: sskbho.dll (ID = 163865)
1:14 AM: stb.exe (ID = 94666)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || stb (ID = 0)
1:14 AM: pfudt92c.exe (ID = 157330)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
1:14 AM: pokapoka78.exe (ID = 179560)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || System service78 (ID = 0)
1:14 AM: sskcore.dll (ID = 163866)
1:14 AM: pshwr.exe (ID = 138228)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || pshower (ID = 0)
1:14 AM: cmappclient.exe (ID = 123418)
1:14 AM: netlanm.dll (ID = 138227)
1:14 AM: fcengine.exe (ID = 154760)
1:14 AM: cmsystem.exe (ID = 154757)
1:14 AM: ichckupd.exe (ID = 156483)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || ichckupd (ID = 0)
1:14 AM: pdrpdb.dll (ID = 156482)
1:14 AM: 81vqpr7q.dll (ID = 157332)
1:14 AM: pkshdqhy.dll (ID = 138109)
1:14 AM: italmvga.dll (ID = 156497)
1:14 AM: mc-60-550-0000166.exe (ID = 156275)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || DNS (ID = 0)
1:14 AM: services.exe (ID = 69312)
1:14 AM: catcher.dll (ID = 156267)
1:14 AM: dsr.dll (ID = 115632)
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: mon0315.ddx (ID = 57680)
1:14 AM: mon0504.ddx (ID = 57680)
1:14 AM: mon1204.ddx (ID = 57680)
1:14 AM: mon1125.ddx (ID = 57685)
1:14 AM: mon1909.ddx (ID = 57684)
1:14 AM: sf[1].txt (ID = 110126)
1:14 AM: sf.txt (ID = 110126)
1:14 AM: rf[1].txt (ID = 110125)
1:14 AM: rf.txt (ID = 110125)
1:14 AM: mon0106.ddx (ID = 57679)
1:14 AM: mon0204.ddx (ID = 57680)
1:14 AM: mon0904.ddx (ID = 57684)
1:14 AM: mon0412.ddx (ID = 57680)
1:14 AM: sf.txt (ID = 110126)
1:14 AM: rf.txt (ID = 110125)
1:14 AM: install.inf (ID = 161519)
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: File Sweep Complete, Elapsed Time: 00:07:45
1:14 AM: Full Sweep has completed. Elapsed time 00:26:26
1:14 AM: Traces Found: 2216
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: Removal process initiated
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: Quarantining All Traces: elitebar
1:16 AM: elitebar is in use. It will be removed on reboot.
1:16 AM: c:\windows\etb is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: trojan downloader matcash
1:16 AM: Quarantining All Traces: trojan downloader pops-stop
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: trojan downloader pops-stop is in use. It will be removed on reboot.
1:16 AM: pdrpdb.dll is in use. It will be removed on reboot.
1:16 AM: italmvga.dll is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: trojan-backdoor-soundcheck
1:16 AM: Quarantining All Traces: trojan-downloader-mainstreamdollars
1:16 AM: Quarantining All Traces: visfx
1:16 AM: Quarantining All Traces: apropos
1:16 AM: apropos is in use. It will be removed on reboot.
1:16 AM: wingenerics.dll is in use. It will b
  • 0

#4
joeyryan
Posted 27 October 2005 - 02:26 AM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Here's the Hijack This log. Like I said before, it's working much better now. Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 1:25:08 AM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [tbvxvlo] C:\WINDOWS\tbvxvlo.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [B1B5B8B9B8BEBBC0] 767A7D7E7D8380.exe
O4 - HKLM\..\Run: [amyxmyt] C:\WINDOWS\amyxmyt.exe
O4 - HKLM\..\Run: [nmjtinv] C:\WINDOWS\nmjtinv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000166.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...all4110_sp2.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#5
andydf
Posted 27 October 2005 - 11:35 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Looking a little better :)
Still a bit of work to do though.

I need to see the remainder of the spysweeper log, it does not look complete.
Also, I would like to see an uninstall log from hijack this.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Andy :tazz:
  • 0

#6
joeyryan
Posted 27 October 2005 - 10:29 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Webroot in full

********
12:48 AM: | Start of Session, Thursday, October 27, 2005 |
12:48 AM: Spy Sweeper started
12:48 AM: Sweep initiated using definitions version 562
12:48 AM: Starting Memory Sweep
12:48 AM: Found Adware: safesurf
12:48 AM: Detected running threat: C:\WINDOWS\system32\pkshdqhy.dll (ID = 138109)
12:48 AM: Found Trojan Horse: trojan downloader pops-stop
12:48 AM: Detected running threat: C:\WINDOWS\system32\italmvga.dll (ID = 156497)
12:48 AM: Found Adware: maxifiles
12:48 AM: Detected running threat: C:\Program Files\DNS\Catcher.dll (ID = 156267)
12:48 AM: Found Adware: abetterinternet
12:48 AM: Detected running threat: C:\WINDOWS\nmjtinv.exe (ID = 93)
12:48 AM: Found Adware: shopathomeselect
12:48 AM: Detected running threat: C:\WINDOWS\system32\81vqpr7q.dll (ID = 157332)
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: Detected running threat: C:\Program Files\iTunes\iTunesHelper.exe (ID = 93)
12:48 AM: Detected running threat: C:\Program Files\QuickTime\qttask.exe (ID = 93)
12:48 AM: Found Adware: ie driver
12:48 AM: Detected running threat: C:\WINDOWS\system32\avifil32.exe (ID = 14)
12:49 AM: Detected running threat: C:\WINDOWS\system32\bitsprx3.exe (ID = 14)
12:49 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 5eb0c15fe81c (ID = 0)
12:49 AM: Detected running threat: C:\WINDOWS\system32\nfomon\nfomon.exe (ID = 93)
12:49 AM: Detected running threat: C:\WINDOWS\system32\vidmon\vidmon.exe (ID = 93)
12:49 AM: Detected running threat: C:\WINDOWS\system32\pfudt92c.exe (ID = 157330)
12:49 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
12:49 AM: Detected running threat: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (ID = 93)
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: Found Adware: surfsidekick
12:49 AM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 163865)
12:49 AM: Detected running threat: C:\Program Files\Dell Support\DSAgnt.exe (ID = 93)
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:49 AM: Detected running threat: C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID = 93)
12:49 AM: Found Adware: cas
12:49 AM: Detected running threat: C:\Program Files\FCEngine\FCEngine.exe (ID = 154760)
12:49 AM: Detected running threat: C:\Program Files\CMSystem\CMSystem.exe (ID = 154757)
12:50 AM: Detected running threat: C:\Program Files\AIM\aim.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\netlanm.dll (ID = 138227)
12:50 AM: Detected running threat: C:\WINDOWS\system32\pdrpdb.dll (ID = 156482)
12:50 AM: Detected running threat: C:\WINDOWS\explorer.exe (ID = 63)
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: Detected running threat: C:\WINDOWS\system32\lmgklkz.exe (ID = 138872)
12:50 AM: Detected running threat: C:\Program Files\Analog Devices\Core\smax4pnp.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\hkcmd.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\dla\tfswctrl.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Norton AntiVirus\NAVAPW32.EXE (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\Real\Update_OB\realsched.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\767A7D7E7D8380.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (ID = 93)
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:50 AM: Detected running threat: C:\Program Files\SoftwareOnline\soproc.exe (ID = 93)
12:50 AM: Detected running threat: C:\WINDOWS\system32\cmd.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\Windows\services32.exe (ID = 93)
12:50 AM: Detected running threat: C:\Program Files\Common Files\services.exe (ID = 69312)
12:51 AM: Detected running threat: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (ID = 93)
12:51 AM: Found Adware: visfx
12:51 AM: Detected running threat: C:\WINDOWS\dljrkwg.exe (ID = 99)
12:51 AM: Memory Sweep Complete, Elapsed Time: 00:02:45
12:51 AM: Starting Registry Sweep
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:51 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: Spy Installation Shield: found: Adware: abetterinternet, version 1.1.1.1 -- Execution Denied
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: Found Adware: begin2search
12:52 AM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
12:52 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
12:52 AM: Found Adware: hotsearchbar toolbar
12:52 AM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
12:52 AM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
12:52 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
12:52 AM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
12:52 AM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
12:52 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
12:52 AM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
12:52 AM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
12:52 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
12:52 AM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
12:52 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
12:52 AM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
12:52 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
12:52 AM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
12:52 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
12:52 AM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
12:52 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
12:52 AM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
12:52 AM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
12:52 AM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
12:52 AM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
12:52 AM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
12:52 AM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
12:52 AM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
12:52 AM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
12:52 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
12:52 AM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
12:52 AM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
12:52 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
12:52 AM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
12:52 AM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
12:52 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
12:52 AM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
12:52 AM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
12:52 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
12:52 AM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
12:52 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
12:52 AM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
12:52 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
12:52 AM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
12:52 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
12:52 AM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
12:52 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
12:52 AM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
12:52 AM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
12:52 AM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
12:52 AM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
12:52 AM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
12:52 AM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
12:52 AM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
12:52 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
12:52 AM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
12:52 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
12:52 AM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:52 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:53 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:54 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: Found Adware: elitebar
12:55 AM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:55 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:56 AM: Found Adware: drsnsrch.com hijack
12:56 AM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 128208)
12:56 AM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 128209)
12:56 AM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 128210)
12:56 AM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 128211)
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:57 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:58 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134851)
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134852)
12:59 AM: HKLM\software\classes\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134853)
12:59 AM: HKLM\software\classes\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134854)
12:59 AM: HKLM\software\classes\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134855)
12:59 AM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar\ (2 subtraces) (ID = 134857)
12:59 AM: HKCR\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134864)
12:59 AM: HKCR\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134865)
12:59 AM: HKCR\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134866)
12:59 AM: HKCR\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134867)
12:59 AM: HKCR\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134868)
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:59 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:01 AM: Found Adware: search fast communicator toolbar
1:01 AM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140681)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
1:01 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
1:01 AM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
1:01 AM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
1:01 AM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
1:01 AM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
1:01 AM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140692)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
1:01 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
1:01 AM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140697)
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: HKU\.default\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143384)
1:03 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
1:03 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
1:03 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
1:03 AM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
1:03 AM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
1:03 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: Found Trojan Horse: trojan-backdoor-soundcheck
1:04 AM: HKLM\system\currentcontrolset\services\msdirectx\ (11 subtraces) (ID = 144200)
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: HKLM\system\currentcontrolset\control\print\monitors\zepmon\ (1 subtraces) (ID = 146139)
1:04 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: HKLM\software\microsoft\windows\currentversion\run\ || stb (ID = 201920)
1:05 AM: Found Adware: delfin
1:05 AM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: Found Adware: quicklink search toolbar
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
1:06 AM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
1:06 AM: Found Adware: drsnsrch hijacker
1:06 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
1:06 AM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
1:06 AM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
1:06 AM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
1:06 AM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
1:06 AM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
1:06 AM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
1:06 AM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
1:06 AM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
1:06 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
1:06 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
1:06 AM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
1:06 AM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
1:06 AM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
1:06 AM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
1:06 AM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
1:06 AM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
1:06 AM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
1:06 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
1:06 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
1:06 AM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
1:06 AM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
1:06 AM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
1:06 AM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
1:06 AM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
1:06 AM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
1:06 AM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
1:06 AM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
1:06 AM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
1:06 AM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
1:06 AM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
1:06 AM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
1:06 AM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
1:06 AM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
1:06 AM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
1:06 AM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
1:06 AM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
1:06 AM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
1:06 AM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
1:06 AM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
1:06 AM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 646382)
1:06 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\related sites toolbar\ (2 subtraces) (ID = 652841)
1:06 AM: HKLM\software\microsoft\windows\currentversion\run\ || dinst (ID = 705664)
1:06 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
1:06 AM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
1:06 AM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
1:06 AM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
1:06 AM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
1:06 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
1:06 AM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
1:06 AM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
1:06 AM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
1:06 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
1:06 AM: HKLM\software\picshow\ (48 subtraces) (ID = 730989)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (ID = 730994)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: Found Adware: ezula ilookup
1:06 AM: HKCR\bho.adware\ (5 subtraces) (ID = 819079)
1:06 AM: HKCR\bho.adware.1\ (3 subtraces) (ID = 819085)
1:06 AM: HKCR\bho.hider\ (5 subtraces) (ID = 819089)
1:06 AM: HKCR\bho.hider.1\ (3 subtraces) (ID = 819095)
1:06 AM: HKLM\software\classes\bho.adware\ (5 subtraces) (ID = 819212)
1:06 AM: HKLM\software\classes\bho.adware.1\ (3 subtraces) (ID = 819218)
1:06 AM: HKLM\software\classes\bho.hider\ (5 subtraces) (ID = 819222)
1:06 AM: HKLM\software\classes\bho.hider.1\ (3 subtraces) (ID = 819228)
1:06 AM: HKCR\var8.talmgr\ (5 subtraces) (ID = 820332)
1:06 AM: HKCR\var8.talmgr.1\ (3 subtraces) (ID = 820338)
1:06 AM: HKCR\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820354)
1:06 AM: HKCR\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820366)
1:06 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
1:06 AM: HKCR\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820397)
1:06 AM: HKLM\software\italmanager\ (38 subtraces) (ID = 820452)
1:06 AM: HKLM\software\classes\var8.talmgr\ (5 subtraces) (ID = 820485)
1:06 AM: HKLM\software\classes\var8.talmgr.1\ (3 subtraces) (ID = 820491)
1:06 AM: HKLM\software\classes\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820507)
1:06 AM: HKLM\software\classes\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820519)
1:06 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
1:06 AM: HKLM\software\classes\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820550)
1:06 AM: HKLM\software\microsoft\windows\currentversion\uninstall\italmgr\ (2 subtraces) (ID = 820572)
1:06 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ichckupd.exe\ (1 subtraces) (ID = 820614)
1:06 AM: HKCR\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829231)
1:06 AM: HKCR\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829237)
1:06 AM: HKCR\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829241)
1:06 AM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
1:06 AM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
1:06 AM: HKLM\software\classes\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829292)
1:06 AM: HKLM\software\classes\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829298)
1:06 AM: HKLM\software\classes\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829302)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (2 subtraces) (ID = 829305)
1:06 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{70230839-555c-4862-8d42-bb1e2352502c}\ (ID = 831459)
1:06 AM: HKLM\software\microsoft\windows\currentversion\app paths\italm\ (2 subtraces) (ID = 831468)
1:06 AM: HKLM\software\microsoft\windows\currentversion\app paths\ichckupd\ (2 subtraces) (ID = 831816)
1:06 AM: HKCR\grinstall7.installer.1\ (3 subtraces) (ID = 836062)
1:06 AM: HKCR\grinstall7.installer\ (5 subtraces) (ID = 836066)
1:06 AM: HKCR\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836072)
1:06 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
1:06 AM: HKLM\software\classes\grinstall7.installer.1\ (3 subtraces) (ID = 836095)
1:06 AM: HKLM\software\classes\grinstall7.installer\ (5 subtraces) (ID = 836099)
1:06 AM: HKLM\software\classes\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836105)
1:06 AM: HKCR\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860940)
1:06 AM: HKLM\software\classes\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860969)
1:06 AM: Found Trojan Horse: hackerdefender
1:06 AM: HKLM\system\currentcontrolset\services\msfiedrv1\ (8 subtraces) (ID = 890482)
1:06 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\msfie\ (1 subtraces) (ID = 890506)
1:06 AM: HKLM\system\currentcontrolset\control\safeboot\network\msfie\ (1 subtraces) (ID = 890508)
1:06 AM: HKLM\system\currentcontrolset\services\msfie\ (13 subtraces) (ID = 890567)
1:06 AM: HKCR\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926729)
1:06 AM: HKCR\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926741)
1:06 AM: HKCR\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926753)
1:06 AM: HKLM\software\classes\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926763)
1:06 AM: HKLM\software\classes\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926775)
1:06 AM: HKLM\software\classes\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926787)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\searchurl\ (ID = 128212)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\xbtb07618\ (63 subtraces) (ID = 134858)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\communicator toolbar\ (9 subtraces) (ID = 140688)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\surfsidekick3\ (3 subtraces) (ID = 143412)
1:06 AM: Found Trojan Horse: trojan downloader matcash
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || dns (ID = 144713)
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\aurora\ (27 subtraces) (ID = 360174)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\ (13 subtraces) (ID = 381792)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmapp (ID = 381808)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\dsrch\ (11 subtraces) (ID = 509156)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\client\ || registered (ID = 724012)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || pshower (ID = 730935)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmsystem\ (9 subtraces) (ID = 820421)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || ichckupd (ID = 820435)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmsystem (ID = 820436)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || fcengine (ID = 820437)
1:06 AM: Found Adware: elitebar quicksearch360.com hijack
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\ || searchurl (ID = 829214)
1:06 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\main\ || search bar (ID = 829215)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ (ID = 128212)
1:06 AM: HKU\S-1-5-18\software\xbtb07618\ (59 subtraces) (ID = 134858)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
1:06 AM: Found Adware: xosearchox.com hijack
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 820943)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 820944)
1:06 AM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 820945)
1:06 AM: Registry Sweep Complete, Elapsed Time:00:15:42
1:06 AM: Starting Cookie Sweep
1:06 AM: Found Spy Cookie: 888 cookie
1:07 AM: anyuser@888[1].txt (ID = 2019)
1:07 AM: Found Spy Cookie: azjmp cookie
1:07 AM: anyuser@azjmp[1].txt (ID = 2270)
1:07 AM: Found Spy Cookie: goldenpalace cookie
1:07 AM: anyuser@goldenpalace[2].txt (ID = 2734)
1:07 AM: Found Spy Cookie: partypoker cookie
1:07 AM: anyuser@partypoker[2].txt (ID = 3111)
1:07 AM: Found Spy Cookie: 735 cookie
1:07 AM: joey@735[1].txt (ID = 2009)
1:07 AM: joey@888[2].txt (ID = 2019)
1:07 AM: Found Spy Cookie: websponsors cookie
1:07 AM: [email protected][2].txt (ID = 3665)
1:07 AM: Found Spy Cookie: abetterinternet cookie
1:07 AM: joey@abetterinternet[1].txt (ID = 2035)
1:07 AM: Found Spy Cookie: reunion cookie
1:07 AM: [email protected][1].txt (ID = 3256)
1:07 AM: Found Spy Cookie: yieldmanager cookie
1:07 AM: [email protected][2].txt (ID = 3751)
1:07 AM: Found Spy Cookie: adecn cookie
1:07 AM: joey@adecn[2].txt (ID = 2063)
1:07 AM: Found Spy Cookie: adknowledge cookie
1:07 AM: joey@adknowledge[1].txt (ID = 2072)
1:07 AM: Found Spy Cookie: hbmediapro cookie
1:07 AM: [email protected][2].txt (ID = 2768)
1:07 AM: Found Spy Cookie: hotbar cookie
1:07 AM: [email protected][1].txt (ID = 4207)
1:07 AM: Found Spy Cookie: specificclick.com cookie
1:07 AM: [email protected][2].txt (ID = 3400)
1:07 AM: Found Spy Cookie: adprofile cookie
1:07 AM: joey@adprofile[1].txt (ID = 2084)
1:07 AM: Found Spy Cookie: cc214142 cookie
1:07 AM: [email protected][1].txt (ID = 2367)
1:07 AM: Found Spy Cookie: adultfriendfinder cookie
1:07 AM: joey@adultfriendfinder[2].txt (ID = 2165)
1:07 AM: Found Spy Cookie: x10 cookie
1:07 AM: [email protected][1].txt (ID = 3712)
1:07 AM: Found Spy Cookie: alt cookie
1:07 AM: joey@alt[1].txt (ID = 2217)
1:07 AM: Found Spy Cookie: apmebf cookie
1:07 AM: joey@apmebf[2].txt (ID = 2229)
1:07 AM: Found Spy Cookie: atwola cookie
1:07 AM: [email protected][2].txt (ID = 2256)
1:07 AM: Found Spy Cookie: ask cookie
1:07 AM: joey@ask[1].txt (ID = 2245)
1:07 AM: Found Spy Cookie: belnk cookie
1:07 AM: [email protected][2].txt (ID = 2293)
1:07 AM: joey@atwola[2].txt (ID = 2255)
1:07 AM: joey@azjmp[1].txt (ID = 2270)
1:07 AM: Found Spy Cookie: a cookie
1:07 AM: joey@a[10].txt (ID = 2027)
1:07 AM: joey@a[11].txt (ID = 2027)
1:07 AM: joey@a[12].txt (ID = 2027)
1:07 AM: joey@a[13].txt (ID = 2027)
1:07 AM: joey@a[14].txt (ID = 2027)
1:07 AM: joey@a[15].txt (ID = 2027)
1:07 AM: joey@a[16].txt (ID = 2027)
1:07 AM: joey@a[17].txt (ID = 2027)
1:07 AM: joey@a[18].txt (ID = 2027)
1:07 AM: joey@a[19].txt (ID = 2027)
1:07 AM: joey@a[1].txt (ID = 2027)
1:07 AM: joey@a[20].txt (ID = 2027)
1:07 AM: joey@a[21].txt (ID = 2027)
1:07 AM: joey@a[22].txt (ID = 2027)
1:07 AM: joey@a[23].txt (ID = 2027)
1:07 AM: joey@a[24].txt (ID = 2027)
1:07 AM: joey@a[25].txt (ID = 2027)
1:07 AM: joey@a[26].txt (ID = 2027)
1:07 AM: joey@a[27].txt (ID = 2027)
1:07 AM: joey@a[28].txt (ID = 2027)
1:07 AM: joey@a[29].txt (ID = 2027)
1:07 AM: joey@a[2].txt (ID = 2027)
1:07 AM: joey@a[30].txt (ID = 2027)
1:07 AM: joey@a[31].txt (ID = 2027)
1:07 AM: joey@a[32].txt (ID = 2027)
1:07 AM: joey@a[33].txt (ID = 2027)
1:07 AM: joey@a[34].txt (ID = 2027)
1:07 AM: joey@a[35].txt (ID = 2027)
1:07 AM: joey@a[36].txt (ID = 2027)
1:07 AM: joey@a[37].txt (ID = 2027)
1:07 AM: joey@a[38].txt (ID = 2027)
1:07 AM: joey@a[39].txt (ID = 2027)
1:07 AM: joey@a[3].txt (ID = 2027)
1:07 AM: joey@a[40].txt (ID = 2027)
1:07 AM: joey@a[41].txt (ID = 2027)
1:07 AM: joey@a[42].txt (ID = 2027)
1:07 AM: joey@a[43].txt (ID = 2027)
1:07 AM: joey@a[44].txt (ID = 2027)
1:07 AM: joey@a[45].txt (ID = 2027)
1:07 AM: joey@a[4].txt (ID = 2027)
1:07 AM: joey@a[5].txt (ID = 2027)
1:07 AM: joey@a[6].txt (ID = 2027)
1:07 AM: joey@a[7].txt (ID = 2027)
1:07 AM: joey@a[8].txt (ID = 2027)
1:07 AM: joey@a[9].txt (ID = 2027)
1:07 AM: joey@belnk[1].txt (ID = 2292)
1:07 AM: Found Spy Cookie: btgrab cookie
1:07 AM: [email protected][11].txt (ID = 2333)
1:07 AM: [email protected][1].txt (ID = 2333)
1:07 AM: [email protected][2].txt (ID = 2333)
1:07 AM: [email protected][3].txt (ID = 2333)
1:07 AM: [email protected][4].txt (ID = 2333)
1:07 AM: [email protected][5].txt (ID = 2333)
1:07 AM: [email protected][6].txt (ID = 2333)
1:07 AM: [email protected][7].txt (ID = 2333)
1:07 AM: [email protected][8].txt (ID = 2333)
1:07 AM: [email protected][9].txt (ID = 2333)
1:07 AM: Found Spy Cookie: burstnet cookie
1:07 AM: joey@burstnet[2].txt (ID = 2336)
1:07 AM: Found Spy Cookie: enhance cookie
1:07 AM: [email protected][1].txt (ID = 2614)
1:07 AM: Found Spy Cookie: goclick cookie
1:07 AM: [email protected][1].txt (ID = 2733)
1:07 AM: Found Spy Cookie: carsbelowinvoice cookie
1:07 AM: joey@carsbelowinvoice[1].txt (ID = 2352)
1:07 AM: Found Spy Cookie: classmates cookie
1:07 AM: joey@classmates[2].txt (ID = 2384)
1:07 AM: Found Spy Cookie: cliks cookie
1:07 AM: joey@cliks[1].txt (ID = 2414)
1:07 AM: joey@cliks[2].txt (ID = 2414)
1:07 AM: joey@cliks[3].txt (ID = 2414)
1:07 AM: joey@cliks[4].txt (ID = 2414)
1:07 AM: joey@cliks[6].txt (ID = 2414)
1:07 AM: joey@cliks[7].txt (ID = 2414)
1:07 AM: Found Spy Cookie: commission junction cookie
1:07 AM: joey@commission-junction[2].txt (ID = 2455)
1:07 AM: Found Spy Cookie: delfinproject cookie
1:07 AM: joey@delfinproject[1].txt (ID = 2509)
1:07 AM: Found Spy Cookie: directtrack cookie
1:07 AM: joey@directtrack[1].txt (ID = 2527)
1:07 AM: [email protected][2].txt (ID = 2293)
1:07 AM: Found Spy Cookie: webservicehosts cookie
1:07 AM: [email protected][1].txt (ID = 3663)
1:07 AM: Found Spy Cookie: empnads cookie
1:07 AM: joey@empnads[2].txt (ID = 5012)
1:07 AM: Found Spy Cookie: 2o7.net cookie
1:07 AM: [email protected][2].txt (ID = 1958)
1:07 AM: [email protected][1].txt (ID = 2528)
1:07 AM: Found Spy Cookie: clickandtrack cookie
1:07 AM: [email protected][2].txt (ID = 2397)
1:07 AM: Found Spy Cookie: hotmatch cookie
1:07 AM: joey@hotmatch[2].txt (ID = 3854)
1:07 AM: Found Spy Cookie: kmpads cookie
1:07 AM: joey@kmpads[1].txt (ID = 2909)
1:07 AM: Found Spy Cookie: mygeek cookie
1:07 AM: joey@mygeek[1].txt (ID = 3041)
1:07 AM: Found Spy Cookie: nextag cookie
1:07 AM: joey@nextag[1].txt (ID = 5014)
1:07 AM: Found Spy Cookie: offeroptimizer cookie
1:07 AM: joey@offeroptimizer[10].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[11].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[12].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[13].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[14].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[15].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[16].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[17].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[18].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[19].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[1].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[2].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[3].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[4].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[5].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[6].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[7].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[8].txt (ID = 3087)
1:07 AM: joey@offeroptimizer[9].txt (ID = 3087)
1:07 AM: joey@partypoker[2].txt (ID = 3111)
1:07 AM: Found Spy Cookie: passion cookie
1:07 AM: joey@passion[2].txt (ID = 3113)
1:07 AM: Found Spy Cookie: paypopup cookie
1:07 AM: joey@paypopup[1].txt (ID = 3119)
1:07 AM: Found Spy Cookie: stamps.com cookie
1:07 AM: [email protected][1].txt (ID = 3438)
1:07 AM: Found Spy Cookie: pokerroom cookie
1:07 AM: joey@pokerroom[2].txt (ID = 3149)
1:07 AM: [email protected][2].txt (ID = 2528)
1:07 AM: joey@reunion[1].txt (ID = 3255)
1:07 AM: Found Spy Cookie: rn11 cookie
1:07 AM: joey@rn11[2].txt (ID = 3261)
1:07 AM: Found Spy Cookie: adjuggler cookie
1:07 AM: [email protected][1].txt (ID = 2071)
1:07 AM: Found Spy Cookie: search123 cookie
1:07 AM: joey@search123[1].txt (ID = 3305)
1:07 AM: Found Spy Cookie: web-stat cookie
1:07 AM: [email protected][1].txt (ID = 3649)
1:07 AM: Found Spy Cookie: shop@home cookie
1:07 AM: joey@shopathomeselect[2].txt (ID = 3367)
1:07 AM: joey@stamps[2].txt (ID = 3437)
1:07 AM: Found Spy Cookie: reliablestats cookie
1:07 AM: [email protected][1].txt (ID = 3254)
1:07 AM: Found Spy Cookie: trafficmp cookie
1:07 AM: joey@trafficmp[2].txt (ID = 3581)
1:07 AM: Found Spy Cookie: burstbeacon cookie
1:07 AM: [email protected][2].txt (ID = 2335)
1:07 AM: Found Spy Cookie: www.maxifiles cookie
1:07 AM: [email protected][2].txt (ID = 3707)
1:07 AM: Found Spy Cookie: redzip cookie
1:07 AM: [email protected][2].txt (ID = 3250)
1:07 AM: [email protected][2].txt (ID = 3256)
1:07 AM: Found Spy Cookie: superlogy cookie
1:07 AM: [email protected][2].txt (ID = 3470)
1:07 AM: Found Spy Cookie: winantiviruspro cookie
1:07 AM: [email protected][2].txt (ID = 3690)
1:07 AM: joey@yieldmanager[2].txt (ID = 3749)
1:07 AM: Found Spy Cookie: adserver cookie
1:07 AM: [email protected][1].txt (ID = 2142)
1:07 AM: Found Spy Cookie: zedo cookie
1:07 AM: joey@zedo[1].txt (ID = 3762)
1:07 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
1:07 AM: Starting File Sweep
1:07 AM: c:\program files\fcengine (4 subtraces) (ID = -2147471607)
1:07 AM: c:\program files\cmsystem (6 subtraces) (ID = -2147471610)
1:07 AM: Found Adware: fatpickle toolbar
1:07 AM: c:\program files\fatpickle toolbar (7 subtraces) (ID = -2147468828)
1:07 AM: c:\program files\surfsidekick 3 (4 subtraces) (ID = -2147480186)
1:07 AM: c:\windows\etb (18 subtraces) (ID = -2147476235)
1:07 AM: c:\program files\cmapp (7 subtraces) (ID = -2147477896)
1:07 AM: c:\program files\fatpickle toolbar\cache (ID = -2147468827)
1:07 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
1:07 AM: c:\program files\communicator toolbar (82 subtraces) (ID = -2147480362)
1:07 AM: c:\program files\related sites toolbar (2 subtraces) (ID = -2147475069)
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: zfxedct97.exe (ID = 157336)
1:07 AM: x.bmp (ID = 69314)
1:07 AM: 65812_308_524_1824_75.41.tmp1 (ID = 162545)
1:07 AM: u3d.tmp (ID = 166386)
1:07 AM: cwebpage.dll (ID = 69301)
1:07 AM: mxdefdrv.sys (ID = 156562)
1:07 AM: grinstall7.dll (ID = 161539)
1:07 AM: mc-59-627-0000166.exe (ID = 156269)
1:07 AM: e2c39.tmp (ID = 131317)
1:07 AM: greenmovie2313asaadsasfad112341231adsfa1[1].ico (ID = 51033)
1:07 AM: sskupdater3.exe (ID = 166386)
1:07 AM: mainsafe.exe (ID = 157404)
1:07 AM: bingo_big3123[1].ico (ID = 51022)
1:07 AM: 1507588_2504_356_3300_75.41.tmp1 (ID = 162545)
1:07 AM: 65936_1204_608_520_75.41.tmp1 (ID = 162545)
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:07 AM: 131468_1364_764_3720_75.41.tmp1 (ID = 162545)
1:07 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-011411-00.mdmp". The system cannot find the file specified
1:07 AM: Found Trojan Horse: fu rootkit components
1:07 AM: msdirectx.sys (ID = 134168)
1:08 AM: 65920_1280_484_1372_75.41.tmp1 (ID = 162545)
1:08 AM: 65960_1160_252_3632_75.41.tmp1 (ID = 162545)
1:08 AM: 0nr9vi84.exe (ID = 157331)
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: bundlelite.exe (ID = 166149)
1:08 AM: ssk3repairinstall.exe (ID = 158470)
1:08 AM: autoit3.exe (ID = 119348)
1:08 AM: 65822_492_624_2180_75.41.tmp1 (ID = 162545)
1:08 AM: 196884_1132_624_2332_75.41.tmp1 (ID = 162545)
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:08 AM: 131468_1364_764_4020_75.41.tmp1 (ID = 162545)
1:08 AM: 65828_636_1404_496_75.41.tmp1 (ID = 162545)
1:09 AM: cmappsetup[1].exe (ID = 115280)
1:09 AM: sntaudio.tmp (ID = 138228)
1:09 AM: norisuni.exe (ID = 138284)
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: ssk3_b5.exe (ID = 131314)
1:09 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-083303-00.mdmp". The system cannot find the file specified
1:09 AM: toolbar_installer.exe (ID = 164824)
1:09 AM: nahbluff.exe (ID = 154779)
1:09 AM: setup1050.exe (ID = 166207)
1:09 AM: 65942_1276_848_3800_75.41.tmp1 (ID = 162545)
1:09 AM: nrmsp6v7.exe (ID = 130510)
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:09 AM: 65944_1156_356_3764_75.41.tmp1 (ID = 162545)
1:09 AM: 65940_1212_636_3644_75.41.tmp1 (ID = 162545)
1:09 AM: 65942_1280_612_3828_75.41.tmp1 (ID = 162545)
1:09 AM: 459000_3852_4044_2636_75.41.tmp1 (ID = 162545)
1:10 AM: preuninstallcom.exe (ID = 74818)
1:10 AM: 65974_1208_612_1864_75.41.tmp1 (ID = 162545)
1:10 AM: uninst.exe (ID = 73428)
1:10 AM: mon2007.dbd (ID = 57693)
1:10 AM: mon0104.dbd (ID = 57676)
1:10 AM: mon1920.dbd (ID = 57692)
1:10 AM: kw[1].exe (ID = 166307)
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: preuninstallql.exe (ID = 131326)
1:10 AM: lmgklkz.exe (ID = 138872)
1:10 AM: fatpickle.exe (ID = 166140)
1:10 AM: uninst.exe (ID = 73428)
1:10 AM: 65988_1356_928_1752_75.41.tmp1 (ID = 162545)
1:10 AM: 65956_1372_856_1756_75.41.tmp1 (ID = 162545)
1:10 AM: 65988_1356_928_2052_75.41.tmp1 (ID = 162545)
1:10 AM: 65950_1200_532_836_75.41.tmp1 (ID = 162545)
1:10 AM: kw[1].exe (ID = 166307)
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:10 AM: s2gg.3.exe (ID = 164538)
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:11 AM: 65966_1404_584_1760_75.41.tmp1 (ID = 162545)
1:11 AM: 131374_580_1360_1612_75.41.tmp1 (ID = 162545)
1:11 AM: mc-60-550-0000166.exe (ID = 156269)
1:11 AM: crptclrs.tmp (ID = 156483)
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: 65994_1536_920_3752_75.41.tmp1 (ID = 162545)
1:12 AM: bho.dll (ID = 167068)
1:12 AM: mon1215.dbd (ID = 57687)
1:12 AM: mainsafe.empty.ini (ID = 166338)
1:12 AM: watch_free_porn.exe (ID = 156913)
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:12 AM: adsetup.silent.1.13.exe (ID = 167465)
1:12 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
1:12 AM: 1.exe (ID = 144062)
1:13 AM: cmappsetup.exe (ID = 115280)
1:13 AM: kw[1].exe (ID = 166307)
1:13 AM: wincmapp.exe (ID = 145805)
1:13 AM: 111419.exe (ID = 156165)
1:13 AM: cmapp13.exe (ID = 156523)
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: vfx3.exe (ID = 155627)
1:13 AM: plugin.dll (ID = 154761)
1:13 AM: upd0002.exe (ID = 156532)
1:13 AM: pinkkas2123.ico (ID = 51041)
1:13 AM: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
1:13 AM: sskknwrd.dll (ID = 77733)
1:13 AM: nsa12f6.dll (ID = 51054)
1:13 AM: 99_app99.exe (ID = 164538)
1:13 AM: adwsetup_upd.exe (ID = 161596)
1:13 AM: installerv5.exe (ID = 162519)
1:13 AM: pf78.exe (ID = 164525)
1:13 AM: ssk3_b5.exe (ID = 162654)
1:13 AM: ssk3_installerv5.exe (ID = 162632)
1:13 AM: installerv5.exe (ID = 162519)
1:13 AM: Found Adware: apropos
1:13 AM: wingenerics.dll (ID = 50187)
1:13 AM: bk.exe (ID = 162785)
1:13 AM: repairs302972949.dll (ID = 163735)
1:13 AM: u4ce.tmp (ID = 166386)
1:13 AM: communicator.dll (ID = 131321)
1:13 AM: w181609.stub.exe (ID = 107248)
1:13 AM: plugin.dll (ID = 154758)
1:13 AM: dsr.exe (ID = 121121)
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:13 AM: mc-62-602-0000156.exe (ID = 156269)
1:13 AM: qlink32.dll (ID = 73425)
1:13 AM: qldf.bin (ID = 131688)
1:13 AM: grinstall7.dll (ID = 161539)
1:14 AM: ssk.exe (ID = 163864)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
1:14 AM: sskbho.dll (ID = 163865)
1:14 AM: stb.exe (ID = 94666)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || stb (ID = 0)
1:14 AM: pfudt92c.exe (ID = 157330)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
1:14 AM: pokapoka78.exe (ID = 179560)
1:14 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || System service78 (ID = 0)
1:14 AM: sskcore.dll (ID = 163866)
1:14 AM: pshwr.exe (ID = 138228)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || pshower (ID = 0)
1:14 AM: cmappclient.exe (ID = 123418)
1:14 AM: netlanm.dll (ID = 138227)
1:14 AM: fcengine.exe (ID = 154760)
1:14 AM: cmsystem.exe (ID = 154757)
1:14 AM: ichckupd.exe (ID = 156483)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || ichckupd (ID = 0)
1:14 AM: pdrpdb.dll (ID = 156482)
1:14 AM: 81vqpr7q.dll (ID = 157332)
1:14 AM: pkshdqhy.dll (ID = 138109)
1:14 AM: italmvga.dll (ID = 156497)
1:14 AM: mc-60-550-0000166.exe (ID = 156275)
1:14 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || DNS (ID = 0)
1:14 AM: services.exe (ID = 69312)
1:14 AM: catcher.dll (ID = 156267)
1:14 AM: dsr.dll (ID = 115632)
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: mon0315.ddx (ID = 57680)
1:14 AM: mon0504.ddx (ID = 57680)
1:14 AM: mon1204.ddx (ID = 57680)
1:14 AM: mon1125.ddx (ID = 57685)
1:14 AM: mon1909.ddx (ID = 57684)
1:14 AM: sf[1].txt (ID = 110126)
1:14 AM: sf.txt (ID = 110126)
1:14 AM: rf[1].txt (ID = 110125)
1:14 AM: rf.txt (ID = 110125)
1:14 AM: mon0106.ddx (ID = 57679)
1:14 AM: mon0204.ddx (ID = 57680)
1:14 AM: mon0904.ddx (ID = 57684)
1:14 AM: mon0412.ddx (ID = 57680)
1:14 AM: sf.txt (ID = 110126)
1:14 AM: rf.txt (ID = 110125)
1:14 AM: install.inf (ID = 161519)
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:14 AM: File Sweep Complete, Elapsed Time: 00:07:45
1:14 AM: Full Sweep has completed. Elapsed time 00:26:26
1:14 AM: Traces Found: 2216
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: Removal process initiated
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:15 AM: Quarantining All Traces: elitebar
1:16 AM: elitebar is in use. It will be removed on reboot.
1:16 AM: c:\windows\etb is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: trojan downloader matcash
1:16 AM: Quarantining All Traces: trojan downloader pops-stop
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: trojan downloader pops-stop is in use. It will be removed on reboot.
1:16 AM: pdrpdb.dll is in use. It will be removed on reboot.
1:16 AM: italmvga.dll is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: trojan-backdoor-soundcheck
1:16 AM: Quarantining All Traces: trojan-downloader-mainstreamdollars
1:16 AM: Quarantining All Traces: visfx
1:16 AM: Quarantining All Traces: apropos
1:16 AM: apropos is in use. It will be removed on reboot.
1:16 AM: wingenerics.dll is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: begin2search
1:16 AM: Quara
  • 0

