Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacking - Unknown Cause


  • Please log in to reply
5 replies to this topic

#1 ChristianC

ChristianC

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 03 December 2005 - 06:18 AM

Hi, name's Christian and I have a problem. I opened up a .exe file I KNEW, felt in my backbones, was infected with a trojan or something, but I wasn't thinking.

So now I'm having a hard time dealing with it. I've run Norton, SpyBot, Ad-Aware, HijackThis and Stinger, but no matter what I do it keeps coming back!

It spawns ads for cash-courier(I think it was called), StarWares, etc. I removed what I thought was the source from my computer, which had placed itself in my Alcohol 120% folder, but it's still going strong!

Since I'm using Opera, most times it just bugs when it tries to open a new window and I get the message
"M2 Error
Store Init Failed
Engine Init() failed"

Which is lucky, I guess, since I don't get any popups... but when I open up the browser, BANG! They're all there again.

This is the Log-file anyhows... I've looked through it several times, but I just can't find the cause of this damned hijacking... :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 12:13:19, on 2005-12-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
D:\Program\MessengerPlus! 3\MsgPlus.exe
D:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.exe
D:\Program\Samurize\Client.exe
D:\Program\Trillian\trillian.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
D:\Program\Opera\Opera.exe
E:\HijackThis.exe
C:\PROGRAM\OPERA\OPERA.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "d:\spel\valve\steam\steam.ex" -silent
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: Samurize.lnk = D:\Program\Samurize\Client.exe
O4 - Startup: Trillian.lnk = D:\Program\Trillian\trillian.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\k8620ijoe8oc0.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - D:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)




*squeaks* Heeeelp meeee... T_T


EDIT: I turned off the StarWindService.exe service (023), but that didn't help. :flowers:

Edited by ChristianC, 03 December 2005 - 07:33 AM.


BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:51 AM

Posted 03 December 2005 - 08:53 AM

Hi and :thumbsup: to BleepingComputer!

My name is David Posted Image

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 ChristianC

ChristianC
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 03 December 2005 - 08:21 PM

Heya, thanks for the quick reply! =D

Lesse...

Here's the Spy Sweeper log

********
21:06: | Start of Session, den 3 december 2005 |
21:06: Spy Sweeper started
21:06: Sweep initiated using definitions version 577
21:06: Starting Memory Sweep
21:07: Found Adware: icannnews
21:07: Detected running threat: C:\WINDOWS\system32\hrjs0517e.dll (ID = 83)
21:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:08: Detected running threat: C:\WINDOWS\system32\wvhext.dll (ID = 83)
21:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:09: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:09: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:10: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:10: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:11: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:11: Detected running threat: C:\WINDOWS\system32\guard.tmp (ID = 83)
21:11: Memory Sweep Complete, Elapsed Time: 00:05:15
21:11: Starting Registry Sweep
21:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:12: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:13: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:17: Registry Sweep Complete, Elapsed Time:00:06:12
21:17: Starting Cookie Sweep
21:17: Found Spy Cookie: yieldmanager cookie
21:17: horza horzasson@ad.yieldmanager[1].txt (ID = 3751)
21:17: Found Spy Cookie: adecn cookie
21:17: horza horzasson@adecn[2].txt (ID = 2063)
21:17: Found Spy Cookie: hbmediapro cookie
21:17: horza horzasson@adopt.hbmediapro[2].txt (ID = 2768)
21:17: Found Spy Cookie: specificclick.com cookie
21:17: horza horzasson@adopt.specificclick[1].txt (ID = 3400)
21:17: Found Spy Cookie: nextag cookie
21:17: horza horzasson@adq.nextag[2].txt (ID = 5015)
21:17: Found Spy Cookie: aptimus cookie
21:17: horza horzasson@aptimus[2].txt (ID = 2233)
21:17: Found Spy Cookie: atwola cookie
21:17: horza horzasson@atwola[1].txt (ID = 2255)
21:17: Found Spy Cookie: banner cookie
21:17: horza horzasson@banner[2].txt (ID = 2276)
21:17: Found Spy Cookie: belnk cookie
21:17: horza horzasson@belnk[1].txt (ID = 2292)
21:17: horza horzasson@dist.belnk[2].txt (ID = 2293)
21:17: Found Spy Cookie: touchclarity cookie
21:17: horza horzasson@msn.touchclarity[1].txt (ID = 3566)
21:17: horza horzasson@network.aptimus[1].txt (ID = 2235)
21:17: horza horzasson@nextag[1].txt (ID = 5014)
21:17: horza horzasson@yieldmanager[2].txt (ID = 3749)
21:17: Cookie Sweep Complete, Elapsed Time: 00:00:01
21:17: Starting File Sweep
21:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:20: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:20: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:24: Found Adware: spysheriff
21:24: secure32.html (ID = 184319)
21:24: Found Trojan Horse: trojan-backdoor-us15info
21:24: tool5.exe (ID = 183857)
21:24: Found Adware: targetsaver
21:24: tsupdate2[1].ini (ID = 193498)
21:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:24: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:25: qzfup.exe (ID = 195132)
21:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: Found Trojan Horse: trojan-backdoor-zubox
21:26: tool1[1].txt (ID = 149671)
21:26: tool5[1].txt (ID = 183857)
21:26: secure32.html (ID = 184319)
21:26: qzfua.exe (ID = 195128)
21:26: tsuninst.exe (ID = 193501)
21:26: class-barrel (ID = 78229)
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: Found Adware: look2me
21:26: fp2603fse.dll (ID = 159)
21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:27: r06u0aj9edo.dll (ID = 159)
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: wvhext.dll (ID = 159)
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: guard.tmp (ID = 159)
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: hrjs0517e.dll (ID = 159)
21:29: c4002edmgh0a2.dll (ID = 159)
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:31: qzful.exe (ID = 195130)
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: stub_113_4_0_4_0[1].exe (ID = 193995)
21:32: qzfuc.dll (ID = 195129)
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: jtpo0773e.dll (ID = 159)
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: installer[1].exe (ID = 168558)
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:35: tsinstall_4_0_4_0_b4.exe (ID = 193496)
21:35: vocabulary (ID = 78283)
21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:40: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:41: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:42: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:43: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:44: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:45: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:46: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:47: Warning: Could not get layout for drive F:. Felaktig funktion
21:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:47: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:48: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:48: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:49: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:49: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:50: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:51: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:52: Warning: Could not get layout for drive G:. Felaktig funktion
21:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:52: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:53: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:53: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:54: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:54: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:55: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:56: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:57: File Sweep Complete, Elapsed Time: 00:39:52
21:57: Full Sweep has completed. Elapsed time 00:51:37
21:57: Traces Found: 40
21:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:57: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:57: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:58: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:59: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:00: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:03: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:04: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:05: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:06: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:07: Removal process initiated
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: Quarantining All Traces: icannnews
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:08: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
22:09: icannnews is in use. It will be removed on reboot.
22:09: C:\WINDOWS\system32\hrjs0517e.dll is in use. It will be removed on reboot.
22:09: C:\WINDOWS\system32\wvhext.dll is in use. It will be removed on reboot.
22:09: C:\WINDOWS\system32\guard.tmp is in use. It will be removed on reboot.
22:09: Quarantining All Traces: look2me
22:10: Warning: TLZMAFileCompressor.Compress: Cannot compress a file or directory that does not exist (c:\windows\system32\wvhext.dll).
22:10: Failed to quarantine look2me
22:10: Failed to quarantine wvhext.dll
22:10: guard.tmp is in use. It will be removed on reboot.
22:10: hrjs0517e.dll is in use. It will be removed on reboot.
22:10: c4002edmgh0a2.dll is in use. It will be removed on reboot.
22:10: Quarantining All Traces: spysheriff
22:10: Quarantining All Traces: trojan-backdoor-us15info
22:10: Quarantining All Traces: trojan-backdoor-zubox
22:10: Quarantining All Traces: targetsaver
22:11: Quarantining All Traces: adecn cookie
22:11: Quarantining All Traces: aptimus cookie
22:11: Quarantining All Traces: atwola cookie
22:11: Quarantining All Traces: banner cookie
22:11: Quarantining All Traces: belnk cookie
22:11: Quarantining All Traces: hbmediapro cookie
22:11: Quarantining All Traces: nextag cookie
22:11: Quarantining All Traces: specificclick.com cookie
22:11: Quarantining All Traces: touchclarity cookie
22:11: Quarantining All Traces: yieldmanager cookie
22:13: Preparing to restart your computer. Please wait...
22:13: Removal process completed. Elapsed time 00:05:58
22:17: Processing Startup Alerts
22:17: Allowed Startup entry: msnmsgr
********
21:03: | Start of Session, den 3 december 2005 |
21:03: Spy Sweeper started
21:04: Your spyware definitions have been updated.
21:06: | End of Session, den 3 december 2005 |


And here's the HjT log

Logfile of HijackThis v1.99.1
Scan saved at 02:16:44, on 2005-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\Java\jre1.5.0_04\bin\jusched.exe
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program\iTunes\iTunesHelper.exe
C:\Program\QuickTime\qttask.exe
C:\WINDOWS\Mixer.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
D:\Program\MessengerPlus! 3\MsgPlus.exe
D:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\ALWILS~1\Avast4\ashDisp.exe
C:\Program\Delade filer\InstallShield\UpdateService\issch.exe
D:\Program\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\Program\Samurize\Client.exe
C:\Program\Alwil Software\Avast4\aswUpdSv.exe
C:\Program\Alwil Software\Avast4\ashServ.exe
D:\Program\OpenOffice.org1.1.3\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
D:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program\iPod\bin\iPodService.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "D:\Program\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Steam] "d:\spel\valve\steam\steam.ex" -silent
O4 - Startup: OpenOffice.org 1.1.3.lnk = D:\Program\OpenOffice.org1.1.3\program\quickstart.exe
O4 - Startup: Samurize.lnk = D:\Program\Samurize\Client.exe
O4 - Startup: Trillian.lnk = D:\Program\Trillian\trillian.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Program\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'mswsck2.dll' missing
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - D:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program\Webroot\Spy Sweeper\WRSSSDK.exe



I'm not having any more problems with popups, and I've been running for a while, so let me take this moment to say Thanks, you really saved my ass. ^^

Kudos to you! =D

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:51 AM

Posted 04 December 2005 - 09:44 AM

Fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank


Clean Log!! Posted Image
How's everything running?

David

#5 ChristianC

ChristianC
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:51 PM

Posted 07 December 2005 - 06:04 PM

Thanks, it helped a lot. I sorta lost track of time(had a lot to do), so I haven't been able to reply until now.

For some reason though, Windows has become REALLY laggy. It's like everything takes a lot longer to load, software can freeze up even if they require close to no RAM to function and... well... I dunno.

Is it possibly it could have been damaged? o.o

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:02:51 AM

Posted 08 December 2005 - 11:40 AM

:thumbsup: Download CleanUp!
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
What are your system specs?

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users