Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


HiJack This Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 14 December 2005 - 02:59 AM

Hi

Can someone please help me with this?
When on the internet several pop-ups re-occur frequently, such as http://a-d-a-w-a-r-e(something something) and another with sport-results in the name.

The internet sometimes disconnects "itself" and the line hopefully in red about the .dll file being opened early in the windows registry etc. has been deleted using the "Delete a file on reboot" option, but it just comes back under another file.

Is cftmon a good file? If I fix it, it just comes back anyway...

And when I start the computer, an error message pops up about a missing file called NVcp.dll
or something similar(may have missed some letters... but thats basically it...)

Hope you can help!!


Logfile of HijackThis v1.99.1
Scan saved at 7:14:15 PM, on 14/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Documents and Settings\XP\My Documents\Buring Files\LAuREn\ICoNz\GIMP-2.0\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\games\happy\happy.exe
C:\WINDOWS\SynCor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigbutton.com.au/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{80333631-B2F3-42FF-94CE-75D48E004EAE}: NameServer = 203.57.68.5 203.57.68.6
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\o8lu0i39e8.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[code=auto:0]

    Advertisements

Register to Remove


#2 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 28 December 2005 - 01:46 PM

G'day Lauren, welcome to TomCoyote forum. Here is information about ctfmon.exe.
http://www.liutiliti...library/ctfmon/

Now what about the next item in the log? C:\games\happy\happy.exe Do you know what it is? Here is what I am finding.
http://www.bleepingc...y.exe-9836.html
http://castlecops.co...plist-8769.html I believe we should remove it, if you know it is not bad let me know.

I need to know what this is: C:\Documents and Settings\XP\My Documents\Buring Files\LAuREn\ICoNz\GIMP-2.0\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe
It may be this: http://ptj.rozeta.co.../Soft/RawPhoto/ let me know. If you wish to check either of these, you can use these free online scans to do so. Share the information with me:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html

This: O17 - HKLM\System\CCS\Services\Tcpip\..\{80333631-B2F3-42FF-94CE-75D48E004EAE}: NameServer = 203.57.68.5 203.57.68.6 is this:
http://www.samspade....t?a=203.57.68.6 which is your ISP.

Now this: O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\o8lu0i39e8.dll is the major problem. This is what is causing the popups, it is a trojan, probably Look2me. It is very hard to remove, but we are lucky because Webroot will let us use a free trial verion of SpySweeper to remove this trojan. I will remove C:\games\happy\happy.exe at the same time and SS may find and remove other bad stuff that is hiding on your computer. Please follow these directions:

We must download the FREE TRIAL VERSION of SpySweeper and it should be at the very bottom of this page:
http://www.webroot.c...er/latestv.html
Use these instructions: Download the free trial version of Spy Sweeper
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer <<< very important.


Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\o8lu0i39e8.dll (if it is there, it may be gone)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Enable hidden files&folders..reverse the process when finished.
http://www.xtra.co.n...1916458,00.html

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\games\ >>> folder

C:\Windows\Prefetch\ >>> delete everything in this folder (NOT THE FOLDER)
Prefetch info: http://www.windowsne...refetch-XP.html

click on Start > Run > type "cleanmgr" without the quotes then OK. Allow the program to run and remove what it finds. Post the SpySweeper log and a new HJT log along with any information I asked you for.

Thanks...pskelley
TomCoyote forum
Expert Member

When you are completely finished with the removal procedure and are satisfied that the threat has been removed follow these instructions:
http://service1.syma...src=sec_doc_nam
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#3 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 29 December 2005 - 04:05 AM

Hi

Happy.exe is the executable for a game on this computer called Happyland Adventures, so I think it is OK.

Yes, C:\Documents and Settings\XP\My Documents\Buring Files\LAuREn\ICoNz\GIMP-2.0\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe is the file to do with The Gimp.

OK, so I downloaded Spy Sweeper, ran the sweep. It found loads of things, which appear to have been fixed. I restarted.

A message popped up telling me that C:/WINDOWS/System32/NvCpl.dll,NvStartup loads when windows starts up, so I removed this, and restarted, but the message popped up again...

Also it is necessary to reconnect to the internet FREQUENTLY. The pages will just stop loading, the page will say webpage unavailable, even though downloads continue to work.

But as soon as I connected to the internet again the Spy Sweeper message tray thing come up and told me it blocked something from www.ad-w-a-r-e.com, and there is a huge list saying Spy Sweeper blocked things from this and www.a-d-w-a-r-e.com. Is this normal? The .dll file is still in the log too, and if fixed, it doesn't remove.

Here are my Spy Sweeper and HiJack This Logs:

********
7:35 PM: | Start of Session, Thursday, 29 December 2005 |
7:35 PM: Spy Sweeper started
7:35 PM: Sweep initiated using definitions version 556
7:35 PM: Sweep Canceled
7:35 PM: Traces Found: 0
********
7:30 PM: | Start of Session, Thursday, 29 December 2005 |
7:30 PM: Spy Sweeper started
7:30 PM: Sweep initiated using definitions version 556
7:30 PM: Starting Memory Sweep
7:31 PM: Memory Sweep Complete, Elapsed Time: 00:00:52
7:31 PM: Starting Registry Sweep
7:31 PM: Registry Sweep Complete, Elapsed Time:00:00:10
7:31 PM: Starting Cookie Sweep
7:31 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:31 PM: Starting File Sweep
7:35 PM: File Sweep Complete, Elapsed Time: 00:04:02
7:35 PM: Full Sweep has completed. Elapsed time 00:05:11
7:35 PM: Traces Found: 0
7:35 PM: | End of Session, Thursday, 29 December 2005 |
********
7:02 PM: | Start of Session, Thursday, 29 December 2005 |
7:02 PM: Spy Sweeper started
7:02 PM: Sweep initiated using definitions version 556
7:02 PM: Starting Memory Sweep
7:03 PM: Memory Sweep Complete, Elapsed Time: 00:00:55
7:03 PM: Starting Registry Sweep
7:03 PM: Found Adware: e2g
7:03 PM: HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125407)
7:03 PM: HKLM\software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125447)
7:03 PM: HKLM\software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125484)
7:03 PM: HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125529)
7:03 PM: Found Adware: mirar webband
7:03 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135066)
7:03 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135069)
7:03 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135070)
7:03 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135071)
7:03 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135072)
7:03 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135075)
7:03 PM: HKCR\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135076)
7:03 PM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135079)
7:03 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135082)
7:03 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135083)
7:03 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135084)
7:03 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135085)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135088)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135089)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (1 subtraces) (ID = 135090)
7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (1 subtraces) (ID = 135091)
7:03 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135092)
7:03 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135121)
7:03 PM: Found Adware: purityscan
7:03 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986)
7:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077)
7:03 PM: Found Adware: bookedspace
7:03 PM: HKLM\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com\ (2 subtraces) (ID = 662284)
7:03 PM: Found Adware: winad
7:03 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
7:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
7:03 PM: Found Adware: imgiant
7:03 PM: HKU\S-1-5-21-1844237615-790525478-725345543-1003\software\imgiant\ (21 subtraces) (ID = 128544)
7:03 PM: HKU\S-1-5-21-1844237615-790525478-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
7:03 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:03 PM: Starting Cookie Sweep
7:03 PM: Found Spy Cookie: yieldmanager cookie
7:03 PM: xp@ad.yieldmanager[2].txt (ID = 3751)
7:03 PM: Found Spy Cookie: cc214142 cookie
7:03 PM: xp@ads.cc214142[2].txt (ID = 2367)
7:03 PM: Found Spy Cookie: pointroll cookie
7:03 PM: xp@ads.pointroll[1].txt (ID = 3148)
7:03 PM: Found Spy Cookie: adtech cookie
7:03 PM: xp@adtech[2].txt (ID = 2155)
7:03 PM: Found Spy Cookie: falkag cookie
7:03 PM: xp@as-us.falkag[2].txt (ID = 2650)
7:03 PM: Found Spy Cookie: atwola cookie
7:03 PM: xp@atwola[1].txt (ID = 2255)
7:03 PM: Found Spy Cookie: belnk cookie
7:03 PM: xp@belnk[1].txt (ID = 2292)
7:03 PM: Found Spy Cookie: burstnet cookie
7:03 PM: xp@burstnet[1].txt (ID = 2336)
7:03 PM: Found Spy Cookie: casalemedia cookie
7:03 PM: xp@casalemedia[2].txt (ID = 2354)
7:03 PM: Found Spy Cookie: dealtime cookie
7:03 PM: xp@dealtime[2].txt (ID = 2505)
7:03 PM: xp@dist.belnk[2].txt (ID = 2293)
7:03 PM: Found Spy Cookie: 2o7.net cookie
7:03 PM: xp@maxis.112.2o7[1].txt (ID = 1958)
7:03 PM: Found Spy Cookie: paypopup cookie
7:03 PM: xp@paypopup[2].txt (ID = 3119)
7:03 PM: Found Spy Cookie: rn11 cookie
7:03 PM: xp@rn11[2].txt (ID = 3261)
7:03 PM: xp@stat.dealtime[1].txt (ID = 2506)
7:03 PM: Found Spy Cookie: statcounter cookie
7:03 PM: xp@statcounter[1].txt (ID = 3447)
7:03 PM: Found Spy Cookie: reliablestats cookie
7:03 PM: xp@stats1.reliablestats[2].txt (ID = 3254)
7:03 PM: Found Spy Cookie: tribalfusion cookie
7:03 PM: xp@tribalfusion[1].txt (ID = 3589)
7:03 PM: Found Spy Cookie: burstbeacon cookie
7:03 PM: xp@www.burstbeacon[1].txt (ID = 2335)
7:03 PM: Found Spy Cookie: winantiviruspro cookie
7:03 PM: xp@www.winantiviruspro[1].txt (ID = 3690)
7:03 PM: Found Spy Cookie: yadro cookie
7:03 PM: xp@yadro[2].txt (ID = 3743)
7:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:03 PM: Starting File Sweep
7:04 PM: Found Adware: ist sidefind
7:04 PM: c:\program files\sidefind\update (ID = -2147474314)
7:04 PM: c:\program files\sidefind (1 subtraces) (ID = -2147480325)
7:04 PM: Found Adware: 7adpower
7:04 PM: backup-20051219-130708-628.inf (ID = 156464)
7:04 PM: int_ver32b.inf (ID = 156464)
7:04 PM: backup-20051210-201848-472.inf (ID = 156464)
7:04 PM: Found Adware: internetoptimizer
7:04 PM: cln3.tmp (ID = 64016)
7:04 PM: backup-20051211-164359-882.dll (ID = 156465)
7:04 PM: backup-20051214-185210-528.dll (ID = 156465)
7:04 PM: Found Adware: powerscan
7:04 PM: uninstall.exe (ID = 72675)
7:04 PM: backup-20051211-164359-882.inf (ID = 156464)
7:04 PM: int_ver32b.inf (ID = 156464)
7:04 PM: int_ver32b.ocx (ID = 156465)
7:04 PM: backup-20051104-112104-522.dll (ID = 59389)
7:04 PM: sidefind[1].exe (ID = 154905)
7:04 PM: backup-20051215-194652-757.dll (ID = 156465)
7:04 PM: backup-20051219-125906-201.dll (ID = 156465)
7:04 PM: backup-20051219-130708-628.dll (ID = 156465)
7:04 PM: backup-20051104-112104-518.dll (ID = 156465)
7:04 PM: Found Adware: ist istbar
7:04 PM: istactivex.dll (ID = 64599)
7:04 PM: Found Adware: look2me
7:04 PM: oybcjt32.dll (ID = 163672)
7:04 PM: pi1_25.exe (ID = 59402)
7:04 PM: backup-20051226-202751-606.dll (ID = 156465)
7:04 PM: backup-20051226-203616-172.dll (ID = 156465)
7:04 PM: powerscan[1].exe (ID = 72679)
7:04 PM: backup-20051104-112104-873.inf (ID = 73158)
7:04 PM: bw2.com (ID = 65739)
7:04 PM: icont.exe (ID = 65739)
7:04 PM: Found Adware: media-motor
7:04 PM: unstall.exe (ID = 133210)
7:04 PM: Found Adware: 180search assistant/zango
7:04 PM: 1807d.mht (ID = 148810)
7:04 PM: backup-20051219-125906-201.inf (ID = 156464)
7:04 PM: Found Adware: moneytree
7:04 PM: backup-20051104-112104-467.dll (ID = 64043)
7:04 PM: backup-20051214-185210-528.inf (ID = 156464)
7:04 PM: backup-20051207-193122-653.inf (ID = 156464)
7:04 PM: backup-20051207-193122-653.dll (ID = 156465)
7:04 PM: backup-20051215-194202-886.inf (ID = 156464)
7:04 PM: istactivex.dll (ID = 64599)
7:05 PM: backup-20051208-175207-457.inf (ID = 156464)
7:05 PM: backup-20051208-175207-457.dll (ID = 156465)
7:05 PM: backup-20051104-112104-518.inf (ID = 156464)
7:05 PM: int_ver32b.ocx (ID = 156465)
7:05 PM: unstall[1].exe (ID = 133210)
7:05 PM: power_remove[1].exe (ID = 72675)
7:05 PM: istrecover[1].exe (ID = 64496)
7:05 PM: int_ver32b.ocx (ID = 156465)
7:05 PM: optimize[1].exe (ID = 125346)
7:05 PM: backup-20051215-194202-886.dll (ID = 156465)
7:06 PM: backup-20051210-201848-472.dll (ID = 156465)
7:06 PM: int_ver32b.ocx (ID = 156465)
7:06 PM: backup-20051226-203616-172.inf (ID = 156464)
7:06 PM: res4fd.tmp (ID = 147558)
7:06 PM: mm63[1].ocx (ID = 74058)
7:06 PM: mbpi32.dll (ID = 163672)
7:06 PM: 0006_regular[1].cab (ID = 64478)
7:06 PM: agledit.dll (ID = 163672)
7:06 PM: backup-20051215-194652-757.inf (ID = 156464)
7:06 PM: int_ver32b.inf (ID = 156464)
7:06 PM: int_ver32b.inf (ID = 156464)
7:07 PM: vnrun300.dll (ID = 163672)
7:07 PM: Found Adware: ist yoursitebar
7:07 PM: ysb[1].dll (ID = 161559)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: backup-20051226-202751-606.inf (ID = 156464)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: int_ver32b.inf (ID = 156464)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: int_ver32b.ocx (ID = 156465)
7:07 PM: optimize[1].exe (ID = 159920)
7:07 PM: imgiant.inf (ID = 63590)
7:07 PM: backup-20051208-163513-246.inf (ID = 70515)
7:08 PM: File Sweep Complete, Elapsed Time: 00:04:06
7:08 PM: Full Sweep has completed. Elapsed time 00:05:18
7:08 PM: Traces Found: 279
7:09 PM: Removal process initiated
7:09 PM: Quarantining All Traces: look2me
7:09 PM: Quarantining All Traces: 180search assistant/zango
7:09 PM: Quarantining All Traces: 7adpower
7:09 PM: Quarantining All Traces: bookedspace
7:09 PM: Quarantining All Traces: e2g
7:09 PM: Quarantining All Traces: imgiant
7:09 PM: Quarantining All Traces: internetoptimizer
7:09 PM: Quarantining All Traces: ist istbar
7:09 PM: Quarantining All Traces: ist sidefind
7:09 PM: Quarantining All Traces: ist yoursitebar
7:09 PM: Quarantining All Traces: media-motor
7:09 PM: Quarantining All Traces: mirar webband
7:09 PM: Quarantining All Traces: moneytree
7:09 PM: Quarantining All Traces: powerscan
7:09 PM: Quarantining All Traces: purityscan
7:09 PM: Quarantining All Traces: winad
7:09 PM: Quarantining All Traces: 2o7.net cookie
7:09 PM: Quarantining All Traces: adtech cookie
7:09 PM: Quarantining All Traces: atwola cookie
7:09 PM: Quarantining All Traces: belnk cookie
7:09 PM: Quarantining All Traces: burstbeacon cookie
7:09 PM: Quarantining All Traces: burstnet cookie
7:09 PM: Quarantining All Traces: casalemedia cookie
7:09 PM: Quarantining All Traces: cc214142 cookie
7:09 PM: Quarantining All Traces: dealtime cookie
7:09 PM: Quarantining All Traces: falkag cookie
7:09 PM: Quarantining All Traces: paypopup cookie
7:09 PM: Quarantining All Traces: pointroll cookie
7:09 PM: Quarantining All Traces: reliablestats cookie
7:09 PM: Quarantining All Traces: rn11 cookie
7:09 PM: Quarantining All Traces: statcounter cookie
7:09 PM: Quarantining All Traces: tribalfusion cookie
7:09 PM: Quarantining All Traces: winantiviruspro cookie
7:09 PM: Quarantining All Traces: yadro cookie
7:09 PM: Quarantining All Traces: yieldmanager cookie
7:10 PM: Removal process completed. Elapsed time 00:01:16
7:17 PM: Processing Startup Alerts
7:17 PM: Removed Startup entry: NvCplDaemon
7:19 PM: Processing Startup Alerts
7:19 PM: Removed Startup entry: NvCplDaemon
7:30 PM: | End of Session, Thursday, 29 December 2005 |
********
7:02 PM: | Start of Session, Thursday, 29 December 2005 |
7:02 PM: Spy Sweeper started
7:02 PM: | End of Session, Thursday, 29 December 2005 |



______________________________________________________________________________




Logfile of HijackThis v1.99.1
Scan saved at 8:14:20 PM, on 29/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iBot_V1_02\iBot_FinalV1_02.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigbutton.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.arcom.com.au:8080;http=proxy.arcom.com.au:8080;https=proxy.arcom.com.au:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\f8j20i1oe8.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks!

#4 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 29 December 2005 - 08:02 AM

Hi Lauren, As long as you are sure the game site is ok...you saw the information I got when I searched for happy.exe.
I see this item in the log now: C:\Program Files\iBot_V1_02\iBot_FinalV1_02.exe and Google does not ID it at all. It did not appear in the last log. Do you know where it came from. Do you have everything enabled in MSConfig?

Use the free online scanners to find out what that is, and also check this item to make sure it is safe: C:\WINDOWS\SynCor.exe
Post the results of these scans for me. The scans are as simple as navigating to the file and uploading it, you will be returned information quickly.

Please let me look at what you have installed like this:
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your next reply.

We also need to place HJT in a folder so it can safely store backups for us. Return to C:\Program Files\ and RIGHT click your mouse on a blank spot, make a new folder and call it HJT. Move the HJT.exe, any logs there and the backup folder if it was created into the new folder. It will look like this now: C:\Program Files\HJT\HijackThis.exe.

Next, I see a Proxy service has been added: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.arcom.com.au:8080;http=proxy.arcom.com.au:8080;https=proxy.arcom.com.au:8080 and the 017 item associated with the ISP is no longer there. Did you do this with the help of your Internet Service Provider. I have several surprises in the log this day and it is hard helping with the surprises.
SpySweeper has been routinely removing this items for about four months since it was updated for the Look2Me trojan. I am not sure why the removal failed but these infections are never as easy to remove as they get on the computer.

A message popped up telling me that C:/WINDOWS/System32/NvCpl.dll,NvStartup loads when windows starts up, so I removed this, and restarted, but the message popped up again...

I need the message "word for word" as it comes up. This item: C:/WINDOWS/System32/NvCpl.dll,NvStartup has to do with your nVidia based graphics cards. If I can get the error message I may be able to help? Here is information about it:
http://www.bleepingc...artup-3803.html
http://www.windowsst...art=225&end=250
This may be as simple as it needs an updated driver, I can't say until I get the error message. We may have to ask the experts in Other Computer Problems to assist with this issue?

Sweeper blocked things from this and www.a-d-w-a-r-e.com. Is this normal? The .dll file is still in the log too, and if fixed, it doesn't remove.

No, this is not normal, SpySweeper usually removes the infected item. For some reason it failed to do so. Right now you have the full protection of the program so it is blocking the site that placed the trojan on your computer. Once the trial period is over it will no longer block it.

Before we have to use more complex tools, let's give SpySweeper a try in Safe Mode, use these instructions to start in safe mode: http://www.bleepingc...tutorial61.html
Before you go to safe mode, use these instructions to enable hidden files and folders for your Operating System: http://www.xtra.co.n...1916458,00.html
Open SpySweeper and run a new scan, make sure you are follow the directions posted earlier exactly. Save the scan report.

Before you reboot, navigate to this item and delete it if it is there: C:\WINDOWS\system32\f8j20i1oe8.dll >>> file

Post the Add Remove list, a new HJT log the SS scan log and any information I requested above.

Thanks...Phil
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#5 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 30 December 2005 - 08:42 PM

Hi again,


I live is South Australia, and over here there is a small robot thing called an I-Bot, which you can program and control. You build it yourself, and then make it do things. My little brother did this, and that is the program needed to help you program it.

C:\WINDOWS\System32\SynCor.exe - I don’t know what that file is, but what do you mean open the online scan??

Here is my list:

Adobe Reader 6.0
Agere Systems PCI Soft Modem
Alcohol 120%
AnyDVD
CloneCD
CloneDVD2
Creative MediaSource
Creative MediaSource
Creative MuVo NX-TX
Creative System Information
DAEMON Tools
DVD Decrypter (Remove Only)
DVD Shrink 3.2
European Air War
Google Toolbar for Internet Explorer
GTK+ 2.2.4-20040124 runtime environment
Happyland Adventures - Xmas Edition v1.3
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 3
LG GSM PC Components
LimeWire PRO 4.9.37
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft Office 2000 Premium
Microsoft Plus! for Windows XP
MSN Messenger 7.0
MuVo Driver
Nero Suite
Norton AntiVirus 2003
Norton WMI Update
NVIDIA Drivers
PowerDVD
SoundMAX
Spy Sweeper
Spybot - Search & Destroy 1.4
The GIMP 2.0.0
The Sims 2
Webster's Encyclopedia of Australia 2001
WinZip
X-Wing Alliance (RAZOR 1911)

About the Internet entries:

The R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.arcom.com.au:8080;http=proxy.arcom.com.au:8080;https=proxy.arcom.com.au:8080
Is USUALLY in the log, however I have only seen the 017 item when online.



OK, the error message is:

RUNDLL X

Error loading C:\WINDOWS\System32\NvCpl.dll
X
The specified module could not be found.

_________
| OK

And now that I have Spy Sweeper, a second window opens saying:

Alerts:

Startup Shield:

[checkbox] NvCplDaemon

Remove Keep

Well, after doing as the post said and rebooting in Safe Mode, the .dll file is gone and no pop-ups!

Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:50:34 PM, on 30/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigbutton.com.au/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

cont.

#6 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 30 December 2005 - 08:44 PM

And the Spy Sweeper log: ******** 2:32 PM: | Start of Session, Friday, 30 December 2005 | 2:32 PM: Spy Sweeper started 2:32 PM: Sweep initiated using definitions version 592 2:33 PM: Starting Memory Sweep 2:33 PM: Memory Sweep Complete, Elapsed Time: 00:00:52 2:33 PM: Starting Registry Sweep 2:34 PM: Registry Sweep Complete, Elapsed Time:00:00:12 2:34 PM: Starting Cookie Sweep 2:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 2:34 PM: Starting File Sweep 2:43 PM: Found Adware: look2me 2:43 PM: guard.tmp (ID = 159) 2:43 PM: File Sweep Complete, Elapsed Time: 00:09:26 2:43 PM: Full Sweep has completed. Elapsed time 00:10:42 2:43 PM: Traces Found: 1 2:43 PM: Removal process initiated 2:43 PM: Quarantining All Traces: look2me 2:43 PM: Removal process completed. Elapsed time 00:00:03 2:45 PM: Deletion from quarantine initiated 2:45 PM: Processing: internetoptimizer 2:45 PM: Processing: ist istbar 2:45 PM: Processing: dealtime cookie 2:45 PM: Processing: burstnet cookie 2:45 PM: Processing: atwola cookie 2:45 PM: Processing: pointroll cookie 2:45 PM: Processing: burstbeacon cookie 2:45 PM: Processing: winantiviruspro cookie 2:45 PM: Processing: belnk cookie 2:45 PM: Processing: cc214142 cookie 2:45 PM: Processing: casalemedia cookie 2:45 PM: Processing: yieldmanager cookie 2:45 PM: Processing: e2g 2:45 PM: Processing: rn11 cookie 2:45 PM: Processing: bookedspace 2:45 PM: Processing: look2me 2:45 PM: Processing: falkag cookie 2:45 PM: Processing: 180search assistant/zango 2:45 PM: Processing: imgiant 2:45 PM: Processing: moneytree 2:45 PM: Processing: tribalfusion cookie 2:45 PM: Processing: mirar webband 2:45 PM: Processing: 2o7.net cookie 2:45 PM: Processing: winad 2:45 PM: Processing: ist powerscan 2:45 PM: Processing: elitemediagroup-mediamotor 2:45 PM: Processing: reliablestats cookie 2:45 PM: Processing: 7adpower 2:45 PM: Processing: ist sidefind 2:45 PM: Processing: ist surf accuracy 2:45 PM: Processing: statcounter cookie 2:45 PM: Processing: mediamotor - popuppers 2:45 PM: Processing: adtech cookie 2:45 PM: Processing: purityscan 2:45 PM: Processing: yadro cookie 2:45 PM: Processing: paypopup cookie 2:45 PM: Processing: ist yoursitebar 2:45 PM: Deletion from quarantine completed. Elapsed time 00:00:01 2:51 PM: Processing Startup Alerts 2:51 PM: Removed Startup entry: NvCplDaemon ******** 2:09 PM: | Start of Session, Friday, 30 December 2005 | 2:09 PM: Spy Sweeper started 2:09 PM: Sweep initiated using definitions version 592 2:09 PM: Starting Memory Sweep 2:10 PM: Memory Sweep Complete, Elapsed Time: 00:00:51 2:10 PM: Starting Registry Sweep 2:10 PM: Found Adware: mediamotor - popuppers 2:10 PM: HKCR\iemonitor.cbrowsers\ (3 subtraces) (ID = 960700) 2:10 PM: HKCR\iemonitor.ieevents\ (3 subtraces) (ID = 960704) 2:10 PM: HKCR\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960709) 2:10 PM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733) 2:10 PM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748) 2:10 PM: HKLM\software\classes\iemonitor.cbrowsers\ (3 subtraces) (ID = 960762) 2:10 PM: HKLM\software\classes\iemonitor.ieevents\ (3 subtraces) (ID = 960766) 2:10 PM: HKLM\software\classes\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960771) 2:10 PM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795) 2:10 PM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810) 2:10 PM: Registry Sweep Complete, Elapsed Time:00:00:12 2:10 PM: Starting Cookie Sweep 2:10 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 2:10 PM: Starting File Sweep 2:11 PM: Found Adware: look2me 2:11 PM: g022lafo1d2c.dll (ID = 159) 2:11 PM: Found Adware: e2g 2:11 PM: bcc_32.exe (ID = 188217) 2:11 PM: Found Adware: elitemediagroup-mediamotor 2:11 PM: mmxeyn007[2].exe (ID = 204831) 2:11 PM: dnn2015oe.dll (ID = 159) 2:11 PM: s0pula791d.dll (ID = 159) 2:11 PM: Found Adware: winad 2:11 PM: backup-20051214-185210-475.dll (ID = 199610) 2:11 PM: mv2ol9f31.dll (ID = 159) 2:12 PM: iemonitor.ocx (ID = 186211) 2:12 PM: stsvc.dll (ID = 159) 2:12 PM: mepmsnsv.dll (ID = 159) 2:12 PM: vfw_32.dll (ID = 180542) 2:12 PM: mbl_qic.dll (ID = 159) 2:12 PM: mm83.ocx (ID = 188117) 2:12 PM: vpm_32.dll (ID = 180542) 2:12 PM: uni_32.dll (ID = 180542) 2:12 PM: xxnroll.dll (ID = 159) 2:12 PM: kwk_32.dll (ID = 180542) 2:13 PM: ipwdial.dll (ID = 159) 2:13 PM: cmadmin.dll (ID = 159) 2:13 PM: rkhx32.dll (ID = 159) 2:13 PM: q4nule591h.dll (ID = 159) 2:13 PM: nvtui2.dll (ID = 159) 2:13 PM: i6jqlg1516.dll (ID = 159) 2:13 PM: dldim700.dll (ID = 159) 2:13 PM: upd_32.dll (ID = 180542) 2:13 PM: backup-20051208-163512-848.dll (ID = 199611) 2:13 PM: Found Adware: 180search assistant/zango 2:13 PM: del5.tmp (ID = 194442) 2:13 PM: mssec.dll (ID = 159) 2:13 PM: ard_32.exe (ID = 188217) 2:13 PM: oto_32.exe (ID = 188217) 2:13 PM: kkdkyr.dll (ID = 159) 2:13 PM: sxsvc.dll (ID = 159) 2:14 PM: nelanui.dll (ID = 159) 2:14 PM: wdashext.dll (ID = 159) 2:14 PM: wa2help.dll (ID = 159) 2:14 PM: dkc_32.dll (ID = 180542) 2:14 PM: rxutils.dll (ID = 159) 2:14 PM: iim_32.dll (ID = 180542) 2:14 PM: sys_32.dll (ID = 180542) 2:14 PM: 6uo4svc.dll (ID = 159) 2:14 PM: dwcdll.dll (ID = 159) 2:14 PM: ogo_32.dll (ID = 159) 2:15 PM: esd_32.dll (ID = 180542) 2:15 PM: myisip.dll (ID = 159) 2:15 PM: err_32.dll (ID = 180542) 2:15 PM: Found Adware: ist istbar 2:15 PM: istsvc[1].exe (ID = 185599) 2:15 PM: Found Adware: ist surf accuracy 2:15 PM: sacc.prod.v1132.19dec2005.exe[1] (ID = 211823) 2:16 PM: mwicda.dll (ID = 159) 2:16 PM: iinstall.exe (ID = 199847) 2:16 PM: clmsvcs.dll (ID = 159) 2:16 PM: lvjs0917e.dll (ID = 159) 2:16 PM: cvseqchk.dll (ID = 159) 2:16 PM: ips.dll (ID = 159) 2:16 PM: mlrt.dll (ID = 159) 2:16 PM: jcvart.dll (ID = 159) 2:17 PM: khdpl1.dll (ID = 159) 2:17 PM: midtctm.dll (ID = 159) 2:17 PM: dhmodemx.dll (ID = 159) 2:17 PM: ir3_32.dll (ID = 159) 2:17 PM: d4j00e1meh.dll (ID = 159) 2:17 PM: hacoin.dll (ID = 159) 2:17 PM: srimeng.dll (ID = 159) 2:17 PM: kodur.dll (ID = 159) 2:17 PM: izs.dll (ID = 159) 2:17 PM: maxml3.dll (ID = 159) 2:17 PM: cpgbkend.dll (ID = 159) 2:17 PM: mpxml2r.dll (ID = 159) 2:17 PM: t2r8lc9u1f.dll (ID = 159) 2:17 PM: kak_32.dll (ID = 159) 2:17 PM: kudusl.dll (ID = 159) 2:17 PM: azsldpc.dll (ID = 159) 2:17 PM: kgdkaz.dll (ID = 159) 2:17 PM: p66s0gj7e6o.dll (ID = 159) 2:17 PM: dndrm.dll (ID = 159) 2:17 PM: mhxml2r.dll (ID = 159) 2:17 PM: cempstui.dll (ID = 159) 2:17 PM: sglwid.dll (ID = 159) 2:17 PM: Found Adware: imgiant 2:17 PM: imgiant.dll (ID = 168367) 2:17 PM: wvavideo.dll (ID = 159) 2:17 PM: dtband.dll (ID = 159) 2:17 PM: nghtml.dll (ID = 159) 2:17 PM: denim.dll (ID = 159) 2:17 PM: nrtui2.dll (ID = 159) 2:17 PM: msc42.dll (ID = 159) 2:17 PM: jwbexec.dll (ID = 159) 2:17 PM: kxdhela2.dll (ID = 159) 2:17 PM: fol_32.dll (ID = 180542) 2:17 PM: lvrs0997e.dll (ID = 159) 2:17 PM: dhdmo.dll (ID = 159) 2:17 PM: msdocs.dll (ID = 159) 2:17 PM: ecl_32.exe (ID = 188217) 2:18 PM: eqent.dll (ID = 159) 2:18 PM: enpml1711.dll (ID = 159) 2:18 PM: mfrt.dll (ID = 159) 2:18 PM: tui_32.dll (ID = 180542) 2:18 PM: mst_32.dll (ID = 180542) 2:18 PM: rvmotepg.dll (ID = 159) 2:18 PM: pjutoenr.dll (ID = 159) 2:18 PM: woascr.dll (ID = 159) 2:18 PM: j0j60a1sed.dll (ID = 159) 2:18 PM: mroa.dll (ID = 159) 2:18 PM: lv2o09f3e.dll (ID = 159) 2:18 PM: ijaksie.dll (ID = 159) 2:18 PM: h04m0ah1ed4.dll (ID = 159) 2:18 PM: dnlq0135e.dll (ID = 159) 2:18 PM: sacc[1].cfg (ID = 208330) 2:18 PM: uninstaller.prod.24oct2005.exe[1] (ID = 180136) 2:18 PM: nrmsdba.dll (ID = 159) 2:18 PM: m8640ijqe8oe0.dll (ID = 159) 2:18 PM: hr2605fse.dll (ID = 159) 2:18 PM: dqsshlex.dll (ID = 159) 2:18 PM: wcsdmoe.dll (ID = 159) 2:18 PM: kedic.dll (ID = 159) 2:19 PM: dnj6011se.dll (ID = 159) 2:19 PM: mrvcrt.dll (ID = 159) 2:19 PM: ceutil.dll (ID = 159) 2:19 PM: dld9.dll (ID = 159) 2:19 PM: ijcvid.dll (ID = 159) 2:19 PM: pgisdecd.dll (ID = 159) 2:19 PM: lvr4099qe.dll (ID = 159) 2:19 PM: jt6407jqe.dll (ID = 159) 2:19 PM: wpstream.dll (ID = 159) 2:19 PM: j2n20c5oef.dll (ID = 159) 2:20 PM: ceprops.dll (ID = 159) 2:20 PM: g6400ghme64a0.dll (ID = 159) 2:20 PM: iis.dll (ID = 159) 2:20 PM: nvevent.dll (ID = 159) 2:20 PM: bjowseui.dll (ID = 159) 2:20 PM: myvcirt.dll (ID = 159) 2:20 PM: azaol9f31.dll (ID = 159) 2:20 PM: ilnathlp.dll (ID = 159) 2:20 PM: gnkrsrc.dll (ID = 159) 2:20 PM: File Sweep Complete, Elapsed Time: 00:09:40 2:20 PM: Full Sweep has completed. Elapsed time 00:10:54 2:20 PM: Traces Found: 238 2:21 PM: Removal process initiated 2:21 PM: Quarantining All Traces: mediamotor - popuppers 2:21 PM: Quarantining All Traces: look2me 2:26 PM: look2me is in use. It will be removed on reboot. 2:26 PM: m8640ijqe8oe0.dll is in use. It will be removed on reboot. 2:26 PM: hr2605fse.dll is in use. It will be removed on reboot. 2:26 PM: bjowseui.dll is in use. It will be removed on reboot. 2:26 PM: Quarantining All Traces: e2g 2:26 PM: Quarantining All Traces: elitemediagroup-mediamotor 2:26 PM: Quarantining All Traces: winad 2:26 PM: Quarantining All Traces: 180search assistant/zango 2:26 PM: Quarantining All Traces: ist istbar 2:26 PM: Quarantining All Traces: ist surf accuracy 2:26 PM: Quarantining All Traces: imgiant 2:27 PM: Preparing to restart your computer. Please wait... 2:27 PM: Removal process completed. Elapsed time 00:05:49 2:32 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 592 2:32 PM: | End of Session, Friday, 30 December 2005 | ******** 2:07 PM: | Start of Session, Friday, 30 December 2005 | 2:07 PM: Spy Sweeper started 2:07 PM: Sweep initiated using definitions version 592 2:08 PM: Starting Memory Sweep 2:08 PM: Memory Sweep Complete, Elapsed Time: 00:00:52 2:09 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 592 2:09 PM: | End of Session, Friday, 30 December 2005 | ******** 9:20 AM: | Start of Session, Friday, 30 December 2005 | 9:20 AM: Spy Sweeper started 9:20 AM: Sweep initiated using definitions version 592 9:20 AM: Starting Memory Sweep 9:21 AM: Memory Sweep Complete, Elapsed Time: 00:01:10 9:21 AM: Starting Registry Sweep 9:21 AM: Found Adware: mediamotor - popuppers 9:21 AM: HKCR\iemonitor.cbrowsers\ (3 subtraces) (ID = 960700) 9:21 AM: HKCR\iemonitor.ieevents\ (3 subtraces) (ID = 960704) 9:21 AM: HKCR\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960709) 9:21 AM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733) 9:21 AM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748) 9:21 AM: HKLM\software\classes\iemonitor.cbrowsers\ (3 subtraces) (ID = 960762) 9:21 AM: HKLM\software\classes\iemonitor.ieevents\ (3 subtraces) (ID = 960766) 9:21 AM: HKLM\software\classes\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960771) 9:21 AM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795) 9:21 AM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810) 9:21 AM: Starting Cookie Sweep 9:21 AM: Registry Sweep Complete, Elapsed Time:00:00:00 9:21 AM: Cookie Sweep Complete, Elapsed Time: 00:00:09 9:21 AM: Starting File Sweep 9:21 AM: Found Adware: look2me 9:21 AM: g022lafo1d2c.dll (ID = 159) 9:21 AM: Found Adware: e2g 9:21 AM: bcc_32.exe (ID = 188217) 9:21 AM: Found Adware: elitemediagroup-mediamotor 9:21 AM: mmxeyn007[2].exe (ID = 204831) 9:21 AM: dnn2015oe.dll (ID = 159) 9:22 AM: s0pula791d.dll (ID = 159) 9:22 AM: Found Adware: winad 9:22 AM: backup-20051214-185210-475.dll (ID = 199610) 9:22 AM: mv2ol9f31.dll (ID = 159) 9:22 AM: iemonitor.ocx (ID = 186211) 9:22 AM: stsvc.dll (ID = 159) 9:22 AM: mepmsnsv.dll (ID = 159) 9:22 AM: vfw_32.dll (ID = 180542) 9:22 AM: mbl_qic.dll (ID = 159) 9:23 AM: mm83.ocx (ID = 188117) 9:23 AM: vpm_32.dll (ID = 180542) 9:23 AM: uni_32.dll (ID = 180542) 9:23 AM: xxnroll.dll (ID = 159) 9:23 AM: kwk_32.dll (ID = 180542) 9:23 AM: ipwdial.dll (ID = 159) 9:23 AM: cmadmin.dll (ID = 159) 9:23 AM: rkhx32.dll (ID = 159) 9:23 AM: q4nule591h.dll (ID = 159) 9:23 AM: nvtui2.dll (ID = 159) 9:23 AM: i6jqlg1516.dll (ID = 159) 9:23 AM: dldim700.dll (ID = 159) 9:24 AM: upd_32.dll (ID = 180542) 9:24 AM: backup-20051208-163512-848.dll (ID = 199611) 9:24 AM: Found Adware: 180search assistant/zango 9:24 AM: del5.tmp (ID = 194442) 9:24 AM: mssec.dll (ID = 159) 9:24 AM: ard_32.exe (ID = 188217) 9:24 AM: oto_32.exe (ID = 188217) 9:24 AM: kkdkyr.dll (ID = 159) 9:24 AM: sxsvc.dll (ID = 159) 9:24 AM: nelanui.dll (ID = 159) 9:24 AM: wdashext.dll (ID = 159) 9:24 AM: wa2help.dll (ID = 159) 9:24 AM: dkc_32.dll (ID = 180542) 9:25 AM: rxutils.dll (ID = 159) 9:25 AM: iim_32.dll (ID = 180542) 9:25 AM: sys_32.dll (ID = 180542) 9:25 AM: 6uo4svc.dll (ID = 159) 9:25 AM: dwcdll.dll (ID = 159) 9:25 AM: ogo_32.dll (ID = 159) 9:26 AM: esd_32.dll (ID = 180542) 9:26 AM: myisip.dll (ID = 159) 9:26 AM: err_32.dll (ID = 180542) 9:26 AM: Found Adware: ist istbar 9:26 AM: istsvc[1].exe (ID = 185599) 9:26 AM: Found Adware: ist surf accuracy 9:26 AM: sacc.prod.v1132.19dec2005.exe[1] (ID = 211823) 9:27 AM: mwicda.dll (ID = 159) 9:27 AM: iinstall.exe (ID = 199847) 9:27 AM: clmsvcs.dll (ID = 159) 9:27 AM: lvjs0917e.dll (ID = 159) 9:27 AM: cvseqchk.dll (ID = 159) 9:27 AM: ips.dll (ID = 159) 9:27 AM: mlrt.dll (ID = 159) 9:27 AM: jcvart.dll (ID = 159) 9:28 AM: khdpl1.dll (ID = 159) 9:28 AM: midtctm.dll (ID = 159) 9:28 AM: dhmodemx.dll (ID = 159) 9:28 AM: ir3_32.dll (ID = 159) 9:28 AM: d4j00e1meh.dll (ID = 159) 9:28 AM: hacoin.dll (ID = 159) 9:28 AM: srimeng.dll (ID = 159) 9:28 AM: kodur.dll (ID = 159) 9:28 AM: izs.dll (ID = 159) 9:28 AM: maxml3.dll (ID = 159) 9:28 AM: cpgbkend.dll (ID = 159) 9:28 AM: mpxml2r.dll (ID = 159) 9:28 AM: t2r8lc9u1f.dll (ID = 159) 9:28 AM: kak_32.dll (ID = 159) 9:28 AM: kudusl.dll (ID = 159) 9:28 AM: azsldpc.dll (ID = 159) 9:28 AM: kgdkaz.dll (ID = 159) 9:28 AM: p66s0gj7e6o.dll (ID = 159) 9:28 AM: dndrm.dll (ID = 159) 9:28 AM: mhxml2r.dll (ID = 159) 9:28 AM: cempstui.dll (ID = 159) 9:28 AM: sglwid.dll (ID = 159) 9:28 AM: Found Adware: imgiant 9:28 AM: imgiant.dll (ID = 168367) 9:28 AM: wvavideo.dll (ID = 159) 9:28 AM: dtband.dll (ID = 159) 9:28 AM: nghtml.dll (ID = 159) 9:28 AM: denim.dll (ID = 159) 9:28 AM: nrtui2.dll (ID = 159) 9:28 AM: msc42.dll (ID = 159) 9:28 AM: jwbexec.dll (ID = 159) 9:28 AM: kxdhela2.dll (ID = 159) 9:28 AM: fol_32.dll (ID = 180542) 9:28 AM: lvrs0997e.dll (ID = 159) 9:28 AM: dhdmo.dll (ID = 159) 9:28 AM: msdocs.dll (ID = 159) 9:28 AM: ecl_32.exe (ID = 188217) 9:28 AM: eqent.dll (ID = 159) 9:29 AM: enpml1711.dll (ID = 159) 9:29 AM: mfrt.dll (ID = 159) 9:29 AM: tui_32.dll (ID = 180542) 9:29 AM: enrol1931.dll (ID = 159) 9:29 AM: mst_32.dll (ID = 180542) 9:29 AM: rvmotepg.dll (ID = 159) 9:29 AM: pjutoenr.dll (ID = 159) 9:29 AM: woascr.dll (ID = 159) 9:29 AM: j0j60a1sed.dll (ID = 159) 9:29 AM: mroa.dll (ID = 159) 9:29 AM: lv2o09f3e.dll (ID = 159) 9:29 AM: ijaksie.dll (ID = 159) 9:29 AM: h04m0ah1ed4.dll (ID = 159) 9:29 AM: dnlq0135e.dll (ID = 159) 9:29 AM: sacc[1].cfg (ID = 208330) 9:29 AM: uninstaller.prod.24oct2005.exe[1] (ID = 180136) 9:29 AM: nrmsdba.dll (ID = 159) 9:29 AM: dqsshlex.dll (ID = 159) 9:29 AM: wcsdmoe.dll (ID = 159) 9:29 AM: kedic.dll (ID = 159) 9:30 AM: dnj6011se.dll (ID = 159) 9:30 AM: mrvcrt.dll (ID = 159) 9:30 AM: ceutil.dll (ID = 159) 9:30 AM: dld9.dll (ID = 159) 9:30 AM: ijcvid.dll (ID = 159) 9:30 AM: pgisdecd.dll (ID = 159) 9:30 AM: lvr4099qe.dll (ID = 159) 9:30 AM: u8ruli9918.dll (ID = 159) 9:31 AM: wpstream.dll (ID = 159) 9:31 AM: j2n20c5oef.dll (ID = 159) 9:31 AM: ceprops.dll (ID = 159) 9:31 AM: g6400ghme64a0.dll (ID = 159) 9:31 AM: iis.dll (ID = 159) 9:31 AM: azaol9f31.dll (ID = 159) 9:31 AM: ilnathlp.dll (ID = 159) 9:31 AM: gnkrsrc.dll (ID = 159) 9:32 AM: File Sweep Complete, Elapsed Time: 00:10:27 9:32 AM: Full Sweep has completed. Elapsed time 00:11:54 9:32 AM: Traces Found: 234 9:38 AM: Processing Startup Alerts 9:38 AM: Removed Startup entry: NvCplDaemon 10:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:44 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:44 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:45 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:45 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:45 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:45 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:45 AM: IE Tracking Cookies Shield: Removed fastclick cookie 10:45 AM: IE Tracking Cookies Shield: Removed fastclick cookie 10:45 AM: IE Tracking Cookies Shield: Removed fastclick cookie 10:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:45 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:45 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:50 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:50 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:50 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:52 AM: IE Tracking Cookies Shield: Removed cd freaks cookie 10:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 10:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 10:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:00 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:01 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:01 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:02 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:03 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:04 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:05 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:05 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:05 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie 11:05 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie 11:05 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie 11:05 AM: IE Tracking Cookies Shield: Removed zedo cookie 11:05 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie 11:05 AM: IE Tracking Cookies Shield: Removed hbmediapro cookie 11:05 AM: IE Tracking Cookies Shield: Removed hbmediapro cookie 11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:06 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:07 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:07 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:08 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:09 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:10 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:11 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:13 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:14 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:15 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:16 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie 11:16 AM: IE Tracking Cookies Shield: Removed zedo cookie 11:16 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie 11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:16 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:16 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:17 AM: IE Tracking Cookies Shield: Removed zedo cookie 11:17 AM: IE Tracking Cookies Shield: Removed zedo cookie 11:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:17 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:17 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:18 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:19 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:20 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:21 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:22 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:22 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:23 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:24 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:24 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:25 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:27 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:27 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:28 AM: Processing Startup Alerts 11:28 AM: Allowed Startup entry: DAEMON Tools-1033 11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:35 AM: IE Tracking Cookies Shield: Removed spylog cookie 11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:53 AM: IE Tracking Cookies Shield: Removed casalemedia cookie 11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:56 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 11:57 AM: The Spy

#7 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 30 December 2005 - 08:49 PM

7:02 PM: | Start of Session, Thursday, 29 December 2005 | 7:02 PM: Spy Sweeper started 7:02 PM: Sweep initiated using definitions version 556 7:02 PM: Starting Memory Sweep 7:03 PM: Memory Sweep Complete, Elapsed Time: 00:00:55 7:03 PM: Starting Registry Sweep 7:03 PM: Found Adware: e2g 7:03 PM: HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125407) 7:03 PM: HKLM\software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (1 subtraces) (ID = 125447) 7:03 PM: HKLM\software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125484) 7:03 PM: HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (9 subtraces) (ID = 125529) 7:03 PM: Found Adware: mirar webband 7:03 PM: HKCR\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135066) 7:03 PM: HKCR\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135069) 7:03 PM: HKCR\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135070) 7:03 PM: HKCR\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135071) 7:03 PM: HKCR\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135072) 7:03 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135075) 7:03 PM: HKCR\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135076) 7:03 PM: HKLM\software\classes\clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}\ (6 subtraces) (ID = 135079) 7:03 PM: HKLM\software\classes\interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}\ (8 subtraces) (ID = 135082) 7:03 PM: HKLM\software\classes\interface\{54b287f9-fd90-4457-b65e-cb91560c021d}\ (8 subtraces) (ID = 135083) 7:03 PM: HKLM\software\classes\interface\{1037b06c-84b7-4240-8d80-485810a0497d}\ (8 subtraces) (ID = 135084) 7:03 PM: HKLM\software\classes\interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}\ (8 subtraces) (ID = 135085) 7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135088) 7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135089) 7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (1 subtraces) (ID = 135090) 7:03 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (1 subtraces) (ID = 135091) 7:03 PM: HKLM\software\classes\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135092) 7:03 PM: HKCR\typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}\ (9 subtraces) (ID = 135121) 7:03 PM: Found Adware: purityscan 7:03 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (2 subtraces) (ID = 137986) 7:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediaticketsinstaller.ocx (ID = 139077) 7:03 PM: Found Adware: bookedspace 7:03 PM: HKLM\software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com\ (2 subtraces) (ID = 662284) 7:03 PM: Found Adware: winad 7:03 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026) 7:03 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028) 7:03 PM: Found Adware: imgiant 7:03 PM: HKU\S-1-5-21-1844237615-790525478-725345543-1003\software\imgiant\ (21 subtraces) (ID = 128544) 7:03 PM: HKU\S-1-5-21-1844237615-790525478-725345543-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102) 7:03 PM: Registry Sweep Complete, Elapsed Time:00:00:09 7:03 PM: Starting Cookie Sweep 7:03 PM: Found Spy Cookie: yieldmanager cookie 7:03 PM: xp@ad.yieldmanager[2].txt (ID = 3751) 7:03 PM: Found Spy Cookie: cc214142 cookie 7:03 PM: xp@ads.cc214142[2].txt (ID = 2367) 7:03 PM: Found Spy Cookie: pointroll cookie 7:03 PM: xp@ads.pointroll[1].txt (ID = 3148) 7:03 PM: Found Spy Cookie: adtech cookie 7:03 PM: xp@adtech[2].txt (ID = 2155) 7:03 PM: Found Spy Cookie: falkag cookie 7:03 PM: xp@as-us.falkag[2].txt (ID = 2650) 7:03 PM: Found Spy Cookie: atwola cookie 7:03 PM: xp@atwola[1].txt (ID = 2255) 7:03 PM: Found Spy Cookie: belnk cookie 7:03 PM: xp@belnk[1].txt (ID = 2292) 7:03 PM: Found Spy Cookie: burstnet cookie 7:03 PM: xp@burstnet[1].txt (ID = 2336) 7:03 PM: Found Spy Cookie: casalemedia cookie 7:03 PM: xp@casalemedia[2].txt (ID = 2354) 7:03 PM: Found Spy Cookie: dealtime cookie 7:03 PM: xp@dealtime[2].txt (ID = 2505) 7:03 PM: xp@dist.belnk[2].txt (ID = 2293) 7:03 PM: Found Spy Cookie: 2o7.net cookie 7:03 PM: xp@maxis.112.2o7[1].txt (ID = 1958) 7:03 PM: Found Spy Cookie: paypopup cookie 7:03 PM: xp@paypopup[2].txt (ID = 3119) 7:03 PM: Found Spy Cookie: rn11 cookie 7:03 PM: xp@rn11[2].txt (ID = 3261) 7:03 PM: xp@stat.dealtime[1].txt (ID = 2506) 7:03 PM: Found Spy Cookie: statcounter cookie 7:03 PM: xp@statcounter[1].txt (ID = 3447) 7:03 PM: Found Spy Cookie: reliablestats cookie 7:03 PM: xp@stats1.reliablestats[2].txt (ID = 3254) 7:03 PM: Found Spy Cookie: tribalfusion cookie 7:03 PM: xp@tribalfusion[1].txt (ID = 3589) 7:03 PM: Found Spy Cookie: burstbeacon cookie 7:03 PM: xp@www.burstbeacon[1].txt (ID = 2335) 7:03 PM: Found Spy Cookie: winantiviruspro cookie 7:03 PM: xp@www.winantiviruspro[1].txt (ID = 3690) 7:03 PM: Found Spy Cookie: yadro cookie 7:03 PM: xp@yadro[2].txt (ID = 3743) 7:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 7:03 PM: Starting File Sweep 7:04 PM: Found Adware: ist sidefind 7:04 PM: c:\program files\sidefind\update (ID = -2147474314) 7:04 PM: c:\program files\sidefind (1 subtraces) (ID = -2147480325) 7:04 PM: Found Adware: 7adpower 7:04 PM: backup-20051219-130708-628.inf (ID = 156464) 7:04 PM: int_ver32b.inf (ID = 156464) 7:04 PM: backup-20051210-201848-472.inf (ID = 156464) 7:04 PM: Found Adware: internetoptimizer 7:04 PM: cln3.tmp (ID = 64016) 7:04 PM: backup-20051211-164359-882.dll (ID = 156465) 7:04 PM: backup-20051214-185210-528.dll (ID = 156465) 7:04 PM: Found Adware: powerscan 7:04 PM: uninstall.exe (ID = 72675) 7:04 PM: backup-20051211-164359-882.inf (ID = 156464) 7:04 PM: int_ver32b.inf (ID = 156464) 7:04 PM: int_ver32b.ocx (ID = 156465) 7:04 PM: backup-20051104-112104-522.dll (ID = 59389) 7:04 PM: sidefind[1].exe (ID = 154905) 7:04 PM: backup-20051215-194652-757.dll (ID = 156465) 7:04 PM: backup-20051219-125906-201.dll (ID = 156465) 7:04 PM: backup-20051219-130708-628.dll (ID = 156465) 7:04 PM: backup-20051104-112104-518.dll (ID = 156465) 7:04 PM: Found Adware: ist istbar 7:04 PM: istactivex.dll (ID = 64599) 7:04 PM: Found Adware: look2me 7:04 PM: oybcjt32.dll (ID = 163672) 7:04 PM: pi1_25.exe (ID = 59402) 7:04 PM: backup-20051226-202751-606.dll (ID = 156465) 7:04 PM: backup-20051226-203616-172.dll (ID = 156465) 7:04 PM: powerscan[1].exe (ID = 72679) 7:04 PM: backup-20051104-112104-873.inf (ID = 73158) 7:04 PM: bw2.com (ID = 65739) 7:04 PM: icont.exe (ID = 65739) 7:04 PM: Found Adware: media-motor 7:04 PM: unstall.exe (ID = 133210) 7:04 PM: Found Adware: 180search assistant/zango 7:04 PM: 1807d.mht (ID = 148810) 7:04 PM: backup-20051219-125906-201.inf (ID = 156464) 7:04 PM: Found Adware: moneytree 7:04 PM: backup-20051104-112104-467.dll (ID = 64043) 7:04 PM: backup-20051214-185210-528.inf (ID = 156464) 7:04 PM: backup-20051207-193122-653.inf (ID = 156464) 7:04 PM: backup-20051207-193122-653.dll (ID = 156465) 7:04 PM: backup-20051215-194202-886.inf (ID = 156464) 7:04 PM: istactivex.dll (ID = 64599) 7:05 PM: backup-20051208-175207-457.inf (ID = 156464) 7:05 PM: backup-20051208-175207-457.dll (ID = 156465) 7:05 PM: backup-20051104-112104-518.inf (ID = 156464) 7:05 PM: int_ver32b.ocx (ID = 156465) 7:05 PM: unstall[1].exe (ID = 133210) 7:05 PM: power_remove[1].exe (ID = 72675) 7:05 PM: istrecover[1].exe (ID = 64496) 7:05 PM: int_ver32b.ocx (ID = 156465) 7:05 PM: optimize[1].exe (ID = 125346) 7:05 PM: backup-20051215-194202-886.dll (ID = 156465) 7:06 PM: backup-20051210-201848-472.dll (ID = 156465) 7:06 PM: int_ver32b.ocx (ID = 156465) 7:06 PM: backup-20051226-203616-172.inf (ID = 156464) 7:06 PM: res4fd.tmp (ID = 147558) 7:06 PM: mm63[1].ocx (ID = 74058) 7:06 PM: mbpi32.dll (ID = 163672) 7:06 PM: 0006_regular[1].cab (ID = 64478) 7:06 PM: agledit.dll (ID = 163672) 7:06 PM: backup-20051215-194652-757.inf (ID = 156464) 7:06 PM: int_ver32b.inf (ID = 156464) 7:06 PM: int_ver32b.inf (ID = 156464) 7:07 PM: vnrun300.dll (ID = 163672) 7:07 PM: Found Adware: ist yoursitebar 7:07 PM: ysb[1].dll (ID = 161559) 7:07 PM: int_ver32b.ocx (ID = 156465) 7:07 PM: backup-20051226-202751-606.inf (ID = 156464) 7:07 PM: int_ver32b.ocx (ID = 156465) 7:07 PM: int_ver32b.inf (ID = 156464) 7:07 PM: int_ver32b.ocx (ID = 156465) 7:07 PM: int_ver32b.ocx (ID = 156465) 7:07 PM: int_ver32b.ocx (ID = 156465) 7:07 PM: optimize[1].exe (ID = 159920) 7:07 PM: imgiant.inf (ID = 63590) 7:07 PM: backup-20051208-163513-246.inf (ID = 70515) 7:08 PM: File Sweep Complete, Elapsed Time: 00:04:06 7:08 PM: Full Sweep has completed. Elapsed time 00:05:18 7:08 PM: Traces Found: 279 7:09 PM: Removal process initiated 7:09 PM: Quarantining All Traces: look2me 7:09 PM: Quarantining All Traces: 180search assistant/zango 7:09 PM: Quarantining All Traces: 7adpower 7:09 PM: Quarantining All Traces: bookedspace 7:09 PM: Quarantining All Traces: e2g 7:09 PM: Quarantining All Traces: imgiant 7:09 PM: Quarantining All Traces: internetoptimizer 7:09 PM: Quarantining All Traces: ist istbar 7:09 PM: Quarantining All Traces: ist sidefind 7:09 PM: Quarantining All Traces: ist yoursitebar 7:09 PM: Quarantining All Traces: media-motor 7:09 PM: Quarantining All Traces: mirar webband 7:09 PM: Quarantining All Traces: moneytree 7:09 PM: Quarantining All Traces: powerscan 7:09 PM: Quarantining All Traces: purityscan 7:09 PM: Quarantining All Traces: winad 7:09 PM: Quarantining All Traces: 2o7.net cookie 7:09 PM: Quarantining All Traces: adtech cookie 7:09 PM: Quarantining All Traces: atwola cookie 7:09 PM: Quarantining All Traces: belnk cookie 7:09 PM: Quarantining All Traces: burstbeacon cookie 7:09 PM: Quarantining All Traces: burstnet cookie 7:09 PM: Quarantining All Traces: casalemedia cookie 7:09 PM: Quarantining All Traces: cc214142 cookie 7:09 PM: Quarantining All Traces: dealtime cookie 7:09 PM: Quarantining All Traces: falkag cookie 7:09 PM: Quarantining All Traces: paypopup cookie 7:09 PM: Quarantining All Traces: pointroll cookie 7:09 PM: Quarantining All Traces: reliablestats cookie 7:09 PM: Quarantining All Traces: rn11 cookie 7:09 PM: Quarantining All Traces: statcounter cookie 7:09 PM: Quarantining All Traces: tribalfusion cookie 7:09 PM: Quarantining All Traces: winantiviruspro cookie 7:09 PM: Quarantining All Traces: yadro cookie 7:09 PM: Quarantining All Traces: yieldmanager cookie 7:10 PM: Removal process completed. Elapsed time 00:01:16 7:17 PM: Processing Startup Alerts 7:17 PM: Removed Startup entry: NvCplDaemon 7:19 PM: Processing Startup Alerts 7:19 PM: Removed Startup entry: NvCplDaemon 7:30 PM: | End of Session, Thursday, 29 December 2005 | ******** 7:02 PM: | Start of Session, Thursday, 29 December 2005 | 7:02 PM: Spy Sweeper started 7:02 PM: | End of Session, Thursday, 29 December 2005 | Now the only thing wrong with the internet is that after a while on the internet, windows in I.E. say "the page cannot be dispalyed", though downloads will still work and some windows will continue to load no probs. OK, I think that's everything. Thanks

#8 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 30 December 2005 - 10:30 PM

G'day, Thanks for the information you provided, this item: C:\WINDOWS\System32\SynCor.exe
appears to be gone, perhaps SpySweeper removed it, but I want to be sure.
You said this:

I don’t know what that file is, but what do you mean open the online scan??

and I want to explain. First I want you to click on this link and follow the instructions to enable the hidden files and folders for your system:
http://www.xtra.co.n...1916458,00.html
Now I want you to click any of these three links, in fact I want you to do at least two of them:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustota...h/index_en.html
I will use the jotti site for my example. There is a little box at the top where it says "File to upload and scan". Next to the empty box is the Browse button, you can browse your whole computer from there. I want you to browse to this:
C:\WINDOWS\SynCor.exe <<< find the C:\ then the Windows folder, then find this file: SynCor.exe. Now click it to put the it in the empty box, once there click on Submit. Now you are using the online scan to find out if that is a bad file that needs to be removed. Do this with at least two of the websites. It will just take a few minutes to get results. If you have enabled hidden files and folders and you can not find the file: SynCor.exe then it may be gone. To be 100% sure,
Click on Start > Search. Use search companion to search all files and folder for this item: SynCor.exe. If it can not be located then it is gone. At least you will have learned how to use an online search to check to see if a file is bad.

Logfile of HijackThis v1.99.1 Scan saved at 2:50:34 PM, on 30/12/2005
This logfile is clean of malware :thumbup:

In your uninstall list I will tell you what I see. If you see anything you do not know, you should investigate. If you see anything you no longer use, you should consider uninstalling it.

Adobe Reader 6.0 >>> if you use Adobe, free version 7.0 is available
and that is really all I see, no bad programs.

It Looks like SpySweeper did the job this time, it removed a load of junk from your computer. Since the HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://boards.cexx.o...topic.php?t=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html

I want to point out that SpySweeper is a good program and we needed it to kill that L2m trojan, but unless you purchase it, it does use a lot of resources, so you will need to keep that in mind as the trial ends.

Here are some ideas that might make your overall performance better:
http://vlaurie.com/c...s/runbetter.htm
http://www.linkgrind...rs_article.html

The error message you are receiving is a very common one, here are ideas to help you troubleshoot it:
http://www.microsoft...s/IEtopten.mspx

To make sure nothing bad is hiding in your System Restore files, use the instructions in the following link:
http://service1.syma...src=sec_doc_nam

Thanks...pskelley
TomCoyote forum
Expert Member
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

Edited by pskelley, 30 December 2005 - 10:33 PM.

MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#9 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 01 January 2006 - 04:29 AM

Thanks! I want to say thanks for the help with getting this computer Malware free. I am considering purchasing SpySweeper after the evaluation period expires. All though SynCor.exe is still there, the online scans found nothing. The error message at start-up is: Error loading C:\WINDOWS\System32\NvCpl.dll The specified module could not be found. That is my only remaining prob. Thanks again Lauren

#10 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 01 January 2006 - 07:29 AM

Hi Lauren, Let's see what we can do about these remaining issues so you can start the New Year off right. This one:

C:\WINDOWS\System32\SynCor.exe download Killbox from here: http://www.malwarere.../downloads.html
Instructions for using it are here: http://forum.malware...topic.php?t=320 You want to be sure you copy the full path of the file you wish to delete to the Killbox. C:\WINDOWS\System32\SynCor.exe
Save Killbox to your Desktop for ease of using it. Killbox will create a backup file called submit. Leave that for a day or two to make sure removing the item created no problems, then delete it. You can keep Killbox if you want, but it would be rarely used. I suggest deleting it also and downloading a new copy if you need it again.

Error loading C:\WINDOWS\System32\NvCpl.dll The specified module could not be found.
I think I said this is probably a problem because a driver is out dated earlier? I did a search at Google and returned this information: http://www.google.co.....not be found. The first link I checked was: http://www.geekstogo...?showtopic=5683 and in the link the same thing is suggested as you will read.
Don't bother with anything else because the other issues are not yours. The admin who has posted over 10,000 times suggests this:
Download and install the latest graphic driver here:
http://www.nvidia.co...ers/drivers.asp

Now if you wish to work with one of the experts here on this issue, then post here: http://forums.tomcoy...hp?showforum=83 Let the folks there know you were here and give them the information about the error message.
Here is information that might come in handy: http://www.cyberwalk...g00/310800.html

Let me wish you a Happy New Year...Phil :wavey:
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#11 Guest_Lauren_*

Guest_Lauren_*
  • Guests

Posted 02 January 2006 - 03:14 AM

Thanks Phil. I am currently downloading the updated graphic driver. Hope this fixes the problem. It sounds like it will. Wanted to say thanks for all the help you have provided recently. Couldn't have gotten my HijackThis log malware free without it :D. Thanks again and all the best for 2006, Lauren

#12 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 02 January 2006 - 07:48 AM

OK Lauren, I sure hope that works for you. Looks like you never posted at "Other computer problems". I will say that all issues are not malware related, those are some good folks to know for issues other than malware. Safe Surfing...Phil :)
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

#13 pskelley

pskelley

    R.I.P Always in our hearts

  • Authentic Member
  • PipPipPipPipPip
  • 3,879 posts
  • Interests:Computers, fishing, biking, basketball, travel

Posted 07 January 2006 - 03:25 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
MS-MVP Windows Security 2007-8-9 Proud Member ASAP UNITE Member 2006

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users