Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vidmon.exe and maybe others..help please

Started by Austnin , Nov 19 2005 12:38 PM

  • Please log in to reply

#1
Austnin
Posted 19 November 2005 - 12:38 PM

Austnin

    New Member

  • Member
  • Pip
  • 6 posts
Hello, I'm having problems removing some spyware from my PC. I've tried using adaware se and spybot search and destroy, with no luck. I read in another post to D/L hijack this and paste the log here, so here it goes.

Logfile of HijackThis v1.99.1
Scan saved at 1:56:51 PM, on 11/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Norton Wizzard] nwiz.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Norton Wizzard] nwiz.exe
O4 - HKCU\..\Run: [iouz] C:\PROGRA~1\COMMON~1\iouz\iouzm.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-so...DeskSetup_A.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload192a.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134154100296
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.d.../dpcsysinfo.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINNT\system32\hrr0059me.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINNT\System32\Fhkddffl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Authorization Verification (AuthVer) - Unknown owner - C:\WINNT\System32\winfrwl32.exe" -service (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Secure transactions provider - Unknown owner - C:\WINNT\system32\cvmss.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: _ntfrmwrk (TskHlpr) - Unknown owner - C:\WINNT\System32\syscfg.exe" -service (file missing)
O23 - Service: Tsk Mngr Hlp (TskMngHlp) - Unknown owner - C:\WINNT\System32\wins32.exe" -service (file missing)


And now the log from EWIDO.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:02:23 PM, 11/20/2005
+ Report-Checksum: 9DBB3174

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\DeskAdX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95}\TypeLib\\ -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown.1\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeStartup\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeStartup.1\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.SettingsPlugin\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.SettingsPlugin.1\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\relatedlinks -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\relatedlinks\\CLSID -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\FocusInteractive\Outlook\\MyWebSearch.OutlookAddin -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/DeskAdX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/DeskAdX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\2nd -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\2nd\Client -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
[160] C:\windows\adtech2005.exe -> Trojan.VB.afn : Cleaned with backup
[184] C:\WINNT\System32\vidmon\vidmon.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
[428] C:\PROGRA~1\COMMON~1\iouz\iouzm.exe -> TrojanDownloader.TSUpdate.n : Cleaned with backup
[1504] C:\PROGRA~1\COMMON~1\iouz\iouza.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
[3220] C:\WINNT\system32\guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5IJWLYN\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5IJWLYN\mte3ndi6odoxng[1].exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJNIS5US\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJNIS5US\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\mte3ndi6odoxng.exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Program Files\Common Files\iouz\iouza.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\iouz\iouzm.exe -> TrojanDownloader.TSUpdate.n : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip/owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip/[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip/owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip/[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/owner@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/owner@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/owner@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet11.zip/newdotnet5_48.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet14.zip/newdotnet5_48.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet18.zip/newdotnet5_48.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet39.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet43.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet44.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet45.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet48.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexList.zip/owner@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker.zip/owner@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker1.zip/[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker2.zip/[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker3.zip/[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker4.zip/[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\windows\adtech2005.exe -> Trojan.VB.afn : Cleaned with backup
C:\windows\timessquare.exe -> Spyware.Hijacker.StartPage.aw : Cleaned with backup
C:\WINNT\Downloaded Program Files\drsmartload192a.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINNT\system32\g2220cfoef2c0.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\jtpo0773e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\magina.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\n24s0ch7ef4.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\navshext1.dll -> Spyware.Chiem : Cleaned with backup
C:\WINNT\system32\nfomon\nfo.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINNT\system32\o2ro0c93ef.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pxlmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\vidmon\vidmon.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__guard.tmp -> Spyware.Look2Me : Cleaned with backup


::Report End





Thanks for your help in advance

Edited by Austnin, 20 November 2005 - 01:01 PM.

  • 0

Advertisements

#2
didom
Posted 26 November 2005 - 06:38 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

Edited by didom, 26 November 2005 - 06:40 AM.

  • 0

#3
Austnin
Posted 26 November 2005 - 11:19 AM

Austnin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here it is, thanks for the link. Lets see if this does the trick. :tazz:


********
11:29 AM: | Start of Session, Saturday, November 26, 2005 |
11:29 AM: Spy Sweeper started
11:29 AM: Sweep initiated using definitions version 574
11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:29 AM: Starting Memory Sweep
11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:29 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:29 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:29 AM: Found Adware: icannnews
11:29 AM: Detected running threat: C:\WINNT\system32\o0660ajsedo60.dll (ID = 83)
11:30 AM: Detected running threat: C:\WINNT\system32\kfdlv.dll (ID = 83)
11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:30 AM: Memory Sweep Complete, Elapsed Time: 00:01:37
11:30 AM: Starting Registry Sweep
11:30 AM: Found Trojan Horse: berbew trojan
11:30 AM: HKCR\clsid\{79feacff-ffce-815e-a900-316290b5b738}\ (3 subtraces) (ID = 104289)
11:30 AM: Found Adware: coolwebsearch (cws)
11:30 AM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || web event logger (ID = 104295)
11:30 AM: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || web event logger (ID = 104295)
11:30 AM: Found Adware: commander toolbar
11:30 AM: HKLM\software\microsoft\code store database\distribution units\{0fffffff-0fff-0fff-0fff-0fffffffffff}\ (8 subtraces) (ID = 106772)
11:30 AM: Found Adware: deskad
11:30 AM: HKCR\deskadx.installer\ (2 subtraces) (ID = 124925)
11:30 AM: HKLM\software\deskad service\ (8 subtraces) (ID = 124927)
11:30 AM: HKLM\software\classes\deskadx.installer\ (2 subtraces) (ID = 124928)
11:30 AM: Found Adware: internet washer
11:30 AM: HKLM\software\internet washer\ (5 subtraces) (ID = 128874)
11:30 AM: Found Trojan Horse: jeem
11:30 AM: HKLM\software\microsoft\windows\currentversion\welcome\ || cv093 (ID = 129327)
11:30 AM: HKLM\software\microsoft\windows\currentversion\welcome\ || idc3 (ID = 129328)
11:30 AM: Found Adware: targetsaver
11:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
11:30 AM: Found Adware: ist yoursitebar
11:30 AM: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (8 subtraces) (ID = 147850)
11:30 AM: Found Adware: winad
11:30 AM: HKCR\mediagatewayx.installer\ (3 subtraces) (ID = 372857)
11:30 AM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
11:30 AM: HKLM\software\classes\mediagatewayx.installer\ (3 subtraces) (ID = 398902)
11:30 AM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
11:30 AM: Found Adware: whenu save
11:30 AM: HKCR\acm.acmfactory\ (5 subtraces) (ID = 773927)
11:30 AM: HKCR\acm.acmfactory.1\ (3 subtraces) (ID = 773933)
11:30 AM: HKCR\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773937)
11:30 AM: HKCR\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (7 subtraces) (ID = 773950)
11:30 AM: HKCR\appid\acm.dll\ (1 subtraces) (ID = 773960)
11:30 AM: HKCR\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773962)
11:30 AM: HKLM\software\classes\acm.acmfactory\ (5 subtraces) (ID = 773964)
11:30 AM: HKLM\software\classes\acm.acmfactory.1\ (3 subtraces) (ID = 773970)
11:30 AM: HKLM\software\classes\appid\acm.dll\ (1 subtraces) (ID = 773974)
11:30 AM: HKLM\software\classes\appid\{127df9b4-d75d-44a6-af78-8c3a8ceb03db}\ (1 subtraces) (ID = 773976)
11:30 AM: HKLM\software\classes\clsid\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad}\ (12 subtraces) (ID = 773979)
11:30 AM: HKLM\software\classes\typelib\{df901432-1b9f-4f5b-9e56-301c553f9095}\ (7 subtraces) (ID = 773992)
11:30 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 775720)
11:30 AM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815132)
11:30 AM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (6 subtraces) (ID = 815145)
11:30 AM: Found Adware: 180search assistant/zango
11:30 AM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
11:30 AM: Found Adware: systemprocess
11:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
11:30 AM: Found Adware: delfin
11:30 AM: HKLM\software\vidmon\ (3 subtraces) (ID = 890155)
11:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\webdp\ (2 subtraces) (ID = 890173)
11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:30 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:30 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:30 AM: Found Adware: dollarrevenue
11:30 AM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
11:30 AM: Found Adware: command
11:30 AM: HKLM\system\currentcontrolset\services\cmdservice\ (5 subtraces) (ID = 958670)
11:30 AM: Found Adware: findthewebsiteyouneed hijacker
11:30 AM: HKU\S-1-5-21-71594873-3563514748-4210259494-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
11:30 AM: HKU\S-1-5-21-71594873-3563514748-4210259494-1003\software\system process\ (1 subtraces) (ID = 860389)
11:30 AM: HKU\S-1-5-21-71594873-3563514748-4210259494-1003\software\system process\ || lastptime (ID = 860390)
11:30 AM: HKU\S-1-5-21-71594873-3563514748-4210259494-1003\software\vidmon\ (1 subtraces) (ID = 890125)
11:31 AM: Found Adware: sidesearch
11:31 AM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
11:31 AM: HKU\S-1-5-18\software\system process\ (1 subtraces) (ID = 860389)
11:31 AM: HKU\S-1-5-18\software\system process\ || lastptime (ID = 860390)
11:31 AM: Registry Sweep Complete, Elapsed Time:00:00:16
11:31 AM: Starting Cookie Sweep
11:31 AM: Found Spy Cookie: 2o7.net cookie
11:31 AM: owner@2o7[2].txt (ID = 1957)
11:31 AM: Found Spy Cookie: 888 cookie
11:31 AM: owner@888[2].txt (ID = 2019)
11:31 AM: Found Spy Cookie: websponsors cookie
11:31 AM: [email protected][1].txt (ID = 3665)
11:31 AM: Found Spy Cookie: abcsearch cookie
11:31 AM: owner@abcsearch[1].txt (ID = 2033)
11:31 AM: Found Spy Cookie: reunion cookie
11:31 AM: [email protected][1].txt (ID = 3256)
11:31 AM: Found Spy Cookie: yieldmanager cookie
11:31 AM: [email protected][1].txt (ID = 3751)
11:31 AM: [email protected][3].txt (ID = 3751)
11:31 AM: Found Spy Cookie: adecn cookie
11:31 AM: owner@adecn[1].txt (ID = 2063)
11:31 AM: Found Spy Cookie: adknowledge cookie
11:31 AM: owner@adknowledge[2].txt (ID = 2072)
11:31 AM: Found Spy Cookie: hbmediapro cookie
11:31 AM: [email protected][2].txt (ID = 2768)
11:31 AM: Found Spy Cookie: hotbar cookie
11:31 AM: [email protected][2].txt (ID = 4207)
11:31 AM: Found Spy Cookie: specificclick.com cookie
11:31 AM: [email protected][2].txt (ID = 3400)
11:31 AM: Found Spy Cookie: adrevolver cookie
11:31 AM: owner@adrevolver[2].txt (ID = 2088)
11:31 AM: owner@adrevolver[3].txt (ID = 2088)
11:31 AM: Found Spy Cookie: addynamix cookie
11:31 AM: [email protected][1].txt (ID = 2062)
11:31 AM: Found Spy Cookie: cc214142 cookie
11:31 AM: [email protected][1].txt (ID = 2367)
11:31 AM: Found Spy Cookie: pointroll cookie
11:31 AM: [email protected][1].txt (ID = 3148)
11:31 AM: Found Spy Cookie: advertising cookie
11:31 AM: owner@advertising[1].txt (ID = 2175)
11:31 AM: Found Spy Cookie: apmebf cookie
11:31 AM: owner@apmebf[1].txt (ID = 2229)
11:31 AM: Found Spy Cookie: atwola cookie
11:31 AM: [email protected][1].txt (ID = 2256)
11:31 AM: Found Spy Cookie: falkag cookie
11:31 AM: [email protected][1].txt (ID = 2650)
11:31 AM: [email protected][2].txt (ID = 2650)
11:31 AM: Found Spy Cookie: ask cookie
11:31 AM: owner@ask[1].txt (ID = 2245)
11:31 AM: Found Spy Cookie: atlas dmt cookie
11:31 AM: owner@atdmt[1].txt (ID = 2253)
11:31 AM: Found Spy Cookie: belnk cookie
11:31 AM: [email protected][2].txt (ID = 2293)
11:31 AM: owner@atwola[1].txt (ID = 2255)
11:31 AM: Found Spy Cookie: azjmp cookie
11:31 AM: owner@azjmp[1].txt (ID = 2270)
11:31 AM: Found Spy Cookie: banner cookie
11:31 AM: owner@banner[2].txt (ID = 2276)
11:31 AM: owner@belnk[2].txt (ID = 2292)
11:31 AM: Found Spy Cookie: bluestreak cookie
11:31 AM: owner@bluestreak[2].txt (ID = 2314)
11:31 AM: Found Spy Cookie: burstnet cookie
11:31 AM: owner@burstnet[2].txt (ID = 2336)
11:31 AM: Found Spy Cookie: enhance cookie
11:31 AM: [email protected][1].txt (ID = 2614)
11:31 AM: Found Spy Cookie: zedo cookie
11:31 AM: [email protected][1].txt (ID = 3763)
11:31 AM: Found Spy Cookie: casalemedia cookie
11:31 AM: owner@casalemedia[1].txt (ID = 2354)
11:31 AM: Found Spy Cookie: centrport net cookie
11:31 AM: owner@centrport[2].txt (ID = 2374)
11:31 AM: Found Spy Cookie: coremetrics cookie
11:31 AM: [email protected][1].txt (ID = 2472)
11:31 AM: Found Spy Cookie: did-it cookie
11:31 AM: owner@did-it[1].txt (ID = 2523)
11:31 AM: [email protected][1].txt (ID = 2293)
11:31 AM: Found Spy Cookie: ru4 cookie
11:31 AM: [email protected][1].txt (ID = 3269)
11:31 AM: [email protected][1].txt (ID = 1958)
11:31 AM: Found Spy Cookie: exitexchange cookie
11:31 AM: owner@exitexchange[2].txt (ID = 2633)
11:31 AM: Found Spy Cookie: fastclick cookie
11:31 AM: owner@fastclick[2].txt (ID = 2651)
11:31 AM: Found Spy Cookie: findwhat cookie
11:31 AM: owner@findwhat[1].txt (ID = 2674)
11:31 AM: Found Spy Cookie: fortunecity cookie
11:31 AM: owner@fortunecity[1].txt (ID = 2686)
11:31 AM: Found Spy Cookie: starware.com cookie
11:31 AM: [email protected][2].txt (ID = 3442)
11:31 AM: Found Spy Cookie: clickandtrack cookie
11:31 AM: [email protected][1].txt (ID = 2397)
11:31 AM: Found Spy Cookie: hypertracker.com cookie
11:31 AM: owner@hypertracker[2].txt (ID = 2817)
11:31 AM: Found Spy Cookie: domainsponsor cookie
11:31 AM: [email protected][1].txt (ID = 2535)
11:31 AM: Found Spy Cookie: linksynergy cookie
11:31 AM: owner@linksynergy[2].txt (ID = 2926)
11:31 AM: Found Spy Cookie: maxserving cookie
11:31 AM: owner@maxserving[2].txt (ID = 2966)
11:31 AM: Found Spy Cookie: top-banners cookie
11:31 AM: [email protected][1].txt (ID = 3548)
11:31 AM: [email protected][1].txt (ID = 1958)
11:31 AM: [email protected][1].txt (ID = 1958)
11:31 AM: Found Spy Cookie: partypoker cookie
11:31 AM: owner@partypoker[1].txt (ID = 3111)
11:31 AM: Found Spy Cookie: paypopup cookie
11:31 AM: owner@paypopup[2].txt (ID = 3119)
11:31 AM: Found Spy Cookie: overture cookie
11:31 AM: [email protected][1].txt (ID = 3106)
11:31 AM: Found Spy Cookie: qksrv cookie
11:31 AM: owner@qksrv[1].txt (ID = 3213)
11:31 AM: Found Spy Cookie: questionmarket cookie
11:31 AM: owner@questionmarket[1].txt (ID = 3217)
11:31 AM: Found Spy Cookie: realmedia cookie
11:31 AM: owner@realmedia[1].txt (ID = 3235)
11:31 AM: owner@reunion[2].txt (ID = 3255)
11:31 AM: Found Spy Cookie: revenue.net cookie
11:31 AM: owner@revenue[2].txt (ID = 3257)
11:31 AM: Found Spy Cookie: rn11 cookie
11:31 AM: owner@rn11[2].txt (ID = 3261)
11:31 AM: Found Spy Cookie: adjuggler cookie
11:31 AM: [email protected][1].txt (ID = 2071)
11:31 AM: Found Spy Cookie: serving-sys cookie
11:31 AM: owner@serving-sys[2].txt (ID = 3343)
11:31 AM: Found Spy Cookie: dealtime cookie
11:31 AM: [email protected][2].txt (ID = 2506)
11:31 AM: Found Spy Cookie: reliablestats cookie
11:31 AM: [email protected][1].txt (ID = 3254)
11:31 AM: Found Spy Cookie: clicktracks cookie
11:31 AM: [email protected][2].txt (ID = 2407)
11:31 AM: Found Spy Cookie: webtrendslive cookie
11:31 AM: [email protected][1].txt (ID = 3667)
11:31 AM: Found Spy Cookie: targetnet cookie
11:31 AM: owner@targetnet[2].txt (ID = 3489)
11:31 AM: Found Spy Cookie: tradedoubler cookie
11:31 AM: owner@tradedoubler[2].txt (ID = 3575)
11:31 AM: Found Spy Cookie: trafficmp cookie
11:31 AM: owner@trafficmp[2].txt (ID = 3581)
11:31 AM: Found Spy Cookie: tribalfusion cookie
11:31 AM: owner@tribalfusion[2].txt (ID = 3589)
11:31 AM: Found Spy Cookie: valuead cookie
11:31 AM: owner@valuead[1].txt (ID = 3626)
11:31 AM: Found Spy Cookie: videodome cookie
11:31 AM: owner@videodome[1].txt (ID = 3638)
11:31 AM: [email protected][1].txt (ID = 2020)
11:31 AM: Found Spy Cookie: redzip cookie
11:31 AM: [email protected][2].txt (ID = 3250)
11:31 AM: [email protected][1].txt (ID = 3256)
11:31 AM: [email protected][1].txt (ID = 3442)
11:31 AM: Found Spy Cookie: upspiral cookie
11:31 AM: [email protected][2].txt (ID = 3615)
11:31 AM: owner@yieldmanager[1].txt (ID = 3749)
11:31 AM: Found Spy Cookie: adserver cookie
11:31 AM: [email protected][1].txt (ID = 2142)
11:31 AM: owner@zedo[1].txt (ID = 3762)
11:31 AM: Cookie Sweep Complete, Elapsed Time: 00:00:03
11:31 AM: Starting File Sweep
11:31 AM: c:\program files\deskad service (ID = -2147481112)
11:31 AM: c:\documents and settings\all users\application data\vidmon (1 subtraces) (ID = -2147468685)
11:31 AM: c:\winnt\system32\vidmon (ID = -2147468683)
11:31 AM: c:\documents and settings\all users\application data\nfo (15 subtraces) (ID = -2147468687)
11:31 AM: c:\winnt\system32\nfomon (1 subtraces) (ID = -2147468684)
11:31 AM: Found Adware: websearch toolbar
11:31 AM: c:\program files\common files\btlink (3 subtraces) (ID = -2147480047)
11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:31 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:31 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:31 AM: mon2007.dbd (ID = 57693)
11:32 AM: Found Adware: searchtoolbar
11:32 AM: hvzixs.wzg (ID = 75189)
11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:32 AM: removewebdp.exe (ID = 166172)
11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:32 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:32 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:33 AM: mon1215.dbd (ID = 57687)
11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:33 AM: Found Adware: cydoor peer-to-peer dependency
11:33 AM: cd_clint.dll (ID = 57300)
11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:33 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:33 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:34 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:35 AM: Found Adware: ie access
11:35 AM: iedisco.exe (ID = 62620)
11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:35 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:35 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:36 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:36 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:37 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:37 AM: btiein.dll (ID = 84616)
11:38 AM: Found Adware: look2me
11:38 AM: l8n4li5q18.dll (ID = 159)
11:38 AM: mv8ul9l91.dll (ID = 159)
11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:38 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:39 AM: m8ls0i37e8.dll (ID = 159)
11:39 AM: d6j00g1me6.dll (ID = 159)
11:39 AM: Found Adware: apropos
11:39 AM: wingenerics.dll (ID = 50187)
11:39 AM: o0660ajsedo60.dll (ID = 159)
11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:39 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:39 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:40 AM: ir02l5do1.dll (ID = 159)
11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:40 AM: mvnml9511.dll (ID = 159)
11:40 AM: salm_kyf_update.dat (ID = 93790)
11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:40 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:40 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:41 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:41 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:41 AM: hr4m05h1e.dll (ID = 159)
11:41 AM: k6pm0g71e6.dll (ID = 159)
11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:42 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:43 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:44 AM: ustart.exe (ID = 161346)
11:44 AM: lv2o09f3e.dll (ID = 159)
11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:44 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:44 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:45 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:45 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:45 AM: Found Adware: shopathomeselect
11:45 AM: sahagent-imesh.exe (ID = 75873)
11:45 AM: salmau.dat (ID = 93788)
11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:46 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:47 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:47 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:47 AM: mon1920.dbd (ID = 57692)
11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:48 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:49 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:49 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:50 AM: f62m0gf1e62.dll (ID = 159)
11:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:50 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:51 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:52 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:52 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:53 AM: tsuninst.exe (ID = 193501)
11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:53 AM: d8j00i1me8.dll (ID = 159)
11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:53 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:53 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:53 AM: kfdlv.dll (ID = 159)
11:54 AM: iouzc.dll (ID = 195129)
11:54 AM: vocabulary (ID = 78283)
11:54 AM: class-barrel (ID = 78229)
11:54 AM: iouzl.exe (ID = 195130)
11:54 AM: iouzp.exe (ID = 195132)
11:54 AM: tsinstall_4_0_4_0_b4.exe (ID = 193496)
11:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:54 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:54 AM: g6jo0g13e6.dll (ID = 159)
11:54 AM: c400ledm1h0a.dll (ID = 159)
11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:55 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:56 AM: Found Adware: commonname
11:56 AM: winnet.ini (ID = 53846)
11:56 AM: salm_gdf.dat (ID = 93789)
11:56 AM: mon0315.ddx (ID = 57680)
11:56 AM: mon1204.ddx (ID = 57680)
11:56 AM: Found Adware: directrevenue-abetterinternet
11:56 AM: polall1r.inf (ID = 83425)
11:56 AM: mon0204.ddx (ID = 57680)
11:56 AM: mon0504.ddx (ID = 57680)
11:56 AM: mon0904.ddx (ID = 57684)
11:56 AM: mon0412.ddx (ID = 57680)
11:56 AM: mon0106.ddx (ID = 57679)
11:56 AM: mon1125.ddx (ID = 57685)
11:56 AM: mon1909.ddx (ID = 57684)
11:56 AM: alchem.inf (ID = 83109)
11:56 AM: Found Adware: twain-tech
11:56 AM: polmx.inf (ID = 81856)
11:56 AM: ke.vbs (ID = 185675)
11:56 AM: Found System Monitor: potentially rootkit-masked files
11:56 AM: rnalu(3).exe (ID = 0)
11:56 AM: sirtrans.exe (ID = 0)
11:56 AM: ace.dll (ID = 0)
11:56 AM: data.bin (ID = 0)
11:56 AM: pcimclib.sys (ID = 0)
11:56 AM: pstgrcoi.exe (ID = 0)
11:56 AM: ai_26-11-2005.log (ID = 0)
11:57 AM: Found Trojan Horse: all-in-one telcom
11:57 AM: allinonetelcom3.zip (ID = 49699)
11:57 AM: egroup3.zip (ID = 62617)
11:57 AM: Found Adware: gain-supported software
11:57 AM: gator1.zip (ID = 61450)
11:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:57 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:57 AM: Warning: Unhandled Archive Type
11:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:58 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:58 AM: Warning: Unhandled Archive Type
11:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:59 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:08 PM: File Sweep Complete, Elapsed Time: 00:37:47
12:08 PM: Full Sweep has completed. Elapsed time 00:39:53
12:08 PM: Traces Found: 358
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:10 PM: Removal process initiated
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
12:11 PM: Quarantining All Traces: 180search assistant/zango
12:11 PM: Quarantining All Traces: berbew trojan
12:11 PM: Quarantining All Traces: directrevenue-abetterinternet
12:11 PM: Quarantining All Traces: icannnews
12:11 PM: icannnews is in use. It will be removed on reboot.
12:11 PM: C:\WINNT\system32\o0660ajsedo60.dll is in use. It will be removed on reboot.
12:11 PM: C:\WINNT\system32\kfdlv.dll is in use. It will be removed on reboot.
12:11 PM: Quarantining All Traces: look2me
12:11 PM: look2me is in use. It will be removed on reboot.
12:11 PM: o0660ajsedo60.dll is in use. It will be removed on reboot.
12:11 PM: lv2o09f3e.dll is in use. It will be removed on reboot.
12:11 PM: kfdlv.dll is in use. It will be removed on reboot.
12:11 PM: Quarantining All Traces: potentially rootkit-masked files
12:11 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
12:11 PM: rnalu(3).exe is in use. It will be removed on reboot.
12:11 PM: sirtrans.exe is in use. It will be removed on reboot.
12:11 PM: ace.dll is in use. It will be removed on reboot.
12:11 PM: data.bin is in use. It will be removed on reboot.
12:11 PM: pcimclib.sys is in use. It will be removed on reboot.
12:11 PM: pstgrcoi.exe is in use. It will be removed on reboot.
12:11 PM: ai_26-11-2005.log is in use. It will be removed on reboot.
12:11 PM: Quarantining All Traces: websearch toolbar
12:11 PM: Quarantining All Traces: all-in-one telcom
12:11 PM: Quarantining All Traces: apropos
12:11 PM: apropos is in use. It will be removed on reboot.
12:11 PM: wingenerics.dll is in use. It will be removed on reboot.
12:11 PM: Quarantining All Traces: commonname
12:11 PM: Quarantining All Traces: coolwebsearch (cws)
12:11 PM: Quarantining All Traces: gain-supported software
12:11 PM: Quarantining All Traces: jeem
12:11 PM: Quarantining All Traces: sidesearch
12:11 PM: Quarantining All Traces: commander toolbar
12:11 PM: Quarantining All Traces: command
12:12 PM: Quarantining All Traces: cydoor peer-to-peer dependency
12:12 PM: Quarantining All Traces: delfin
12:12 PM: Quarantining All Traces: deskad
12:12 PM: Quarantining All Traces: dollarrevenue
12:12 PM: Quarantining All Traces: findthewebsiteyouneed hijacker
12:12 PM: Quarantining All Traces: ie access
12:12 PM: Quarantining All Traces: internet washer
12:12 PM: Quarantining All Traces: ist yoursitebar
12:12 PM: Quarantining All Traces: searchtoolbar
12:12 PM: Quarantining All Traces: shopathomeselect
12:12 PM: Quarantining All Traces: systemprocess
12:12 PM: Quarantining All Traces: targetsaver
12:12 PM: Quarantining All Traces: twain-tech
12:12 PM: Quarantining All Traces: whenu save
12:12 PM: Quarantining All Traces: winad
12:12 PM: Quarantining All Traces: 2o7.net cookie
12:12 PM: Quarantining All Traces: 888 cookie
12:12 PM: Quarantining All Traces: abcsearch cookie
12:12 PM: Quarantining All Traces: addynamix cookie
12:12 PM: Quarantining All Traces: adecn cookie
12:12 PM: Quarantining All Traces: adjuggler cookie
12:12 PM: Quarantining All Traces: adknowledge cookie
12:12 PM: Quarantining All Traces: adrevolver cookie
12:12 PM: Quarantining All Traces: adserver cookie
12:12 PM: Quarantining All Traces: advertising cookie
12:12 PM: Quarantining All Traces: apmebf cookie
12:12 PM: Quarantining All Traces: ask cookie
12:12 PM: Quarantining All Traces: atlas dmt cookie
12:12 PM: Quarantining All Traces: atwola cookie
12:12 PM: Quarantining All Traces: azjmp cookie
12:12 PM: Quarantining All Traces: banner cookie
12:12 PM: Quarantining All Traces: belnk cookie
12:12 PM: Quarantining All Traces: bluestreak cookie
12:12 PM: Quarantining All Traces: burstnet cookie
12:12 PM: Quarantining All Traces: casalemedia cookie
12:12 PM: Quarantining All Traces: cc214142 cookie
12:12 PM: Quarantining All Traces: centrport net cookie
12:12 PM: Quarantining All Traces: clickandtrack cookie
12:12 PM: Quarantining All Traces: clicktracks cookie
12:12 PM: Quarantining All Traces: coremetrics cookie
12:12 PM: Quarantining All Traces: dealtime cookie
12:12 PM: Quarantining All Traces: did-it cookie
12:12 PM: Quarantining All Traces: domainsponsor cookie
12:12 PM: Quarantining All Traces: enhance cookie
12:12 PM: Quarantining All Traces: exitexchange cookie
12:12 PM: Quarantining All Traces: falkag cookie
12:12 PM: Quarantining All Traces: fastclick cookie
12:12 PM: Quarantining All Traces: findwhat cookie
12:12 PM: Quarantining All Traces: fortunecity cookie
12:12 PM: Quarantining All Traces: hbmediapro cookie
12:12 PM: Quarantining All Traces: hotbar cookie
12:12 PM: Quarantining All Traces: hypertracker.com cookie
12:12 PM: Quarantining All Traces: linksynergy cookie
12:12 PM: Quarantining All Traces: maxserving cookie
12:12 PM: Quarantining All Traces: overture cookie
12:12 PM: Quarantining All Traces: partypoker cookie
12:12 PM: Quarantining All Traces: paypopup cookie
12:12 PM: Quarantining All Traces: pointroll cookie
12:12 PM: Quarantining All Traces: qksrv cookie
12:12 PM: Quarantining All Traces: questionmarket cookie
12:12 PM: Quarantining All Traces: realmedia cookie
12:12 PM: Quarantining All Traces: redzip cookie
12:12 PM: Quarantining All Traces: reliablestats cookie
12:12 PM: Quarantining All Traces: reunion cookie
12:12 PM: Quarantining All Traces: revenue.net cookie
12:12 PM: Quarantining All Traces: rn11 cookie
12:12 PM: Quarantining All Traces: ru4 cookie
12:12 PM: Quarantining All Traces: serving-sys cookie
12:12 PM: Quarantining All Traces: specificclick.com cookie
12:12 PM: Quarantining All Traces: starware.com cookie
12:12 PM: Quarantining All Traces: targetnet cookie
12:12 PM: Quarantining All Traces: top-banners cookie
12:12 PM: Quarantining All Traces: tradedoubler cookie
12:12 PM: Quarantining All Traces: trafficmp cookie
12:12 PM: Quarantining All Traces: tribalfusion cookie
12:12 PM: Quarantining All Traces: upspiral cookie
12:12 PM: Quarantining All Traces: valuead cookie
12:12 PM: Quarantining All Traces: videodome cookie
12:12 PM: Quarantining All Traces: websponsors cookie
12:12 PM: Quarantining All Traces: webtrendslive cookie
12:12 PM: Quarantining All Traces: yieldmanager cookie
12:12 PM: Quarantining All Traces: zedo cookie
12:13 PM: Preparing to restart your computer. Please wait...
12:13 PM: Removal process completed. Elapsed time 00:02:07
********
11:25 AM: | Start of Session, Saturday, November 26, 2005 |
11:25 AM: Spy Sweeper started
11:26 AM: Messenger service has been disabled.
11:26 AM: Your spyware definitions have been updated.
11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:26 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:26 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:28 AM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:28 AM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
11:29 AM: | End of Session, Saturday, November 26, 2005 |
  • 0

#4
didom
Posted 26 November 2005 - 11:26 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the Panda ActiveScan log. Start HijackThis and perform a new scan.


Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  • 0

#5
Austnin
Posted 27 November 2005 - 11:10 PM

Austnin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I went to the panda site and begun to scan my pc. I currently have Avast! antivirus and it gave me a virus warning right in the middle of the panda scan. I cancelled the scan and copied the contents of the warning.

avast! Warning

A Virus Was Found!
There is no reason to worry though. avast! has stopped the malware before it could enter your computer. When you click on the about connection button, the download of the dangerous file will be cancelled.

File name: http://acs.pandasoftware.com/activescan/as...r.cab\pska
Malware name: Win32:CTX
Malware type: Virus/Worm
VPS version: 0547-5, 11/26/2005
  • 0

#6
didom
Posted 28 November 2005 - 11:38 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I know! That is a false positive from AVG.

Please disable AVG for a moment and do the Panda ActiveScan again!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP