Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with popups [RESOLVED]

Started by St3vi3 , Nov 10 2005 11:56 AM

  • This topic is locked This topic is locked

#1
St3vi3
Posted 10 November 2005 - 11:56 AM

St3vi3

    Member

  • Member
  • PipPip
  • 35 posts
Hi there,

I was recently trying to help my friend with a problem on his computer. I downloaded something I thought would be the answer. I scanned it, nothing came up, but when I opened the program ever since I have been having trouble with popups. They can range from internet explorer windows using links like: http://oas-central.r.../cache_bust@x04 and Dell PC adverts, to animated popups with tiny little 'Close' buttons on them. These are things like medicinal advertisements through animated hotdogs (of all things) to spyware protection. I've closed them all with the said button as I thought that would be the safest way.

With regards to trying to get rid of them, I've ran CleanUp, enabled all startup processes and scanned with AdAware, Spybot (last night though rather than today), CWShredder, and Ewido. They've all detected things, but they don't seem to have latched on to these annoying popups.

I have logs for Ewido and HiJack This here, starting with the Ewido one:

+ Created on: 17:25:18, 10/11/2005
+ Report-Checksum: 6EBB3028

+ Scan result:

[1064] C:\windows\system32\kedsf.dll -> Spyware.Look2Me : Error during cleaning
[1624] C:\windows\system32\kedsf.dll -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\system32\spool\drivers\smres.exe -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00003.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00005.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00007.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00010.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00013.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00015.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00017.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\spool\PRINTERS\00019.SPL -> Backdoor.Agobot.afz : Cleaned with backup
C:\WINDOWS\system32\dgmap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wlnnls.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\nqwddi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wxadmoe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jtl2073oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\d80m0id1e80.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\t08ulal91dq.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hr8805lue.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jtjo0713e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp84l3lq1.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o0lula391d.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\s4pu0e79eh.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\o6ro0g93e6.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir6sl5j71.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dn0001dme.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir4ql5h51.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\q8rq0i95e8.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\f40oled31h0.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fpr2039oe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p4p6le7s1h.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h00qlad51d0.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r06ulaj91do.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\k4080edueh080.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\k4jsle171h.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h24mlch11f4.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Steve\Desktop\Misc\Windows_XP_Keygen_Key_Change_www[1].crack.cd_.zip/ciw.exe -> TrojanDownloader.INService : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0868309.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0868311.exe -> Trojan.Crypt.t : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0868312.exe -> Spyware.SmartLoad : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0868314.exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872299.exe -> TrojanDownloader.VB.nh : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872300.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872301.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872304.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872305.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872306.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872307.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872308.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872309.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872310.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP734\A0872311.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP735\A0879304.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0880303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0881303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0882303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0883302.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0884303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0885303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0886303.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0887306.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0887314.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0887351.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0887359.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0887360.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0888355.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0889355.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP737\A0890355.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP738\A0891355.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP738\A0891376.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP738\A0891387.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP738\A0891397.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{4EC18275-729E-40A4-A840-44FD66416249}\RP738\A0892401.dll -> Spyware.Look2Me : Cleaned with backup


::Report End

------------------------------------------------------------------------------------------------------------------

Here is the HiJack This! Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:43:32, on 10/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\devldr32.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-gb\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-gb\bin\WindowsSearchIndexer.exe
C:\windows\System32\wuauclt.exe
C:\windows\system32\rundll32.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-gb\bin\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-gb\msntabres.dll/229?9a7161f43524bdf86348d5129e46378
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1110\en-gb\msntabres.dll/230?9a7161f43524bdf86348d5129e46378
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steve\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: msnim - 0 - (no file)
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mv02l9do1.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe

---------------------------------------------------------------------------------

Thank you very much for taking the time to read through this! As a point of mention, I've been using only Windows Service Pack 1, as whenever I upgrade to 2 it seems to disable all sound. I'm not sure whether this is due to any malware?

Thanks very much again for your time,

Steve
  • 0

Advertisements

#2
OwNt
Posted 11 November 2005 - 01:48 AM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, St3vi3.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
  • 0

#3
St3vi3
Posted 11 November 2005 - 05:08 AM

St3vi3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thanks very much for your reply, here is the log:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\mv02l9do1.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{A671BB7A-EE64-9A53-3C2C-A8B2FAB14A6E}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{472083B0-C522-11CF-8763-00608CC02F24}"="avast"
"{10020E84-840F-474A-9B5C-B043F0EBFC65}"="iRivEncShlExt extension"
"{B327765E-D724-4347-8B16-78AE18552FC3}"="NeroDigitalIconHandler"
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}"="NeroDigitalPropSheetHandler"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{516EC4D3-4AD9-11D5-AA6A-00E0189008B3}"="The Core Media Player Shell Extension"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{13E7F612-F261-4391-BEA2-39DF4F3FA311}"="Windows Desktop Search"
"{97090E2F-3062-4459-855B-014F0D3CDBB1}"="MSN Deskbar"
"{B9C07170-082A-4C7B-891C-D6EAB8E81939}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D426CFD0-87FC-4906-98D9-A23F5D515D61}]
@="MSN Desktop Search Outlook Express ISearchFolder Class"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B9C07170-082A-4C7B-891C-D6EAB8E81939}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9C07170-082A-4C7B-891C-D6EAB8E81939}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9C07170-082A-4C7B-891C-D6EAB8E81939}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B9C07170-082A-4C7B-891C-D6EAB8E81939}\InprocServer32]
@="C:\\windows\\system32\\iCsnap.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
sintf16.dll Wed 19 Oct 2005 0:52:38 A.... 12,067 11.78 K
sintf32.dll Wed 19 Oct 2005 0:52:38 A.... 17,212 16.81 K
sintfnt.dll Wed 19 Oct 2005 0:52:38 A.... 21,840 21.33 K
nvcpl.dll Mon 10 Oct 2005 21:49:00 A.... 7,286,784 6.95 M
nview.dll Mon 10 Oct 2005 21:49:00 A.... 1,466,368 1.40 M
nvshell.dll Mon 10 Oct 2005 21:49:00 A.... 466,944 456.00 K
nvmctray.dll Mon 10 Oct 2005 21:49:00 A.... 86,016 84.00 K
nvnt4cpl.dll Mon 10 Oct 2005 21:49:00 A.... 286,720 280.00 K
nvmccs.dll Mon 10 Oct 2005 21:49:00 A.... 229,376 224.00 K
nv4_disp.dll Mon 10 Oct 2005 21:49:00 A.... 3,921,024 3.74 M
nvwdmcpl.dll Mon 10 Oct 2005 21:49:00 A.... 1,662,976 1.59 M
nvwimg.dll Mon 10 Oct 2005 21:49:00 A.... 1,019,904 996.00 K
nvmccsrs.dll Mon 10 Oct 2005 21:49:00 A.... 45,056 44.00 K
sirenacm.dll Wed 12 Oct 2005 17:11:06 A.... 118,784 116.00 K
mvjml9~1.dll Fri 11 Nov 2005 10:54:54 ..S.R 233,807 228.32 K
k608lg~1.dll Thu 10 Nov 2005 17:39:26 ..S.R 234,151 228.66 K
icsnap.dll Fri 11 Nov 2005 10:54:54 ..S.R 236,576 231.03 K
nvapi.dll Mon 10 Oct 2005 21:49:00 A.... 45,056 44.00 K
cmdlin~1.dll Mon 24 Oct 2005 16:14:02 A.... 43,520 42.50 K
nvwddi.dll Mon 10 Oct 2005 21:49:00 A.... 81,920 80.00 K
nvhwvid.dll Mon 10 Oct 2005 21:49:00 A.... 573,440 560.00 K
nvoglnt.dll Mon 10 Oct 2005 21:49:00 A.... 5,378,048 5.13 M
nvcod.dll Mon 10 Oct 2005 21:49:00 A.... 34,304 33.50 K
nvcodins.dll Mon 10 Oct 2005 21:49:00 A.... 34,304 33.50 K
nddctsrv.dll Tue 1 Nov 2005 0:14:08 A.... 45,056 44.00 K
mv02l9~1.dll Thu 10 Nov 2005 15:15:50 ..S.R 236,576 231.03 K
jt2207~1.dll Thu 10 Nov 2005 15:20:24 ..S.R 236,576 231.03 K

27 items found: 27 files (5 H/S), 0 directories.
Total of file sizes: 24,054,405 bytes 22.94 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is ENTITY
Volume Serial Number is 256A-19EC

Directory of C:\windows\System32

11/11/2005 10:54 236,576 iCsnap.dll
11/11/2005 10:54 233,807 mvjml9111.dll
10/11/2005 17:39 234,151 k608lgdu1608.dll
10/11/2005 15:20 236,576 jt2207foe.dll
10/11/2005 15:15 236,576 mv02l9do1.dll
16/03/2005 20:54 120,766,464 temppf(2).sys
16/02/2004 23:06 <DIR> Microsoft
16/02/2004 18:29 <DIR> dllcache
6 File(s) 121,944,150 bytes
2 Dir(s) 5,434,490,880 bytes free
  • 0

#4
OwNt
Posted 11 November 2005 - 10:13 AM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, St3vi3.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Also, post back a fresh Hijackthis log.
  • 0

#5
St3vi3
Posted 11 November 2005 - 11:37 AM

St3vi3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thanks for your reply, OwNt.

Here is the Spy Sweeper log: (it's very big)

********
16:23: | Start of Session, 11 November 2005 |
16:23: Spy Sweeper started
16:23: Sweep initiated using definitions version 571
16:24: Starting Memory Sweep
16:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:25: Found Adware: icannnews
16:25: Detected running threat: C:\WINDOWS\system32\mv02l9do1.dll (ID = 83)
16:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:27: Detected running threat: C:\WINDOWS\system32\iCsnap.dll (ID = 83)
16:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:29: Memory Sweep Complete, Elapsed Time: 00:05:39
16:29: Starting Registry Sweep
16:29: Found Adware: blazefind
16:29: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (4 subtraces) (ID = 104552)
16:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:30: Found Adware: searchbar toolbar
16:30: HKCR\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}\ (9 subtraces) (ID = 140791)
16:30: HKCR\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}\ (7 subtraces) (ID = 140792)
16:30: HKLM\software\classes\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}\ (9 subtraces) (ID = 140796)
16:30: HKLM\software\classes\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}\ (7 subtraces) (ID = 140797)
16:30: Found Adware: webrebates
16:30: HKCR\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (12 subtraces) (ID = 146292)
16:30: HKLM\software\classes\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (12 subtraces) (ID = 146294)
16:31: Found Adware: internetoptimizer
16:31: HKU\WRSS_Profile_S-1-5-21-1659004503-839522115-1957994488-500\software\avenue media\ (ID = 128887)
16:31: Found Adware: cydoor
16:31: HKU\WRSS_Profile_S-1-5-21-1659004503-839522115-1957994488-500\software\cydoor\ (2 subtraces) (ID = 639126)
16:31: HKU\S-1-5-21-1659004503-839522115-1957994488-1004\software\e-ventures n.v.\ (ID = 140801)
16:31: Found Adware: targetsaver
16:31: HKU\S-1-5-21-1659004503-839522115-1957994488-1004\software\tsl2\ (1 subtraces) (ID = 143616)
16:31: Registry Sweep Complete, Elapsed Time:00:01:31
16:31: Starting Cookie Sweep
16:31: Found Spy Cookie: realmedia cookie
16:31: steve@realmedia[1].txt (ID = 3235)
16:31: Found Spy Cookie: clickbank cookie
16:31: steve@clickbank[1].txt (ID = 2398)
16:31: Found Spy Cookie: go.com cookie
16:31: [email protected][1].txt (ID = 2729)
16:31: Found Spy Cookie: adtech cookie
16:31: steve@adtech[2].txt (ID = 2155)
16:31: Found Spy Cookie: questionmarket cookie
16:31: steve@questionmarket[1].txt (ID = 3217)
16:31: Found Spy Cookie: imlive.com cookie
16:31: steve@imlive[1].txt (ID = 2843)
16:31: Found Spy Cookie: yadro cookie
16:31: steve@yadro[1].txt (ID = 3743)
16:31: Found Spy Cookie: kinghost cookie
16:31: steve@kinghost[1].txt (ID = 2903)
16:31: Found Spy Cookie: xxxcounter cookie
16:31: steve@xxxcounter[1].txt (ID = 3733)
16:31: Found Spy Cookie: adknowledge cookie
16:31: steve@adknowledge[1].txt (ID = 2072)
16:31: Found Spy Cookie: rn11 cookie
16:31: steve@rn11[2].txt (ID = 3261)
16:31: Found Spy Cookie: adserver cookie
16:31: [email protected][1].txt (ID = 2142)
16:31: Found Spy Cookie: tribalfusion cookie
16:31: steve@tribalfusion[2].txt (ID = 3589)
16:31: Found Spy Cookie: casalemedia cookie
16:31: steve@casalemedia[2].txt (ID = 2354)
16:31: Found Spy Cookie: trafficmp cookie
16:31: steve@trafficmp[2].txt (ID = 3581)
16:31: Found Spy Cookie: burstnet cookie
16:31: steve@burstnet[2].txt (ID = 2336)
16:31: Found Spy Cookie: fastclick cookie
16:31: steve@fastclick[1].txt (ID = 2651)
16:31: [email protected][1].txt (ID = 2729)
16:31: steve@go[2].txt (ID = 2728)
16:31: Found Spy Cookie: serving-sys cookie
16:31: steve@serving-sys[2].txt (ID = 3343)
16:31: Found Spy Cookie: pointroll cookie
16:31: [email protected][1].txt (ID = 3148)
16:31: Found Spy Cookie: reliablestats cookie
16:31: [email protected][1].txt (ID = 3254)
16:31: Found Spy Cookie: maxserving cookie
16:31: steve@maxserving[2].txt (ID = 2966)
16:31: Found Spy Cookie: yieldmanager cookie
16:31: [email protected][2].txt (ID = 3751)
16:31: Cookie Sweep Complete, Elapsed Time: 00:00:01
16:31: Starting File Sweep
16:31: Warning: Failed to open file "c:\pagefile.sys". Access is denied
16:31: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
16:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:34: Warning: Failed to open file "c:\windows\system32\mvjml9111.dll". The process cannot access the file because it is being used by another process
16:34: Warning: Failed to open file "c:\windows\system32\icsnap.dll". The process cannot access the file because it is being used by another process
16:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:34: imgconv.dll (ID = 83909)
16:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:35: Warning: Failed to open file "c:\windows\system32\mv02l9do1.dll". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
16:35: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
16:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:41: Found Adware: twain-tech
16:41: mxtini.inf (ID = 81846)
16:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:43: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{ff092871-97c2-4ef0-83bf-5b62506f2002}.bin". The process cannot access the file because it is being used by another process
16:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:44: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:48: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6c8dac61-828f-4620-8554-ca881738986c.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6fd79260-5496-4fa0-9568-41c1ec58a092.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc305fc29-53ab-4731-a480-80a3276aa759.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbe34a8a7-6dd4-475d-8488-cdfe483c28ea.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf0411959-8c89-431c-9cca-d10d02f360b3.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbd0dbb8e-acea-4ce3-b71d-d90671263a38.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77ac2bec-174a-4275-bf78-d11026b6d182.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3b38e73d-11e9-4e68-b094-409ecb02bc7d.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd5d34bd-9332-4958-bb85-383a14236198.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs262a0e00-24aa-4f95-84a2-c501049483f8.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1c9030a-0295-44df-8c4a-b1f336ad6236.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs766f35bb-76a2-45ae-b6f0-88970563a364.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6696f0e9-6a61-4611-ac8c-e6afa81ce244.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs33ca8852-e5c0-4cf4-befe-00b87ac02021.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs389b0284-1206-4979-9848-051722920057.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscb79050a-4c0a-4701-8f42-ae9484024899.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs47de95ea-b222-446f-9f8f-cb645cc81e44.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbca15a5c-110e-4390-b33d-20b4ead90d63.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf048e48f-54f9-48d1-9239-16562393d827.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs19344f1a-0025-462f-9d9e-48f5e1e74b3a.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs71f6ee8d-abfd-42f0-a43b-d8efc218ced6.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1ed92361-2127-4544-8728-ede596227f73.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4f9c5eb0-c628-4ce1-98db-6d9d31ed435e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscc28778b-7838-4453-af66-b9d73c7b6a73.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf59cd7eb-5777-4803-9447-5f3b31d226ba.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbf541fa4-7069-4b59-9db2-3b32247cb3be.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3eda9be-3a2d-4161-af67-6edfcd4ced41.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs74397ca0-b14d-4439-a5dd-5f78df95c11b.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdfd6e0df-13f2-4608-8350-ebc88882201e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs83fb1051-4344-4007-b3a5-2217caed0f35.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb78498be-713c-4099-8d12-149120649199.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsac70d9f3-eaf7-41b8-96d8-98d448cce718.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2768cf7-2659-4c2c-919c-1500e32e6b35.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd45c461e-1a23-4110-a570-211a0e90c807.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1bd3533-823d-4069-a6e7-abaffc3f2ce6.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs027bf50d-303e-4a5f-bdde-4d237c458702.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs343ff68d-3553-414a-a9e0-c97a60d123ce.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa5fb18a3-ae9f-44a8-b546-250434143cd0.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd177f113-5d24-4f65-b71e-0293593d728b.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b1222ab-a3b7-4993-96e5-c3cbf8a60aee.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5cf7302c-a22d-4b50-8360-d087884e2d9b.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse9754e72-02cd-4aa9-9c30-7be388f5428b.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0276760e-2abf-4d58-bae9-de905908ff7f.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf24589a-1881-4c6d-9f9e-d09dc690285b.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs328fad03-9807-4d9f-87c3-74ef2ffce435.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs42aeb799-6fc5-4956-8d12-be8bb84f15c2.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1d1ef39-c669-42c8-8e24-214dde5ab21e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c27c318-b75a-4cb5-b5df-a1c58788b959.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs068d6b9d-8b5a-4f31-b85f-6c638051427e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseb4ccd24-d6a6-4313-96db-befa4c933359.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1325674d-0ed0-45ce-8a0d-94dab6f66d7d.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdac81c63-3d1c-4c33-b1c3-2ffe39a67485.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb0f981c6-e7f0-464d-a3a5-84cc32961aac.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseeb15e5f-6812-4758-9ead-7a79a3eb203e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef5c0899-e73e-44d2-8172-28a0e5b0a983.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91ea9575-02d9-45df-81d2-e84da5589195.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e10b163-410b-49fc-a7d2-4ed32fb1cd19.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e4756aa-cf1c-4d0a-8bec-4232a8033ee7.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs99f3ff8d-338e-4aad-b10c-a5a3b5a6c566.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6c27435e-994d-4bd5-872f-254a5f76b1dd.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf9c484cd-d40b-48a6-bf17-fe4ae614aefd.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6ce41f97-a8c9-446b-b406-8807c4c64344.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c1f3dd3-8963-4316-aca0-2f7309464746.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5772c563-51c8-4a98-b60b-ae53d40d83b6.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13036484-11f1-4ab8-9214-a27258a6817f.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8571a67d-466c-4893-ad1b-91269d93a254.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse02a8865-c7b2-415f-bd06-6a8a71dc9666.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2786483f-d502-468f-bb67-c862bfb86c48.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b5411a7-6d82-46b0-9113-5b729515a7ad.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5d174ac-8c3f-486b-81fd-380587b065a3.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6b14827-18ef-49fd-ad90-6152a44ab6bc.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs505524f7-b1bb-4519-968c-e3c196819ca9.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc4ae3996-3e00-45a5-b4d9-b7f297132794.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs11f5dda8-22b5-45c7-8ed8-85254a7e9ab7.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdb073d4d-ade0-4032-a328-d199c650745b.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4de76689-dcde-41cb-8faf-f221496ba182.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77825342-d22d-494c-832a-1f3beffc6542.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs566e0c3d-9317-424f-92fa-532d818af0c3.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b049b7c-393c-457a-823f-26318f123e5e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1005e308-6150-45d1-a369-12f77db703f3.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3c3d1529-778f-4671-870f-a1a8ecdd468e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6e33f6b2-9553-4fd5-bbe3-170522141ca1.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs771ffa80-6b07-4d4b-976a-83569ebecf8c.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs161b53ac-b4b0-4731-863c-e9792456d1d2.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81ad77e5-f7cd-4313-8985-6e6b858444fb.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9667a73d-fe5f-436b-943b-23d96cdeb65c.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2f7f2295-ffc2-431c-98f0-8cd882adde5c.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdd894007-de42-49b4-ae2d-4fc6cb0055e0.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc254194a-d9a9-4ec1-a214-df0e382d6a24.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13f51e81-9045-4d0c-ae00-63c0d880399f.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e51846b-ae1c-467e-b28c-58e8ffda98b8.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs20e6572c-14f6-4eac-b73c-bc45f1b7640e.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse866580c-58db-424b-9c84-d8bd55bd9465.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ba28177-861d-46a1-9759-b1003e9764c8.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e583452-3be6-4920-b2fa-bb2116ec3923.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs10c218a8-5f45-4ddf-8db3-fed6bcbf6417.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc93bfaf0-707f-492e-b5b7-13475811d2a2.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc99d3d08-2c2e-41d7-829b-eb554b973b3f.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb51c70fa-cc1b-4671-adb7-3e6a531cb026.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1f63a263-88c7-474d-bbe5-5a74d3c79d12.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd977c863-815f-49ac-b31d-b9ab04bd7189.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6a03ad7-0204-4580-b484-0e0e804d1b1a.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6cc4b214-2fa7-4c76-a14c-e4151c72d47f.tmp". The process cannot access the file because it is being used by another process
16:48: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs748b3c00-6858-4296-9869-24dce44eff6a.tmp". The process cannot access the file because it is being used by another process
16:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:50: Warning: Failed to open file "c:\documents and settings\steve\ntuser.dat.log". The process cannot access the file because it is being used by another process
16:50: Warning: Failed to open file "c:\documents and settings\steve\ntuser.dat". The process cannot access the file because it is being used by another process
16:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\desktop search\applications\rsapp\properties\rsapp.edb". The process cannot access the file because it is being used by another process
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\desktop search\applications\rsapp\properties\tmp.edb". The process cannot access the file because it is being used by another process
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\desktop search\applications\rsapp\properties\mss.log". The process cannot access the file because it is being used by another process
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\desktop search\applications\rsapp\properties\msstmp.log". The process cannot access the file because it is being used by another process
16:51: Warning: Failed to open file "c:\documents and settings\steve\local settings\application data\microsoft\desktop search\temp\rssgthrsvc\perflib_perfdata_400.dat". The process cannot access the file because it is being used by another process
16:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:02: The
  • 0

#6
St3vi3
Posted 11 November 2005 - 11:41 AM

St3vi3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Oops! Seems I reached the limit. Here's the rest of the log:

17:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:06: Found Adware: 180search assistant/zango
17:06: 57447a90-c6fd-4292-a743-ab2e23 (ID = 70624)
17:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:08: Found Adware: effective-i toolbar
17:08: a0868305.lnk (ID = 59855)
17:08: a0868306.lnk (ID = 59838)
17:08: a0868310.exe (ID = 166444)
17:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:09: Found Adware: look2me
17:09: a0892445.exe (ID = 65722)
17:10: Warning: Invalid Stream
17:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:12: File Sweep Complete, Elapsed Time: 00:41:23
17:12: Full Sweep has completed. Elapsed time 00:48:48
17:12: Traces Found: 107
17:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:14: Removal process initiated
17:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:15: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:15: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
17:16: Quarantining All Traces: 180search assistant/zango
17:16: Quarantining All Traces: icannnews
17:17: icannnews is in use. It will be removed on reboot.
17:17: C:\WINDOWS\system32\mv02l9do1.dll is in use. It will be removed on reboot.
17:17: C:\WINDOWS\system32\iCsnap.dll is in use. It will be removed on reboot.
17:17: Quarantining All Traces: look2me
17:17: Quarantining All Traces: blazefind
17:17: Quarantining All Traces: internetoptimizer
17:17: Quarantining All Traces: cydoor
17:17: Quarantining All Traces: effective-i toolbar
17:17: Quarantining All Traces: searchbar toolbar
17:17: Quarantining All Traces: targetsaver
17:17: Quarantining All Traces: twain-tech
17:17: Quarantining All Traces: webrebates
17:17: Quarantining All Traces: adknowledge cookie
17:17: Quarantining All Traces: adserver cookie
17:17: Quarantining All Traces: adtech cookie
17:17: Quarantining All Traces: burstnet cookie
17:17: Quarantining All Traces: casalemedia cookie
17:17: Quarantining All Traces: clickbank cookie
17:17: Quarantining All Traces: fastclick cookie
17:17: Quarantining All Traces: go.com cookie
17:17: Quarantining All Traces: imlive.com cookie
17:17: Quarantining All Traces: kinghost cookie
17:17: Quarantining All Traces: maxserving cookie
17:17: Quarantining All Traces: pointroll cookie
17:17: Quarantining All Traces: questionmarket cookie
17:17: Quarantining All Traces: realmedia cookie
17:17: Quarantining All Traces: reliablestats cookie
17:17: Quarantining All Traces: rn11 cookie
17:17: Quarantining All Traces: serving-sys cookie
17:17: Quarantining All Traces: trafficmp cookie
17:17: Quarantining All Traces: tribalfusion cookie
17:17: Quarantining All Traces: xxxcounter cookie
17:17: Quarantining All Traces: yadro cookie
17:17: Quarantining All Traces: yieldmanager cookie
17:17: Warning: Launched explorer.exe
17:17: Warning: Quarantine process could not restart Explorer.
17:18: Preparing to restart your computer. Please wait...
17:18: Removal process completed. Elapsed time 00:03:51
********
16:21: | Start of Session, 11 November 2005 |
16:21: Spy Sweeper started
16:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:21: Your spyware definitions have been updated.
16:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
16:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
16:23: | End of Session, 11 November 2005 |

Also, here is the HiJack This! Log:

Logfile of HijackThis v1.99.1
Scan saved at 17:41:29, on 11/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\windows\System32\devldr32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\rundll32.exe
C:\windows\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?9a7161f43524bdf86348d5129e46378
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?9a7161f43524bdf86348d5129e46378
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Steve\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.1.1.74.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.cartoon-f...ayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.nullsoft....ayx_vp6_aac.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA952E89-4FA1-483D-AD22-ABA17298544E}: NameServer = 212.104.130.9 212.104.130.65
O18 - Protocol: msnim - 0 - (no file)
O20 - Winlogon Notify: WRNotifier - C:\windows\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Thanks for your time!
  • 0

#7
OwNt
Posted 11 November 2005 - 12:22 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, St3vi3.

Please open Hijackthis, scan, and put a checkmark by the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O18 - Protocol: msnim - 0 - (no file)

Close all open windows/browsers and click Fix Checked.

Also, do you live anywhere near Amsterdam, Netherlands? What is your internet service provider?

How is your computer running now? :tazz:
  • 0

#8
St3vi3
Posted 11 November 2005 - 12:33 PM

St3vi3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi OwNt!

The computer seems to be running fine now. I've fixed the selected entries.

I live in England, actually, and my ISP is Eclipse Internet. I've been asked why my TCP/IP (I think) goes through there by Trevuren before, but I can't remember what he said!

Also out of interest, I'm not sure whether you can help but since I've been running checks with Spybot/Adaware etc, my Windows XP regular theme (the blue, curved theme) seems to have dissapeared, and I'm only left with the classic one. Not that this is a problem at all, however, I'm just wondering what it could be.

I have a couple more questions if that's okay? I uninstalled Windows Media Player a while back, and have been unable to reinstall it. It gives me a couple of errors. Could this be due to malware?

Also, (I think I said earlier) when I've upgraded to Windows SP2, I get no sound at all. Could this also be due to lingering spyware?

And what can you suggest I do to prevent future attacks?

Thanks ever so much again for your help and time!
  • 0

#9
OwNt
Posted 11 November 2005 - 01:08 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Hello, St3vi3.

Please open Hijackthis, scan, and place a checkmark by the following entry:

O17 - HKLM\System\CCS\Services\Tcpip\..\{FA952E89-4FA1-483D-AD22-ABA17298544E}: NameServer = 212.104.130.9 212.104.130.65

Close all open windows/browsers amd click Fix Checked.

For the Luna theme problem...

Your Luna Theme is probably corrupt or missing.

1. Download Resources.zip from Kelly's Korner
  • If for some reason you can not download it directly from above, go HERE
  • Scroll down the page to #187.
  • On the right side you will see Restore Luna theme-Restore Classic theme.
  • Right-click on the Restore Luna theme link and select Save As and save it to your desktop.
  • Depending how your machine is set up, you will either see a Winzip file called Resources, or a WinXP Zip folder called Resources.
2. Whichever it is, unzip the resources.zip file and find the file named Luna.msstyles... the file size will be 4,089 kbytes.

3. Move this file to C:\Windows\Resources\Themes\Luna (don't move it anywhere else!)

4. You may already have the same Luna file listed in this folder, but you must replace it with the new one.

5. REBOOT your system

6. Go to Display Properties and you should be able to choose the XP theme again


For Media player, see if you can re-install a lower version of windoes media player first, like 9.0 then try upgrading to 10 again. Can you give me the exact error message when you try to re-install it now?


For Sp2, that sounds like a driver issue, it's possible there might be an updated driver for your onboard sound/sound card to better suit SP2. It doesn't sound malware related, though,


For help keeping your computer secure..

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Reenable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.

  • 0

#10
St3vi3
Posted 11 November 2005 - 05:25 PM

St3vi3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi OwNt,

I'm just in the process of downloading programs now.

I have disabled/enabled system restore, so hopefully that should be fine now. With regards to Windows Media Player, I tried to install it, and it failed again. The message I got was:

The software you are installing has not passed Windows Logo testing to verify its compatability with Windows XP.
The software will not be installed. Contact your system administrator.

I don't get that at all! Do you think you could shed any light?

Thanks again for your help and time.
  • 0

#11
OwNt
Posted 11 November 2005 - 10:51 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
I don't think I've quite seen that specific error in windows media player before.

Your best bet on the media player may to post the problem in the Windows XP forum. :tazz:

Also, did you get your XP theme back?
  • 0

#12
St3vi3
Posted 12 November 2005 - 05:18 AM

St3vi3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Yes I will definitely do that, then. I've got my theme back too!

As it's all sorted you can close this now. Thanks ever so much for your help. You guys do a fantastic job!

All the best! :tazz:
  • 0

#13
OwNt
Posted 12 November 2005 - 05:58 PM

OwNt

    Malware Expert

  • Retired Staff
  • 7,457 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP