WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Zestyfind + VX2.Look2Me + I Search Desktop Search Toolbar
Started by
Matt1833
, Mar 03 2006 11:03 AM
-
This topic is locked
32 replies to this topic
#1
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 03 March 2006 - 11:03 AM
Register to Remove
#2
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 March 2006 - 11:48 AM
Hello Matt1833 and Welcome to Tom Coyote,
STEP 1.
======
Look2Me
You have the latest version of VX2. Download L2mfix from one of these two locations:
http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe
You may receive pop-up asking if you will allow script to run when you perform the following instructions. Please allow the script to run.
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
If you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
STEP 1.
======
Look2Me
You have the latest version of VX2. Download L2mfix from one of these two locations:
http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe
You may receive pop-up asking if you will allow script to run when you perform the following instructions. Please allow the script to run.
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
If you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#3
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 03 March 2006 - 12:10 PM
Susan,
Thank you for your help. I have followed your instructions.
This is the log file that it has generated.
Once again your help is greatly appreciated.
L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDlls]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\l88m0il1e8q.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4DF9427C-C5CE-E157-32D0-725329F2E121}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}"="ShellLink for Application References"
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}"="Shell Icon Handler for Application References"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"="PowerISO"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{6db8213d-6561-483a-af7b-393725a1f0d3}"="eFax Messenger - Shell Extension"
"{969223c0-26aa-11d0-90ee-444553540000}"="Shell Extension"
"{7E787E0A-1A84-40CE-AD3C-4A106A7E4F8F}"=""
"{CCA60260-A2C9-11D2-BA62-0020188191B2}"="Registrar Registry Manager SHell Extension"
"{218EE944-4DDF-41D5-BF91-FD746EAE16FF}"=""
"{15C3DCC7-113B-440B-B462-A537D20BFF16}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7E787E0A-1A84-40CE-AD3C-4A106A7E4F8F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E787E0A-1A84-40CE-AD3C-4A106A7E4F8F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E787E0A-1A84-40CE-AD3C-4A106A7E4F8F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7E787E0A-1A84-40CE-AD3C-4A106A7E4F8F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mjident.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{15C3DCC7-113B-440B-B462-A537D20BFF16}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15C3DCC7-113B-440B-B462-A537D20BFF16}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15C3DCC7-113B-440B-B462-A537D20BFF16}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{15C3DCC7-113B-440B-B462-A537D20BFF16}\InprocServer32]
@="C:\\WINDOWS\\system32\\MVC71KOR.DLL"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
bassmod.dll Sat Feb 11 2006 8:40:52p A.... 34,308 33.50 K
fp0u03~1.dll Fri Mar 3 2006 2:56:12a ..S.R 235,753 230.23 K
gdi32.dll Wed Dec 28 2005 9:54:36p A.... 280,064 273.50 K
gmaccman.dll Wed Dec 14 2005 6:57:12p A.... 270,336 264.00 K
gmmescom.dll Wed Dec 21 2005 4:38:20p A.... 65,536 64.00 K
h44m0e~1.dll Fri Mar 3 2006 12:42:30a ..S.R 235,233 229.72 K
i6jqlg~1.dll Fri Mar 3 2006 2:44:52a ..S.R 234,363 228.87 K
irn4l5~1.dll Fri Mar 3 2006 12:59:50a ..S.R 235,727 230.20 K
l88m0i~1.dll Fri Mar 3 2006 11:12:30a ..... 234,887 229.38 K
mvc71kor.dll Fri Mar 3 2006 11:19:34a ..S.R 234,887 229.38 K
o8luli~1.dll Fri Mar 3 2006 11:19:34a ..S.R 236,825 231.27 K
pgpgw.dll Fri Feb 24 2006 5:29:14p A.... 224,768 219.50 K
pgpoe.dll Fri Feb 24 2006 5:29:14p A.... 209,408 204.50 K
pncrt.dll Sun Feb 19 2006 8:18:26p A.... 278,528 272.00 K
pndx5016.dll Sun Feb 19 2006 8:18:28p A.... 6,656 6.50 K
pndx5032.dll Sun Feb 19 2006 8:18:28p A.... 5,632 5.50 K
rmoc3260.dll Sun Feb 19 2006 8:18:40p A.... 176,167 172.04 K
webclnt.dll Tue Jan 3 2006 10:35:06p A.... 68,096 66.50 K
wmp.dll Tue Dec 6 2005 6:02:16a A.... 5,533,696 5.28 M
19 items found: 19 files (6 H/S), 0 directories.
Total of file sizes: 8,800,870 bytes 8.39 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2C5A-47C4
Directory of C:\WINDOWS\System32
03/03/2006 11:19 AM 234,887 MVC71KOR.DLL
03/03/2006 11:19 AM 236,825 o8luli3918.dll
03/03/2006 02:56 AM 235,753 fp0u03d9e.dll
03/03/2006 02:51 AM <DIR> dllcache
03/03/2006 02:44 AM 234,363 i6jqlg1516.dll
03/03/2006 12:59 AM 235,727 irn4l55q1.dll
03/03/2006 12:42 AM 235,233 h44m0eh1eh4.dll
11/09/2005 05:00 PM <DIR> Microsoft
08/04/2004 12:56 AM 155,648 csrrs.exe
7 File(s) 1,568,436 bytes
2 Dir(s) 42,567,307,264 bytes free
#4
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 March 2006 - 01:07 PM
Hello Matt1833,
Let's continue with the fix now.
Look2Me
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so! DO NOT run in safe mode!!
If after the reboot the log does not open, double click on it in the l2mfix folder.
Let's continue with the fix now.
Look2Me
Close any programs you have open since this step requires a reboot.
From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.
IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so! DO NOT run in safe mode!!
If after the reboot the log does not open, double click on it in the l2mfix folder.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#5
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 03 March 2006 - 01:47 PM
Susan,
I did what you instructed me to do. When the computer
rebooted it did not continue a scan, or post up a log.
Here is the log from that program, followed by
the new "Hijack This Log" I ran after it rebooted.
I also copied the image while the first this was
running. Maybe this will also help.
Thank you, thank you, thank you.
Please let me know the next steps.
L2mfix 010406
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
Logfile of HijackThis v1.99.1
Scan saved at 2:38:31 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\HijackThis.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Symantec AntiVirus.lnk = C:\Program Files\Symantec AntiVirus\VPC32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\l88m0il1e8q.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
I did what you instructed me to do. When the computer
rebooted it did not continue a scan, or post up a log.
Here is the log from that program, followed by
the new "Hijack This Log" I ran after it rebooted.
I also copied the image while the first this was
running. Maybe this will also help.
Thank you, thank you, thank you.
Please let me know the next steps.
L2mfix 010406
Creating Account.
The command completed successfully.
Adding Administrative privleges.
The command completed successfully.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*
zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
Logfile of HijackThis v1.99.1
Scan saved at 2:38:31 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\HijackThis.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Symantec AntiVirus.lnk = C:\Program Files\Symantec AntiVirus\VPC32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\l88m0il1e8q.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Edited by Matt1833, 03 March 2006 - 01:49 PM.
#6
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 March 2006 - 06:26 PM
Hi Matt1833,
This is a different fix for the Look2me. Let's go ahead and try this one.
Please download Look2Me-Destroyer.exe to your desktop.
If you receive a runtime error '339'. please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32. Directory
http://www.ascentive...ib/MSWINSCK.OCX
This is a different fix for the Look2me. Let's go ahead and try this one.
Please download Look2Me-Destroyer.exe to your desktop.
- Close all windows before continuing.
- Double-click Look2Me-Destroyer.exe to run it.
- Put a check next to Run this program as a task .
- You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
- When Look2Me-Destroyer re-opens, click the Scan for L2M button , your desktop icons will disappear, this is normal.
- Once it's done scanning, click the Remove L2M button .
- You will receive a Done Scanning message, click OK .
- When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK .
- Your computer will then shutdown.
- Turn your computer back on.
- Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a runtime error '339'. please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32. Directory
http://www.ascentive...ib/MSWINSCK.OCX
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#7
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 03 March 2006 - 09:32 PM
Susan,
I downloaded the program, then I downloaded "MSWINSCK.OCX" from the source you provided
because I got the "runtire error '339'"
After I click "Scan for L2m" (this is AFTER I have closed everything and have chosen to
run it as a process) the computer instantly reboots/crashes.
I tried this 3 times and all 3 times it crashed and 2 of the 3 times "Active
Desktop Recovery" popped up on the restart.
There was absolutely nothing in the "Look2Me-Destroyer.txt" file.
I have posted a "HiJack This" LOG to be thorough.
Thank you for all your help. It is greatly appreciated.
Please don't give up on me! 
<LOG FILE STARTS>
Logfile of HijackThis v1.99.1
Scan saved at 10:29:06 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\HijackThis.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Symantec AntiVirus.lnk = C:\Program Files\Symantec AntiVirus\VPC32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\l88m0il1e8q.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
<LOG FILE STOPS>
<LOG FILE STARTS>
Logfile of HijackThis v1.99.1
Scan saved at 10:29:06 PM, on 3/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\HijackThis.exe
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Symantec AntiVirus.lnk = C:\Program Files\Symantec AntiVirus\VPC32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\l88m0il1e8q.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
<LOG FILE STOPS>
#8
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 03 March 2006 - 10:39 PM
Hello Matt1833,
Let's run ewido. The log will provide clues.
STEP 1.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:
Let's run ewido. The log will provide clues.
STEP 1.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- From the main ewido screen, click on update in the left menu, then click the Start update button.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
- If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#9
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 04 March 2006 - 12:45 AM
Susan,
Okay, I did what you asked. Here is the Scan report that it generated.
Thank you for your help. Just let me know what to do next! =)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:39:35 AM, 3/4/2006
+ Report-Checksum: D5773949
+ Scan result:
[1800] C:\WINDOWS\system32\dwskperf.dll -> Adware.Look2Me : Error during cleaning
[2020] C:\WINDOWS\system32\dwskperf.dll -> Adware.Look2Me : Error during cleaning
C:\!KillBox\whpns.dll -> Adware.Look2Me : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zbzdowux.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Matt Wenger\Application Data\Mozilla\Firefox\Profiles\9y7b49s5.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\backups\backup-20060302-184031-779.dll -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\backups\backup-20060302-184306-538.dll -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\backups\backup-20060302-184330-636.dll -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Desktop\Stuff\256mb jump drive\Program Files\Radmin\radmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Desktop\Stuff\256mb jump drive\Program Files\Radmin\r_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\A7D16.tmp/dgfgql.exe -> Adware.Suggestor : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\bkmfegnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\Cookies\matt wenger@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\Cookies\matt wenger@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\emkdegnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\gkpmfgnd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temp\pre1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temporary Internet Files\Content.IE5\JQ3J53PK\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Matt Wenger\Local Settings\Temporary Internet Files\Content.IE5\JQ3J53PK\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup
C:\inrh9400.exe -> Downloader.Small.bke : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\153F1AC6-2710-49D5-8923-5C1947\B9D4B407-828F-4185-A7D1-159577 -> Adware.WebHancer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\153F1AC6-2710-49D5-8923-5C1947\DD7B46D3-69F4-4CD0-98D8-8951DB -> Adware.WebHancer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1C7C7EF6-EC79-4967-957B-A230C7\33B29D1D-B8CF-4B26-B079-008A23 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1C7C7EF6-EC79-4967-957B-A230C7\50AE329C-53E6-422C-82A0-DDC3D0 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1C7C7EF6-EC79-4967-957B-A230C7\883BD122-0961-4001-B678-08BC05 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\28A54A7A-FF37-48ED-933A-04757C\A7F4EACF-584B-429D-8E41-049E4A -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\670E0F88-705F-4ED9-8B2F-1A0071\7325E892-7CFC-47B0-9C2F-D4A3D2 -> Downloader.Adload.l : Cleaned with backup
C:\WINDOWS\pss\svchost.exeCommon Startup -> Dropper.VB.lu : Cleaned with backup
C:\WINDOWS\system32\csrrs.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\dnjo0113e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fp0u03d9e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h44m0eh1eh4.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\i6jqlg1516.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\irn4l55q1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kt26l7fs1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\n22u0cf9ef2.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o8luli3918.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\matt wenger@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
::Report End
#10
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 04 March 2006 - 07:25 AM
Please hang in there Matt,
I am going to consult others about this. Ewido did clean a few things.
Susan
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
Register to Remove
#11
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 04 March 2006 - 07:49 AM
Hello Matt,
This trial works well on Look2me so let's give it a shot!
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Download the trial version of Spy Sweeper from Here
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Empty Recycle Bin
Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.
This trial works well on Look2me so let's give it a shot!
Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
Please do not delete anything unless instructed to.
Download the trial version of Spy Sweeper from Here
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Empty Recycle Bin
Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.
Edited by Susan528, 04 March 2006 - 07:56 AM.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#12
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 04 March 2006 - 11:53 AM
Susan,
Once again thank you for your patience and investment in helping me resolve these issues.
I do realize you have better things to do and I want to thank you for your committment.
I did exactly what you said.
The computer "seems" to be doing better.
In the few minutes since I've rebooted and have posted this
I have not had any pop-up windows. I still think there
are problems (minor) but we're getting there, I think.
Thanks.
Spy Sweeper Results Pasted:
********
11:58 AM: | Start of Session, Saturday, March 04, 2006 |
11:58 AM: Spy Sweeper started
11:58 AM: Sweep initiated using definitions version 625
11:58 AM: Found Adware: look2me
11:58 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\h323tsp\ || dllname (ID = 1139664)
11:58 AM: ir8ul5l91.dll (ID = 1139664)
11:58 AM: Starting Memory Sweep
12:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:01 PM: Memory Sweep Complete, Elapsed Time: 00:02:59
12:01 PM: Starting Registry Sweep
12:01 PM: Registry Sweep Complete, Elapsed Time:00:00:20
12:01 PM: Starting Cookie Sweep
12:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:01 PM: Starting File Sweep
12:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:12 PM: guard.tmp (ID = 159)
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:12 PM: m046lahs1d46.dll (ID = 159)
12:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:15 PM: mgcndmgr.dll (ID = 159)
12:15 PM: mdg_hook.dll (ID = 159)
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: hr8o05l3e.dll (ID = 159)
12:16 PM: ir8ul5l91.dll (ID = 159)
12:16 PM: kndtuf.dll (ID = 159)
12:16 PM: ktl4l73q1.dll (ID = 159)
12:16 PM: enp6l17s1.dll (ID = 159)
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: Found Trojan Horse: trojan downloader matcash
12:22 PM: explorer.exe (ID = 247512)
12:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: Found Adware: webhancer
12:22 PM: 302f3afb-e4b0-4fb1-adc5-e1a7c4 (ID = 188794)
12:22 PM: Found System Monitor: potentially rootkit-masked files
12:22 PM: ld0050_landscaper sample 2.doc (ID = 0)
12:22 PM: ld0050_landscaper sample 2.doc (ID = 0)
12:22 PM: how to get more customers to call, buy, and beg for more - for prospects.rtf (ID = 0)
12:22 PM: notes on financial seminars.doc (ID = 0)
12:22 PM: notes on financial seminars.doc (ID = 0)
12:22 PM: home loan certification test.doc (ID = 0)
12:22 PM: income protection certification test.doc (ID = 0)
12:22 PM: district to divison test certification.doc (ID = 0)
12:22 PM: regional to rvp test ceritification.doc (ID = 0)
12:22 PM: sr rep to district test certification.doc (ID = 0)
12:22 PM: sr rep to district test certification.doc (ID = 0)
12:22 PM: regional to rvp test ceritification.doc (ID = 0)
12:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:22 PM: district to divison test certification.doc (ID = 0)
12:22 PM: smart certification test.doc (ID = 0)
12:22 PM: district to divison test certification.doc (ID = 0)
12:22 PM: income~1.doc (ID = 0)
12:22 PM: division to regional test certification.doc (ID = 0)
12:22 PM: sr rep to district test certification.doc (ID = 0)
12:22 PM: residential rental property manager agreement.txt (ID = 0)
12:22 PM: residential rental property manager agreement2.txt (ID = 0)
12:22 PM: residential rental property manager agreement2.txt (ID = 0)
12:22 PM: notice of change of terms of tenancygenericversion.txt (ID = 0)
12:22 PM: disclosures by landlord or agent for landlord.txt (ID = 0)
12:22 PM: consent to background and reference check1.txt (ID = 0)
12:22 PM: consent to background and reference check.txt (ID = 0)
12:22 PM: security deposit itemizationgenericversion.txt (ID = 0)
12:22 PM: three-day notice to pay rent or quitcaversion.txt (ID = 0)
12:22 PM: notice of change of terms of tenancycaversion.txt (ID = 0)
12:22 PM: disclosures by landlord or agent for landlord.txt (ID = 0)
12:22 PM: warning notice (complaints from neighbors-residents).txt (ID = 0)
12:22 PM: three-day notice to perform covenant or quitcaversion.txt (ID = 0)
12:22 PM: notice of reinstatement of terms oftenancygenericversion.txt (ID = 0)
12:22 PM: notice of reinstatement of terms of tenancycaversion.txt (ID = 0)
12:22 PM: notice of intent to enter dwelling unitgenericversion.txt (ID = 0)
12:22 PM: attachment-agreement regarding use ofwaterbedcaversion.txt (ID = 0)
12:22 PM: notice of belief of abandonmentgenericversion.txt (ID = 0)
12:22 PM: notice of change of terms of tenancycaversion.txt (ID = 0)
12:22 PM: notice of change of terms of tenancygenericversion.txt (ID = 0)
12:22 PM: notice of intent to enter dwelling unitcaversion.txt (ID = 0)
12:22 PM: three-day notice to perform covenant or quit.txt (ID = 0)
12:22 PM: three-day notice to pay rent or quitcaversion.txt (ID = 0)
12:22 PM: three-day notice to pay rent or quitgenericversion.txt (ID = 0)
12:22 PM: notice of intent to enter dwelling unitcaversion.txt (ID = 0)
12:22 PM: notice of belief of abandonmentcaversion.txt (ID = 0)
12:22 PM: three-day notice to pay rent or quitgenericversion.txt (ID = 0)
12:22 PM: purchase agreement filled out for lease option that is not assigned.doc (ID = 0)
12:22 PM: kta0010 detailedv1.0.doc (ID = 0)
12:22 PM: kta001~1.doc (ID = 0)
12:22 PM: kta001~2.doc (ID = 0)
12:22 PM: kta0010 values-based.doc (ID = 0)
12:22 PM: educational overview program.rtf (ID = 0)
12:22 PM: educational overview program.rtf (ID = 0)
12:22 PM: story telling selling.doc (ID = 0)
12:22 PM: 2005 pfs presentation.doc (ID = 0)
12:22 PM: kta0010 basic v1.0.doc (ID = 0)
12:22 PM: residential rental property manager agreement.doc (ID = 0)
12:22 PM: kta0010 basic outline.doc (ID = 0)
12:22 PM: kta0010 detailed v2.0.doc (ID = 0)
12:22 PM: residential rental property manager agreement.doc (ID = 0)
12:22 PM: residential rental property manager agreement2.doc (ID = 0)
12:22 PM: ktb78c~1.doc (ID = 0)
12:22 PM: kta001~4.doc (ID = 0)
12:22 PM: residential rental property manager agreement2.doc (ID = 0)
12:22 PM: kta0010 basic v1.0.doc (ID = 0)
12:22 PM: corporate overview-educational seminar ksi.doc (ID = 0)
12:22 PM: kta001~3.doc (ID = 0)
12:22 PM: objectives, ideas, and notes for educational overview.doc (ID = 0)
12:22 PM: kta0010 basic v1.0.doc (ID = 0)
12:22 PM: letter to folks who are in foreclosure - direct mail to list of foreclosures - this letter offers to bring payments current.doc (ID = 0)
12:22 PM: ps0050 office calls and confirms them into educational overview.doc (ID = 0)
12:22 PM: ps0050 office calls and confirms them into educational overview.doc (ID = 0)
12:22 PM: ls0020 thankyou note from rep for 15 minute appointment.doc (ID = 0)
12:22 PM: script#6 calling to confirm fna implementation appointment.doc (ID = 0)
12:22 PM: after getting sigs - lockbox + sign info - vacant.doc (ID = 0)
12:22 PM: ls0010 warm introduction letter from client to potential client version 2.doc (ID = 0)
12:22 PM: verbal agreement - no sigs - letter sent with pa - contract.doc (ID = 0)
12:22 PM: after getting sigs - lockbox + sign info - vacant.doc (ID = 0)
12:22 PM: ls0010 warm introduction letter from client to potential client version 2.doc (ID = 0)
12:22 PM: kitchen table appointment - ksi notes.doc (ID = 0)
12:22 PM: notice of change of terms of tenancycaversion.doc (ID = 0)
12:22 PM: notice of change of terms of tenancycaversion.doc (ID = 0)
12:22 PM: three-day notice to perform covenant or quit.doc (ID = 0)
12:22 PM: three-day notice to pay rent or quitcaversion.doc (ID = 0)
12:22 PM: pfs - the emyth way.doc (ID = 0)
12:22 PM: 14ip kta0020 rep goes and collects information.doc (ID = 0)
12:22 PM: three-day notice to perform covenant or quitcaversion.doc (ID = 0)
12:22 PM: consent to background and reference check1.doc (ID = 0)
12:22 PM: consent to background and reference check.doc (ID = 0)
12:22 PM: notice of intent to enter dwelling unitgenericversion.doc (ID = 0)
12:22 PM: 4ip ps0030 reminder call from office for initial appointment.doc (ID = 0)
12:22 PM: letter to folks who are in foreclosure - direct mail to list of foreclosures.doc (ID = 0)
12:22 PM: attachment-agreement regarding use ofwaterbedcaversion.doc (ID = 0)
12:22 PM: ls0010 warm introduction letter from client to potential client version 2.doc (ID = 0)
12:22 PM: 14ip kta0020 rep goes and collects information.doc (ID = 0)
12:22 PM: 10 edo0020 educational overview takes place.doc (ID = 0)
12:22 PM: verbal agreement - no sigs - still interested letter.doc (ID = 0)
12:22 PM: 8ip ps0050 office calls and confirms them into educational overview.doc (ID = 0)
12:22 PM: ls0010 warm introduction letter from client to potential client version 2.doc (ID = 0)
12:22 PM: 2ip ps0010.5 client script-warm introduction.doc (ID = 0)
12:22 PM: 10 edo0020 educational overview takes place.doc (ID = 0)
12:22 PM: 16ip sd0020 rep gives client feedback form to mail in to our office.doc (ID = 0)
12:22 PM: 14ip kta0020 rep goes and collects information.doc (ID = 0)
12:22 PM: three-day notice to pay rent or quitgenericversion.doc (ID = 0)
12:22 PM: notice of intent to enter dwelling unitcaversion.doc (ID = 0)
12:22 PM: letter script#5 thankyou note from rep to client for becoming a client.doc (ID = 0)
12:22 PM: notice of intent to enter dwelling unitcaversion.doc (ID = 0)
12:22 PM: notice of change of terms of tenancygenericversion.doc (ID = 0)
12:22 PM: notice of change of terms of tenancygenericversion.doc (ID = 0)
12:22 PM: three-day notice to pay rent or quitgenericversion.doc (ID = 0)
12:22 PM: three-day notice to pay rent or quitcaversion.doc (ID = 0)
12:22 PM: verbal agreement - no sigs - still interested letter.doc (ID = 0)
12:22 PM: letter to folks who are in foreclosure - direct mail to list of foreclosures.doc (ID = 0)
12:22 PM: educational overview.doc (ID = 0)
12:22 PM: letter script#4 feedback form mailed to office from potential client.doc (ID = 0)
12:22 PM: warning notice (complaints from neighbors-residents).doc (ID = 0)
12:22 PM: 19ip ls0040 rep sends thank you note to family.doc (ID = 0)
12:22 PM: notice of reinstatement of terms oftenancygenericversion.doc (ID = 0)
12:22 PM: notice of reinstatement of terms of tenancycaversion.doc (ID = 0)
12:22 PM: 9ip edo0010 educational overview greeting system.doc (ID = 0)
12:22 PM: disclosures by landlord or agent for landlord.doc (ID = 0)
12:22 PM: notice of belief of abandonmentgenericversion.doc (ID = 0)
12:22 PM: 19ip ls0040 rep sends thank you note to family.doc (ID = 0)
12:22 PM: 5 kta0010 initial appointment with family.doc (ID = 0)
12:22 PM: faq given to potential clients at kta.doc (ID = 0)
12:22 PM: 19ip ls0040 rep sends thank you note to family.doc (ID = 0)
12:22 PM: 5 kta0010 initial appointment with family.doc (ID = 0)
12:22 PM: notice of belief of abandonmentcaversion.doc (ID = 0)
12:22 PM: notice of belief of abandonmentgenericversion.doc (ID = 0)
12:22 PM: notice of reinstatement of terms of tenancy.doc (ID = 0)
12:22 PM: security deposit itemizationgenericversion.doc (ID = 0)
12:22 PM: ls0030 thankyou note forcoming to educational overview.doc (ID = 0)
12:22 PM: disclosures by landlord or agent for landlord.doc (ID = 0)
12:22 PM: notice of belief of abandonmentgenericversion.txt (ID = 0)
12:22 PM: notice of reinstatement of terms of tenancy.txt (ID = 0)
12:22 PM: faq given to potential clients at kta.doc (ID = 0)
12:22 PM: residential rental property manager agreement.txt (ID = 0)
12:22 PM: faq given to potential clients at kta.doc (ID = 0)
12:22 PM: Warning: Unhandled Archive Type
12:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:33 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:33 PM: Warning: Unable to sweep compressed file: System Error. Code: 5.
Access is denied
12:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:34 PM: Warning: Invalid Stream
12:34 PM: Warning: Invalid Stream
12:34 PM: Warning: Invalid Stream
12:34 PM: Warning: Invalid Stream
12:34 PM: Warning: Invalid Stream
12:34 PM: File Sweep Complete, Elapsed Time: 00:32:24
12:34 PM: Full Sweep has completed. Elapsed time 00:35:56
12:34 PM: Traces Found: 150
12:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:37 PM: Removal process initiated
12:37 PM: Quarantining All Traces: look2me
12:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:37 PM: look2me is in use. It will be removed on reboot.
12:37 PM: ir8ul5l91.dll is in use. It will be removed on reboot.
12:37 PM: guard.tmp is in use. It will be removed on reboot.
12:37 PM: mdg_hook.dll is in use. It will be removed on reboot.
12:37 PM: hr8o05l3e.dll is in use. It will be removed on reboot.
12:37 PM: ir8ul5l91.dll is in use. It will be removed on reboot.
12:37 PM: Quarantining All Traces: potentially rootkit-masked files
12:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
12:38 PM: ld0050_landscaper sample 2.doc is in use. It will be removed on reboot.
12:38 PM: ld0050_landscaper sample 2.doc is in use. It will be removed on reboot.
12:38 PM: how to get more customers to call, buy, and beg for more - for prospects.rtf is in use. It will be removed on reboot.
12:38 PM: notes on financial seminars.doc is in use. It will be removed on reboot.
12:38 PM: notes on financial seminars.doc is in use. It will be removed on reboot.
12:38 PM: home loan certification test.doc is in use. It will be removed on reboot.
12:38 PM: income protection certification test.doc is in use. It will be removed on reboot.
12:38 PM: district to divison test certification.doc is in use. It will be removed on reboot.
12:38 PM: regional to rvp test ceritification.doc is in use. It will be removed on reboot.
12:38 PM: sr rep to district test certification.doc is in use. It will be removed on reboot.
12:38 PM: sr rep to district test certification.doc is in use. It will be removed on reboot.
12:38 PM: regional to rvp test ceritification.doc is in use. It will be removed on reboot.
12:38 PM: district to divison test certification.doc is in use. It will be removed on reboot.
12:38 PM: smart certification test.doc is in use. It will be removed on reboot.
12:38 PM: district to divison test certification.doc is in use. It will be removed on reboot.
12:38 PM: income~1.doc is in use. It will be removed on reboot.
12:38 PM: division to regional test certification.doc is in use. It will be removed on reboot.
12:38 PM: sr rep to district test certification.doc is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement.txt is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement2.txt is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement2.txt is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancygenericversion.txt is in use. It will be removed on reboot.
12:38 PM: disclosures by landlord or agent for landlord.txt is in use. It will be removed on reboot.
12:38 PM: consent to background and reference check1.txt is in use. It will be removed on reboot.
12:38 PM: consent to background and reference check.txt is in use. It will be removed on reboot.
12:38 PM: security deposit itemizationgenericversion.txt is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitcaversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancycaversion.txt is in use. It will be removed on reboot.
12:38 PM: disclosures by landlord or agent for landlord.txt is in use. It will be removed on reboot.
12:38 PM: warning notice (complaints from neighbors-residents).txt is in use. It will be removed on reboot.
12:38 PM: three-day notice to perform covenant or quitcaversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of reinstatement of terms oftenancygenericversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of reinstatement of terms of tenancycaversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of intent to enter dwelling unitgenericversion.txt is in use. It will be removed on reboot.
12:38 PM: attachment-agreement regarding use ofwaterbedcaversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of belief of abandonmentgenericversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancycaversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancygenericversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of intent to enter dwelling unitcaversion.txt is in use. It will be removed on reboot.
12:38 PM: three-day notice to perform covenant or quit.txt is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitcaversion.txt is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitgenericversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of intent to enter dwelling unitcaversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of belief of abandonmentcaversion.txt is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitgenericversion.txt is in use. It will be removed on reboot.
12:38 PM: purchase agreement filled out for lease option that is not assigned.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 detailedv1.0.doc is in use. It will be removed on reboot.
12:38 PM: kta001~1.doc is in use. It will be removed on reboot.
12:38 PM: kta001~2.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 values-based.doc is in use. It will be removed on reboot.
12:38 PM: educational overview program.rtf is in use. It will be removed on reboot.
12:38 PM: educational overview program.rtf is in use. It will be removed on reboot.
12:38 PM: story telling selling.doc is in use. It will be removed on reboot.
12:38 PM: 2005 pfs presentation.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 basic v1.0.doc is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 basic outline.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 detailed v2.0.doc is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement.doc is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement2.doc is in use. It will be removed on reboot.
12:38 PM: ktb78c~1.doc is in use. It will be removed on reboot.
12:38 PM: kta001~4.doc is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement2.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 basic v1.0.doc is in use. It will be removed on reboot.
12:38 PM: corporate overview-educational seminar ksi.doc is in use. It will be removed on reboot.
12:38 PM: kta001~3.doc is in use. It will be removed on reboot.
12:38 PM: objectives, ideas, and notes for educational overview.doc is in use. It will be removed on reboot.
12:38 PM: kta0010 basic v1.0.doc is in use. It will be removed on reboot.
12:38 PM: letter to folks who are in foreclosure - direct mail to list of foreclosures - this letter offers to bring payments current.doc is in use. It will be removed on reboot.
12:38 PM: ps0050 office calls and confirms them into educational overview.doc is in use. It will be removed on reboot.
12:38 PM: ps0050 office calls and confirms them into educational overview.doc is in use. It will be removed on reboot.
12:38 PM: ls0020 thankyou note from rep for 15 minute appointment.doc is in use. It will be removed on reboot.
12:38 PM: script#6 calling to confirm fna implementation appointment.doc is in use. It will be removed on reboot.
12:38 PM: after getting sigs - lockbox + sign info - vacant.doc is in use. It will be removed on reboot.
12:38 PM: ls0010 warm introduction letter from client to potential client version 2.doc is in use. It will be removed on reboot.
12:38 PM: verbal agreement - no sigs - letter sent with pa - contract.doc is in use. It will be removed on reboot.
12:38 PM: after getting sigs - lockbox + sign info - vacant.doc is in use. It will be removed on reboot.
12:38 PM: ls0010 warm introduction letter from client to potential client version 2.doc is in use. It will be removed on reboot.
12:38 PM: kitchen table appointment - ksi notes.doc is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancycaversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancycaversion.doc is in use. It will be removed on reboot.
12:38 PM: three-day notice to perform covenant or quit.doc is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitcaversion.doc is in use. It will be removed on reboot.
12:38 PM: pfs - the emyth way.doc is in use. It will be removed on reboot.
12:38 PM: 14ip kta0020 rep goes and collects information.doc is in use. It will be removed on reboot.
12:38 PM: three-day notice to perform covenant or quitcaversion.doc is in use. It will be removed on reboot.
12:38 PM: consent to background and reference check1.doc is in use. It will be removed on reboot.
12:38 PM: consent to background and reference check.doc is in use. It will be removed on reboot.
12:38 PM: notice of intent to enter dwelling unitgenericversion.doc is in use. It will be removed on reboot.
12:38 PM: 4ip ps0030 reminder call from office for initial appointment.doc is in use. It will be removed on reboot.
12:38 PM: letter to folks who are in foreclosure - direct mail to list of foreclosures.doc is in use. It will be removed on reboot.
12:38 PM: attachment-agreement regarding use ofwaterbedcaversion.doc is in use. It will be removed on reboot.
12:38 PM: ls0010 warm introduction letter from client to potential client version 2.doc is in use. It will be removed on reboot.
12:38 PM: 14ip kta0020 rep goes and collects information.doc is in use. It will be removed on reboot.
12:38 PM: 10 edo0020 educational overview takes place.doc is in use. It will be removed on reboot.
12:38 PM: verbal agreement - no sigs - still interested letter.doc is in use. It will be removed on reboot.
12:38 PM: 8ip ps0050 office calls and confirms them into educational overview.doc is in use. It will be removed on reboot.
12:38 PM: ls0010 warm introduction letter from client to potential client version 2.doc is in use. It will be removed on reboot.
12:38 PM: 2ip ps0010.5 client script-warm introduction.doc is in use. It will be removed on reboot.
12:38 PM: 10 edo0020 educational overview takes place.doc is in use. It will be removed on reboot.
12:38 PM: 16ip sd0020 rep gives client feedback form to mail in to our office.doc is in use. It will be removed on reboot.
12:38 PM: 14ip kta0020 rep goes and collects information.doc is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitgenericversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of intent to enter dwelling unitcaversion.doc is in use. It will be removed on reboot.
12:38 PM: letter script#5 thankyou note from rep to client for becoming a client.doc is in use. It will be removed on reboot.
12:38 PM: notice of intent to enter dwelling unitcaversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancygenericversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of change of terms of tenancygenericversion.doc is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitgenericversion.doc is in use. It will be removed on reboot.
12:38 PM: three-day notice to pay rent or quitcaversion.doc is in use. It will be removed on reboot.
12:38 PM: verbal agreement - no sigs - still interested letter.doc is in use. It will be removed on reboot.
12:38 PM: letter to folks who are in foreclosure - direct mail to list of foreclosures.doc is in use. It will be removed on reboot.
12:38 PM: educational overview.doc is in use. It will be removed on reboot.
12:38 PM: letter script#4 feedback form mailed to office from potential client.doc is in use. It will be removed on reboot.
12:38 PM: warning notice (complaints from neighbors-residents).doc is in use. It will be removed on reboot.
12:38 PM: 19ip ls0040 rep sends thank you note to family.doc is in use. It will be removed on reboot.
12:38 PM: notice of reinstatement of terms oftenancygenericversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of reinstatement of terms of tenancycaversion.doc is in use. It will be removed on reboot.
12:38 PM: 9ip edo0010 educational overview greeting system.doc is in use. It will be removed on reboot.
12:38 PM: disclosures by landlord or agent for landlord.doc is in use. It will be removed on reboot.
12:38 PM: notice of belief of abandonmentgenericversion.doc is in use. It will be removed on reboot.
12:38 PM: 19ip ls0040 rep sends thank you note to family.doc is in use. It will be removed on reboot.
12:38 PM: 5 kta0010 initial appointment with family.doc is in use. It will be removed on reboot.
12:38 PM: faq given to potential clients at kta.doc is in use. It will be removed on reboot.
12:38 PM: 19ip ls0040 rep sends thank you note to family.doc is in use. It will be removed on reboot.
12:38 PM: 5 kta0010 initial appointment with family.doc is in use. It will be removed on reboot.
12:38 PM: notice of belief of abandonmentcaversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of belief of abandonmentgenericversion.doc is in use. It will be removed on reboot.
12:38 PM: notice of reinstatement of terms of tenancy.doc is in use. It will be removed on reboot.
12:38 PM: security deposit itemizationgenericversion.doc is in use. It will be removed on reboot.
12:38 PM: ls0030 thankyou note forcoming to educational overview.doc is in use. It will be removed on reboot.
12:38 PM: disclosures by landlord or agent for landlord.doc is in use. It will be removed on reboot.
12:38 PM: notice of belief of abandonmentgenericversion.txt is in use. It will be removed on reboot.
12:38 PM: notice of reinstatement of terms of tenancy.txt is in use. It will be removed on reboot.
12:38 PM: faq given to potential clients at kta.doc is in use. It will be removed on reboot.
12:38 PM: residential rental property manager agreement.txt is in use. It will be removed on reboot.
12:38 PM: faq given to potential clients at kta.doc is in use. It will be removed on reboot.
12:38 PM: Quarantining All Traces: trojan downloader matcash
12:38 PM: Quarantining All Traces: webhancer
12:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:38 PM: Preparing to restart your computer. Please wait...
12:38 PM: Removal process completed. Elapsed time 00:01:46
12:42 PM: BHO Shield: found: iesdpb.dll-- BHO installation denied at user request
12:43 PM: BHO Shield: found: -- BHO installation allowed at user request
12:43 PM: BHO Shield: found: iesdsg.dll-- BHO installation allowed at user request
********
11:57 AM: | Start of Session, Saturday, March 04, 2006 |
11:57 AM: Spy Sweeper started
11:57 AM: Sweep initiated using definitions version 625
11:57 AM: Found Adware: look2me
11:57 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\h323tsp\ || dllname (ID = 1139664)
11:57 AM: ir8ul5l91.dll (ID = 1139664)
11:57 AM: Sweep Canceled
11:57 AM: Traces Found: 2
11:57 AM: Updating spyware definitions
11:57 AM: Your definitions are up to date.
11:58 AM: | End of Session, Saturday, March 04, 2006 |
********
11:56 AM: | Start of Session, Saturday, March 04, 2006 |
11:56 AM: Spy Sweeper started
11:57 AM: Your spyware definitions have been updated.
11:57 AM: | End of Session, Saturday, March 04, 2006 |
"Hijack This" Results Posted:
Logfile of HijackThis v1.99.1
Scan saved at 12:48:00 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Symantec AntiVirus.lnk = C:\Program Files\Symantec AntiVirus\VPC32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bi
#13
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 04 March 2006 - 05:14 PM
Your hijackthis log was cut off. Please post the complete log.
Let's see there are any rootkits present meanwhile.
Download Blacklight Beta from here:
http://www.f-secure....light/try.shtml
Let's see there are any rootkits present meanwhile.
Download Blacklight Beta from here:
http://www.f-secure....light/try.shtml
- Hit I accept. It will take you to download page.
- Download blbeta.exe and save it to the Desktop.
- Once saved... double click blbeta.exe to install the program.
- Click accept agreement and Click scan
This app too may fire off a warning from antivirus. Let the driver load.
Wait for it to finish. - If it displays any items...don't do anything with them yet. Just hit exit (close)
- It will drop a log on Desktop that starts with fsbl....big number
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#14
Matt1833
-
- Authentic Member
-
- 16 posts
New Member
Posted 04 March 2006 - 07:40 PM
Susan,
When I try to install Blacklight Beta I get this error
"was unable to acquire necessary privileges" (se Debug Privileges)
I rebooted and tried this again with no luck, and shutdown all my
spyware programs.
In the meantime (before your last response) I have ran
Spyware Doctor, Spysweeper, Microsoft Giant, and Ewido
and I only got an error from Spysweeper. It claimed
it cleaned it off.
I have not gotten any pop-ups in a long time, but
I still suspect there are some things going on as
the system seems a bit slow, but definitely
improved. Also I did notice Spysweeper mentioned
"Rootkits" and it claimed to clean them, but I
can't remember the details. Thanks for all
your help, I greatly appreciated.
Thanks,
Matt
Here is a post of my HiJack this Log after rebooting.
Logfile of HijackThis v1.99.1
Scan saved at 8:32:42 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt Wenger\Desktop\HELP\Hijack\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Symantec AntiVirus.lnk = C:\Program Files\Symantec AntiVirus\VPC32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pgplsp.dll
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\hr8o05l3e.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
#15
Susan528
-
- Authentic Member
-
- 3,194 posts
SuperMember
Posted 04 March 2006 - 08:23 PM
Hello Matt,
Scan with hijackthis and place a check against each of the following:
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\hr8o05l3e.dll (file missing)
Close all browsers and windows leaving only HijackThis running Click on Fix Checked .
Please post back a fresh HijackThis log and lets make sure that entry is gone.
Scan with hijackthis and place a check against each of the following:
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\hr8o05l3e.dll (file missing)
Close all browsers and windows leaving only HijackThis running Click on Fix Checked .
Please post back a fresh HijackThis log and lets make sure that entry is gone.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
