Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups And "flash-popups", Already Ran Most Programs


  • Please log in to reply
7 replies to this topic

#1 Shaner13

Shaner13

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 23 November 2005 - 02:47 PM

I was surfing the web yesterday and when i went to this one site my anti-virus started blocking all kinds of trojans. I guess some got through tho, because since then my PC has been running super slow and I've been getting popups. Half the popups are in either stand alone IE browsers or as a tab in Maxthon, the other half are animated advertisments that don't arent in a window of any sort. I've run Ad-aware, Spybot, my antivirus program, and TrendMicro's online virus scanner. They all found a couple of things, but now turn up my system as clean.

Here is my HiJackThis log:


Logfile of HijackThis v1.99.1
Scan saved at 2:44:22 pm, on 23/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
E:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
E:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\Shane\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "E:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [Microsoft Windows] windows.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to JetAudio.exe.lnk = E:\Program Files\JetAudio\JetAudio.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC8DE3E6-4B57-4C4B-8201-99A7AA177259}: NameServer = 85.255.114.106,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDEDDC3-8275-4EEF-9ED0-B07245C14884}: NameServer = 85.255.114.106,85.255.112.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\i0lo0a33ed.dll
O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - C:\WINDOWS\System32\naknkabh.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:50 AM

Posted 23 November 2005 - 03:34 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 Shaner13

Shaner13
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 23 November 2005 - 08:04 PM

Here is the contents of the Spy Sweeper log:

********
4:51 pm: | Start of Session, November 23, 2005 |
4:51 pm: Spy Sweeper started
4:51 pm: Sweep initiated using definitions version 575
4:51 pm: Starting Memory Sweep
4:51 pm: Found Adware: icannnews
4:51 pm: Detected running threat: C:\WINDOWS\system32\i0lo0a33ed.dll (ID = 83)
4:51 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:51 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:52 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:52 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:52 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:52 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:53 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:54 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:54 pm: Memory Sweep Complete, Elapsed Time: 00:03:29
4:54 pm: Starting Registry Sweep
4:54 pm: Found Adware: purityscan
4:54 pm: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaticketsinstaller.ocx\ (ID = 137986)
4:54 pm: Found Adware: websearch toolbar
4:54 pm: HKCR\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (12 subtraces) (ID = 146339)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (12 subtraces) (ID = 146402)
4:54 pm: HKLM\software\classes\tbps.plugincfgobj\ (3 subtraces) (ID = 146432)
4:54 pm: HKCR\tbps.plugincfgobj\ (3 subtraces) (ID = 146522)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\ (12 subtraces) (ID = 155047)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\ (5 subtraces) (ID = 155058)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155060)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}\ (1 subtraces) (ID = 155062)
4:54 pm: HKLM\software\classes\tbps.plugincfgobj\ (3 subtraces) (ID = 393070)
4:54 pm: HKLM\software\classes\tbps.plugincfgobj\clsid\ (1 subtraces) (ID = 393072)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\progid\ (1 subtraces) (ID = 393217)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\typelib\ (ID = 393219)
4:54 pm: HKLM\software\classes\clsid\{af8b3c81-cd19-45fb-b6be-160d27711de8}\version\ (1 subtraces) (ID = 393221)
4:54 pm: Found Trojan Horse: trojan-downloader-ruin
4:54 pm: HKLM\software\microsoft\windows\currentversion\urls\ (9 subtraces) (ID = 605127)
4:54 pm: HKLM\software\microsoft\windows\currentversion\ruins\ (56 subtraces) (ID = 605128)
4:54 pm: Found Adware: delfin
4:54 pm: HKLM\software\vidmon\ (3 subtraces) (ID = 890155)
4:54 pm: Found Adware: dollarrevenue
4:54 pm: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
4:54 pm: Found Trojan Horse: spamrelayer_alpiok
4:54 pm: HKCR\clsid\{6368d1fc-6f5c-4f1b-b164-e67214f678e9}\ (3 subtraces) (ID = 945518)
4:54 pm: HKLM\software\classes\clsid\{6368d1fc-6f5c-4f1b-b164-e67214f678e9}\ (3 subtraces) (ID = 945546)
4:54 pm: HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload\ || systray.exbr (ID = 945548)
4:54 pm: HKU\S-1-5-21-1659004503-1645522239-725345543-1003\software\vidmon\ (1 subtraces) (ID = 890125)
4:54 pm: Registry Sweep Complete, Elapsed Time:00:00:07
4:54 pm: Starting Cookie Sweep
4:54 pm: Found Spy Cookie: bizrate cookie
4:54 pm: ray@bizrate[1].txt (ID = 2308)
4:54 pm: Found Spy Cookie: barelylegal cookie
4:54 pm: ray@c.fsx[1].txt (ID = 2286)
4:54 pm: Found Spy Cookie: outster cookie
4:54 pm: ray@outster[2].txt (ID = 3103)
4:54 pm: Found Spy Cookie: alt cookie
4:54 pm: ray@alt[1].txt (ID = 2217)
4:54 pm: Found Spy Cookie: atwola cookie
4:54 pm: ray@atwola[1].txt (ID = 2255)
4:54 pm: Found Spy Cookie: belnk cookie
4:54 pm: ray@belnk[1].txt (ID = 2292)
4:54 pm: ray@ath.belnk[2].txt (ID = 2293)
4:54 pm: Found Spy Cookie: webpower cookie
4:54 pm: ray@webpower[1].txt (ID = 3660)
4:54 pm: Found Spy Cookie: xiti cookie
4:54 pm: ray@xiti[1].txt (ID = 3717)
4:54 pm: Found Spy Cookie: adknowledge cookie
4:54 pm: ray@adknowledge[1].txt (ID = 2072)
4:54 pm: ray@dist.belnk[2].txt (ID = 2293)
4:54 pm: Found Spy Cookie: adultfriendfinder cookie
4:54 pm: ray@adultfriendfinder[1].txt (ID = 2165)
4:54 pm: Found Spy Cookie: ask cookie
4:54 pm: ray@ask[2].txt (ID = 2245)
4:54 pm: Found Spy Cookie: askmen cookie
4:54 pm: ray@askmen[2].txt (ID = 2247)
4:54 pm: ray@outster[1].txt (ID = 3103)
4:54 pm: Found Spy Cookie: ccbill cookie
4:54 pm: ray@ccbill[2].txt (ID = 2369)
4:54 pm: ray@adknowledge[2].txt (ID = 2072)
4:54 pm: shane@ath.belnk[1].txt (ID = 2293)
4:54 pm: Found Spy Cookie: gostats cookie
4:54 pm: shane@gostats[2].txt (ID = 2747)
4:54 pm: Found Spy Cookie: classmates cookie
4:54 pm: shane@classmates[2].txt (ID = 2384)
4:54 pm: Found Spy Cookie: starware.com cookie
4:54 pm: shane@www.starware[1].txt (ID = 3442)
4:54 pm: Found Spy Cookie: 64.62.232 cookie
4:54 pm: shane@64.62.232[2].txt (ID = 1987)
4:54 pm: shane@64.62.232[6].txt (ID = 1987)
4:54 pm: Found Spy Cookie: experclick cookie
4:54 pm: shane@experclick[2].txt (ID = 2639)
4:54 pm: shane@64.62.232[3].txt (ID = 1987)
4:54 pm: Found Spy Cookie: tshirthell cookie
4:54 pm: shane@www.tshirthell[1].txt (ID = 3596)
4:54 pm: Found Spy Cookie: adlegend cookie
4:54 pm: shane@adlegend[1].txt (ID = 2074)
4:54 pm: Found Spy Cookie: a cookie
4:54 pm: shane@a[1].txt (ID = 2027)
4:54 pm: shane@h.starware[2].txt (ID = 3442)
4:54 pm: Found Spy Cookie: upspiral cookie
4:54 pm: shane@www.upspiral[2].txt (ID = 3615)
4:54 pm: shane@64.62.232[1].txt (ID = 1987)
4:54 pm: Found Spy Cookie: ic-live cookie
4:54 pm: shane@ic-live[1].txt (ID = 2821)
4:54 pm: Found Spy Cookie: howstuffworks cookie
4:54 pm: shane@howstuffworks[1].txt (ID = 2805)
4:54 pm: shane@dist.belnk[2].txt (ID = 2293)
4:54 pm: Found Spy Cookie: nextag cookie
4:54 pm: shane@nextag[1].txt (ID = 5014)
4:54 pm: shane@adknowledge[1].txt (ID = 2072)
4:54 pm: Found Spy Cookie: hbmediapro cookie
4:54 pm: shane@adopt.hbmediapro[2].txt (ID = 2768)
4:54 pm: Found Spy Cookie: realmedia cookie
4:54 pm: shane@realmedia[1].txt (ID = 3235)
4:54 pm: shane@64.62.232[4].txt (ID = 1987)
4:54 pm: Found Spy Cookie: websponsors cookie
4:54 pm: shane@a.websponsors[2].txt (ID = 3665)
4:54 pm: Found Spy Cookie: yieldmanager cookie
4:54 pm: shane@ad.yieldmanager[1].txt (ID = 3751)
4:54 pm: shane@xiti[1].txt (ID = 3717)
4:54 pm: Found Spy Cookie: gamespy cookie
4:54 pm: shane@gamespy[2].txt (ID = 2719)
4:54 pm: Found Spy Cookie: 2o7.net cookie
4:54 pm: shane@2o7[2].txt (ID = 1957)
4:55 pm: Found Spy Cookie: yadro cookie
4:55 pm: shane@yadro[1].txt (ID = 3743)
4:55 pm: Found Spy Cookie: wtlive.com cookie
4:55 pm: shane@dcstest.wtlive[1].txt (ID = 3700)
4:55 pm: Found Spy Cookie: cd freaks cookie
4:55 pm: shane@cdfreaks[2].txt (ID = 2370)
4:55 pm: Found Spy Cookie: redzip cookie
4:55 pm: shane@www.redzip[1].txt (ID = 3250)
4:55 pm: Found Spy Cookie: offeroptimizer cookie
4:55 pm: shane@offeroptimizer[2].txt (ID = 3087)
4:55 pm: Found Spy Cookie: ugo cookie
4:55 pm: shane@ugo[1].txt (ID = 3608)
4:55 pm: Found Spy Cookie: about cookie
4:55 pm: shane@about[2].txt (ID = 2037)
4:55 pm: shane@compnetworking.about[2].txt (ID = 2038)
4:55 pm: Found Spy Cookie: rn11 cookie
4:55 pm: shane@rn11[1].txt (ID = 3261)
4:55 pm: Found Spy Cookie: abcsearch cookie
4:55 pm: shane@abcsearch[1].txt (ID = 2033)
4:55 pm: shane@atwola[1].txt (ID = 2255)
4:55 pm: shane@adknowledge[2].txt (ID = 2072)
4:55 pm: Found Spy Cookie: pricegrabber cookie
4:55 pm: shane@pricegrabber[2].txt (ID = 3185)
4:55 pm: Found Spy Cookie: banner cookie
4:55 pm: shane@banner[1].txt (ID = 2276)
4:55 pm: shane@belnk[2].txt (ID = 2292)
4:55 pm: Found Spy Cookie: enhance cookie
4:55 pm: shane@c.enhance[1].txt (ID = 2614)
4:55 pm: shane@rn11[2].txt (ID = 3261)
4:55 pm: Found Spy Cookie: did-it cookie
4:55 pm: shane@did-it[2].txt (ID = 2523)
4:55 pm: shane@dist.belnk[1].txt (ID = 2293)
4:55 pm: shane@ask[2].txt (ID = 2245)
4:55 pm: Found Spy Cookie: directtrack cookie
4:55 pm: shane@directtrack[2].txt (ID = 2527)
4:55 pm: Found Spy Cookie: atlas dmt cookie
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: shane@atdmt[2].txt (ID = 2253)
4:55 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:55 pm: Found Spy Cookie: ru4 cookie
4:55 pm: shane@edge.ru4[1].txt (ID = 3269)
4:55 pm: Found Spy Cookie: adecn cookie
4:55 pm: shane@adecn[2].txt (ID = 2063)
4:55 pm: shane@ath.belnk[3].txt (ID = 2293)
4:55 pm: shane@belnk[1].txt (ID = 2292)
4:55 pm: shane@canadiansponsors.directtrack[2].txt (ID = 2528)
4:55 pm: Found Spy Cookie: cardomain cookie
4:55 pm: shane@cardomain[1].txt (ID = 2350)
4:55 pm: shane@atwola[2].txt (ID = 2255)
4:55 pm: shane@ask[1].txt (ID = 2245)
4:55 pm: Found Spy Cookie: fastclick cookie
4:55 pm: shane@fastclick[2].txt (ID = 2651)
4:55 pm: Found Spy Cookie: azjmp cookie
4:55 pm: shane@azjmp[2].txt (ID = 2270)
4:55 pm: Found Spy Cookie: delfinproject cookie
4:55 pm: shane@delfinproject[2].txt (ID = 2509)
4:55 pm: shane@askmen[2].txt (ID = 2247)
4:55 pm: Found Spy Cookie: go.com cookie
4:55 pm: shane@go[1].txt (ID = 2728)
4:55 pm: shane@adopt.hbmediapro[3].txt (ID = 2768)
4:55 pm: shane@h.starware[1].txt (ID = 3442)
4:55 pm: Found Spy Cookie: tribalfusion cookie
4:55 pm: shane@tribalfusion[2].txt (ID = 3589)
4:55 pm: Found Spy Cookie: reliablestats cookie
4:55 pm: shane@stats1.reliablestats[2].txt (ID = 3254)
4:55 pm: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:55 pm: Starting File Sweep
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: Warning: Failed to open file "c:\windows\system32\csccj.exe". The process cannot access the file because it is being used by another process
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:55 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: Warning: Failed to open file "c:\windows\system32\n4p4le7q1h.dll". The process cannot access the file because it is being used by another process
4:56 pm: Found Adware: look2me
4:56 pm: __delete_on_reboot__guard.tmp (ID = 159)
4:56 pm: Warning: Failed to open file "c:\windows\system32\i0lo0a33ed.dll". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:56 pm: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:56 pm: __delete_on_reboot__dpcpsapi.dll (ID = 159)
4:56 pm: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:56 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 pm: c:\windows\system32\vidmon (ID = -2147468683)
4:57 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:57 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:58 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:58 pm: c:\documents and settings\all users\application data\vidmon (1 subtraces) (ID = -2147468685)
4:58 pm: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs04ebac1c-8f30-42bd-ba57-f0c8a2d44218.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9bc45f69-9ba1-45cc-854d-c1a9c67369f5.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs366db359-758e-4cbe-afd8-52180d183401.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3f63f0e-d022-489d-a754-57d26c34e504.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs61ef6ab8-4684-498d-ae49-2cf6d51331f6.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c868a18-68e2-437b-8fe3-e520972b19e0.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2d2a1cac-ac79-41f3-b58c-5aa160885af7.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a377f44-6d92-4681-87d4-1b84ca710584.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs445dcb1d-b076-484f-b7ab-78d6a1719ca7.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs225287c0-3636-43c1-9b62-29f145740612.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf3558b95-7418-447f-a34f-1398c0ec7697.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd3059b3-1c4d-4022-9d6b-b7bad33e240a.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0f8d9da8-7c68-4000-b28e-9bfa346f22fd.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse6e849b7-9490-4e4c-a417-0be93844747a.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd08d76f2-f940-43ee-8318-eb42a65f1496.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea7ebedb-6194-43e1-a9c7-b9a308fa6a11.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbfd0c550-2ca3-4a6a-b46a-1d7efd3ac394.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs459d34bf-2429-42bd-864d-bbfe4ec6377c.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0428b7ba-a414-4d20-9db7-e69b21e0c008.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs691beb91-8e19-41a5-8462-a813c5fd3f39.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse8fad12d-27a6-447a-8f59-4415def1098e.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs316f41e1-0078-47eb-8e5b-0c14a5291f61.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs04d9cf9a-46d7-49e0-bdcf-33815d69a26e.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc8970abf-2d00-48a6-9f29-9492622526e1.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2793ac5-81b8-4921-acd4-a661a14bd6d1.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8bf646fe-46ce-484f-8a9f-8dd47c370867.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs94f5b1d7-f0ed-4bdc-908d-d39711717000.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf3e74469-a1c2-4842-b613-015c381092e8.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e73cd60-69ed-4065-a0fd-754c000fec52.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6db0f896-90e8-4083-a9cd-a1d23c54f001.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsee63dcc0-f0f5-483f-a01a-75dfd574ce04.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1bdde3b1-93bd-48b5-b8e7-281eaafcd9c6.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a1bf188-41c8-4fec-8176-2a01f4d30478.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7f0487f0-c49c-4149-8334-dfe9aab0e451.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4cdbb059-2062-412e-ade0-765ce3ca7a21.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd32cfcfe-7fc3-46be-97e3-028798ffdedf.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7d6cdebe-ddd5-4f0b-bcd8-e6d7545fd753.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6d485371-3ada-4377-b565-99b673c4ebaf.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d877314-7d48-4a89-ab9b-3a5679a099e8.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs48f70d53-dc62-40dd-b94e-8bccd2198242.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ee8188d-1f63-4d7d-aff7-97fd931207be.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab4f3d87-5501-4070-bd20-cba6c5300ef2.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs15b162bf-b096-4751-aa0a-5bfe6beb3c33.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c43e39e-1ade-490f-aeec-d09e20b931bd.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7bf03396-426a-4ac6-992a-a74d67be97b5.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6cb50d1b-6483-4bbc-b8df-f679b8c7b176.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaeeaac77-b63e-4445-bfe8-be55f0a8efac.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8bef33f2-ccc9-47fb-a1de-f0eb1d5888ae.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse4702348-8027-4d38-9dff-1063f6eaced3.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf79f246d-3cd5-4ad7-ab37-a6ce54725979.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3bfa211c-fda0-4198-9b77-3511175d78ff.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e5dfce0-1ca0-4afd-9fa3-6c37be265b34.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79f85296-4d05-4232-b51e-71686b8fd4d5.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1fe9f405-4008-4e88-bcd7-23a73323ad02.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c96a7c7-571a-4d04-b1ff-564d120c9585.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs96b8a63a-191c-469a-a5bf-c814607b92f2.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd0db73a3-1f29-4d08-bac1-b0e1706a2a26.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse72187e0-0e7c-499d-8a90-26a100e559c6.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0cb9b3e3-5325-496c-97b7-200a2d32a6c1.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d2ee4ec-934f-491c-a78c-fee876be8b58.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd3fcaddc-ee44-4b31-80cd-0f61deba58f9.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa312ad8-7445-40d9-914c-2b3f0a1d39ff.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1964d0e-16de-4d61-94e2-8584ae8c0569.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3e929353-3ec7-4454-a4b1-7c64b0ce2a41.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3535f4d6-6221-404a-b223-da1b39b60fed.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse8853a4e-23f1-4d4a-b3d5-fd0f9aa627ed.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc365431-f0b9-4e22-ba3d-4ecf2482b795.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3370a7f4-893e-4a74-9b37-903446c2a43c.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e2d3bf3-fd6c-4d12-ab8c-eaf11e270e0b.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2ad6e4e-bd93-4c2d-b730-a0eb61344c54.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfe1592d9-8433-4e76-bd3f-2e2cb8acb207.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs00d611f1-9fd5-40ad-ba3f-c1aca494ef6e.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbdf5089a-c107-40d7-beaa-4d0dd997af00.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf56fbcb6-fe83-4bfa-8563-24026b2969d2.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs524c31fd-73cb-424a-ab67-59040e40fbda.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b223f24-c10f-4f3f-b94c-14b2bf625625.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscc2d0e7c-c711-462b-8c3f-cd277ae24e88.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a907730-1a00-4d08-8c51-74d5d1bb7961.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs80f65d47-68ba-455d-98d4-bfdc646943df.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs62451ee0-8a6f-45ae-b6af-dbb9bf0a3705.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse49733c8-91e5-4ec1-ae08-710fe0ec0d3a.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf8c67ab9-5c5b-492a-8c44-4e44539e0ebe.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs36e45fda-05b9-4e22-9eae-f4a55e24b0e7.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5f81d860-1c6f-4f5d-a73b-c4afe626d7be.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9264700d-48af-47d6-a684-dc0107204029.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4e2fec27-9813-4f82-af38-7804dfab03cc.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4eb69da4-0f67-4a76-b87e-1099f33368be.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a049f91-491e-46f2-ba80-e4c888d3cb28.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea380da2-6cd7-4490-95ab-33f01f4759d4.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2fb1be41-bbdf-40bf-9fcd-9afbdf2012a3.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa367111d-c1b4-43c4-b09d-58867fc300c9.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd11c53f7-f7d0-4b7f-b192-1d0c2010b167.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9c369f57-6afe-4bec-990b-7225521c5766.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf39a0fd0-04c6-4867-85dc-fd805ecd281b.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs31f0a684-3c45-4f6c-8d69-4e1e6879712a.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a0a85bb-c9a0-42f2-ae04-ef51008629f4.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs365b706d-2c82-4200-a448-9d0b226759f5.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs853c1ab8-a948-4f58-a593-886062bb8aef.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6c1cdbee-31af-4091-9d2c-80f3b9754e08.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs407413e3-cf53-4196-a12e-85b1e7556c0b.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf0dac822-5fc8-48ac-bb61-dfcaa804dfba.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs951911f9-dcbd-4feb-b5c8-7a1581424307.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa643518e-a735-4e5c-9321-0eb3a0730a64.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a4d5e8b-639c-4516-b163-4ced0f6f89fc.tmp". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\shane\ntuser.dat". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\shane\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:58 pm: Warning: Failed to open file "c:\documents and settings\shane\local settings\temp\perflib_perfdata_73c.dat". The process cannot access the file because it is being used by another process
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
4:59 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:00 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: Warning: Failed to open file "c:\documents and settings\shane\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:01 pm: Warning: Failed to open file "c:\documents and settings\shane\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:01 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:02 pm: Warning: Failed to open file "c:\documents and settings\ray\ntuser.dat". The process cannot access the file because it is being used by another process
5:02 pm: Warning: Failed to open file "c:\documents and settings\ray\ntuser.dat.log". The process cannot access the file because it is being used by another process
5:03 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 pm: Warning: Failed to open file "c:\documents and settings\ray\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
5:03 pm: Warning: Failed to open file "c:\documents and settings\ray\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
5:03 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:03 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:03 pm: removewebdp.exe (ID = 166172)
5:04 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:04 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 pm: Warning: Failed to open file "d:\pagefile.sys". Access is denied
5:05 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:05 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:07 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:08 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:09 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:10 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:10 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:11 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:11 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:12 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:13 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:14 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:15 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:15 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 pm: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
5:16 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 pm: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
5:16 pm: File Sweep Complete, Elapsed Time: 00:21:30
5:16 pm: Full Sweep has completed. Elapsed time 00:25:16
5:16 pm: Traces Found: 243
5:16 pm: The Spy Communication

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:50 AM

Posted 24 November 2005 - 01:26 PM

Can reboot and post a new HJT log

Thanks

David :thumbsup:

#5 Shaner13

Shaner13
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 24 November 2005 - 06:52 PM

Whoops I meant to post one last time :thumbsup:
anyways here it is:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:39 pm, on 24/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
E:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
E:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\JetAudio\JetAudio.exe
E:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Shane\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] "E:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [dmhru.exe] C:\WINDOWS\System32\dmhru.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Windows] windows.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Shortcut to JetAudio.exe.lnk = E:\Program Files\JetAudio\JetAudio.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.app...llInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC8DE3E6-4B57-4C4B-8201-99A7AA177259}: NameServer = 85.255.114.106,85.255.112.23
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEDEDDC3-8275-4EEF-9ED0-B07245C14884}: NameServer = 85.255.114.106,85.255.112.23
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Group Policy - C:\WINDOWS\system32\h8l2li3o18.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - E:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005\RpcSandraSrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:50 AM

Posted 25 November 2005 - 11:37 AM

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

#7 Shaner13

Shaner13
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 25 November 2005 - 08:22 PM

Thanks for the help, but I had to re-install windows. Best I can figure, that VX2 or the Webroot spySweeper screwed up my windows. I started to BSOD at windows logon. Thanks for trying though :thumbsup:

#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:50 AM

Posted 26 November 2005 - 04:23 AM

Ok, glad you got it fixed in the end! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users