#7
joeyryan
Posted 27 October 2005 - 10:31 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
1:16 AM: Quarantining All Traces: begin2search
1:16 AM: Quarantining All Traces: cas
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:16 AM: cas is in use. It will be removed on reboot.
1:16 AM: fcengine.exe is in use. It will be removed on reboot.
1:16 AM: cmsystem.exe is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: delfin
1:16 AM: delfin is in use. It will be removed on reboot.
1:16 AM: mon2007.dbd is in use. It will be removed on reboot.
1:16 AM: mon0104.dbd is in use. It will be removed on reboot.
1:16 AM: mon1920.dbd is in use. It will be removed on reboot.
1:16 AM: mon1215.dbd is in use. It will be removed on reboot.
1:16 AM: mon0315.ddx is in use. It will be removed on reboot.
1:16 AM: mon0504.ddx is in use. It will be removed on reboot.
1:16 AM: mon1204.ddx is in use. It will be removed on reboot.
1:16 AM: mon1125.ddx is in use. It will be removed on reboot.
1:16 AM: mon1909.ddx is in use. It will be removed on reboot.
1:16 AM: mon0106.ddx is in use. It will be removed on reboot.
1:16 AM: mon0204.ddx is in use. It will be removed on reboot.
1:16 AM: mon0904.ddx is in use. It will be removed on reboot.
1:16 AM: mon0412.ddx is in use. It will be removed on reboot.
1:16 AM: Quarantining All Traces: drsnsrch hijacker
1:17 AM: Quarantining All Traces: drsnsrch.com hijack
1:17 AM: Quarantining All Traces: elitebar quicksearch360.com hijack
1:17 AM: Quarantining All Traces: ezula ilookup
1:17 AM: Quarantining All Traces: fatpickle toolbar
1:17 AM: Quarantining All Traces: fu rootkit components
1:17 AM: Quarantining All Traces: hackerdefender
1:17 AM: hackerdefender is in use. It will be removed on reboot.
1:17 AM: mainsafe.exe is in use. It will be removed on reboot.
1:17 AM: mainsafe.empty.ini is in use. It will be removed on reboot.
1:17 AM: Quarantining All Traces: hotsearchbar toolbar
1:17 AM: Quarantining All Traces: ie driver
1:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:17 AM: ie driver is in use. It will be removed on reboot.
1:17 AM: C:\WINDOWS\system32\avifil32.exe is in use. It will be removed on reboot.
1:17 AM: C:\WINDOWS\system32\bitsprx3.exe is in use. It will be removed on reboot.
1:17 AM: Quarantining All Traces: maxifiles
1:17 AM: maxifiles is in use. It will be removed on reboot.
1:17 AM: services.exe is in use. It will be removed on reboot.
1:17 AM: catcher.dll is in use. It will be removed on reboot.
1:17 AM: C:\Program Files\DNS\Catcher.dll is in use. It will be removed on reboot.
1:17 AM: C:\Program Files\Common Files\services.exe is in use. It will be removed on reboot.
1:17 AM: Quarantining All Traces: quicklink search toolbar
1:17 AM: Quarantining All Traces: safesurf
1:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
1:17 AM: safesurf is in use. It will be removed on reboot.
1:17 AM: netlanm.dll is in use. It will be removed on reboot.
1:17 AM: pkshdqhy.dll is in use. It will be removed on reboot.
1:17 AM: Quarantining All Traces: search fast communicator toolbar
1:18 AM: Quarantining All Traces: shopathomeselect
1:18 AM: shopathomeselect is in use. It will be removed on reboot.
1:18 AM: pfudt92c.exe is in use. It will be removed on reboot.
1:18 AM: 81vqpr7q.dll is in use. It will be removed on reboot.
1:18 AM: C:\WINDOWS\system32\81vqpr7q.dll is in use. It will be removed on reboot.
1:18 AM: C:\WINDOWS\system32\pfudt92c.exe is in use. It will be removed on reboot.
1:18 AM: Quarantining All Traces: surfsidekick
1:18 AM: surfsidekick is in use. It will be removed on reboot.
1:18 AM: c:\program files\surfsidekick 3 is in use. It will be removed on reboot.
1:18 AM: ssk.exe is in use. It will be removed on reboot.
1:18 AM: sskbho.dll is in use. It will be removed on reboot.
1:18 AM: sskcore.dll is in use. It will be removed on reboot.
1:18 AM: C:\Program Files\SurfSideKick 3\SskBho.dll is in use. It will be removed on reboot.
1:18 AM: Quarantining All Traces: xosearchox.com hijack
1:18 AM: Quarantining All Traces: 2o7.net cookie
1:18 AM: Quarantining All Traces: 735 cookie
1:18 AM: Quarantining All Traces: 888 cookie
1:18 AM: Quarantining All Traces: a cookie
1:18 AM: Quarantining All Traces: abetterinternet cookie
1:18 AM: Quarantining All Traces: adecn cookie
1:18 AM: Quarantining All Traces: adjuggler cookie
1:18 AM: Quarantining All Traces: adknowledge cookie
1:18 AM: Quarantining All Traces: adprofile cookie
1:18 AM: Quarantining All Traces: adserver cookie
1:18 AM: Quarantining All Traces: adultfriendfinder cookie
1:18 AM: Quarantining All Traces: alt cookie
1:18 AM: Quarantining All Traces: apmebf cookie
1:18 AM: Quarantining All Traces: ask cookie
1:18 AM: Quarantining All Traces: atwola cookie
1:18 AM: Quarantining All Traces: azjmp cookie
1:18 AM: Quarantining All Traces: belnk cookie
1:18 AM: Quarantining All Traces: btgrab cookie
1:18 AM: Quarantining All Traces: burstbeacon cookie
1:18 AM: Quarantining All Traces: burstnet cookie
1:18 AM: Quarantining All Traces: carsbelowinvoice cookie
1:18 AM: Quarantining All Traces: cc214142 cookie
1:18 AM: Quarantining All Traces: classmates cookie
1:18 AM: Quarantining All Traces: clickandtrack cookie
1:18 AM: Quarantining All Traces: cliks cookie
1:18 AM: Quarantining All Traces: commission junction cookie
1:18 AM: Quarantining All Traces: delfinproject cookie
1:18 AM: Quarantining All Traces: directtrack cookie
1:18 AM: Quarantining All Traces: empnads cookie
1:18 AM: Quarantining All Traces: enhance cookie
1:18 AM: Quarantining All Traces: goclick cookie
1:18 AM: Quarantining All Traces: goldenpalace cookie
1:18 AM: Quarantining All Traces: hbmediapro cookie
1:18 AM: Quarantining All Traces: hotbar cookie
1:18 AM: Quarantining All Traces: hotmatch cookie
1:18 AM: Quarantining All Traces: kmpads cookie
1:18 AM: Quarantining All Traces: mygeek cookie
1:18 AM: Quarantining All Traces: nextag cookie
1:18 AM: Quarantining All Traces: offeroptimizer cookie
1:18 AM: Quarantining All Traces: partypoker cookie
1:18 AM: Quarantining All Traces: passion cookie
1:18 AM: Quarantining All Traces: paypopup cookie
1:18 AM: Quarantining All Traces: pokerroom cookie
1:18 AM: Quarantining All Traces: redzip cookie
1:18 AM: Quarantining All Traces: reliablestats cookie
1:18 AM: Quarantining All Traces: reunion cookie
1:18 AM: Quarantining All Traces: rn11 cookie
1:18 AM: Quarantining All Traces: search123 cookie
1:18 AM: Quarantining All Traces: shop@home cookie
1:18 AM: Quarantining All Traces: specificclick.com cookie
1:18 AM: Quarantining All Traces: stamps.com cookie
1:18 AM: Quarantining All Traces: superlogy cookie
1:18 AM: Quarantining All Traces: trafficmp cookie
1:18 AM: Quarantining All Traces: webservicehosts cookie
1:18 AM: Quarantining All Traces: websponsors cookie
1:18 AM: Quarantining All Traces: web-stat cookie
1:18 AM: Quarantining All Traces: winantiviruspro cookie
1:18 AM: Quarantining All Traces: www.maxifiles cookie
1:18 AM: Quarantining All Traces: x10 cookie
1:18 AM: Quarantining All Traces: yieldmanager cookie
1:18 AM: Quarantining All Traces: zedo cookie
1:19 AM: Warning: Timed out waiting for explorer.exe
1:19 AM: Warning: Launched explorer.exe
1:19 AM: Warning: Quarantine process could not restart Explorer.
1:19 AM: Spy Installation Shield: found: Adware: abetterinternet, version 1.1.1.1 -- Execution Denied
1:19 AM: Spy Installation Shield: found: Adware: abetterinternet, version 1.1.1.1 -- Execution Denied
1:19 AM: Quarantining All Traces: abetterinternet
1:20 AM: abetterinternet is in use. It will be removed on reboot.
1:20 AM: Removal process completed. Elapsed time 00:04:30
1:24 AM: Processing Startup Alerts
1:24 AM: Removed Startup entry: eknscm
1:32 AM: Processing Internet Explorer Favorites Alerts
1:32 AM: Removed IE Favorite: You're Approved!!
1:32 AM: Removed IE Favorite: Meet Someone Special
1:32 AM: Removed IE Favorite: Get out of Debt!
1:32 AM: Removed IE Favorite: Advance Your Career
1:32 AM: Removed IE Favorite: .url
9:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
9:25 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
9:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
9:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
9:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
9:26 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
********
11:43 PM: | Start of Session, Wednesday, October 26, 2005 |
11:43 PM: Spy Sweeper started
11:43 PM: Sweep initiated using definitions version 562
11:43 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:43 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:43 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:43 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:43 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:43 PM: Starting Memory Sweep
11:43 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:43 PM: Found Adware: abetterinternet
11:43 PM: Detected running threat: C:\WINDOWS\system32\767A7D7E7D8380.exe (ID = 93)
11:43 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:43 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:43 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:43 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:44 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:44 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:44 PM: Found Adware: shopathomeselect
11:44 PM: Detected running threat: C:\WINDOWS\system32\81vqpr7q.dll (ID = 157332)
11:44 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:44 PM: Detected running threat: C:\WINDOWS\nmjtinv.exe (ID = 93)
11:44 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:44 PM: Detected running threat: C:\Program Files\iTunes\iTunesHelper.exe (ID = 93)
11:44 PM: Detected running threat: C:\Program Files\QuickTime\qttask.exe (ID = 93)
11:44 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:44 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:45 PM: Found Adware: ie driver
11:45 PM: Detected running threat: C:\WINDOWS\system32\bitsprx3.exe (ID = 14)
11:45 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || 5eb0c15fe81c (ID = 0)
11:45 PM: Detected running threat: C:\WINDOWS\system32\avifil32.exe (ID = 14)
11:45 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:45 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:45 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:45 PM: Detected running threat: C:\WINDOWS\system32\nfomon\nfomon.exe (ID = 93)
11:45 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:45 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:46 PM: Detected running threat: C:\WINDOWS\system32\vidmon\vidmon.exe (ID = 93)
11:46 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:46 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:46 PM: Found Adware: surfsidekick
11:46 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 163865)
11:46 PM: Detected running threat: C:\WINDOWS\system32\pfudt92c.exe (ID = 157330)
11:46 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
11:46 PM: Found Adware: elitebar
11:46 PM: Detected running threat: C:\WINDOWS\etb\pokapoka78.exe (ID = 179560)
11:46 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || System service78 (ID = 0)
11:46 PM: Found Adware: safesurf
11:46 PM: Detected running threat: C:\WINDOWS\system32\pkshdqhy.dll (ID = 138109)
11:46 PM: Detected running threat: C:\WINDOWS\system32\netlanm.dll (ID = 138227)
11:46 PM: Found Trojan Horse: trojan downloader pops-stop
11:46 PM: Detected running threat: C:\WINDOWS\system32\italmvga.dll (ID = 156497)
11:46 PM: Detected running threat: C:\WINDOWS\system32\pdrpdb.dll (ID = 156482)
11:46 PM: Found Adware: maxifiles
11:46 PM: Detected running threat: C:\Program Files\DNS\Catcher.dll (ID = 156267)
11:46 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:46 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:46 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:46 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 163866)
11:47 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:47 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:47 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:47 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:47 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:47 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:47 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:47 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:47 PM: Detected running threat: C:\Program Files\Dell Support\DSAgnt.exe (ID = 93)
11:48 PM: Found Adware: cas
11:48 PM: Detected running threat: C:\Program Files\CMAPP\Client\cmappclient.exe (ID = 123418)
11:48 PM: Detected running threat: C:\Program Files\FCEngine\FCEngine.exe (ID = 154760)
11:48 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:48 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:48 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:48 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:48 PM: Detected running threat: C:\Program Files\AIM\aim.exe (ID = 93)
11:48 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:48 PM: Detected running threat: C:\WINDOWS\system32\frzckwt.exe (ID = 138872)
11:48 PM: Detected running threat: C:\Program Files\Analog Devices\Core\smax4pnp.exe (ID = 93)
11:48 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:48 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:48 PM: Detected running threat: C:\WINDOWS\system32\hkcmd.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (ID = 93)
11:48 PM: Detected running threat: C:\WINDOWS\system32\dla\tfswctrl.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\Norton AntiVirus\NAVAPW32.EXE (ID = 93)
11:48 PM: Detected running threat: C:\Program Files\Common Files\Real\Update_OB\realsched.exe (ID = 93)
11:48 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:49 PM: Detected running threat: C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe (ID = 93)
11:49 PM: Detected running threat: C:\Program Files\SoftwareOnline\soproc.exe (ID = 93)
11:49 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:49 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:49 PM: Detected running threat: C:\WINDOWS\system32\cmd.exe (ID = 93)
11:49 PM: Detected running threat: C:\Program Files\Wireless LAN\WlanUtil.exe (ID = 93)
11:49 PM: Detected running threat: C:\Program Files\WinZip\WZQKPICK.EXE (ID = 93)
11:49 PM: Detected running threat: C:\Program Files\Common Files\services.exe (ID = 69312)
11:49 PM: Detected running threat: C:\Program Files\Common Files\Windows\services32.exe (ID = 93)
11:49 PM: Detected running threat: C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (ID = 93)
11:49 PM: Found Adware: visfx
11:49 PM: Detected running threat: C:\WINDOWS\dljrkwg.exe (ID = 99)
11:49 PM: Detected running threat: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (ID = 93)
11:49 PM: Detected running threat: C:\Program Files\Internet Explorer\IEXPLORE.EXE (ID = 93)
11:49 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:49 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:49 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:49 PM: Memory Sweep Complete, Elapsed Time: 00:06:14
11:49 PM: Starting Registry Sweep
11:50 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:50 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:50 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:50 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:51 PM: Found Adware: begin2search
11:51 PM: HKCR\btnetw.amo.1\ (3 subtraces) (ID = 104095)
11:51 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
11:51 PM: Found Adware: hotsearchbar toolbar
11:51 PM: HKCR\btnetw.amo\ (5 subtraces) (ID = 104096)
11:51 PM: HKCR\btnetw.iiittt.1\ (3 subtraces) (ID = 104097)
11:51 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
11:51 PM: HKCR\btnetw.iiittt\ (5 subtraces) (ID = 104098)
11:51 PM: HKCR\btnetw.momo.1\ (3 subtraces) (ID = 104099)
11:51 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
11:51 PM: HKCR\btnetw.momo\ (5 subtraces) (ID = 104100)
11:51 PM: HKCR\btnetw.ohb.1\ (3 subtraces) (ID = 104101)
11:51 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
11:51 PM: HKCR\btnetw.ohb\ (5 subtraces) (ID = 104102)
11:51 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
11:51 PM: HKCR\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104109)
11:51 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
11:51 PM: HKCR\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104118)
11:51 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
11:51 PM: HKCR\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104119)
11:51 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
11:51 PM: HKCR\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104120)
11:51 PM: HKCR\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104124)
11:51 PM: HKCR\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104126)
11:51 PM: HKCR\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104127)
11:51 PM: HKCR\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104128)
11:51 PM: HKCR\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104139)
11:51 PM: HKCR\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104141)
11:51 PM: HKLM\software\classes\btnetw.amo.1\ (3 subtraces) (ID = 104145)
11:51 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
11:51 PM: HKLM\software\classes\btnetw.amo\ (5 subtraces) (ID = 104146)
11:51 PM: HKLM\software\classes\btnetw.iiittt.1\ (3 subtraces) (ID = 104147)
11:51 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
11:51 PM: HKLM\software\classes\btnetw.iiittt\ (5 subtraces) (ID = 104148)
11:51 PM: HKLM\software\classes\btnetw.momo.1\ (3 subtraces) (ID = 104149)
11:51 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
11:51 PM: HKLM\software\classes\btnetw.momo\ (5 subtraces) (ID = 104150)
11:51 PM: HKLM\software\classes\btnetw.ohb.1\ (3 subtraces) (ID = 104151)
11:51 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
11:51 PM: HKLM\software\classes\btnetw.ohb\ (5 subtraces) (ID = 104152)
11:51 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
11:51 PM: HKLM\software\classes\clsid\{9ade0443-2ab2-4b23-a3f8-ac520773de12}\ (11 subtraces) (ID = 104159)
11:51 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
11:51 PM: HKLM\software\classes\clsid\{bc54b24c-5a97-4c19-9181-8b8a05b2e931}\ (11 subtraces) (ID = 104168)
11:51 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
11:51 PM: HKLM\software\classes\clsid\{bd9584ef-c28c-4f6d-8d49-0cee3c0e442f}\ (22 subtraces) (ID = 104169)
11:51 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
11:51 PM: HKLM\software\classes\clsid\{c7888681-1a83-4c14-b9a5-95f91240b44f}\ (11 subtraces) (ID = 104170)
11:51 PM: HKLM\software\classes\interface\{6b882c34-a832-4f5b-bef1-7e198be3f094}\ (8 subtraces) (ID = 104174)
11:51 PM: HKLM\software\classes\interface\{9b6b4031-1d6d-4c65-acba-021916853822}\ (8 subtraces) (ID = 104176)
11:51 PM: HKLM\software\classes\interface\{9ff60a27-0c0c-4a6a-a15f-b21b644d67bb}\ (8 subtraces) (ID = 104177)
11:51 PM: HKLM\software\classes\interface\{15d53b86-e055-43b1-bbee-a91a0f37bd2a}\ (8 subtraces) (ID = 104178)
11:51 PM: HKLM\software\classes\interface\{f3c41c1d-22f1-4692-8a7a-88de70a2e9e2}\ (8 subtraces) (ID = 104189)
11:51 PM: HKLM\software\classes\interface\{fa6fa7a5-2c49-4567-ba74-6dd1c36099ee}\ (8 subtraces) (ID = 104191)
11:51 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
11:51 PM: HKLM\software\classes\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104195)
11:51 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
11:51 PM: HKCR\typelib\{bf56be6a-0aea-45f3-8b10-7312876584a8}\ (9 subtraces) (ID = 104238)
11:51 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:51 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:51 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:51 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:51 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:51 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:52 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:52 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:52 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:52 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:53 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:53 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:53 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:53 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: HKLM\software\microsoft\windows\currentversion\internet settings\user agent\post platform\ || iebar (ID = 125752)
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:53 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:54 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:54 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:54 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:55 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:55 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:55 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:55 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:55 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:55 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:56 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:56 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:56 PM: Found Adware: drsnsrch.com hijack
11:56 PM: HKLM\software\microsoft\internet explorer\main\ || search bar (ID = 128208)
11:56 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 128209)
11:56 PM: HKLM\software\microsoft\internet explorer\search\ || customizesearch (ID = 128210)
11:56 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 128211)
11:56 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:56 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:57 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:57 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:57 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:57 PM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
11:57 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:57 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:58 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:58 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:58 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:58 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:59 PM: HKLM\software\classes\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134851)
11:59 PM: HKLM\software\classes\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134852)
11:59 PM: HKLM\software\classes\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134853)
11:59 PM: HKLM\software\classes\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134854)
11:59 PM: HKLM\software\classes\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134855)
11:59 PM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb07618.xbtb07618toolbar\ (2 subtraces) (ID = 134857)
11:59 PM: HKCR\xbtb07618.ietoolbar.1\ (3 subtraces) (ID = 134864)
11:59 PM: HKCR\xbtb07618.ietoolbar.1\clsid\ (1 subtraces) (ID = 134865)
11:59 PM: HKCR\xbtb07618.ietoolbar\ (5 subtraces) (ID = 134866)
11:59 PM: HKCR\xbtb07618.xbtb07618.1\ (3 subtraces) (ID = 134867)
11:59 PM: HKCR\xbtb07618.xbtb07618\ (5 subtraces) (ID = 134868)
11:59 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:59 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:59 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:59 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:00 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:01 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:02 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:02 AM: Found Adware: search fast communicator toolbar
12:02 AM: HKCR\communicator.communicator\ (3 subtraces) (ID = 140680)
12:02 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140681)
12:02 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140682)
12:02 AM: HKCR\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140683)
12:02 AM: HKCR\communicator.communicatormenu button\ (3 subtraces) (ID = 140684)
12:02 AM: HKCR\communicator.communicatortoggle button\ (3 subtraces) (ID = 140685)
12:02 AM: HKLM\software\classes\communicator.communicatormenu button\ (3 subtraces) (ID = 140686)
12:02 AM: HKLM\software\classes\communicator.communicatortoggle button\ (3 subtraces) (ID = 140687)
12:02 AM: HKLM\software\classes\communicator.communicator\ (3 subtraces) (ID = 140691)
12:02 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb428}\ (6 subtraces) (ID = 140692)
12:02 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb429}\ (6 subtraces) (ID = 140693)
12:02 AM: HKLM\software\classes\clsid\{4e7bd74f-2b8d-469e-8dbc-a42eb79cb42a}\ (6 subtraces) (ID = 140694)
12:02 AM: HKU\.default\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140697)
12:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:03 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:04 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:04 AM: HKU\.default\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143384)
12:04 AM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
12:04 AM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
12:04 AM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
12:04 AM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
12:04 AM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
12:04 AM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
12:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:05 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:05 AM: Found Trojan Horse: trojan-backdoor-soundcheck
12:05 AM: HKLM\system\currentcontrolset\services\msdirectx\ (11 subtraces) (ID = 144200)
12:05 AM: HKLM\system\currentcontrolset\control\print\monitors\zepmon\ (1 subtraces) (ID = 146139)
12:05 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
12:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:06 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:07 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: HKLM\software\microsoft\windows\currentversion\run\ || stb (ID = 201920)
12:07 AM: Found Adware: delfin
12:07 AM: HKLM\software\wincin\ (2 subtraces) (ID = 359317)
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:07 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:08 AM: Found Adware: quicklink search toolbar
12:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
12:08 AM: HKLM\software\ql\ (2 subtraces) (ID = 359458)
12:08 AM: Found Adware: drsnsrch hijacker
12:08 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
12:08 AM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
12:08 AM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
12:08 AM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
12:08 AM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
12:08 AM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
12:08 AM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
12:08 AM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
12:08 AM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
12:08 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
12:08 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
12:08 AM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
12:08 AM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
12:08 AM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
12:08 AM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
12:08 AM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
12:08 AM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
12:08 AM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
12:08 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
12:08 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
12:08 AM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
12:08 AM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
12:08 AM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
12:08 AM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
12:08 AM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
12:08 AM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
12:08 AM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
12:08 AM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
12:08 AM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 512692)
12:08 AM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
12:08 AM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
12:08 AM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
12:08 AM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
12:08 AM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
12:08 AM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 513072)
12:08 AM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
12:08 AM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
12:08 AM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
12:08 AM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
12:08 AM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
12:08 AM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 646382)
12:08 AM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
12:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\related sites toolbar\ (2 subtraces) (ID = 652841)
12:08 AM: HKLM\software\microsoft\windows\currentversion\run\ || dinst (ID = 705664)
12:08 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
12:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
12:08 AM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
12:08 AM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
12:08 AM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
12:08 AM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
12:08 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
12:08 AM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
12:08 AM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
12:08 AM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
12:08 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
12:08 AM: HKLM\software\picshow\ (48 subtraces) (ID = 730989)
12:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
12:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:08 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:08 AM: Found Adware: ezula ilookup
12:08 AM: HKCR\bho.adware\ (5 subtraces) (ID = 819079)
12:08 AM: HKCR\bho.adware.1\ (3 subtraces) (ID = 819085)
12:08 AM: HKCR\bho.hider\ (5 subtraces) (ID = 819089)
12:08 AM: HKCR\bho.hider.1\ (3 subtraces) (ID = 819095)
12:08 AM: HKLM\software\classes\bho.adware\ (5 subtraces) (ID = 819212)
12:08 AM: HKLM\software\classes\bho.adware.1\ (3 subtraces) (ID = 819218)
12:08 AM: HKLM\software\classes\bho.hider\ (5 subtraces) (ID = 819222)
12:08 AM: HKLM\software\classes\bho.hider.1\ (3 subtraces) (ID = 819228)
12:08 AM: HKCR\var8.talmgr\ (5 subtraces) (ID = 820332)
12:08 AM: HKCR\var8.talmgr.1\ (3 subtraces) (ID = 820338)
12:08 AM: HKCR\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820354)
12:08 AM: HKCR\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820366)
12:08 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
12:08 AM: HKCR\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820397)
12:08 AM: HKLM\software\italmanager\ (38 subtraces) (ID = 820452)
12:08 AM: HKLM\software\classes\var8.talmgr\ (5 subtraces) (ID = 820485)
12:08 AM: HKLM\software\classes\var8.talmgr.1\ (3 subtraces) (ID = 820491)
12:08 AM: HKLM\software\classes\clsid\{70230839-555c-4862-8d42-bb1e2352502c}\ (11 subtraces) (ID = 820507)
12:08 AM: HKLM\software\classes\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820519)
12:08 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
12:08 AM: HKLM\software\classes\typelib\{65d99893-a650-4292-83d0-3aff6f39e0b5}\ (9 subtraces) (ID = 820550)
12:08 AM: HKLM\software\microsoft\windows\currentversion\uninstall\italmgr\ (2 subtraces) (ID = 820572)
12:08 AM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ichckupd.exe\ (1 subtraces) (ID = 820614)
12:08 AM: HKCR\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829231)
12:08 AM: HKCR\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829237)
12:08 AM: HKCR\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829241)
12:08 AM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
12:08 AM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
12:08 AM: HKLM\software\classes\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829292)
12:08 AM: HKLM\software\classes\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829298)
12:08 AM: HKLM\software\classes\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829302)
12:08 AM: HKLM\software\microsoft\windows\currentversion\app paths\italm\ (2 subtraces) (ID = 831468)
12:08 AM: HKLM\software\microsoft\windows\currentversion\app paths\ichckupd\ (2 subtraces) (ID = 831816)
12:08 AM: HKCR\grinstall7.installer.1\ (3 subtraces) (ID = 836062)
12:08 AM: HKCR\grinstall7.installer\ (5 subtraces) (ID = 836066)
12:08 AM: HKCR\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836072)
12:08 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/grinstall7.dll\ (2 subtraces) (ID = 836092)
12:08 AM: HKLM\software\classes\grinstall7.installer.1\ (3 subtraces) (ID = 836095)
12:08 AM: HKLM\software\classes\grinstall7.installer\ (5 subtraces) (ID = 836099)
12:08 AM: HKLM\software\classes\typelib\{759c257c-f750-4f52-ab58-fb8a7b8770fe}\ (9 subtraces) (ID = 836105)
12:09 AM: HKCR\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860940)
12:09 AM: HKLM\software\classes\clsid\{e9670165-86fe-4c34-8c4b-d3158ddc5d92}\ (14 subtraces) (ID = 860969)
12:09 AM: Found Trojan Horse: hackerdefender
12:09 AM: HKLM\system\currentcontrolset\services\msfiedrv1\ (8 subtraces) (ID = 890482)
12:09 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\msfie\ (1 subtraces) (ID = 890506)
12:09 AM: HKLM\system\currentcontrolset\control\safeboot\network\msfie\ (1 subtraces) (ID = 890508)
12:09 AM: HKLM\system\currentcontrolset\services\msfie\ (13 subtraces) (ID = 890567)
12:09 AM: HKCR\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926729)
12:09 AM: HKCR\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926741)
12:09 AM: HKCR\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926753)
12:09 AM: HKLM\software\classes\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926763)
12:09 AM: HKLM\software\classes\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926775)
12:09 AM: HKLM\software\classes\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926787)
12:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\searchurl\ (ID = 128212)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\xbtb07618\ (63 subtraces) (ID = 134858)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\communicator toolbar\ (9 subtraces) (ID = 140688)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\surfsidekick3\ (4 subtraces) (ID = 143412)
12:09 AM: Found Trojan Horse: trojan downloader matcash
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || dns (ID = 144713)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\aurora\ (27 subtraces) (ID = 360174)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\ (13 subtraces) (ID = 381792)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmapp (ID = 381808)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\dsrch\ (11 subtraces) (ID = 509156)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmapp\client\ || registered (ID = 724012)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || pshower (ID = 730935)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\cmsystem\ (9 subtraces) (ID = 820421)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || ichckupd (ID = 820435)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || cmsystem (ID = 820436)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\windows\currentversion\run\ || fcengine (ID = 820437)
12:09 AM: Found Adware: elitebar quicksearch360.com hijack
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\ || searchurl (ID = 829214)
12:09 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\software\microsoft\internet explorer\main\ || search bar (ID = 829215)
12:09 AM: HKU\S-1-5-18\software\microsoft\internet explorer\searchurl\ (ID = 128212)
12:09 AM: HKU\S-1-5-18\software\xbtb07618\ (59 subtraces) (ID = 134858)
12:09 AM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {4e7bd74f-2b8d-469e-8dbc-a42eb79cb428} (ID = 140689)
12:09 AM: HKU\S-1-5-18\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
12:09 AM: Found Adware: xosearchox.com hijack
12:09 AM: HKU\S-1-5-18\software\microsoft\internet explorer\ || searchurl (ID = 820943)
12:09 AM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 820944)
12:09 AM: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 820945)
12:09 AM: Registry Sweep Complete, Elapsed Time:00:19:42
12:09 AM: Starting Cookie Sweep
12:09 AM: Found Spy Cookie: 888 cookie
12:09 AM: anyuser@888[1].txt (ID = 2019)
12:09 AM: Found Spy Cookie: azjmp cookie
12:09 AM: anyuser@azjmp[1].txt (ID = 2270)
12:09 AM: Found Spy Cookie: goldenpalace cookie
12:09 AM: anyuser@goldenpalace[2].txt (ID = 2734)
12:09 AM: Found Spy Cookie: partypoker cookie
12:09 AM: anyuser@partypoker[2].txt (ID = 3111)
12:09 AM: Found Spy Cookie: 735 cookie
12:09 AM: joey@735[1].txt (ID = 2009)
12:09 AM: joey@888[2].txt (ID = 2019)
12:09 AM: Found Spy Cookie: websponsors cookie
12:09 AM: [email protected][2].txt (ID = 3665)
12:09 AM: Found Spy Cookie: abetterinternet cookie
12:09 AM: joey@abetterinternet[1].txt (ID = 2035)
12:09 AM: Found Spy Cookie: reunion cookie
12:09 AM: [email protected][1].txt (ID = 3256)
12:09 AM: Found Spy Cookie: yieldmanager cookie
12:09 AM: [email protected][2].txt (ID = 3751)
12:09 AM: Found Spy Cookie: adecn cookie
12:09 AM: joey@adecn[2].txt (ID = 2063)
12:09 AM: Found Spy Cookie: adknowledge cookie
12:09 AM: joey@adknowledge[1].txt (ID = 2072)
12:09 AM: Found Spy Cookie: hbmediapro cookie
12:09 AM: [email protected][2].txt (ID = 2768)
12:09 AM: Found Spy Cookie: hotbar cookie
12:09 AM: [email protected][1].txt (ID = 4207)
12:09 AM: Found Spy Cookie: specificclick.com cookie
12:09 AM: [email protected][2].txt (ID = 3400)
12:09 AM: Found Spy Cookie: adprofile cookie
12:09 AM: joey@adprofile[1].txt (ID = 2084)
12:09 AM: Found Spy Cookie: cc214142 cookie
12:09 AM: [email protected][1].txt (ID = 2367)
12:09 AM: Found Spy Cookie: adultfriendfinder cookie
12:09 AM: joey@adultfriendfinder[2].txt (ID = 2165)
12:09 AM: Found Spy Cookie: x10 cookie
12:09 AM: [email protected][1].txt (ID = 3712)
12:09 AM: Found Spy Cookie: alt cookie
12:09 AM: joey@alt[1].txt (ID = 2217)
12:09 AM: Found Spy Cookie: apmebf cookie
12:09 AM: joey@apmebf[2].txt (ID = 2229)
12:09 AM: Found Spy Cookie: atwola cookie
12:09 AM: [email protected][2].txt (ID = 2256)
12:09 AM: Found Spy Cookie: ask cookie
12:09 AM: joey@ask[1].txt (ID = 2245)
12:09 AM: Found Spy Cookie: belnk cookie
12:09 AM: [email protected][2].txt (ID = 2293)
12:09 AM: joey@atwola[2].txt (ID = 2255)
12:09 AM: joey@azjmp[1].txt (ID = 2270)
12:09 AM: Found Spy Cookie: a cookie
12:09 AM: joey@a[10].txt (ID = 2027)
12:0
  • 0

#8
joeyryan
Posted 27 October 2005 - 10:32 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
12:09 AM: joey@a[10].txt (ID = 2027)
12:09 AM: joey@a[11].txt (ID = 2027)
12:09 AM: joey@a[12].txt (ID = 2027)
12:09 AM: joey@a[13].txt (ID = 2027)
12:09 AM: joey@a[14].txt (ID = 2027)
12:09 AM: joey@a[15].txt (ID = 2027)
12:09 AM: joey@a[16].txt (ID = 2027)
12:09 AM: joey@a[17].txt (ID = 2027)
12:09 AM: joey@a[18].txt (ID = 2027)
12:09 AM: joey@a[19].txt (ID = 2027)
12:09 AM: joey@a[1].txt (ID = 2027)
12:09 AM: joey@a[20].txt (ID = 2027)
12:09 AM: joey@a[21].txt (ID = 2027)
12:09 AM: joey@a[22].txt (ID = 2027)
12:09 AM: joey@a[23].txt (ID = 2027)
12:09 AM: joey@a[24].txt (ID = 2027)
12:09 AM: joey@a[25].txt (ID = 2027)
12:09 AM: joey@a[26].txt (ID = 2027)
12:09 AM: joey@a[27].txt (ID = 2027)
12:09 AM: joey@a[28].txt (ID = 2027)
12:09 AM: joey@a[29].txt (ID = 2027)
12:09 AM: joey@a[2].txt (ID = 2027)
12:09 AM: joey@a[30].txt (ID = 2027)
12:09 AM: joey@a[31].txt (ID = 2027)
12:09 AM: joey@a[32].txt (ID = 2027)
12:09 AM: joey@a[33].txt (ID = 2027)
12:09 AM: joey@a[34].txt (ID = 2027)
12:09 AM: joey@a[35].txt (ID = 2027)
12:09 AM: joey@a[36].txt (ID = 2027)
12:09 AM: joey@a[37].txt (ID = 2027)
12:09 AM: joey@a[38].txt (ID = 2027)
12:09 AM: joey@a[39].txt (ID = 2027)
12:09 AM: joey@a[3].txt (ID = 2027)
12:09 AM: joey@a[40].txt (ID = 2027)
12:09 AM: joey@a[41].txt (ID = 2027)
12:09 AM: joey@a[42].txt (ID = 2027)
12:09 AM: joey@a[43].txt (ID = 2027)
12:09 AM: joey@a[44].txt (ID = 2027)
12:09 AM: joey@a[45].txt (ID = 2027)
12:09 AM: joey@a[4].txt (ID = 2027)
12:09 AM: joey@a[5].txt (ID = 2027)
12:09 AM: joey@a[6].txt (ID = 2027)
12:09 AM: joey@a[7].txt (ID = 2027)
12:09 AM: joey@a[8].txt (ID = 2027)
12:09 AM: joey@a[9].txt (ID = 2027)
12:09 AM: joey@belnk[1].txt (ID = 2292)
12:09 AM: Found Spy Cookie: btgrab cookie
12:09 AM: [email protected][11].txt (ID = 2333)
12:09 AM: [email protected][1].txt (ID = 2333)
12:09 AM: [email protected][2].txt (ID = 2333)
12:09 AM: [email protected][3].txt (ID = 2333)
12:09 AM: [email protected][4].txt (ID = 2333)
12:09 AM: [email protected][5].txt (ID = 2333)
12:09 AM: [email protected][6].txt (ID = 2333)
12:09 AM: [email protected][7].txt (ID = 2333)
12:09 AM: [email protected][8].txt (ID = 2333)
12:09 AM: [email protected][9].txt (ID = 2333)
12:09 AM: Found Spy Cookie: burstnet cookie
12:09 AM: joey@burstnet[2].txt (ID = 2336)
12:09 AM: Found Spy Cookie: enhance cookie
12:09 AM: [email protected][1].txt (ID = 2614)
12:09 AM: Found Spy Cookie: goclick cookie
12:09 AM: [email protected][1].txt (ID = 2733)
12:09 AM: Found Spy Cookie: carsbelowinvoice cookie
12:09 AM: joey@carsbelowinvoice[1].txt (ID = 2352)
12:09 AM: Found Spy Cookie: classmates cookie
12:09 AM: joey@classmates[2].txt (ID = 2384)
12:09 AM: Found Spy Cookie: cliks cookie
12:09 AM: joey@cliks[1].txt (ID = 2414)
12:09 AM: joey@cliks[2].txt (ID = 2414)
12:09 AM: joey@cliks[3].txt (ID = 2414)
12:09 AM: joey@cliks[4].txt (ID = 2414)
12:09 AM: joey@cliks[6].txt (ID = 2414)
12:09 AM: joey@cliks[7].txt (ID = 2414)
12:09 AM: Found Spy Cookie: commission junction cookie
12:09 AM: joey@commission-junction[2].txt (ID = 2455)
12:09 AM: Found Spy Cookie: delfinproject cookie
12:09 AM: joey@delfinproject[1].txt (ID = 2509)
12:09 AM: Found Spy Cookie: directtrack cookie
12:09 AM: joey@directtrack[1].txt (ID = 2527)
12:09 AM: [email protected][2].txt (ID = 2293)
12:09 AM: Found Spy Cookie: webservicehosts cookie
12:09 AM: [email protected][1].txt (ID = 3663)
12:09 AM: Found Spy Cookie: empnads cookie
12:09 AM: joey@empnads[2].txt (ID = 5012)
12:09 AM: Found Spy Cookie: 2o7.net cookie
12:09 AM: [email protected][2].txt (ID = 1958)
12:09 AM: [email protected][1].txt (ID = 2528)
12:09 AM: Found Spy Cookie: clickandtrack cookie
12:09 AM: [email protected][2].txt (ID = 2397)
12:09 AM: Found Spy Cookie: hotmatch cookie
12:09 AM: joey@hotmatch[2].txt (ID = 3854)
12:09 AM: Found Spy Cookie: kmpads cookie
12:09 AM: joey@kmpads[1].txt (ID = 2909)
12:09 AM: Found Spy Cookie: mygeek cookie
12:09 AM: joey@mygeek[1].txt (ID = 3041)
12:09 AM: Found Spy Cookie: nextag cookie
12:09 AM: joey@nextag[1].txt (ID = 5014)
12:09 AM: Found Spy Cookie: offeroptimizer cookie
12:09 AM: joey@offeroptimizer[10].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[11].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[12].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[13].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[14].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[15].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[16].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[17].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[18].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[19].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[1].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[2].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[3].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[4].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[5].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[6].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[7].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[8].txt (ID = 3087)
12:09 AM: joey@offeroptimizer[9].txt (ID = 3087)
12:09 AM: joey@partypoker[2].txt (ID = 3111)
12:09 AM: Found Spy Cookie: passion cookie
12:09 AM: joey@passion[2].txt (ID = 3113)
12:09 AM: Found Spy Cookie: paypopup cookie
12:09 AM: joey@paypopup[1].txt (ID = 3119)
12:09 AM: Found Spy Cookie: stamps.com cookie
12:09 AM: [email protected][1].txt (ID = 3438)
12:09 AM: Found Spy Cookie: pokerroom cookie
12:09 AM: joey@pokerroom[2].txt (ID = 3149)
12:09 AM: [email protected][2].txt (ID = 2528)
12:09 AM: joey@reunion[1].txt (ID = 3255)
12:09 AM: Found Spy Cookie: rn11 cookie
12:09 AM: joey@rn11[2].txt (ID = 3261)
12:09 AM: Found Spy Cookie: adjuggler cookie
12:09 AM: [email protected][1].txt (ID = 2071)
12:09 AM: Found Spy Cookie: search123 cookie
12:09 AM: joey@search123[1].txt (ID = 3305)
12:09 AM: Found Spy Cookie: web-stat cookie
12:09 AM: [email protected][1].txt (ID = 3649)
12:09 AM: Found Spy Cookie: shop@home cookie
12:09 AM: joey@shopathomeselect[2].txt (ID = 3367)
12:09 AM: joey@stamps[2].txt (ID = 3437)
12:09 AM: Found Spy Cookie: reliablestats cookie
12:09 AM: [email protected][1].txt (ID = 3254)
12:09 AM: Found Spy Cookie: burstbeacon cookie
12:09 AM: [email protected][2].txt (ID = 2335)
12:09 AM: Found Spy Cookie: www.maxifiles cookie
12:09 AM: [email protected][2].txt (ID = 3707)
12:09 AM: Found Spy Cookie: redzip cookie
12:09 AM: [email protected][2].txt (ID = 3250)
12:09 AM: [email protected][2].txt (ID = 3256)
12:09 AM: Found Spy Cookie: superlogy cookie
12:09 AM: [email protected][2].txt (ID = 3470)
12:09 AM: Found Spy Cookie: winantiviruspro cookie
12:09 AM: [email protected][2].txt (ID = 3690)
12:09 AM: joey@yieldmanager[2].txt (ID = 3749)
12:09 AM: Found Spy Cookie: adserver cookie
12:09 AM: [email protected][1].txt (ID = 2142)
12:09 AM: Found Spy Cookie: zedo cookie
12:09 AM: joey@zedo[1].txt (ID = 3762)
12:09 AM: Cookie Sweep Complete, Elapsed Time: 00:00:08
12:09 AM: Starting File Sweep
12:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:09 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:09 AM: c:\program files\cmsystem (6 subtraces) (ID = -2147471610)
12:09 AM: c:\program files\surfsidekick 3 (4 subtraces) (ID = -2147480186)
12:09 AM: c:\program files\cmapp (7 subtraces) (ID = -2147477896)
12:09 AM: c:\windows\etb (18 subtraces) (ID = -2147476235)
12:09 AM: Found Adware: fatpickle toolbar
12:09 AM: c:\program files\fatpickle toolbar (7 subtraces) (ID = -2147468828)
12:09 AM: c:\program files\related sites toolbar (2 subtraces) (ID = -2147475069)
12:09 AM: c:\program files\communicator toolbar (82 subtraces) (ID = -2147480362)
12:09 AM: c:\program files\fatpickle toolbar\cache (ID = -2147468827)
12:09 AM: c:\program files\quick links (2 subtraces) (ID = -2147478145)
12:09 AM: c:\program files\fcengine (4 subtraces) (ID = -2147471607)
12:09 AM: zfxedct97.exe (ID = 157336)
12:10 AM: x.bmp (ID = 69314)
12:10 AM: 65812_308_524_1824_75.41.tmp1 (ID = 162545)
12:10 AM: Found Trojan Horse: fu rootkit components
12:10 AM: msdirectx.sys (ID = 134168)
12:10 AM: u3d.tmp (ID = 166386)
12:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:10 AM: cwebpage.dll (ID = 69301)
12:10 AM: mxdefdrv.sys (ID = 156562)
12:10 AM: grinstall7.dll (ID = 161539)
12:10 AM: mc-59-627-0000166.exe (ID = 156269)
12:10 AM: e2c39.tmp (ID = 131317)
12:10 AM: greenmovie2313asaadsasfad112341231adsfa1[1].ico (ID = 51033)
12:10 AM: sskupdater3.exe (ID = 166386)
12:10 AM: mainsafe.exe (ID = 157404)
12:10 AM: bingo_big3123[1].ico (ID = 51022)
12:10 AM: 1507588_2504_356_3300_75.41.tmp1 (ID = 162545)
12:10 AM: 65936_1204_608_520_75.41.tmp1 (ID = 162545)
12:10 AM: 131468_1364_764_3720_75.41.tmp1 (ID = 162545)
12:10 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-011411-00.mdmp". The system cannot find the file specified
12:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:10 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:10 AM: 65920_1280_484_1372_75.41.tmp1 (ID = 162545)
12:10 AM: frzckwt.exe (ID = 138872)
12:10 AM: 65960_1160_252_3632_75.41.tmp1 (ID = 162545)
12:11 AM: 0nr9vi84.exe (ID = 157331)
12:11 AM: bundlelite.exe (ID = 166149)
12:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:11 AM: ssk3repairinstall.exe (ID = 158470)
12:11 AM: autoit3.exe (ID = 119348)
12:11 AM: 65822_492_624_2180_75.41.tmp1 (ID = 162545)
12:11 AM: 196884_1132_624_2332_75.41.tmp1 (ID = 162545)
12:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:11 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:11 AM: 131468_1364_764_4020_75.41.tmp1 (ID = 162545)
12:11 AM: 65828_636_1404_496_75.41.tmp1 (ID = 162545)
12:12 AM: cmappsetup[1].exe (ID = 115280)
12:12 AM: sntaudio.tmp (ID = 138228)
12:12 AM: norisuni.exe (ID = 138284)
12:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:12 AM: ssk3_b5.exe (ID = 131314)
12:12 AM: Warning: Failed to open file "c:\windows\pchealth\errorrep\userdumps\mainsafe.exe.20051022-083303-00.mdmp". The system cannot find the file specified
12:12 AM: toolbar_installer.exe (ID = 164824)
12:12 AM: nahbluff.exe (ID = 154779)
12:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:12 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:12 AM: setup1050.exe (ID = 166207)
12:12 AM: 65942_1276_848_3800_75.41.tmp1 (ID = 162545)
12:12 AM: nrmsp6v7.exe (ID = 130510)
12:12 AM: 65944_1156_356_3764_75.41.tmp1 (ID = 162545)
12:13 AM: 65940_1212_636_3644_75.41.tmp1 (ID = 162545)
12:13 AM: 65942_1280_612_3828_75.41.tmp1 (ID = 162545)
12:13 AM: 459000_3852_4044_2636_75.41.tmp1 (ID = 162545)
12:13 AM: preuninstallcom.exe (ID = 74818)
12:13 AM: 65974_1208_612_1864_75.41.tmp1 (ID = 162545)
12:13 AM: uninst.exe (ID = 73428)
12:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:13 AM: mon0104.dbd (ID = 57676)
12:13 AM: mon1920.dbd (ID = 57692)
12:13 AM: mon2007.dbd (ID = 57693)
12:13 AM: kw[1].exe (ID = 166307)
12:13 AM: preuninstallql.exe (ID = 131326)
12:13 AM: fatpickle.exe (ID = 166140)
12:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:13 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:13 AM: uninst.exe (ID = 73428)
12:13 AM: 65988_1356_928_1752_75.41.tmp1 (ID = 162545)
12:13 AM: 65956_1372_856_1756_75.41.tmp1 (ID = 162545)
12:13 AM: 65988_1356_928_2052_75.41.tmp1 (ID = 162545)
12:13 AM: 65950_1200_532_836_75.41.tmp1 (ID = 162545)
12:13 AM: kw[1].exe (ID = 166307)
12:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:14 AM: s2gg.3.exe (ID = 164538)
12:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:14 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:15 AM: 65966_1404_584_1760_75.41.tmp1 (ID = 162545)
12:15 AM: 131374_580_1360_1612_75.41.tmp1 (ID = 162545)
12:15 AM: mc-60-550-0000166.exe (ID = 156269)
12:15 AM: crptclrs.tmp (ID = 156483)
12:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:15 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:16 AM: 65994_1536_920_3752_75.41.tmp1 (ID = 162545)
12:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:16 AM: bho.dll (ID = 167068)
12:16 AM: mon1215.dbd (ID = 57687)
12:16 AM: mainsafe.empty.ini (ID = 166338)
12:16 AM: watch_free_porn.exe (ID = 156913)
12:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:16 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:16 AM: adsetup.silent.1.13.exe (ID = 167465)
12:16 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
12:16 AM: 1.exe (ID = 144062)
12:16 AM: cmappsetup.exe (ID = 115280)
12:16 AM: kw[1].exe (ID = 166307)
12:17 AM: wincmapp.exe (ID = 145805)
12:17 AM: 111419.exe (ID = 156165)
12:17 AM: cmapp13.exe (ID = 156523)
12:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:17 AM: vfx3.exe (ID = 155627)
12:17 AM: plugin.dll (ID = 154761)
12:17 AM: upd0002.exe (ID = 156532)
12:17 AM: pinkkas2123.ico (ID = 51041)
12:17 AM: greenmovie2313asaadsasfad112341231adsfa1.ico (ID = 51033)
12:17 AM: sskknwrd.dll (ID = 77733)
12:17 AM: nsa12f6.dll (ID = 51054)
12:17 AM: 99_app99.exe (ID = 164538)
12:17 AM: adwsetup_upd.exe (ID = 161596)
12:17 AM: installerv5.exe (ID = 162519)
12:17 AM: pf78.exe (ID = 164525)
12:17 AM: ssk3_b5.exe (ID = 162654)
12:17 AM: ssk3_installerv5.exe (ID = 162632)
12:17 AM: installerv5.exe (ID = 162519)
12:17 AM: Found Adware: apropos
12:17 AM: wingenerics.dll (ID = 50187)
12:17 AM: bk.exe (ID = 162785)
12:17 AM: repairs302972949.dll (ID = 163735)
12:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:17 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:17 AM: u4ce.tmp (ID = 166386)
12:17 AM: communicator.dll (ID = 131321)
12:17 AM: w181609.stub.exe (ID = 107248)
12:17 AM: plugin.dll (ID = 154758)
12:17 AM: dsr.exe (ID = 121121)
12:17 AM: mc-62-602-0000156.exe (ID = 156269)
12:17 AM: qlink32.dll (ID = 73425)
12:17 AM: qldf.bin (ID = 131688)
12:17 AM: grinstall7.dll (ID = 161539)
12:18 AM: ssk.exe (ID = 163864)
12:18 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
12:18 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
12:18 AM: sskbho.dll (ID = 163865)
12:18 AM: stb.exe (ID = 94666)
12:18 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || stb (ID = 0)
12:18 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 AM: pfudt92c.exe (ID = 157330)
12:18 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || pfudt92c (ID = 0)
12:18 AM: pokapoka78.exe (ID = 179560)
12:18 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || System service78 (ID = 0)
12:18 AM: sskcore.dll (ID = 163866)
12:18 AM: pshwr.exe (ID = 138228)
12:18 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || pshower (ID = 0)
12:18 AM: cmappclient.exe (ID = 123418)
12:18 AM: netlanm.dll (ID = 138227)
12:18 AM: fcengine.exe (ID = 154760)
12:18 AM: cmsystem.exe (ID = 154757)
12:18 AM: ichckupd.exe (ID = 156483)
12:18 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || ichckupd (ID = 0)
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: pdrpdb.dll (ID = 156482)
12:18 AM: 81vqpr7q.dll (ID = 157332)
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: pkshdqhy.dll (ID = 138109)
12:18 AM: italmvga.dll (ID = 156497)
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: mc-60-550-0000166.exe (ID = 156275)
12:18 AM: HKU\S-1-5-21-84304167-3774641022-2466337760-1006\Software\Microsoft\Windows\CurrentVersion\Run || DNS (ID = 0)
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: The Spy Communication shield has blocked access to: st.bestoffersnetworks.com
12:18 AM: services.exe (ID = 69312)
12:18 AM: catcher.dll (ID = 156267)
12:18 AM: dsr.dll (ID = 115632)
12:18 AM: mon0204.ddx (ID = 57680)
12:18 AM: mon0315.ddx (ID = 57680)
12:18 AM: mon0504.ddx (ID = 57680)
12:18 AM: mon0904.ddx (ID = 57684)
12:18 AM: mon1204.ddx (ID = 57680)
12:18 AM: Warning: Failed to open file "c:\documents and settings\joey\cookies\joey@adshttp[2].txt". The system cannot find the file specified
12:18 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:18 AM: mon1125.ddx (ID = 57685)
12:18 AM: mon1909.ddx (ID = 57684)
12:18 AM: sf[1].txt (ID = 110126)
12:18 AM: sf.txt (ID = 110126)
12:18 AM: rf[1].txt (ID = 110125)
12:18 AM: rf.txt (ID = 110125)
12:18 AM: mon0412.ddx (ID = 57680)
12:18 AM: mon0106.ddx (ID = 57679)
12:18 AM: sf.txt (ID = 110126)
12:18 AM: rf.txt (ID = 110125)
12:18 AM: install.inf (ID = 161519)
12:19 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 AM: File Sweep Complete, Elapsed Time: 00:09:43
12:19 AM: Full Sweep has completed. Elapsed time 00:36:15
12:19 AM: Traces Found: 2215
12:19 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:19 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 AM: Removal process initiated
12:20 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:20 AM: Quarantining All Traces: abetterinternet
12:47 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:47 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:47 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:47 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: The Spy Communication shield has blocked access to: mm.delfinproject.com
12:48 AM: | End of Session, Thursday, October 27, 2005 |
********
11:35 PM: | Start of Session, Wednesday, October 26, 2005 |
11:35 PM: Spy Sweeper started
11:40 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:40 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:41 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:41 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:42 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:42 PM: Your spyware definitions have been updated.
11:42 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:42 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:42 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:42 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:42 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
11:42 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:42 PM: The Spy Communication shield has blocked access to: mm.delfinproject.com
11:43 PM: | End of Session, Wednesday, October 26, 2005 |
  • 0

#9
joeyryan
Posted 27 October 2005 - 10:36 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hijack This uninstall log

Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AIM "You've Got Pictures" Picture Finder Plugin v9.5.1.8
AOL Instant Messenger
AOLIcon
ContextPlus
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
DivX
DivX Player
DVD X Copy Platinum 4.0.3
DVD X Rescue
EarthLink setup files
eMule
Fatpickle Toolbar
Get High Speed Internet!
HijackThis 1.99.1
IE Host R3
IEEE 802.11g USB Wireless LAN Adapter
Intel® 537EP V9x DF PCI Modem
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox (1.0.4)
Musicmatch® Jukebox
Nero 6 Ultra Edition
Norton AntiVirus 2002
Photo Click
Pop-Up Stopper Free Edition
PowerDVD 5.5
PowerQuest PartitionMagic 8.0
PShow
QuickTime
RealPlayer
Registry Cleaner
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Select CashBack
SelectRebates
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spy Sweeper
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
WebDP 2.07
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
WinZip
WordPerfect Office 12
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
  • 0

#10
andydf
Posted 28 October 2005 - 07:06 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Ok :)

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [tbvxvlo] C:\WINDOWS\tbvxvlo.exe
O4 - HKLM\..\Run: [B1B5B8B9B8BEBBC0] 767A7D7E7D8380.exe
O4 - HKLM\..\Run: [amyxmyt] C:\WINDOWS\amyxmyt.exe
O4 - HKLM\..\Run: [nmjtinv] C:\WINDOWS\nmjtinv.exe
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\system32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000166.exe
O4 - HKCU\..\Run: [SOProc_RegSoAlertWxLiteNnAj] rundll32 shell32.dll,ShellExec_RunDLL C:\PROGRA~1\SOFTWA~1\soproc.exe -pack RegSoAlertWxLiteNnAj
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...all4110_sp2.cab

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

Fatpickle Toolbar
Select CashBack
SelectRebates

Please note any other programs that you dont recognize in add/remove in your next response

Please delete these folders using Windows Explorer(if present):
Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!

C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\vidmon
C:\PROGRA~1\SOFTWA~1

Please delete these files using Windows Explorer(if present):
Use windows search facility if you have trouble finding these files.

C:\WINDOWS\tbvxvlo.exe
767A7D7E7D8380.exe
C:\WINDOWS\amyxmyt.exe
C:\WINDOWS\nmjtinv.exe
lockx.exe
C:\Program Files\Common Files\Windows\mc-110-12-0000166.exe

Whilst in safe mode I would like you to run Spysweeper again, close all windows/programs for the duration of the scan.

After that, Reboot.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :)

Andy :tazz:
  • 0

Advertisements

#11
joeyryan
Posted 28 October 2005 - 01:59 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
It's running very smoothly right now. For some reason though, I was not allowed to delete Fatpickle Toolbar. Here is the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:57:59 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.shar...ver/Install.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures06.ai...AIM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#12
andydf
Posted 29 October 2005 - 10:27 AM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Looking good :)

For the next stage we need to disable spysweeper.

To disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Exit Spysweeper.
Once that is done, please follow the directions below.

Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Next, open Spysweeper

click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits
*Please UNCHECK Do not Sweep System Restore Folder.
Let spysweeper run another clean with these options checked, and post the log in your reply.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :)

Andy :tazz:
  • 0

#13
joeyryan
Posted 29 October 2005 - 12:07 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I don't know where "Sheilds" is on my computer...?
  • 0

#14
andydf
Posted 29 October 2005 - 12:10 PM

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
It is part of the spysweeper software.

Double click the spysweeper icon and it is on the main panel.
  • 0

#15
joeyryan
Posted 29 October 2005 - 03:09 PM

joeyryan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
It's been scanning for more than an hour now. The only thing that changes is "Traces Found" and it's up to 4,000 right now. Is this normal?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP