Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vx2.look2me?

Started by blakh , Oct 21 2005 12:09 PM

  • Please log in to reply

#1
blakh
Posted 21 October 2005 - 12:09 PM

blakh

    Member

  • Member
  • PipPip
  • 21 posts
i think i have vx2.look2me or cws-look2me, i have had trouble trying to remove it, no matter what i try it just wont go away, and for a while i thought i got it, but i am still getting the popups and other things, but my virus scanner (mcafee) and adaware se (1.06r1 pro) dont see it anymore, i also have ewido, vundofix if that helps...

log?.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:58 AM, on 10/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Trillian\trillian.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Product Registration.lnk = C:\My Shared Folder\Sid_Meiers_Pirates\CD1\CD1 EXTRACTED\ATR1.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Downloads\farcry\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Downloads\farcry\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\ennul1591.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

i hope thats right, if not ill try again.

Edited by blakh, 21 October 2005 - 05:24 PM.

  • 0

Advertisements

#2
didom
Posted 22 October 2005 - 06:06 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#3
blakh
Posted 22 October 2005 - 10:29 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
there you go
********
8:32 PM: | Start of Session, Saturday, October 22, 2005 |
8:32 PM: Spy Sweeper started
8:32 PM: Sweep initiated using definitions version 560
8:32 PM: Starting Memory Sweep
8:32 PM: Found Adware: icannnews
8:32 PM: Detected running threat: C:\WINDOWS\system32\guard.tmp (ID = 83)
8:33 PM: Detected running threat: C:\WINDOWS\system32\ennul1591.dll (ID = 83)
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: Detected running threat: C:\WINDOWS\system32\hfcoin.dll (ID = 83)
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: Memory Sweep Complete, Elapsed Time: 00:06:21
8:38 PM: Starting Registry Sweep
8:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:39 PM: Found Adware: targetsaver
8:39 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: Found Adware: quicklink search toolbar
8:40 PM: HKCR\qlink.qlfilter\ (3 subtraces) (ID = 890588)
8:40 PM: HKCR\qlink.qlfilter.1\ (3 subtraces) (ID = 890592)
8:40 PM: HKCR\qlink.qlhelper\ (3 subtraces) (ID = 890596)
8:40 PM: HKCR\qlink.qlhelper.1\ (3 subtraces) (ID = 890600)
8:40 PM: HKCR\clsid\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (8 subtraces) (ID = 890604)
8:40 PM: HKCR\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\ (10 subtraces) (ID = 890613)
8:40 PM: HKCR\typelib\{090712ed-1622-4227-94d3-f573a9c2577f}\ (9 subtraces) (ID = 890624)
8:40 PM: HKLM\software\classes\qlink.qlfilter\ (3 subtraces) (ID = 890661)
8:40 PM: HKLM\software\classes\qlink.qlfilter.1\ (3 subtraces) (ID = 890665)
8:40 PM: HKLM\software\classes\qlink.qlhelper\ (3 subtraces) (ID = 890669)
8:40 PM: HKLM\software\classes\qlink.qlhelper.1\ (3 subtraces) (ID = 890673)
8:40 PM: HKLM\software\classes\clsid\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (8 subtraces) (ID = 890677)
8:40 PM: HKLM\software\classes\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\ (10 subtraces) (ID = 890686)
8:40 PM: Found Adware: instant access
8:40 PM: HKLM\software\classes\clsid\{e225ab73-4d7e-45f7-9425-47d2f7c7a8ab}\progid\ (1 subtraces) (ID = 890691)
8:40 PM: HKLM\software\classes\typelib\{090712ed-1622-4227-94d3-f573a9c2577f}\ (9 subtraces) (ID = 890697)
8:40 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)
8:40 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser qlhelper objects\{aa3c0ffe-758e-4c41-b1b9-2d711915a938}\ (ID = 909564)
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:41 PM: HKU\S-1-5-21-2052111302-1957994488-854245398-1004\software\tsl2\ (1 subtraces) (ID = 143616)
8:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: Registry Sweep Complete, Elapsed Time:00:03:06
8:42 PM: Starting Cookie Sweep
8:42 PM: Found Spy Cookie: 888 cookie
8:42 PM: anwar@888[1].txt (ID = 2019)
8:42 PM: Found Spy Cookie: websponsors cookie
8:42 PM: [email protected][2].txt (ID = 3665)
8:42 PM: Found Spy Cookie: yieldmanager cookie
8:42 PM: [email protected][2].txt (ID = 3751)
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: Found Spy Cookie: hbmediapro cookie
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: [email protected][2].txt (ID = 2768)
8:42 PM: Found Spy Cookie: hotbar cookie
8:42 PM: [email protected][2].txt (ID = 4207)
8:42 PM: Found Spy Cookie: cc214142 cookie
8:42 PM: [email protected][2].txt (ID = 2367)
8:42 PM: Found Spy Cookie: ask cookie
8:42 PM: anwar@ask[1].txt (ID = 2245)
8:42 PM: Found Spy Cookie: atwola cookie
8:42 PM: anwar@atwola[1].txt (ID = 2255)
8:42 PM: Found Spy Cookie: azjmp cookie
8:42 PM: anwar@azjmp[2].txt (ID = 2270)
8:42 PM: Found Spy Cookie: belnk cookie
8:42 PM: anwar@belnk[1].txt (ID = 2292)
8:42 PM: [email protected][2].txt (ID = 2293)
8:42 PM: Found Spy Cookie: exitexchange cookie
8:42 PM: anwar@exitexchange[1].txt (ID = 2633)
8:42 PM: Found Spy Cookie: clickandtrack cookie
8:42 PM: [email protected][1].txt (ID = 2397)
8:42 PM: Found Spy Cookie: partypoker cookie
8:42 PM: anwar@partypoker[2].txt (ID = 3111)
8:42 PM: Found Spy Cookie: rednova cookie
8:42 PM: anwar@rednova[1].txt (ID = 3245)
8:42 PM: Found Spy Cookie: rn11 cookie
8:42 PM: anwar@rn11[2].txt (ID = 3261)
8:42 PM: Found Spy Cookie: shop@home cookie
8:42 PM: anwar@shopathomeselect[2].txt (ID = 3367)
8:42 PM: Found Spy Cookie: yadro cookie
8:42 PM: anwar@yadro[2].txt (ID = 3743)
8:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
8:42 PM: Starting File Sweep
8:42 PM: c:\program files\quicklinks (2 subtraces) (ID = -2147468660)
8:42 PM: glf25glf25.exe (ID = 166444)
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: Found Adware: apropos
8:51 PM: wingenerics.dll (ID = 50187)
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: Found Trojan Horse: trojan-downloader-nextern
8:55 PM: drin.exe (ID = 168231)
8:55 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:55 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:55 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:55 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: qllib.dll (ID = 168233)
8:56 PM: qlutility.exe (ID = 168232)
8:56 PM: uninst.exe (ID = 73428)
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:56 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:56 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:56 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:58 PM: 113_dollarrevenue_4_0_3_9.exe (ID = 166444)
8:58 PM: contextplus.exe (ID = 168722)
8:58 PM: kwrrc.dll (ID = 78253)
8:58 PM: f7f20.tmp (ID = 168162)
8:59 PM: vocabulary (ID = 78283)
8:59 PM: class-barrel (ID = 78229)
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:59 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: media.fastclick.net
8:59 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:59 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
8:59 PM: Found System Monitor: personal inspector
8:59 PM: personal-inspector.zip (ID = 140623)
9:00 PM: File Sweep Complete, Elapsed Time: 00:17:54
9:00 PM: Full Sweep has completed. Elapsed time 00:27:45
9:00 PM: Traces Found: 140
9:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:02 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:02 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:02 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:02 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:02 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
9:02 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
9:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:03 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
9:03 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
9:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:05 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:05 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:05 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:10 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:11 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:11 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:11 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:11 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:15 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:15 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:15 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:22 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:22 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:22 PM: The Spy Communication shield has blocked access to: media.fastclick.net
9:22 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
9:22 PM: The Spy Communication shield has blocked access to: as.casalemedia.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: Removal process initiated
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:24 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
9:24 PM: The Spy Communication shield has blocked access to: servedby.advertising.com
9:24 PM: Quarantining All Traces: personal inspector
9:24 PM: Quarantining All Traces: apropos
9:24 PM: apropos is in use. It will be removed on reboot.
9:24 PM: wingenerics.dll is in use. It will be removed on reboot.
9:24 PM: Quarantining All Traces: icannnews
9:24 PM: icannnews is in use. It will be removed on reboot.
9:24 PM: C:\WINDOWS\system32\guard.tmp is in use. It will be removed on reboot.
9:24 PM: C:\WINDOWS\system32\ennul1591.dll is in use. It will be removed on reboot.
9:24 PM: C:\WINDOWS\system32\hfcoin.dll is in use. It will be removed on reboot.
9:24 PM: Quarantining All Traces: instant access
9:24 PM: Quarantining All Traces: quicklink search toolbar
9:24 PM: Quarantining All Traces: targetsaver
9:24 PM: Quarantining All Traces: trojan-downloader-nextern
9:24 PM: Quarantining All Traces: 888 cookie
9:24 PM: Quarantining All Traces: ask cookie
9:24 PM: Quarantining All Traces: atwola cookie
9:24 PM: Quarantining All Traces: azjmp cookie
9:24 PM: Quarantining All Traces: belnk cookie
9:24 PM: Quarantining All Traces: cc214142 cookie
9:24 PM: Quarantining All Traces: clickandtrack cookie
9:24 PM: Quarantining All Traces: exitexchange cookie
9:24 PM: Quarantining All Traces: hbmediapro cookie
9:24 PM: Quarantining All Traces: hotbar cookie
9:24 PM: Quarantining All Traces: partypoker cookie
9:24 PM: Quarantining All Traces: rednova cookie
9:24 PM: Quarantining All Traces: rn11 cookie
9:24 PM: Quarantining All Traces: shop@home cookie
9:24 PM: Quarantining All Traces: websponsors cookie
9:24 PM: Quarantining All Traces: yadro cookie
9:24 PM: Quarantining All Traces: yieldmanager cookie
9:25 PM: Removal process completed. Elapsed time 00:01:29
********
8:31 PM: | Start of Session, Saturday, October 22, 2005 |
8:31 PM: Spy Sweeper started
8:31 PM: Messenger service has been disabled.
8:32 PM: Your spyware definitions have been updated.
8:32 PM: | End of Session, Saturday, October 22, 2005 |


thanks alot.
  • 0

#4
didom
Posted 23 October 2005 - 04:45 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#5
blakh
Posted 23 October 2005 - 07:54 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
panda scan results:

Incident Status Location

Adware:Adware/Look2Me No disinfected C:\!Submit\guard.tmp
Adware:Adware/Look2Me No disinfected C:\!Submit\j00s0ad7ed0.dll
Adware:Adware/Look2Me No disinfected C:\!Submit\kodsf.dll
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Documents and Settings\Anwar\Local Settings\Temporary Internet Files\Content.IE5\8F8R4BEJ\pivotal_5[2].htm
Adware:Adware/Exact.BargainBuddyNo disinfected C:\Documents and Settings\Anwar\Local Settings\Temporary Internet Files\Content.IE5\OHE5MJCL\CAN54VYR.HTM
Possible Virus. No disinfected C:\Program Files\WHidePro\whpro.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\en2sl1f71.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\system32\irn2l55o1.dll
Security Risk:Application/RestartNo disinfected C:\WINDOWS\system32\Tools\Restart.exe

Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 6:52:34 PM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Trillian\trillian.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Product Registration.lnk = C:\My Shared Folder\Sid_Meiers_Pirates\CD1\CD1 EXTRACTED\ATR1.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Downloads\farcry\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Downloads\farcry\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

there you go.
  • 0

#6
didom
Posted 24 October 2005 - 10:41 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download CCleaner and install it.

While still in safe mode Start Ccleaner. click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right).

--------------------------------

Please download the Killbox.
Please do NOT run it yet.
  • Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.
  • Once in Safe Mode, please run Killbox.
  • Select "Delete on Reboot".
  • Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

    C:\WINDOWS\system32\en2sl1f71.dll
    C:\WINDOWS\system32\irn2l55o1.dll
    C:\WINDOWS\system32\Tools\Restart.exe

  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

  • Let the system reboot.
Find and delete these folders :
C:\!Killbox <= this folder
C:\!Submit <= this folder

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#7
blakh
Posted 24 October 2005 - 03:48 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Incident Status Location

Possible Virus. No disinfected C:\Program Files\WHidePro\whpro.exe


(this is a program called Windows Hider Pro)


Logfile of HijackThis v1.99.1
Scan saved at 2:48:19 PM, on 10/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Product Registration.lnk = C:\My Shared Folder\Sid_Meiers_Pirates\CD1\CD1 EXTRACTED\ATR1.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Downloads\farcry\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Downloads\farcry\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
  • 0

#8
didom
Posted 25 October 2005 - 09:45 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Scan again with HijackThis and check the following items:
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
After checking these items, close all browser windows except HijackThis and click "Fix checked".

Then reboot your computer and post a fresh HJT log.

Also tell me how your computer is running.
  • 0

#9
blakh
Posted 25 October 2005 - 02:10 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:01:50 PM, on 10/25/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Product Registration.lnk = C:\My Shared Folder\Sid_Meiers_Pirates\CD1\CD1 EXTRACTED\ATR1.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with GetRight - C:\Downloads\farcry\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Downloads\farcry\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - e:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

well everything seems to be running good i think i might be running alittle slow in games but i might just be imagining it, also i did notice something odd, EVERYTHING on my computer read only, and i cant change it.
  • 0

#10
didom
Posted 25 October 2005 - 02:43 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
OK, your log looks clean :tazz:

Try this for the read only issue: http://www.kellys-ko..._edits/croa.zip

And tell me if it works.
  • 0

#11
blakh
Posted 25 October 2005 - 03:31 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
nope didnt work :tazz:

thanks for the help getting rid of the other stuff i usually can handle it myself but i was stuck pretty good there!
  • 0

#12
blakh
Posted 25 October 2005 - 03:32 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
sorry

Edited by blakh, 25 October 2005 - 03:42 PM.

  • 0

#13
blakh
Posted 25 October 2005 - 03:32 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
repost

Edited by blakh, 25 October 2005 - 03:41 PM.

  • 0

#14
blakh
Posted 25 October 2005 - 03:37 PM

blakh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
my comp didnt show i posted.

Edited by blakh, 25 October 2005 - 03:40 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP