Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Pop-up Ads - Help!


  • Please log in to reply
4 replies to this topic

#1 bnmc

bnmc

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 26 November 2005 - 02:06 PM

I have been infected for weeks this pop-up spyware. If my computer is on, I get a new pop-up every few minutes and it seems to really slow my entire computer/internet browsing. Also during startup it takes much longer to boot up.



Logfile of HijackThis v1.99.1
Scan saved at 11:00:57 AM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Warez P2P Client\warez.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\NMAIN.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R3 - Default URLSearchHook is missing
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O4 - HKCU\..\Run: [klop] C:\WINDOWS\9E.tmp
O4 - HKCU\..\Run: [mmmi] C:\PROGRA~1\COMMON~1\mmmi\mmmim.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\hrl0053me.dll
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - (no file)
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - (no file)
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - (no file)
O21 - SSODL: 0EEJIHED - {516D5624-720C-7796-14E0-463B1DB47F20} - (no file)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QnJ1Y2U\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:13 PM

Posted 27 November 2005 - 05:01 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 bnmc

bnmc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 29 November 2005 - 11:40 PM

I ran the Spy Sweeper and here's the log from it:


8:21 PM: | Start of Session, Tuesday, November 29, 2005 |
8:21 PM: Spy Sweeper started
8:21 PM: Sweep initiated using definitions version 556
8:21 PM: Starting Memory Sweep
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: Found Adware: icannnews
8:22 PM: Detected running threat: C:\WINDOWS\system32\n4p40e7qeh.dll (ID = 83)
8:23 PM: Detected running threat: C:\WINDOWS\system32\guard.tmp (ID = 83)
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: Memory Sweep Complete, Elapsed Time: 00:02:07
8:23 PM: Starting Registry Sweep
8:23 PM: Found Trojan Horse: alwaysupdatednews
8:23 PM: HKLM\software\microsoft\code store database\distribution units\{47cd99df-8bcf-4b9b-94ef-02e51b2f79da}\ (7 subtraces) (ID = 103552)
8:23 PM: Found Adware: winad
8:23 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
8:23 PM: Found Trojan Horse: trojan-backdoor-zubox
8:23 PM: HKCR\appid\{78364d99-a640-4ddf-b91a-67eff8373045}\ (ID = 650832)
8:23 PM: HKLM\software\classes\appid\{78364d99-a640-4ddf-b91a-67eff8373045}\ (ID = 650872)
8:23 PM: Registry Sweep Complete, Elapsed Time:00:00:14
8:23 PM: Starting Cookie Sweep
8:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:23 PM: Starting File Sweep
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: Found Adware: apropos
8:34 PM: wingenerics.dll (ID = 50187)
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: File Sweep Complete, Elapsed Time: 00:10:51
8:34 PM: Full Sweep has completed. Elapsed time 00:13:23
8:34 PM: Traces Found: 16
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: Removal process initiated
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: Quarantining All Traces: trojan-backdoor-zubox
8:36 PM: Quarantining All Traces: alwaysupdatednews
8:36 PM: Quarantining All Traces: apropos
8:36 PM: apropos is in use. It will be removed on reboot.
8:36 PM: wingenerics.dll is in use. It will be removed on reboot.
8:36 PM: Quarantining All Traces: icannnews
8:36 PM: icannnews is in use. It will be removed on reboot.
8:36 PM: C:\WINDOWS\system32\n4p40e7qeh.dll is in use. It will be removed on reboot.
8:36 PM: C:\WINDOWS\system32\guard.tmp is in use. It will be removed on reboot.
8:36 PM: Quarantining All Traces: winad
8:37 PM: Removal process completed. Elapsed time 00:00:52
********
8:20 PM: | Start of Session, Tuesday, November 29, 2005 |
8:20 PM: Spy Sweeper started
8:21 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
8:21 PM: Updating spyware definitions
8:21 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
8:21 PM: Updating spyware definitions
8:21 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
8:21 PM: | End of Session, Tuesday, November 29, 2005 |

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:06:13 PM

Posted 30 November 2005 - 03:07 PM

Then post a new HJT log


:thumbsup:

#5 bnmc

bnmc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:13 AM

Posted 28 December 2005 - 08:20 PM

It seems that even though I got rid of it once it has come back. I tried to click on the link to re-run the spysweeper. However, after it scanned, there is no Next button or anything that would allow me to remove the spyware. I only have the option to subscribe and pay $29.99 for the software. Any ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users