WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Not Good - HJT Log Included

Started by Golfie , Mar 14 2006 09:07 PM

This topic is locked

13 replies to this topic

#1 Golfie

New Member

New Member
7 posts

Posted 14 March 2006 - 09:07 PM

I downloaded something that I knew I shouldnt have and recieved an attack.
I recieved a bunch of warnings from MS Antispyware and tried to block them, but it obviously didn't work 100%. I did an Ad-Aware scan and MS antispyware scan and tried to remove as much as I could, but I don't think I got it all.

Here is my HJT log (I have no idea what that keyboard2.exe, mousepad2.exe, and newname2.exe are :/):

Logfile of HijackThis v1.99.1
Scan saved at 9:00:35 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\keyboard2.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
c:\winnt\system32\dwdsregt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\JuStIn\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [keyboard] C:\\keyboard2.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINNT\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [{EB-BD-D6-65-ZN}] c:\winnt\system32\dwdsregt.exe CORN001
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\qpdsregp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_1_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: CSCSettings - C:\WINNT\system32\l0n40a5qed.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks in advance, I hope someone can help me.

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 15 March 2006 - 07:13 PM

Hello Golfie, Welcome to the forum.

This is what I suggest you do.

Use Add/Remove Programs and remove if listed:
NewdotNet

Please do not delete anything unless instructed to.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Even if you've already run these, make SURE they're up-to-date and run per instructions.

Make sure you have the up-to-date versions of Spybot V 1.4 and Ad-aware SE Build 1.06 . All are free and available below.

Download Spybot, install and update. Then download Ad-aware, install, and update.

Spybot:

Install the program and launch it.

Go to Start > Programs >Spybot > Search & Destroy and choose Spybot S&D

Close ALL windows except Spybot S&D
Click the button to "Search for Updates" and download and install the Updates.
Next click the button "Check for Problems"
When Spybot is complete, it will be showing "RED" (RED) entries "BLACK" entries and "GREEN" (GREEN) entries in the window
Put a check mark beside the RED (RED) entries ONLY.
Choose "Fix Selected Problems" and allow Spybot to fix the RED (RED) entries.

Ad-Aware FULL SCAN:

Install the program and launch it.

1. Launch Ad-Aware SE and run the WebUpdate feature. (Click on the Globe icon > Click connect > Click OK > Click Finish.)
2. Set up the Configurations as follows:
-- Click the Gear wheel at the top of the Ad-Aware window
-- Click General > Safety & Settings: Check (Green) all three.
-- Click Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
3. Click "Proceed"
4. Click "Scan Now"
5. Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
6. Select "Search for low-risk threats"
7. Run the scanner using the Full Scan (Perform full system scan) mode.
8. When the scan has completed, select Next.
9. In the Scanning Results window, select the "Scan Summary" tab.
10. Check the box next to each "target family" you wish to remove.
11. Click next > Click OK.

Next:

Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Also please describe how your computer behaves at the moment.

Edited by LDTate, 15 March 2006 - 07:14 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 Golfie

New Member

New Member
7 posts

Posted 15 March 2006 - 10:29 PM

I went through all the steps in your directions.

The behavior of my computer is a bit better than it was, but it is still noticeably slow with popups.
I am also recieving these two errors on startup:
RUNDLL - Error Loading C:\Progra~1\Newdot~1\NewDot~2.DLL
and
Project1 - Run time error. Path not found.

Here is my new Highjack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10:19:05 PM, on 3/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
c:\program files\mcafee.com\agent\mcupdate.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\JuStIn\hijackthis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [q8lg] "C:\WINNT\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe
O4 - HKLM\..\Run: [newname] C:\\newname2.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\qpdsregp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_1_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\dn8o01l3e.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINNT\system32\kt2ql7f51.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

End of HJT Log-

And here is the Ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:09:50 PM, 3/15/2006
+ Report-Checksum: E338F613

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup
[680] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
[792] C:\WINNT\system32\ignathlp.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr8E5D -> Adware.Look2Me : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.x : Cleaned with backup
C:\keyboard2.exe -> Downloader.VB.yn : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\163AEF2B-65CB-45F6-85E8-FA50EB\427A0080-7071-4B21-8F20-0F2B08 -> Adware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\31011410-48A0-4258-A9F5-7D9640\546E2666-D400-4991-9217-A4FF3A -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\926D4F7D-5537-4785-9D12-D53B25\4C404AD1-C8AD-4332-ACB6-0EC560 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\926D4F7D-5537-4785-9D12-D53B25\CC2F33C3-3F80-49DF-8856-7D4E7C -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D43B0868-931F-4C0D-9098-36448A\6EB41F0F-3E48-4AAF-B452-415E6C -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D43B0868-931F-4C0D-9098-36448A\7B722B4D-3D69-4984-9B1C-7E2EF9 -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\Common\ycomp5_0_2_7.dll -> Adware.Yahoo : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001298.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001309.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001310.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001314.exe -> Hijacker.VB.li : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001350.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001351.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001382.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001383.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001438.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001441.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001548.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{30F71744-7195-4A81-BC43-76AFE6B4AF0F}\RP3\A0001559.dll -> Adware.Look2Me : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINNT\memmupdater.exe -> Downloader.Small.ajm : Cleaned with backup
C:\WINNT\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINNT\system32\faotvpap7.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINNT\system32\onesvr.dll -> Adware.Look2Me : Cleaned with backup
C:\WINNT\system32\qpdsregp.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINNT\system32\w9seq.dll -> Adware.Suggestor : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\WINNT\Temp\Cookies\owner@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup

::Report End

End of Ewido log

I appreciate your help.

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 March 2006 - 03:36 PM

Please do not delete anything unless instructed to.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O4 - HKLM\..\Run: [q8lg] "C:\WINNT\system32\slk8x2peu.exe"

O4 - HKLM\..\Run: [mousepad] C:\\mousepad2.exe

O4 - HKLM\..\Run: [newname] C:\\newname2.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

O4 - Startup: Z_Start.lnk = C:\WINNT\system32\qpdsregp.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab

O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB

O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\dn8o01l3e.dll

O20 - Winlogon Notify: OptimalLayout - C:\WINNT\system32\kt2ql7f51.dll (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
C:\WINNT\system32\slk8x2peu.exe
C:\mousepad2.exe
C:\newname2.exe
C:\PROGRAM Files\NEWDOTNet\NEWDOT~2.DLL
C:\WINNT\system32\qpdsregp.exe
C:\WINNT\system32\dn8o01l3e.dll
C:\WINNT\system32\kt2ql7f51.dll

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 Golfie

New Member

New Member
7 posts

Posted 16 March 2006 - 03:51 PM

Thanks again for your reply.

I did what you said but did not find the following:

O20 - Winlogon Notify: IPConfTSP - C:\WINNT\system32\dn8o01l3e.dll

C:\PROGRAM Files\NEWDOTNet\NEWDOT~2.DLL
C:\mousepad2.exe
C:\WINNT\system32\kt2ql7f51.dll

My computer is running noticeably quicker than what it was, but still having some popups.

New HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:45:46 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\Owner\My Documents\JuStIn\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_1_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WebCheck - C:\WINNT\system32\ktl6l73s1.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 March 2006 - 04:30 PM

Please do not delete anything unless instructed to.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 Golfie

New Member

New Member
7 posts

Posted 16 March 2006 - 06:12 PM

I followed the instructions and did a scan on Spysweeper. It asked me to restart before I was able to save the log, but I think it was still there when I got back on.

Here is the Spysweeper Log:

********
4:34 PM: | Start of Session, Thursday, March 16, 2006 |
4:34 PM: Spy Sweeper started
4:34 PM: Sweep initiated using definitions version 635
4:34 PM: Starting Memory Sweep
4:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:41 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:41 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:47 PM: Memory Sweep Complete, Elapsed Time: 00:13:01
4:47 PM: Starting Registry Sweep
4:47 PM: Found Adware: ie driver
4:47 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
4:47 PM: Found Adware: limeshop
4:47 PM: HKLM\software\microsoft\windows\currentversion\uninstall\limeshop.xml\ (2 subtraces) (ID = 129725)
4:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:48 PM: Found Trojan Horse: trojan_backdoor_retro64
4:48 PM: HKCR\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f99}\ (22 subtraces) (ID = 144994)
4:48 PM: HKCR\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 144995)
4:48 PM: HKLM\software\classes\clsid\{288c5f13-7e52-4ada-a32e-f5bf9d125f99}\ (22 subtraces) (ID = 144999)
4:48 PM: HKLM\software\classes\interface\{450b9e4d-4014-4de3-b34e-014a81468293}\ (8 subtraces) (ID = 145000)
4:48 PM: HKLM\software\classes\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145003)
4:48 PM: HKCR\typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7}\ (9 subtraces) (ID = 145004)
4:48 PM: Found Adware: zenosearchassistant
4:48 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (2 subtraces) (ID = 147930)
4:48 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (2 subtraces) (ID = 147931)
4:48 PM: Found Adware: quicklink search toolbar
4:48 PM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
4:48 PM: HKCR\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180464)
4:48 PM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468)
4:48 PM: HKCR\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180472)
4:48 PM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
4:48 PM: HKLM\software\classes\fseytdc.ariaqudok.1\ (3 subtraces) (ID = 1180514)
4:48 PM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518)
4:48 PM: HKLM\software\classes\fseytdc.yvakt.1\ (3 subtraces) (ID = 1180522)
4:48 PM: Found Adware: dollarrevenue
4:48 PM: HKCR\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198901)
4:48 PM: HKLM\software\oj1vshp3a\ (3 subtraces) (ID = 1198933)
4:48 PM: HKLM\software\classes\typelib\{3a76a523-4fbc-487c-a94f-a94ea80e48ef}\ (9 subtraces) (ID = 1198962)
4:48 PM: HKLM\software\microsoft\windows\currentversion\uninstall\jgaf\ || uninstallstring (ID = 1199465)
4:48 PM: HKU\WRSS_Profile_S-1-5-21-3461519459-2692464019-557305019-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
4:48 PM: Found Adware: browseraid
4:48 PM: HKU\S-1-5-21-3461519459-2692464019-557305019-1003\software\ie config\ (17 subtraces) (ID = 105116)
4:48 PM: HKU\S-1-5-21-3461519459-2692464019-557305019-1003\software\microsoft\windows\currentversion\404updt\ (1 subtraces) (ID = 105129)
4:48 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
4:48 PM: Registry Sweep Complete, Elapsed Time:00:01:10
4:48 PM: Starting Cookie Sweep
4:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:48 PM: Starting File Sweep
4:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:54 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 PM: Found Adware: look2me
5:04 PM: mvrml9911.dll (ID = 159)
5:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: Found Adware: wild media - statblaster
5:15 PM: host.ini (ID = 77091)
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 PM: notfound.html (ID = 51930)
5:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:18 PM: cv3wanv28.exe (ID = 259982)
5:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 PM: bfrlndmm.dll (ID = 159)
5:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:19 PM: mksawrtal.amf (ID = 208796)
5:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 PM: left.html (ID = 51927)
5:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: r6r6lg9s16.dll (ID = 159)
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
5:33 PM: The Spy Communication shield has blocked access to: focusin.ads.targetnet.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:36 PM: miniclipgameloader.dll (ID = 81258)
5:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\4t47cjg3\spacer[1].gif". The system cannot find the file specified
5:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\290fyd65\menu_action_down[1].gif". The system cannot find the file specified
5:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\290fyd65\menu_item[1].gif". The system cannot find the file specified
5:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\8lu3g52r\f_norm[1].gif". The system cannot find the file specified
5:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\temporary internet files\content.ie5\290fyd65\f_closed[1].gif". The system cannot find the file specified
5:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:40 PM: msnav32.ax (ID = 220229)
5:40 PM: Found Adware: directrevenue-abetterinternet
5:40 PM: biini.inf (ID = 83199)
5:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:40 PM: Warning: Invalid Stream
5:40 PM: Warning: Invalid Stream
5:40 PM: Warning: Invalid Stream
5:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:40 PM: Warning: File not found
5:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:41 PM: Warning: Invalid Stream
5:41 PM: File Sweep Complete, Elapsed Time: 00:52:37
5:41 PM: Full Sweep has completed. Elapsed time 01:07:13
5:41 PM: Traces Found: 184
5:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
It cut me off - Ill add more on another reply

Edited by Golfie, 16 March 2006 - 06:17 PM.

#8 Golfie

New Member

New Member
7 posts

Posted 16 March 2006 - 06:18 PM

Rest of spysweeper log:

5:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:49 PM: Removal process initiated
5:49 PM: Quarantining All Traces: directrevenue-abetterinternet
5:49 PM: Quarantining All Traces: ie driver
5:49 PM: Quarantining All Traces: look2me
5:50 PM: look2me is in use. It will be removed on reboot.
5:50 PM: mvrml9911.dll is in use. It will be removed on reboot.
5:50 PM: bfrlndmm.dll is in use. It will be removed on reboot.
5:50 PM: r6r6lg9s16.dll is in use. It will be removed on reboot.
5:50 PM: Quarantining All Traces: dollarrevenue
5:50 PM: Quarantining All Traces: quicklink search toolbar
5:50 PM: Quarantining All Traces: trojan_backdoor_retro64
5:50 PM: Quarantining All Traces: browseraid
5:50 PM: Quarantining All Traces: limeshop
5:50 PM: Quarantining All Traces: wild media - statblaster
5:50 PM: Quarantining All Traces: zenosearchassistant
5:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:51 PM: Preparing to restart your computer. Please wait...
5:51 PM: Removal process completed. Elapsed time 00:01:19
6:05 PM: Deletion from quarantine initiated
6:05 PM: Processing: browseraid
6:05 PM: Processing: directrevenue-abetterinternet
6:05 PM: Processing: dollarrevenue
6:05 PM: Processing: ie driver
6:05 PM: Processing: limeshop
6:05 PM: Processing: look2me
6:05 PM: Processing: quicklink search toolbar
6:05 PM: Processing: trojan_backdoor_retro64
6:05 PM: Processing: zenosearchassistant
6:05 PM: Deletion from quarantine completed. Elapsed time 00:00:00
6:05 PM: Updating spyware definitions
6:05 PM: Your definitions are up to date.
********
4:30 PM: | Start of Session, Thursday, March 16, 2006 |
4:30 PM: Spy Sweeper started
4:31 PM: Your spyware definitions have been updated.
4:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:31 PM: Updating spyware definitions
4:31 PM: Your definitions are up to date.
4:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:34 PM: | End of Session, Thursday, March 16, 2006 |

End of spysweeper log

And here is my newest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 6:10:42 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\JuStIn\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_1_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINNT\system32\mvrml9911.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

#9 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 March 2006 - 06:21 PM

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.

You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.

Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX

Edited by LDTate, 16 March 2006 - 06:26 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#10 Golfie

New Member

New Member
7 posts

Posted 16 March 2006 - 08:49 PM

I followed all the directions and everything went well.
I did not recieve the runtime error '339' once my computer came back on.

Here is the Look2Me-Destroy.txt

Look2Me-Destroyer V1.0.11

Scanning for infected files.....
Scan started at 3/16/2006 8:24:07 PM

Infected! C:\WINNT\system32\mvrml9911.dll
Infected! C:\WINNT\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2D7ED184-D80D-484A-BEC7-E15F1D5ABCEF}"
HKCR\Clsid\{2D7ED184-D80D-484A-BEC7-E15F1D5ABCEF}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{36AF9974-01F5-4F24-81AB-A7A4A3B27A0A}"
HKCR\Clsid\{36AF9974-01F5-4F24-81AB-A7A4A3B27A0A}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7918397-DCF3-474C-A899-EAF55D1A4631}"
HKCR\Clsid\{D7918397-DCF3-474C-A899-EAF55D1A4631}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

And my new HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 8:37:54 PM, on 3/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\JuStIn\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.game...nts/y/ht1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zon...ds.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalci....1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab28578.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.co...NetOpPlugin.ocx
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.c...ebio5_1_1_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks

#11 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 16 March 2006 - 08:51 PM

Good Job

use Add/Remove Programs and remove Ewido and Spysweeper unless you want to keep them. They are only a 14 day trial versions.

Log looks good

How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#12 Golfie

New Member

New Member
7 posts

Posted 16 March 2006 - 10:22 PM

Thank you SO much for your help in this. I appreciate it a lot. If I have any extra money I will be sure to donate to TomCoyote.

I just have a few quick questions that I hope you could answer.

1. Does this sound like a good set of spyware/security programs, or is there something else I should substitute or get rid of?
Ad-Aware SE, Spybot S&D, ZoneAlarm

2. Would you recomend paying the extra bucks for an antivirus program like Norton Antivirus 2006, or stick with AVG Free?

3. And lastly, in my Add/Remove Programs, I have 3 J2SE Runtime Enviroment Updates (I think it is Java but im not sure?). Would it be okay to remove the older ones, and just keep the newest one?

Thanks again!

#13 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 March 2006 - 06:47 AM

Thank you SO much for your help in this. I appreciate it a lot. If I have any extra money I will be sure to donate to TomCoyote.

I just have a few quick questions that I hope you could answer.

1. Does this sound like a good set of spyware/security programs, or is there something else I should substitute or get rid of?
Ad-Aware SE, Spybot S&D, ZoneAlarm

2. Would you recomend paying the extra bucks for an antivirus program like Norton Antivirus 2006, or stick with AVG Free?

3. And lastly, in my Add/Remove Programs, I have 3 J2SE Runtime Enviroment Updates (I think it is Java but im not sure?). Would it be okay to remove the older ones, and just keep the newest one?

Thanks again!

1. I would add SpywareBlaster and IE Spyads
2. I use AVG myself and have had no problems.
3. You should only need the latest Java. You can remove the old ones.

Great job :thumbup:

You're more then welcome.
Glad we were able to help

Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#14 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 19 March 2006 - 09:13 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme