Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware.look2me Virus Problem?


  • Please log in to reply
5 replies to this topic

#1 dopeyskydiver

dopeyskydiver

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 30 November 2005 - 02:40 PM

Okay, here's my problem - I'm running windows XP pro on a Dell dimension 2300 PC, 768meg RAM, Intel P4 2.0gig processor. I'm using Mozilla firefox as my default browser and MS Outlook 2000 as my default email client. I recently have noticed that I get MANY uncommanded (by me at least) tabs opening in firefox. This led me to do some more checking, and I have the following report from Hijack-This:

Logfile of HijackThis v1.99.1
Scan saved at 5:14:51 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] "d:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKCU\..\Run: [O2Backup] D:\Program Files\Genie-Soft\Outlook 2000 XP Backup\O2Backup.exe -reminder
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Launch K9.lnk = D:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...635/mcfscan.cab
O20 - Winlogon Notify: MSSYCLM - C:\WINDOWS\system32\kvdtat.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


I am also being notified CONSTANTLY via WinPatrol that my C:\windows\system32\drivers\etc\hosts file is trying to be changed to read as follows:

127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page-not-found.net
127.0.0.1 page-not-found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj-o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
127.0.0.1 www.pacimedia.com
127.0.0.1 www.pacimedia.com

After running various scans I am getting nowhere fast... Now my Outlook settings have changed - I think... I can't retrieve or send mail - I get the infamous "mail delivery error" message... So, I tried viewing my email via my provider's web-based mail server, and now I am being told that my user name \ password is incorrect, even though I KNOW I haven't changed it... Is it possible that this virus/trojan has altered this info? What are my possible solutions short of "FDISK" and starting over? I have WinXP installed on my C: drive, most programs installed and running from my D: drive (some programs were installed on my C: drive in order to work properly), and all of my important data on my E: drive. I am using a trial version of BitDefender to help block all of this persistant internet activity... Any ideas and/or suggestions would be GREATLY appreciated! :thumbsup: :flowers: :trumpet:

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:39 PM

Posted 30 November 2005 - 03:51 PM

:thumbsup:

Yep it's VX2 :flowers:
  • Please download hoster from the link below.
    http://www.funkytoad.com/download/hoster.zip
  • Unzip Hoster.zip
  • Open Hoster.exe
  • Then click on "Restore Original Hosts"
  • Close program when complete.
  • Empty Recycle Bin
  • Reboot and "copy/paste" a new log file into this thread, after completing any other instructions given
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

#3 dopeyskydiver

dopeyskydiver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 01 December 2005 - 09:04 AM

Okay David,

Here is what Hoster now has to say:



# Copyright 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost




And Here is the first WebRoot Spy Sweeper session log (before system shut down automatically) had to say:




9:07 PM: | Start of Session, Wednesday, November 30, 2005 |
9:07 PM: Spy Sweeper started
9:07 PM: Sweep initiated using definitions version 576
9:07 PM: Starting Memory Sweep
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: Found Adware: icannnews
9:09 PM: Detected running threat: C:\WINDOWS\system32\kvdtat.dll (ID = 83)
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: Detected running threat: C:\WINDOWS\system32\mxndex.dll (ID = 83)
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: Memory Sweep Complete, Elapsed Time: 00:06:56
9:14 PM: Starting Registry Sweep
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:14 PM: Found Adware: look2me
9:14 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\setup\ (6 subtraces) (ID = 129941)
9:15 PM: Found Adware: elitemediagroup-mediamotor
9:15 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
9:15 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
9:15 PM: Found Adware: targetsaver
9:15 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
9:15 PM: Found Adware: cnsmin
9:15 PM: HKCR\clsid\{d449eb58-55af-4695-b216-895d546aed89}\ (11 subtraces) (ID = 393334)
9:15 PM: HKCR\typelib\{b7db519e-7131-47b1-a9f5-da8d061c2611}\ (9 subtraces) (ID = 393356)
9:15 PM: HKLM\software\classes\clsid\{d449eb58-55af-4695-b216-895d546aed89}\ (11 subtraces) (ID = 393465)
9:15 PM: HKLM\software\classes\typelib\{b7db519e-7131-47b1-a9f5-da8d061c2611}\ (9 subtraces) (ID = 393487)
9:15 PM: Found Adware: delfin
9:15 PM: HKLM\software\vidmon\ (3 subtraces) (ID = 890155)
9:15 PM: Found Adware: dollarrevenue
9:15 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
9:15 PM: Found Trojan Horse: trojan downloader popuppers
9:15 PM: HKCR\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960709)
9:15 PM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
9:15 PM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
9:15 PM: HKLM\software\classes\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960771)
9:15 PM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
9:15 PM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
9:15 PM: Found Adware: command
9:15 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
9:15 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
9:15 PM: Found Adware: findthewebsiteyouneed hijacker
9:15 PM: HKU\S-1-5-21-1078081533-1482476501-725345543-500\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
9:15 PM: HKU\S-1-5-21-1078081533-1482476501-725345543-500\software\vidmon\ (1 subtraces) (ID = 890125)
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: Registry Sweep Complete, Elapsed Time:00:00:47
9:15 PM: Starting Cookie Sweep
9:15 PM: Found Spy Cookie: 888 cookie
9:15 PM: administrator@888[1].txt (ID = 2019)
9:15 PM: administrator@888[2].txt (ID = 2019)
9:15 PM: Found Spy Cookie: hbmediapro cookie
9:15 PM: administrator@adopt.hbmediapro[2].txt (ID = 2768)
9:15 PM: Found Spy Cookie: belnk cookie
9:15 PM: administrator@belnk[1].txt (ID = 2292)
9:15 PM: Found Spy Cookie: cassava cookie
9:15 PM: administrator@cassava[1].txt (ID = 2362)
9:15 PM: Found Spy Cookie: delfinproject cookie
9:15 PM: administrator@delfinproject[2].txt (ID = 2509)
9:15 PM: administrator@dist.belnk[2].txt (ID = 2293)
9:15 PM: Found Spy Cookie: touchclarity cookie
9:15 PM: administrator@easyjet.touchclarity[1].txt (ID = 3566)
9:15 PM: Found Spy Cookie: ic-live cookie
9:15 PM: administrator@ic-live[1].txt (ID = 2821)
9:15 PM: Found Spy Cookie: rn11 cookie
9:15 PM: administrator@rn11[2].txt (ID = 3261)
9:15 PM: Found Spy Cookie: toplist cookie
9:15 PM: administrator@toplist[1].txt (ID = 3557)
9:15 PM: Found Spy Cookie: xiti cookie
9:15 PM: administrator@xiti[1].txt (ID = 3717)
9:15 PM: Found Spy Cookie: yadro cookie
9:15 PM: administrator@yadro[1].txt (ID = 3743)
9:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:15 PM: Starting File Sweep
9:15 PM: c:\windows\system32\vidmon (ID = -2147468683)
9:15 PM: c:\documents and settings\all users\application data\vidmon (1 subtraces) (ID = -2147468685)
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:19 PM: zzizc.dll (ID = 195129)
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: o2rolc931f.dll (ID = 159)
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: kvdtat.dll (ID = 159)
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:32 PM: tsuninst.exe (ID = 193501)
9:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 PM: mxndex.dll (ID = 159)
9:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: unstall.exe (ID = 133210)
9:34 PM: 00049446.dbd (ID = 57676)
9:34 PM: Found Trojan Horse: trojan-backdoor-us15info
9:34 PM: tool4.exe (ID = 183857)
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:35 PM: tool5.exe (ID = 183857)
9:35 PM: 00049015.old (ID = 57688)
9:35 PM: 00048991.old (ID = 57693)
9:35 PM: 00049457.dbd (ID = 57692)
9:35 PM: iemonitor.ocx (ID = 186211)
9:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:36 PM: vocabulary (ID = 78283)
9:36 PM: 00049458.dbd (ID = 57693)
9:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:38 PM: 00049455.dbd (ID = 57687)
9:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:39 PM: lvpq0975e.dll (ID = 159)
9:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:42 PM: nvmsapi.dll (ID = 159)
9:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:46 PM: class-barrel (ID = 78229)
9:46 PM: Found Adware: apropos
9:46 PM: 00050153.dll (ID = 166754)
9:46 PM: 00050154._ (ID = 166754)
9:46 PM: azsnw.dll (ID = 159)
9:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:47 PM: drsmartload.dat (ID = 198788)
9:47 PM: 00048971.ddx (ID = 57680)
9:47 PM: 00048972.ddx (ID = 57680)
9:47 PM: 00048974.ddx (ID = 57691)
9:47 PM: 00048975.ddx (ID = 57680)
9:47 PM: 00048976.ddx (ID = 57679)
9:47 PM: 00048982.ddx (ID = 57680)
9:47 PM: 00048983.ddx (ID = 57680)
9:47 PM: 00048986.ddx (ID = 57685)
9:47 PM: 00048992.ddx (ID = 57691)
9:47 PM: 00048977.ddx (ID = 57680)
9:47 PM: 00048978.ddx (ID = 57680)
9:47 PM: 00048979.ddx (ID = 57691)
9:47 PM: 00048980.ddx (ID = 57680)
9:47 PM: 00048981.ddx (ID = 57679)
9:47 PM: 00049448.ddx (ID = 57680)
9:47 PM: 00049451.ddx (ID = 57680)
9:47 PM: 00049452.ddx (ID = 57691)
9:47 PM: 00049450.ddx (ID = 57680)
9:47 PM: 00049447.ddx (ID = 57679)
9:47 PM: 00048984.ddx (ID = 57680)
9:47 PM: 00048985.ddx (ID = 57680)
9:47 PM: 00049009.ddx (ID = 57680)
9:47 PM: 00049010.ddx (ID = 57680)
9:47 PM: 00048987.ddx (ID = 57685)
9:47 PM: 00048988.ddx (ID = 57685)
9:47 PM: 00048989.ddx (ID = 57685)
9:47 PM: 00048990.ddx (ID = 57685)
9:47 PM: 00049453.ddx (ID = 57685)
9:47 PM: 00048993.ddx (ID = 57691)
9:47 PM: 00049456.ddx (ID = 57691)
9:47 PM: 00049011.ddx (ID = 57680)
9:47 PM: 00049012.ddx (ID = 57680)
9:47 PM: 00049013.ddx (ID = 57680)
9:47 PM: 00049014.ddx (ID = 57680)
9:47 PM: 00049449.ddx (ID = 57680)
9:47 PM: 00049454.ddx (ID = 57680)
9:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
9:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
********




Here is the second Spy Sweeper log:





10:02 PM: | Start of Session, Wednesday, November 30, 2005 |
10:02 PM: Spy Sweeper started
10:02 PM: Sweep initiated using definitions version 576
10:02 PM: Starting Memory Sweep
10:03 PM: Found Adware: icannnews
10:03 PM: Detected running threat: C:\WINDOWS\system32\kvdtat.dll (ID = 83)
10:07 PM: Detected running threat: C:\WINDOWS\system32\mbimg32.dll (ID = 83)
10:07 PM: Memory Sweep Complete, Elapsed Time: 00:04:53
10:07 PM: Starting Registry Sweep
10:07 PM: Found Adware: elitemediagroup-mediamotor
10:07 PM: HKLM\software\classes\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140131)
10:07 PM: HKCR\typelib\{466c63ac-f26e-49f1-861a-e07da768a46a}\ (9 subtraces) (ID = 140223)
10:07 PM: Found Adware: targetsaver
10:07 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
10:07 PM: Found Adware: cnsmin
10:07 PM: HKCR\clsid\{d449eb58-55af-4695-b216-895d546aed89}\ (11 subtraces) (ID = 393334)
10:07 PM: HKCR\typelib\{b7db519e-7131-47b1-a9f5-da8d061c2611}\ (9 subtraces) (ID = 393356)
10:07 PM: HKLM\software\classes\clsid\{d449eb58-55af-4695-b216-895d546aed89}\ (11 subtraces) (ID = 393465)
10:07 PM: HKLM\software\classes\typelib\{b7db519e-7131-47b1-a9f5-da8d061c2611}\ (9 subtraces) (ID = 393487)
10:07 PM: Found Adware: delfin
10:07 PM: HKLM\software\vidmon\ (3 subtraces) (ID = 890155)
10:07 PM: Found Adware: look2me
10:07 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\policies\ || dllname (ID = 911234)
10:07 PM: Found Adware: dollarrevenue
10:07 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
10:07 PM: Found Trojan Horse: trojan downloader popuppers
10:07 PM: HKCR\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960709)
10:07 PM: HKCR\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960733)
10:07 PM: HKCR\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960748)
10:07 PM: HKLM\software\classes\clsid\{62fba4e7-bd9e-4d8d-8fbb-3c32999cb7fc}\ (23 subtraces) (ID = 960771)
10:07 PM: HKLM\software\classes\clsid\{a03323d3-f649-4f16-a6e4-4fc53f917a83}\ (10 subtraces) (ID = 960795)
10:07 PM: HKLM\software\classes\typelib\{1942bebe-dce5-4148-868e-1250a2218b4c}\ (9 subtraces) (ID = 960810)
10:07 PM: Found Adware: command
10:07 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
10:07 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
10:07 PM: Found Adware: findthewebsiteyouneed hijacker
10:07 PM: HKU\S-1-5-21-1078081533-1482476501-725345543-500\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
10:07 PM: HKU\S-1-5-21-1078081533-1482476501-725345543-500\software\vidmon\ (1 subtraces) (ID = 890125)
10:07 PM: Registry Sweep Complete, Elapsed Time:00:00:22
10:07 PM: Starting Cookie Sweep
10:07 PM: Found Spy Cookie: 888 cookie
10:07 PM: administrator@888[1].txt (ID = 2019)
10:07 PM: administrator@888[2].txt (ID = 2019)
10:07 PM: Found Spy Cookie: hbmediapro cookie
10:07 PM: administrator@adopt.hbmediapro[2].txt (ID = 2768)
10:07 PM: Found Spy Cookie: belnk cookie
10:07 PM: administrator@belnk[1].txt (ID = 2292)
10:07 PM: Found Spy Cookie: cassava cookie
10:07 PM: administrator@cassava[1].txt (ID = 2362)
10:07 PM: Found Spy Cookie: delfinproject cookie
10:07 PM: administrator@delfinproject[2].txt (ID = 2509)
10:07 PM: administrator@dist.belnk[2].txt (ID = 2293)
10:07 PM: Found Spy Cookie: touchclarity cookie
10:07 PM: administrator@easyjet.touchclarity[1].txt (ID = 3566)
10:07 PM: Found Spy Cookie: ic-live cookie
10:07 PM: administrator@ic-live[1].txt (ID = 2821)
10:07 PM: Found Spy Cookie: rn11 cookie
10:07 PM: administrator@rn11[2].txt (ID = 3261)
10:07 PM: Found Spy Cookie: toplist cookie
10:07 PM: administrator@toplist[1].txt (ID = 3557)
10:07 PM: Found Spy Cookie: xiti cookie
10:07 PM: administrator@xiti[1].txt (ID = 3717)
10:07 PM: Found Spy Cookie: yadro cookie
10:07 PM: administrator@yadro[1].txt (ID = 3743)
10:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:07 PM: Starting File Sweep
10:07 PM: c:\windows\system32\vidmon (ID = -2147468683)
10:07 PM: c:\documents and settings\all users\application data\vidmon (1 subtraces) (ID = -2147468685)
10:09 PM: zzizc.dll (ID = 195129)
10:10 PM: o2rolc931f.dll (ID = 159)
10:10 PM: kvdtat.dll (ID = 159)
10:15 PM: tsuninst.exe (ID = 193501)
10:15 PM: mxndex.dll (ID = 159)
10:16 PM: unstall.exe (ID = 133210)
10:16 PM: 00049446.dbd (ID = 57676)
10:16 PM: Found Trojan Horse: trojan-backdoor-us15info
10:16 PM: tool4.exe (ID = 183857)
10:16 PM: tool5.exe (ID = 183857)
10:16 PM: 00049015.old (ID = 57688)
10:16 PM: 00048991.old (ID = 57693)
10:16 PM: 00049457.dbd (ID = 57692)
10:16 PM: iemonitor.ocx (ID = 186211)
10:17 PM: vocabulary (ID = 78283)
10:17 PM: 00049458.dbd (ID = 57693)
10:17 PM: mbimg32.dll (ID = 159)
10:18 PM: 00049455.dbd (ID = 57687)
10:19 PM: lvpq0975e.dll (ID = 159)
10:21 PM: nvmsapi.dll (ID = 159)
10:22 PM: j64olgh3164.dll (ID = 159)
10:23 PM: class-barrel (ID = 78229)
10:23 PM: Found Adware: apropos
10:23 PM: 00050153.dll (ID = 166754)
10:23 PM: 00050154._ (ID = 166754)
10:23 PM: azsnw.dll (ID = 159)
10:23 PM: drsmartload.dat (ID = 198788)
10:23 PM: 00048971.ddx (ID = 57680)
10:23 PM: 00048972.ddx (ID = 57680)
10:23 PM: 00048974.ddx (ID = 57691)
10:23 PM: 00048975.ddx (ID = 57680)
10:23 PM: 00048976.ddx (ID = 57679)
10:23 PM: 00048982.ddx (ID = 57680)
10:23 PM: 00048983.ddx (ID = 57680)
10:23 PM: 00048986.ddx (ID = 57685)
10:23 PM: 00048992.ddx (ID = 57691)
10:23 PM: 00048977.ddx (ID = 57680)
10:23 PM: 00048978.ddx (ID = 57680)
10:23 PM: 00048979.ddx (ID = 57691)
10:23 PM: 00048980.ddx (ID = 57680)
10:23 PM: 00048981.ddx (ID = 57679)
10:23 PM: 00049448.ddx (ID = 57680)
10:23 PM: 00049451.ddx (ID = 57680)
10:23 PM: 00049452.ddx (ID = 57691)
10:23 PM: 00049450.ddx (ID = 57680)
10:23 PM: 00049447.ddx (ID = 57679)
10:23 PM: 00048984.ddx (ID = 57680)
10:23 PM: 00048985.ddx (ID = 57680)
10:23 PM: 00049009.ddx (ID = 57680)
10:23 PM: 00049010.ddx (ID = 57680)
10:23 PM: 00048987.ddx (ID = 57685)
10:23 PM: 00048988.ddx (ID = 57685)
10:23 PM: 00048989.ddx (ID = 57685)
10:23 PM: 00048990.ddx (ID = 57685)
10:23 PM: 00049453.ddx (ID = 57685)
10:23 PM: 00048993.ddx (ID = 57691)
10:23 PM: 00049456.ddx (ID = 57691)
10:23 PM: 00049011.ddx (ID = 57680)
10:23 PM: 00049012.ddx (ID = 57680)
10:23 PM: 00049013.ddx (ID = 57680)
10:23 PM: 00049014.ddx (ID = 57680)
10:23 PM: 00049449.ddx (ID = 57680)
10:24 PM: 00049454.ddx (ID = 57680)
10:38 PM: Sweep Canceled
10:38 PM: File Sweep Complete, Elapsed Time: 00:31:00
10:38 PM: Traces Found: 262
10:40 PM: Removal process initiated
10:40 PM: Quarantining All Traces: icannnews
10:40 PM: icannnews is in use. It will be removed on reboot.
10:40 PM: C:\WINDOWS\system32\kvdtat.dll is in use. It will be removed on reboot.
10:40 PM: C:\WINDOWS\system32\mbimg32.dll is in use. It will be removed on reboot.
10:40 PM: Quarantining All Traces: look2me
10:40 PM: look2me is in use. It will be removed on reboot.
10:40 PM: kvdtat.dll is in use. It will be removed on reboot.
10:40 PM: mbimg32.dll is in use. It will be removed on reboot.
10:40 PM: j64olgh3164.dll is in use. It will be removed on reboot.
10:40 PM: Quarantining All Traces: trojan-backdoor-us15info
10:40 PM: Quarantining All Traces: apropos
10:41 PM: Quarantining All Traces: trojan downloader popuppers
10:41 PM: Quarantining All Traces: cnsmin
10:41 PM: Quarantining All Traces: command
10:41 PM: Quarantining All Traces: delfin
10:41 PM: Quarantining All Traces: dollarrevenue
10:41 PM: Quarantining All Traces: elitemediagroup-mediamotor
10:41 PM: Quarantining All Traces: findthewebsiteyouneed hijacker
10:41 PM: Quarantining All Traces: targetsaver
10:41 PM: Quarantining All Traces: 888 cookie
10:41 PM: Quarantining All Traces: belnk cookie
10:41 PM: Quarantining All Traces: cassava cookie
10:41 PM: Quarantining All Traces: delfinproject cookie
10:41 PM: Quarantining All Traces: hbmediapro cookie
10:41 PM: Quarantining All Traces: ic-live cookie
10:41 PM: Quarantining All Traces: rn11 cookie
10:41 PM: Quarantining All Traces: toplist cookie
10:41 PM: Quarantining All Traces: touchclarity cookie
10:41 PM: Quarantining All Traces: xiti cookie
10:41 PM: Quarantining All Traces: yadro cookie
10:41 PM: Warning: Timed out waiting for explorer.exe
10:41 PM: Warning: Timed out waiting for explorer.exe
10:41 PM: Warning: Timed out waiting for explorer.exe
10:41 PM: Warning: Quarantine process could not restart Explorer.
10:42 PM: Preparing to restart your computer. Please wait...
10:42 PM: Removal process completed. Elapsed time 00:01:38
********




And here is the last Spy Sweeper log:




11:50 AM: | Start of Session, Thursday, December 01, 2005 |
11:50 AM: Spy Sweeper started
11:50 AM: Sweep initiated using definitions version 576
11:50 AM: Starting Memory Sweep
11:54 AM: Memory Sweep Complete, Elapsed Time: 00:04:21
11:54 AM: Starting Registry Sweep
11:55 AM: Registry Sweep Complete, Elapsed Time:00:00:21
11:55 AM: Starting Cookie Sweep
11:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:55 AM: Starting File Sweep
12:55 PM: Found Adware: powerscan
12:55 PM: power scan.lnk (ID = 72676)
1:04 PM: Warning: Failed to open file "x:\recovered files\documents and settings\travis\desktop\kazza\trav's\other\software\winrar\winrar 4.1 pro (with crack).exe". A device attached to the system is not functioning
1:28 PM: Warning: Failed to open file "x:\recovered files\documents and settings\travis\application data\microsoft\word\startup\1jac.dot". A device attached to the system is not functioning
2:16 PM: File Sweep Complete, Elapsed Time: 02:21:24
2:16 PM: Full Sweep has completed. Elapsed time 02:26:16
2:16 PM: Traces Found: 1
2:18 PM: Removal process initiated
2:18 PM: Quarantining All Traces: powerscan
2:18 PM: Removal process completed. Elapsed time 00:00:02
********



Now, after completing this lengthy BUT WELL WORTH IT check, here is the latest HJT log:




Logfile of HijackThis v1.99.1
Scan saved at 2:38:34 PM, on 12/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] "d:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [O2Backup] D:\Program Files\Genie-Soft\Outlook 2000 XP Backup\O2Backup.exe -reminder
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] D:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Launch K9.lnk = D:\Program Files\KeirNet\K9\K9.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...635/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7E79DC1-41B2-4880-B56B-A57714184365}: NameServer = 62.58.50.5 62.58.50.6
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - d:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)




Still having no luck getting logged on to my email server, but I want to fix this problem first. Then I can call the "Help Desk"... Awaiting any further advice...

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:39 PM

Posted 01 December 2005 - 01:34 PM

I see a clean log :thumbsup:

How's everything running? Any pop-ups?

I'm afraid i can't really help with the email server problems :flowers:

David

#5 dopeyskydiver

dopeyskydiver
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 01 December 2005 - 01:53 PM

:thumbsup: Hey David :flowers:

You are the best! I am not seeing ANY popups... I really appreciate your help with this! As for the email problem, "something or someone" changed my login password - quick call to the helpdesk and they reset it for me - rather painless... Everything is working smoothly again! :trumpet: KUDOS to you for being able to decipher this mess.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:39 PM

Posted 01 December 2005 - 01:59 PM

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users