Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log:please Help Diagnose


  • Please log in to reply
14 replies to this topic

#1 tkenney65

tkenney65

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 30 January 2006 - 10:49 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:39:15 PM, on 1/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Windows Media Connect 2\wmccds.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\msaim\ms.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\WINDOWS\system32\wgse.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Garmin\gStart.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\hpsw.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: (no name) - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - (no file)
O2 - BHO: (no name) - {6FE13F3A-80D4-8E77-8859-AA7F121ED59C} - C:\WINDOWS\system32\igo.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Media Server] C:\Program Files\J River\Media Center\Media Server.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [msaim] "C:\Program Files\msaim\ms.exe"
O4 - HKLM\..\Run: [AIM Monitor] C:\Program Files\AimMonitor\AimMonitor.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Service Monitor] update.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [0g640iv8.dll] RUNDLL32.EXE 0g640iv8.dll,b 23402953
O4 - HKLM\..\Run: [myupdates] c:\windows\myupdates.exe
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Service Monitor] update.exe
O4 - HKLM\..\RunServices: [Mozilla Firefox Browser] firefox32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk725DGUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: GotSmiley - {240FF121-9EF3-4e9f-A397-9E189045B6A1} - "C:\PROGRA~1\GOTSMI~1\GSYUpdater.exe" (file missing)
O9 - Extra 'Tools' menuitem: GotSmiley - {240FF121-9EF3-4e9f-A397-9E189045B6A1} - "C:\PROGRA~1\GOTSMI~1\GSYUpdater.exe" (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.com/client/plugin/npdownload.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/hitthepros0...orts/wtinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O18 - Protocol: bw+0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: repairs302972988.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

BC AdBot (Login to Remove)

 


#2 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 01 February 2006 - 09:02 PM

My 11 year old son infected my PC w/ Adware and Spyware. I have countless pop-ups that will not go away despite running CLEANMGR, Ad-Aware SE, Spybot S&D, Stinger, etc. Some spyware examples beyond the pop-ups that I have seen are SurfSideKick 3 E2Give, Quicklinks, etc.

Any help would be greatly appreciated...here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 8:59:19 PM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\msaim\ms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\WINDOWS\system32\wgse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [susse] "C:\WINDOWS\system32\hpsw.exe"
O4 - HKLM\..\Run: [msaim] "C:\Program Files\msaim\ms.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\RunServices: [Service Monitor] update.exe
O4 - HKLM\..\RunServices: [Mozilla Firefox Browser] firefox32.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk725DGUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138768246812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.com/client/plugin/npdownload.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/hitthepros0...orts/wtinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O18 - Protocol: bw+0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {328D8378-7D04-45A5-867F-A6D595B81BFE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\jtpo0773e.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 04 February 2006 - 06:01 PM

Add remove programs - remove logitech desktop messenger

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Boot

Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#4 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 04 February 2006 - 09:17 PM

MFDnSC,

Thanks so much for your assistance! Here is the Spysweeper Session Log:

********
7:34 PM: | Start of Session, Saturday, February 04, 2006 |
7:34 PM: Spy Sweeper started
7:34 PM: Sweep initiated using definitions version 611
7:34 PM: Found Adware: surfsidekick
7:34 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055336)
7:34 PM: Ssk.exe (ID = 1055336)
7:34 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\inprocserver32\ (2 subtraces) (ID = 1055337)
7:34 PM: SskBho.dll (ID = 1055337)
7:34 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
7:34 PM: Ssk.exe (ID = 1055335)
7:34 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
7:34 PM: Ssk.exe (ID = 1055335)
7:34 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
7:34 PM: Ssk.exe (ID = 1055335)
7:34 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 1055335)
7:34 PM: Ssk.exe (ID = 1055335)
7:34 PM: Starting Memory Sweep
7:34 PM: Found Adware: command
7:34 PM: Detected running threat: C:\Program Files\Network Monitor\netmon.exe (ID = 231443)
7:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:35 PM: BHO Shield: found: -- BHO installation denied at user request
7:35 PM: Detected running threat: C:\WINDOWS\VGlt\asappsrv.dll (ID = 144945)
7:35 PM: Found Adware: clkoptimizer
7:35 PM: Detected running threat: C:\WINDOWS\SYSTEM32\wuauclt.dll (ID = 188706)
7:36 PM: Spy Installation Shield: found: Adware: quicklink search toolbar, version 1.0.0.0 -- Execution Denied
7:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:37 PM: Detected running threat: C:\WINDOWS\VGlt\command.exe (ID = 144946)
7:37 PM: Found Adware: visfx
7:37 PM: Detected running threat: C:\WINDOWS\pmfqxla.exe (ID = 99)
7:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:37 PM: Found Adware: quicklink search toolbar
7:37 PM: Detected running threat: C:\WINDOWS\SYSTEM32\hpsw.exe (ID = 238236)
7:37 PM: Found System Monitor: messagespy aim
7:37 PM: Detected running threat: C:\Program Files\msaim\ms.exe (ID = 219751)
7:37 PM: Detected running threat: C:\WINDOWS\whbbiml.exe (ID = 135)
7:37 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || whbbiml (ID = 0)
7:38 PM: Detected running threat: C:\Program Files\Common Files\VCClient\VCClient.exe (ID = 212828)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
7:38 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
7:38 PM: Detected running threat: C:\Program Files\Common Files\VCClient\VCMain.exe (ID = 212830)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
7:38 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
7:38 PM: Detected running threat: C:\WINDOWS\SYSTEM32\wgse.exe (ID = 238240)
7:38 PM: Memory Sweep Complete, Elapsed Time: 00:04:00
7:38 PM: Starting Registry Sweep
7:38 PM: Found System Monitor: atomiclog
7:38 PM: HKCR\typelib\{07622ca2-be19-11d2-9e33-00a0c9313aa3}\ (9 subtraces) (ID = 103869)
7:38 PM: HKCR\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 105953)
7:38 PM: HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106021)
7:38 PM: HKLM\software\classes\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 106049)
7:38 PM: HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106116)
7:38 PM: Found Adware: e2g
7:38 PM: HKCR\iebhos.control.1\ (3 subtraces) (ID = 125444)
7:38 PM: HKCR\iebhos.control\ (5 subtraces) (ID = 125445)
7:38 PM: HKLM\software\classes\iebhos.control.1\ (3 subtraces) (ID = 125482)
7:38 PM: HKLM\software\classes\iebhos.control\ (5 subtraces) (ID = 125483)
7:38 PM: Found Adware: effective-i toolbar
7:38 PM: HKLM\software\effective-i\ (ID = 125658)
7:38 PM: Found Adware: mirar webband
7:38 PM: HKCR\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135075)
7:38 PM: HKCR\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135076)
7:38 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy.1\ (3 subtraces) (ID = 135088)
7:38 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\ (5 subtraces) (ID = 135089)
7:38 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\clsid\ (1 subtraces) (ID = 135090)
7:38 PM: HKLM\software\classes\nn_bar_dummy.nn_bardummy\curver\ (1 subtraces) (ID = 135091)
7:38 PM: Found System Monitor: parental tools for aim
7:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || ptrun32 (ID = 136557)
7:38 PM: HKLM\software\ignite software\ (19 subtraces) (ID = 136558)
7:38 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
7:38 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
7:38 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
7:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\surf sidekick\ (2 subtraces) (ID = 143408)
7:38 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
7:38 PM: Found Adware: webhancer
7:38 PM: HKCR\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 146280)
7:38 PM: HKCR\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 146281)
7:38 PM: Found Adware: zenosearchassistant
7:38 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\zeno search assistant\ (2 subtraces) (ID = 147930)
7:38 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\enhanced ads by zeno\ (2 subtraces) (ID = 147931)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\enhanced ads by zeno\ (2 subtraces) (ID = 147934)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\zeno search assistant\ (2 subtraces) (ID = 147935)
7:38 PM: HKCR\clsid\{575e82cb-32cd-b68a-8fc3-8dbc57b7cc88}\ (35 subtraces) (ID = 384561)
7:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || msaim (ID = 657105)
7:38 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
7:38 PM: Found Adware: gotsmiley
7:38 PM: HKCR\gsyoutlookaddin.gsyaddinobj\ (5 subtraces) (ID = 723663)
7:38 PM: HKCR\gsyoutlookaddin.gsyaddinobj.1\ (3 subtraces) (ID = 723669)
7:38 PM: Found Adware: gain - common components
7:38 PM: HKCR\typelib\{b699b1b8-add0-4835-8602-1548200fcdd5}\ (9 subtraces) (ID = 723686)
7:38 PM: HKLM\software\classes\gsyoutlookaddin.gsyaddinobj\ (5 subtraces) (ID = 723769)
7:38 PM: HKLM\software\classes\gsyoutlookaddin.gsyaddinobj.1\ (3 subtraces) (ID = 723775)
7:38 PM: HKLM\software\classes\typelib\{b699b1b8-add0-4835-8602-1548200fcdd5}\ (9 subtraces) (ID = 723792)
7:38 PM: HKLM\software\microsoft\office\outlook\addins\gsyoutlookaddin.gsyaddinobj\ (4 subtraces) (ID = 723802)
7:38 PM: HKLM\software\microsoft\internet explorer\extensions\{9e248641-0e24-4ddb-9a1f-705087832ad6}\ (2 subtraces) (ID = 753449)
7:38 PM: HKLM\software\qstat\ (5 subtraces) (ID = 769771)
7:38 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
7:38 PM: HKLM\software\qstat\ || brr (ID = 877670)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)
7:38 PM: HKLM\software\classes\clsid\{575e82cb-32cd-b68a-8fc3-8dbc57b7cc88}\ (35 subtraces) (ID = 912868)
7:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:38 PM: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
7:38 PM: Found Adware: elitemediagroup-pop64
7:38 PM: HKCR\elitectl.democtl\ (3 subtraces) (ID = 967500)
7:38 PM: HKCR\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (27 subtraces) (ID = 967504)
7:38 PM: HKCR\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967532)
7:38 PM: HKCR\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967541)
7:38 PM: HKCR\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967550)
7:38 PM: HKLM\software\classes\elitectl.democtl\ (3 subtraces) (ID = 967560)
7:38 PM: HKLM\software\classes\clsid\{9ac54695-69a4-46f1-be10-10c74f9520d5}\ (27 subtraces) (ID = 967564)
7:38 PM: HKLM\software\classes\interface\{b216c7fc-397c-45f0-adfc-907df3c87339}\ (8 subtraces) (ID = 967592)
7:38 PM: HKLM\software\classes\interface\{efdfe6ee-8888-422e-ab3c-b48589338ae3}\ (8 subtraces) (ID = 967601)
7:38 PM: HKLM\software\classes\typelib\{5bec549d-581b-4636-ae75-28645e8cddc1}\ (9 subtraces) (ID = 967610)
7:38 PM: HKLM\software\classes\whiehelperobj.whiehelperobj\ (3 subtraces) (ID = 972216)
7:38 PM: HKLM\software\classes\whiehelperobj.whiehelperobj.1\ (3 subtraces) (ID = 972220)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\webnexus\ (2 subtraces) (ID = 1006191)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroup\ (2 subtraces) (ID = 1015939)
7:38 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (8 subtraces) (ID = 1016064)
7:38 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (10 subtraces) (ID = 1016072)
7:38 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055242)
7:38 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055248)
7:38 PM: HKCR\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055250)
7:38 PM: HKCR\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055256)
7:38 PM: HKCR\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055268)
7:38 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1\ (5 subtraces) (ID = 1055285)
7:38 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\ (3 subtraces) (ID = 1055291)
7:38 PM: HKLM\software\classes\mirar_dummy_ats.mirar_dummy_ats1.1\clsid\ (1 subtraces) (ID = 1055293)
7:38 PM: HKLM\software\classes\clsid\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}\ (11 subtraces) (ID = 1055311)
7:38 PM: HKLM\software\classes\typelib\{34568171-e2ca-4fcd-a99f-43771f766b8a}\ (9 subtraces) (ID = 1055323)
7:38 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\system32\winats.dll (ID = 1055333)
7:38 PM: Found Adware: zquest
7:38 PM: HKCR\clsid\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ (4 subtraces) (ID = 1057025)
7:38 PM: HKLM\software\classes\clsid\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ (4 subtraces) (ID = 1057030)
7:38 PM: Found Trojan Horse: trojan-downloader-dh
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dh\ (2 subtraces) (ID = 1057035)
7:38 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/winats.dll\ (2 subtraces) (ID = 1066860)
7:38 PM: Found Adware: purityscan
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\elitemediagroupoin\ (2 subtraces) (ID = 1070163)
7:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || browserupdatesched (ID = 1075246)
7:38 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756)
7:38 PM: Found Adware: findthewebsiteyouneed hijacker
7:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysban (ID = 1121712)
7:38 PM: HKCR\permeation.permeater\ (3 subtraces) (ID = 1133968)
7:38 PM: HKCR\permeation.permeater.1\ (3 subtraces) (ID = 1133972)
7:38 PM: HKCR\permeation.trecker\ (3 subtraces) (ID = 1133976)
7:38 PM: HKCR\permeation.trecker.1\ (3 subtraces) (ID = 1133980)
7:38 PM: HKCR\typelib\{2f6e85dc-8d2d-4896-8a4f-7df8a7b1749d}\ (9 subtraces) (ID = 1134093)
7:38 PM: Found Adware: dollarrevenue
7:38 PM: HKLM\software\microsoft\drsmartload2\ (1 subtraces) (ID = 1134137)
7:38 PM: HKLM\software\classes\permeation.permeater\ (3 subtraces) (ID = 1134157)
7:38 PM: HKLM\software\classes\permeation.permeater.1\ (3 subtraces) (ID = 1134161)
7:38 PM: HKLM\software\classes\permeation.trecker\ (3 subtraces) (ID = 1134165)
7:38 PM: HKLM\software\classes\permeation.trecker.1\ (3 subtraces) (ID = 1134169)
7:38 PM: HKLM\software\classes\typelib\{2f6e85dc-8d2d-4896-8a4f-7df8a7b1749d}\ (9 subtraces) (ID = 1134251)
7:38 PM: HKLM\software\microsoft\windows\currentversion\run\ || susse (ID = 1135364)
7:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\effective-i\ (7 subtraces) (ID = 125657)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 subtraces) (ID = 125661)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\surfsidekick3\ (2 subtraces) (ID = 143412)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\office\outlook\addins\gsyoutlookaddin.gsyaddinobj\ (1 subtraces) (ID = 723724)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {240ff121-9ef3-4e9f-a397-9e189045b6a1} (ID = 1057041)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\effective-i\ (7 subtraces) (ID = 125657)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 subtraces) (ID = 125661)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\internet explorer\toolbar\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125662)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\surfsidekick3\ (4 subtraces) (ID = 143412)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {240ff121-9ef3-4e9f-a397-9e189045b6a1} (ID = 1057041)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\effective-i\ (5 subtraces) (ID = 125657)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\microsoft\windows\currentversion\run\ || ptrun32 (ID = 136556)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\surfsidekick3\ (3 subtraces) (ID = 143412)
7:38 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1008\software\microsoft\internet explorer\extensions\cmdmapping\ || {240ff121-9ef3-4e9f-a397-9e189045b6a1} (ID = 1057041)
7:38 PM: Found Adware: findthewebsiteyouneed hijack
7:38 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
7:38 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\main\ || search page (ID = 125238)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\effective-i\ (7 subtraces) (ID = 125657)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\maxthon\plugin\toolbar\{44be0690-5429-47f0-85bb-3ffd8020233e}\ (1 subtraces) (ID = 125661)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {44be0690-5429-47f0-85bb-3ffd8020233e} (ID = 125668)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\windows\currentversion\run\ || ptrun32 (ID = 136556)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\surfsidekick3\ (3 subtraces) (ID = 143412)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {240ff121-9ef3-4e9f-a397-9e189045b6a1} (ID = 1057041)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965)
7:39 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966)
7:39 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {240ff121-9ef3-4e9f-a397-9e189045b6a1} (ID = 1057041)
7:39 PM: Registry Sweep Complete, Elapsed Time:00:00:46
7:39 PM: Starting Cookie Sweep
7:39 PM: Found Spy Cookie: go.com cookie
7:39 PM: guest@abc.go[2].txt (ID = 2729)
7:39 PM: Found Spy Cookie: yieldmanager cookie
7:39 PM: guest@ad.yieldmanager[2].txt (ID = 3751)
7:39 PM: Found Spy Cookie: adknowledge cookie
7:39 PM: guest@adknowledge[1].txt (ID = 2072)
7:39 PM: Found Spy Cookie: specificclick.com cookie
7:39 PM: guest@adopt.specificclick[2].txt (ID = 3400)
7:39 PM: Found Spy Cookie: adorigin cookie
7:39 PM: guest@adorigin[2].txt (ID = 2082)
7:39 PM: guest@ads.specificclick[1].txt (ID = 3400)
7:39 PM: Found Spy Cookie: ask cookie
7:39 PM: guest@ask[1].txt (ID = 2245)
7:39 PM: Found Spy Cookie: belnk cookie
7:39 PM: guest@ath.belnk[2].txt (ID = 2293)
7:39 PM: Found Spy Cookie: atwola cookie
7:39 PM: guest@atwola[1].txt (ID = 2255)
7:39 PM: Found Spy Cookie: bannerspace cookie
7:39 PM: guest@bannerspace[1].txt (ID = 2284)
7:39 PM: Found Spy Cookie: banner cookie
7:39 PM: guest@banner[1].txt (ID = 2276)
7:39 PM: guest@belnk[1].txt (ID = 2292)
7:39 PM: guest@broadband.espn.go[1].txt (ID = 2729)
7:39 PM: Found Spy Cookie: 2o7.net cookie
7:39 PM: guest@cbs.112.2o7[2].txt (ID = 1958)
7:39 PM: guest@dist.belnk[2].txt (ID = 2293)
7:39 PM: guest@espn.go[2].txt (ID = 2729)
7:39 PM: guest@go[1].txt (ID = 2728)
7:39 PM: guest@go[2].txt (ID = 2728)
7:39 PM: guest@go[4].txt (ID = 2728)
7:39 PM: Found Spy Cookie: kount cookie
7:39 PM: guest@kount[1].txt (ID = 2911)
7:39 PM: guest@movies.go[1].txt (ID = 2729)
7:39 PM: guest@msn.espn.go[1].txt (ID = 2729)
7:39 PM: guest@msnportal.112.2o7[1].txt (ID = 1958)
7:39 PM: Found Spy Cookie: netratingsselect cookie
7:39 PM: guest@nnselect[2].txt (ID = 3065)
7:39 PM: Found Spy Cookie: pollstar cookie
7:39 PM: guest@pollstar[1].txt (ID = 3151)
7:39 PM: Found Spy Cookie: pricegrabber cookie
7:39 PM: guest@pricegrabber[1].txt (ID = 3185)
7:39 PM: guest@psc.disney.go[1].txt (ID = 2729)
7:39 PM: Found Spy Cookie: rightmedia cookie
7:39 PM: guest@rightmedia[1].txt (ID = 3259)
7:39 PM: guest@rsi.espn.go[1].txt (ID = 2729)
7:39 PM: Found Spy Cookie: directtrack cookie
7:39 PM: guest@sideshow.directtrack[2].txt (ID = 2528)
7:39 PM: Found Spy Cookie: specificpop cookie
7:39 PM: guest@specificpop[2].txt (ID = 3401)
7:39 PM: guest@sports.espn.go[2].txt (ID = 2729)
7:39 PM: Found Spy Cookie: starware.com cookie
7:39 PM: guest@starware[2].txt (ID = 3441)
7:39 PM: guest@web.ask[1].txt (ID = 2246)
7:39 PM: Found Spy Cookie: burstbeacon cookie
7:39 PM: guest@www.burstbeacon[2].txt (ID = 2335)
7:39 PM: guest@www.disney.go[1].txt (ID = 2729)
7:39 PM: Found Spy Cookie: screensavers.com cookie
7:39 PM: guest@www.screensavers[2].txt (ID = 3298)
7:39 PM: Found Spy Cookie: seeq cookie
7:39 PM: guest@www.seeq[1].txt (ID = 3332)
7:39 PM: guest@www48.seeq[1].txt (ID = 3332)
7:39 PM: guest@yieldmanager[2].txt (ID = 3749)
7:39 PM: Found Spy Cookie: tribalfusion cookie
7:39 PM: liz@a.tribalfusion[1].txt (ID = 3590)
7:39 PM: Found Spy Cookie: websponsors cookie
7:39 PM: liz@a.websponsors[2].txt (ID = 3665)
7:39 PM: Found Spy Cookie: about cookie
7:39 PM: liz@about[2].txt (ID = 2037)
7:39 PM: liz@ad.yieldmanager[2].txt (ID = 3751)
7:39 PM: liz@adknowledge[2].txt (ID = 2072)
7:39 PM: liz@ar.atwola[1].txt (ID = 2256)
7:39 PM: liz@ask[2].txt (ID = 2245)
7:39 PM: liz@ath.belnk[1].txt (ID = 2293)
7:39 PM: liz@atwola[2].txt (ID = 2255)
7:39 PM: liz@bannerspace[1].txt (ID = 2284)
7:39 PM: liz@belnk[2].txt (ID = 2292)
7:39 PM: liz@busycooks.about[1].txt (ID = 2038)
7:39 PM: Found Spy Cookie: clickzs cookie
7:39 PM: liz@cz3.clickzs[1].txt (ID = 2413)
7:39 PM: Found Spy Cookie: webtrendslive cookie
7:39 PM: liz@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
7:39 PM: liz@dist.belnk[2].txt (ID = 2293)
7:39 PM: liz@espn.go[2].txt (ID = 2729)
7:39 PM: liz@go[1].txt (ID = 2728)
7:39 PM: liz@go[2].txt (ID = 2728)
7:39 PM: liz@go[3].txt (ID = 2728)
7:39 PM: liz@go[4].txt (ID = 2728)
7:39 PM: liz@go[5].txt (ID = 2728)
7:39 PM: Found Spy Cookie: ic-live cookie
7:39 PM: liz@ic-live[1].txt (ID = 2821)
7:39 PM: Found Spy Cookie: nextag cookie
7:39 PM: liz@nextag[2].txt (ID = 5014)
7:39 PM: Found Spy Cookie: reunion cookie
7:39 PM: liz@reunion[2].txt (ID = 3255)
7:39 PM: liz@rightmedia[1].txt (ID = 3259)
7:39 PM: liz@rsi.espn.go[1].txt (ID = 2729)
7:39 PM: liz@search.about[1].txt (ID = 2038)
7:39 PM: Found Spy Cookie: servedby advertising cookie
7:39 PM: liz@servedby.advertising[1].txt (ID = 3335)
7:39 PM: liz@sports.espn.go[1].txt (ID = 2729)
7:39 PM: liz@www.ask[1].txt (ID = 2246)
7:39 PM: liz@www.burstbeacon[1].txt (ID = 2335)
7:39 PM: Found Spy Cookie: primaryads cookie
7:39 PM: brad@1.primaryads[2].txt (ID = 3190)
7:39 PM: Found Spy Cookie: 216.221.138 cookie
7:39 PM: brad@216.221.138[1].txt (ID = 1947)
7:39 PM: brad@2o7[1].txt (ID = 1957)
7:39 PM: Found Spy Cookie: 3 cookie
7:39 PM: brad@3[1].txt (ID = 1959)
7:39 PM: Found Spy Cookie: 447 cookie
7:39 PM: brad@447[1].txt (ID = 1973)
7:39 PM: Found Spy Cookie: 64.62.232 cookie
7:39 PM: brad@64.62.232[1].txt (ID = 1987)
7:39 PM: brad@64.62.232[2].txt (ID = 1987)
7:39 PM: Found Spy Cookie: 66.70.21 cookie
7:39 PM: brad@66.70.21[2].txt (ID = 1999)
7:39 PM: Found Spy Cookie: 888 cookie
7:39 PM: brad@888[2].txt (ID = 2019)
7:39 PM: brad@888[3].txt (ID = 2019)
7:39 PM: brad@a.websponsors[1].txt (ID = 3665)
7:39 PM: brad@ad.yieldmanager[2].txt (ID = 3751)
7:39 PM: Found Spy Cookie: addynamix cookie
7:39 PM: brad@addynamix[2].txt (ID = 2061)
7:39 PM: Found Spy Cookie: adecn cookie
7:39 PM: brad@adecn[2].txt (ID = 2063)
7:39 PM: brad@adknowledge[1].txt (ID = 2072)
7:39 PM: Found Spy Cookie: adlegend cookie
7:39 PM: brad@adlegend[1].txt (ID = 2074)
7:39 PM: Found Spy Cookie: hbmediapro cookie
7:39 PM: brad@adopt.hbmediapro[2].txt (ID = 2768)
7:39 PM: Found Spy Cookie: precisead cookie
7:39 PM: brad@adopt.precisead[2].txt (ID = 3182)
7:39 PM: brad@adopt.specificclick[2].txt (ID = 3400)
7:39 PM: brad@ads.addynamix[2].txt (ID = 2062)
7:39 PM: Found Spy Cookie: cc214142 cookie
7:39 PM: brad@ads.cc214142[1].txt (ID = 2367)
7:39 PM: Found Spy Cookie: gorillanation cookie
7:39 PM: brad@ads.gorillanation[2].txt (ID = 2744)
7:39 PM: brad@ads.specificclick[2].txt (ID = 3400)
7:39 PM: Found Spy Cookie: adultfriendfinder cookie
7:39 PM: brad@adultfriendfinder[2].txt (ID = 2165)
7:39 PM: Found Spy Cookie: adultrevenueservice cookie
7:39 PM: brad@adultrevenueservice[1].txt (ID = 2167)
7:39 PM: Found Spy Cookie: advertising cookie
7:39 PM: brad@advertising[2].txt (ID = 2175)
7:39 PM: Found Spy Cookie: affiliate cookie
7:39 PM: brad@affiliate[1].txt (ID = 2199)
7:39 PM: Found Spy Cookie: apmebf cookie
7:39 PM: brad@apmebf[2].txt (ID = 2229)
7:39 PM: brad@ar.atwola[1].txt (ID = 2256)
7:39 PM: Found Spy Cookie: falkag cookie
7:39 PM: brad@as-eu.falkag[1].txt (ID = 2650)
7:39 PM: brad@as-us.falkag[2].txt (ID = 2650)
7:39 PM: Found Spy Cookie: askmen cookie
7:39 PM: brad@askmen[1].txt (ID = 2247)
7:39 PM: brad@ask[1].txt (ID = 2245)
7:39 PM: Found Spy Cookie: atlas dmt cookie
7:39 PM: brad@atdmt[2].txt (ID = 2253)
7:39 PM: brad@ath.belnk[2].txt (ID = 2293)
7:39 PM: brad@atwola[1].txt (ID = 2255)
7:39 PM: Found Spy Cookie: azjmp cookie
7:39 PM: brad@azjmp[1].txt (ID = 2270)
7:39 PM: Found Spy Cookie: searchingbooth cookie
7:39 PM: brad@banners.searchingbooth[1].txt (ID = 3322)
7:39 PM: brad@bannerspace[1].txt (ID = 2284)
7:39 PM: Found Spy Cookie: banners cookie
7:39 PM: brad@banners[1].txt (ID = 2282)
7:39 PM: brad@banners[2].txt (ID = 2282)
7:39 PM: brad@banners[3].txt (ID = 2282)
7:39 PM: brad@banner[1].txt (ID = 2276)
7:39 PM: brad@belnk[1].txt (ID = 2292)
7:39 PM: Found Spy Cookie: bizrate cookie
7:39 PM: brad@bizrate[2].txt (ID = 2308)
7:39 PM: Found Spy Cookie: bluestreak cookie
7:39 PM: brad@bluestreak[1].txt (ID = 2314)
7:39 PM: Found Spy Cookie: burstnet cookie
7:39 PM: brad@burstnet[2].txt (ID = 2336)
7:39 PM: Found Spy Cookie: gostats cookie
7:39 PM: brad@c3.gostats[2].txt (ID = 2748)
7:39 PM: Found Spy Cookie: zedo cookie
7:39 PM: brad@c5.zedo[1].txt (ID = 3763)
7:39 PM: Found Spy Cookie: casalemedia cookie
7:39 PM: brad@casalemedia[2].txt (ID = 2354)
7:39 PM: Found Spy Cookie: cassava cookie
7:39 PM: brad@cassava[1].txt (ID = 2362)
7:39 PM: brad@cbs.112.2o7[2].txt (ID = 1958)
7:39 PM: Found Spy Cookie: centralmedia cookie
7:39 PM: brad@centralmedia[1].txt (ID = 2373)
7:39 PM: Found Spy Cookie: classmates cookie
7:39 PM: brad@classmates[1].txt (ID = 2384)
7:39 PM: Found Spy Cookie: clickbank cookie
7:39 PM: brad@clickbank[1].txt (ID = 2398)
7:39 PM: brad@cnn.122.2o7[2].txt (ID = 1958)
7:39 PM: Found Spy Cookie: tickle cookie
7:39 PM: brad@cookie.tickle[1].txt (ID = 3530)
7:39 PM: brad@cz5.clickzs[2].txt (ID = 2413)
7:39 PM: brad@cz6.clickzs[2].txt (ID = 2413)
7:39 PM: Found Spy Cookie: overture cookie
7:39 PM: brad@data2.perf.overture[1].txt (ID = 3106)
7:39 PM: Found Spy Cookie: dealtime cookie
7:39 PM: brad@dealtime[1].txt (ID = 2505)
7:39 PM: brad@dist.belnk[1].txt (ID = 2293)
7:39 PM: Found Spy Cookie: ru4 cookie
7:39 PM: brad@edge.ru4[2].txt (ID = 3269)
7:39 PM: brad@entrepreneur.122.2o7[1].txt (ID = 1958)
7:39 PM: brad@espn.go[2].txt (ID = 2729)
7:39 PM: Found Spy Cookie: exitexchange cookie
7:39 PM: brad@exitexchange[1].txt (ID = 2633)
7:39 PM: Found Spy Cookie: fastclick cookie
7:39 PM: brad@fastclick[2].txt (ID = 2651)
7:39 PM: Found Spy Cookie: fe.lea.lycos.com cookie
7:39 PM: brad@fe.lea.lycos[1].txt (ID = 2660)
7:39 PM: Found Spy Cookie: fortunecity cookie
7:39 PM: brad@fortunecity[2].txt (ID = 2686)
7:39 PM: Found Spy Cookie: go2net.com cookie
7:39 PM: brad@go2net[1].txt (ID = 2730)
7:39 PM: Found Spy Cookie: goldenpalace cookie
7:39 PM: brad@goldenpalace[2].txt (ID = 2734)
7:39 PM: brad@gostats[2].txt (ID = 2747)
7:39 PM: brad@go[1].txt (ID = 2728)
7:39 PM: brad@go[2].txt (ID = 2728)
7:39 PM: brad@go[3].txt (ID = 2728)
7:39 PM: brad@go[4].txt (ID = 2728)
7:39 PM: brad@go[6].txt (ID = 2728)
7:39 PM: brad@go[7].txt (ID = 2728)
7:39 PM: brad@go[8].txt (ID = 2728)
7:39 PM: brad@h.starware[2].txt (ID = 3442)
7:39 PM: Found Spy Cookie: clickandtrack cookie
7:39 PM: brad@hits.clickandtrack[1].txt (ID = 2397)
7:39 PM: Found Spy Cookie: hypertracker.com cookie
7:39 PM: brad@hypertracker[1].txt (ID = 2817)
7:39 PM: brad@i.screensavers[2].txt (ID = 3298)
7:39 PM: brad@indianapoliscolts.122.2o7[1].txt (ID = 1958)
7:39 PM: Found Spy Cookie: infospace cookie
7:39 PM: brad@infospace[2].txt (ID = 2865)
7:39 PM: Found Spy Cookie: inqwire cookie
7:39 PM: brad@inqwire[2].txt (ID = 2867)
7:39 PM: brad@isg01.casalemedia[1].txt (ID = 2355)
7:39 PM: brad@isg02.casalemedia[2].txt (ID = 2355)
7:39 PM: brad@isg03.casalemedia[1].txt (ID = 2355)
7:39 PM: brad@isg04.casalemedia[1].txt (ID = 2355)
7:39 PM: brad@isg05.casalemedia[1].txt (ID = 2355)
7:39 PM: Found Spy Cookie: kmpads cookie
7:39 PM: brad@kmpads[1].txt (ID = 2909)
7:39 PM: Found Spy Cookie: maxserving cookie
7:39 PM: brad@maxserving[2].txt (ID = 2966)
7:39 PM: Found Spy Cookie: top-banners cookie
7:39 PM: brad@media.top-banners[1].txt (ID = 3548)
7:39 PM: Found Spy Cookie: ugo cookie
7:39 PM: brad@mediamgr.ugo[2].txt (ID = 3609)
7:39 PM: Found Spy Cookie: mediaplex cookie
7:39 PM: brad@mediaplex[1].txt (ID = 6442)
7:39 PM: Found Spy Cookie: metareward.com cookie
7:39 PM: brad@metareward[1].txt (ID = 2990)
7:39 PM: Found Spy Cookie: military cookie
7:39 PM: brad@military[1].txt (ID = 2996)
7:39 PM: brad@msn.espn.go[1].txt (ID = 2729)
7:39 PM: brad@msnportal.112.2o7[1].txt (ID = 1958)
7:39 PM: Found Spy Cookie: mywebsearch cookie
7:39 PM: brad@mywebsearch[2].txt (ID = 3051)
7:39 PM: brad@nextag[1].txt (ID = 5014)
7:39 PM: Found Spy Cookie: oinadserve cookie
7:39 PM: brad@oinadserve[2].txt (ID = 3091)
7:39 PM: brad@overture[1].txt (ID = 3105)
7:39 PM: brad@partygaming.122.2o7[1].txt (ID = 1958)
7:39 PM: Found Spy Cookie: touchclarity cookie
7:39 PM: brad@partypoker.touchclarity[2].txt (ID = 3567)
7:39 PM: Found Spy Cookie: partypoker cookie
7:39 PM: brad@partypoker[1].txt (ID = 3111)
7:39 PM: Found Spy Cookie: passion cookie
7:39 PM: brad@passion[2].txt (ID = 3113)
7:39 PM: Found Spy Cookie: paypopup cookie
7:39 PM: brad@paypopup[1].txt (ID = 3119)
7:39 PM: brad@perf.overture[1].txt (ID = 3106)
7:39 PM: Found Spy Cookie: pro-market cookie
7:39 PM: brad@pro-market[1].txt (ID = 3197)
7:39 PM: brad@proxy.espn.go[2].txt (ID = 2729)
7:39 PM: brad@psc.disney.go[1].txt (ID = 2729)
7:39 PM: Found Spy Cookie: qksrv cookie
7:39 PM: brad@qksrv[2].txt (ID = 3213)
7:39 PM: Found Spy Cookie: questionmarket cookie
7:39 PM: brad@questionmarket[1].txt (ID = 3217)
7:39 PM: Found Spy Cookie: realmedia cookie
7:39 PM: brad@realmedia[2].txt (ID = 3235)
7:39 PM: Found Spy Cookie: valuead cookie
7:39 PM: brad@reduxads.valuead[2].txt (ID = 3627)
7:39 PM: Found Spy Cookie: revenue.net cookie
7:39 PM: brad@revenue[1].txt (ID = 3257)
7:39 PM: brad@rightmedia[1].txt (ID = 3259)
7:39 PM: Found Spy Cookie: adjuggler cookie
7:39 PM: brad@rotator.adjuggler[2].txt (ID = 2071)
7:39 PM: brad@rsi.espn.go[1].txt (ID = 2729)
7:39 PM: brad@sel.as-us.falkag[1].txt (ID = 2650)
7:39 PM: Found Spy Cookie: serving-sys cookie
7:39 PM: brad@serving-sys[2].txt (ID = 3343)
7:39 PM: Found Spy Cookie: smni cookie
7:39 PM: brad@smni[1].txt (ID = 3389)
7:39 PM: brad@specificpop[2].txt (ID = 3401)
7:39 PM: brad@sports.espn.go[1].txt (ID = 2729)
7:39 PM: brad@starware[2].txt (ID = 3441)
7:39 PM: brad@stat.dealtime[1].txt (ID = 2506)
7:39 PM: Found Spy Cookie: tacoda cookie
7:39 PM: brad@tacoda[1].txt (ID = 6444)
7:39 PM: Found Spy Cookie: targetnet cookie
7:39 PM: brad@targetnet[1].txt (ID = 3489)
7:39 PM: Found Spy Cookie: toplist cookie
7:39 PM: brad@toplist[1].txt (ID = 3557)
7:39 PM: Found Spy Cookie: tracking cookie
7:39 PM: brad@tracking[2].txt (ID = 3571)
7:39 PM: Found Spy Cookie: trafficmp cookie
7:39 PM: brad@trafficmp[1].txt (ID = 3581)
7:39 PM: brad@tribalfusion[2].txt (ID = 3589)
7:39 PM: Found Spy Cookie: adprofile cookie
7:39 PM: brad@tx.adprofile[1].txt (ID = 2085)
7:39 PM: brad@web.tickle[1].txt (ID = 3530)
7:39 PM: Found Spy Cookie: webpower cookie
7:39 PM: brad@webpower[1].txt (ID = 3660)
7:39 PM: brad@wrigley.122.2o7[1].txt (ID = 1958)
7:39 PM: brad@www.888[1].txt (ID = 2020)
7:39 PM: brad@www.burstbeacon[1].txt (ID = 2335)
7:39 PM: brad@www.disney.go[1].txt (ID = 2729)
7:39 PM: brad@www.metareward[1].txt (ID = 2991)
7:39 PM: Found Spy Cookie: popuptraffic cookie
7:39 PM: brad@www.popuptraffic[1].txt (ID = 3164)
7:39 PM: brad@www.screensavers[2].txt (ID = 3298)
7:39 PM: brad@www.searchingbooth[2].txt (ID = 3322)
7:39 PM: brad@www.starware[1].txt (ID = 3442)
7:39 PM: Found Spy Cookie: try games cookie
7:39 PM: brad@www.trygames[1].txt (ID = 3594)
7:39 PM: brad@www48.seeq[1].txt (ID = 3332)
7:39 PM: Found Spy Cookie: xiti cookie
7:39 PM: brad@xiti[1].txt (ID = 3717)
7:39 PM: Found Spy Cookie: yadro cookie
7:39 PM: brad@yadro[2].txt (ID = 3743)
7:39 PM: brad@yieldmanager[1].txt (ID = 3749)
7:39 PM: Found Spy Cookie: adserver cookie
7:39 PM: brad@z1.adserver[1].txt (ID = 2142)
7:39 PM: brad@zedo[1].txt (ID = 3762)
7:39 PM: Found Spy Cookie: zenotecnico cookie
7:39 PM: brad@zenotecnico[1].txt (ID = 3858)
7:39 PM: emma@2o7[1].txt (ID = 1957)
7:39 PM: emma@a.websponsors[2].txt (ID = 3665)
7:39 PM: emma@ad.yieldmanager[2].txt (ID = 3751)
7:39 PM: emma@adecn[2].txt (ID = 2063)
7:39 PM: emma@adknowledge[1].txt (ID = 2072)
7:39 PM: emma@adopt.hbmediapro[2].txt (ID = 2768)
7:39 PM: emma@adopt.specificclick[2].txt (ID = 3400)
7:39 PM: emma@ads.cc214142[2].txt (ID = 2367)
7:39 PM: emma@advertising[2].txt (ID = 2175)
7:39 PM: emma@ar.atwola[1].txt (ID = 2256)
7:39 PM: emma@ask[2].txt (ID = 2245)
7:39 PM: emma@atdmt[2].txt (ID = 2253)
7:39 PM: emma@atwola[2].txt (ID = 2255)
7:39 PM: emma@azjmp[2].txt (ID = 2270)
7:39 PM: emma@banners.searchingbooth[1].txt (ID = 3322)
7:39 PM: emma@banners[1].txt (ID = 2282)
7:39 PM: emma@belnk[1].txt (ID = 2292)
7:39 PM: Found Spy Cookie: goclick cookie
7:39 PM: emma@c.goclick[1].txt (ID = 2733)
7:39 PM: emma@casalemedia[1].txt (ID = 2354)
7:39 PM: Found Spy Cookie: coremetrics cookie
7:39 PM: emma@data.coremetrics[1].txt (ID = 2472)
7:39 PM: emma@data4.perf.overture[2].txt (ID = 3106)
7:39 PM: emma@dist.belnk[2].txt (ID = 2293)
7:39 PM: emma@exitexchange[2].txt (ID = 2633)
7:39 PM: emma@go[10].txt (ID = 2728)
7:39 PM: emma@go[11].txt (ID = 2728)
7:39 PM: emma@go[13].txt (ID = 2728)
7:39 PM: emma@go[14].txt (ID = 2728)
7:39 PM: emma@go[1].txt (ID = 2728)
7:39 PM: emma@go[2].txt (ID = 2728)
7:39 PM: emma@go[3].txt (ID = 2728)
7:39 PM: emma@go[4].txt (ID = 2728)
7:39 PM: emma@go[5].txt (ID = 2728)
7:39 PM: emma@go[6].txt (ID = 2728)
7:39 PM: emma@go[7].txt (ID = 2728)
7:39 PM: emma@go[8].txt (ID = 2728)
7:39 PM: emma@go[9].txt (ID = 2728)
7:39 PM: emma@hbmediapro[2].txt (ID = 2767)
7:39 PM: emma@hits.clickandtrack[2].txt (ID = 2397)
7:39 PM: emma@i.screensavers[1].txt (ID = 3298)
7:39 PM: emma@kmpads[1].txt (ID = 2909)
7:39 PM: emma@msnportal.112.2o7[1].txt (ID = 1958)
7:39 PM: emma@mywebsearch[2].txt (ID = 3051)
7:39 PM: emma@nextag[1].txt (ID = 5014)
7:39 PM: emma@partygaming.122.2o7[1].txt (ID = 1958)
7:39 PM: emma@partypoker[1].txt (ID = 3111)
7:39 PM: emma@pro-market[1].txt (ID = 3197)
7:39 PM: emma@questionmarket[1].txt (ID = 3217)
7:39 PM: emma@searchingbooth[1].txt (ID = 3321)
7:39 PM: emma@starware[2].txt (ID = 3441)
7:39 PM: emma@tacoda[1].txt (ID = 6444)
7:39 PM: emma@trafficmp[2].txt (ID = 3581)
7:39 PM: emma@www.screensavers[1].txt (ID = 3298)
7:39 PM: emma@yieldmanager[2].txt (ID = 3749)
7:39 PM: emma@zenotecnico[2].txt (ID = 3858)
7:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:40 PM: Found Spy Cookie: 10102 cookie
7:40 PM: cari@10102[1].txt (ID = 1919)
7:40 PM: Found Spy Cookie: 10105 cookie
7:40 PM: cari@10105[2].txt (ID = 1923)
7:40 PM: cari@112.2o7[2].txt (ID = 1958)
7:40 PM: Found Spy Cookie: l2m.net cookie
7:40 PM: cari@28929374a.l2m[1].txt (ID = 2914)
7:40 PM: cari@3[1].txt (ID = 1959)
7:40 PM: Found Spy Cookie: 5 cookie
7:40 PM: cari@5[1].txt (ID = 1979)
7:40 PM: cari@888[1].txt (ID = 2019)
7:40 PM: cari@888[3].txt (ID = 2019)
7:40 PM: cari@a.websponsors[2].txt (ID = 3665)
7:40 PM: cari@abc.go[2].txt (ID = 2729)
7:40 PM: cari@abclocal.go[2].txt (ID = 2729)
7:40 PM: cari@abcnews.go[1].txt (ID = 2729)
7:40 PM: cari@about[1].txt (ID = 2037)
7:40 PM: Found Spy Cookie: ad-rotator cookie
7:40 PM: cari@ad-rotator[1].txt (ID = 2051)
7:40 PM: cari@ad.reunion[1].txt (ID = 3256)
7:40 PM: cari@ad.yieldmanager[1].txt (ID = 3751)
7:40 PM: cari@adecn[1].txt (ID = 2063)
7:40 PM: cari@adknowledge[1].txt (ID = 2072)
7:40 PM: cari@adlegend[1].txt (ID = 2074)
7:40 PM: cari@adopt.hbmediapro[2].txt (ID = 2768)
7:40 PM: Found Spy Cookie: hotbar cookie
7:40 PM: cari@adopt.hotbar[2].txt (ID = 4207)
7:40 PM: cari@adopt.precisead[2].txt (ID = 3182)
7:40 PM: cari@adopt.specificclick[1].txt (ID = 3400)
7:40 PM: Found Spy Cookie: adrevolver cookie
7:40 PM: cari@adrevolver[1].txt (ID = 2088)
7:40 PM: cari@adrevolver[2].txt (ID = 2088)
7:40 PM: cari@adrevolver[3].txt (ID = 2088)
7:40 PM: cari@adrevolver[5].txt (ID = 2088)
7:40 PM: cari@ads.addynamix[1].txt (ID = 2062)
7:40 PM: cari@ads.cc214142[2].txt (ID = 2367)
7:40 PM: cari@advertising[1].txt (ID = 2175)
7:40 PM: Found Spy Cookie: aff01511 cookie
7:40 PM: cari@aff01511[2].txt (ID = 2185)
7:40 PM: Found Spy Cookie: anm.co.uk cookie
7:40 PM: cari@anm.co[2].txt (ID = 2223)
7:40 PM: cari@apmebf[2].txt (ID = 2229)
7:40 PM: cari@app.abc.go[1].txt (ID = 2729)
7:40 PM: cari@as-eu.falkag[2].txt (ID = 2650)
7:40 PM: cari@as-us.falkag[2].txt (ID = 2650)
7:40 PM: cari@as1.falkag[2].txt (ID = 2650)
7:40 PM: cari@ask[2].txt (ID = 2245)
7:40 PM: cari@atdmt[2].txt (ID = 2253)
7:40 PM: cari@ath.belnk[2].txt (ID = 2293)
7:40 PM: cari@atwola[2].txt (ID = 2255)
7:40 PM: Found Spy Cookie: aycm5 cookie
7:40 PM: cari@aycm5[2].txt (ID = 2266)
7:40 PM: Found Spy Cookie: aycm6 cookie
7:40 PM: cari@aycm6[1].txt (ID = 2268)
7:40 PM: cari@azjmp[2].txt (ID = 2270)
7:40 PM: cari@baking.about[1].txt (ID = 2038)
7:40 PM: cari@bannerspace[2].txt (ID = 2284)
7:40 PM: cari@banner[2].txt (ID = 2276)
7:40 PM: cari@belnk[2].txt (ID = 2292)
7:40 PM: Found Spy Cookie: bigblue cookie
7:40 PM: cari@BigBlue[1].txt (ID = 2302)
7:40 PM: cari@bipolar.about[1].txt (ID = 2038)
7:40 PM: cari@birding.about[2].txt (ID = 2038)
7:40 PM: cari@bizrate[1].txt (ID = 2308)
7:40 PM: cari@bluestreak[1].txt (ID = 2314)
7:40 PM: cari@broadband.espn.go[2].txt (ID = 2729)
7:40 PM: cari@burstnet[2].txt (ID = 2336)
7:40 PM: Found Spy Cookie: enhance cookie
7:40 PM: cari@c.enhance[1].txt (ID = 2614)
7:40 PM: cari@c3.gostats[1].txt (ID = 2748)
7:40 PM: cari@c5.zedo[1].txt (ID = 3763)
7:40 PM: cari@casalemedia[2].txt (ID = 2354)
7:40 PM: cari@cassava[1].txt (ID = 2362)
7:40 PM: cari@centralmedia[1].txt (ID = 2373)
7:40 PM: cari@classmates[2].txt (ID = 2384)
7:40 PM: cari@clickbank[2].txt (ID = 2398)
7:40 PM: cari@cnn.122.2o7[1].txt (ID = 1958)
7:40 PM: cari@cookie.tickle[1].txt (ID = 3530)
7:40 PM: Found Spy Cookie: coolsavings cookie
7:40 PM: cari@coolsavings[1].txt (ID = 2465)
7:40 PM: Found Spy Cookie: 360i cookie
7:40 PM: cari@ct.360i[2].txt (ID = 1962)
7:40 PM: Found Spy Cookie: customer cookie
7:40 PM: cari@customer[1].txt (ID = 2481)
7:40 PM: cari@customer[2].txt (ID = 2481)
7:40 PM: cari@customer[3].txt (ID = 2481)
7:40 PM: cari@customer[4].txt (ID = 2481)
7:40 PM: cari@cz3.clickzs[2].txt (ID = 2413)
7:40 PM: cari@data1.perf.overture[2].txt (ID = 3106)
7:40 PM: cari@dcs8ir0f010000oyioyaka1kl_8j7n[1].txt (ID = 3673)
7:40 PM: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie
7:40 PM: cari@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt (ID = 2501)
7:40 PM: cari@dealtime[2].txt (ID = 2505)
7:40 PM: cari@disney.go[1].txt (ID = 2729)
7:40 PM: cari@disneyworld.disney.go[1].txt (ID = 2729)
7:40 PM: cari@dist.belnk[2].txt (ID = 2293)
7:40 PM: Found Spy Cookie: dw06 cookie
7:40 PM: cari@dw06[1].txt (ID = 2549)
7:40 PM: Found Spy Cookie: emode cookie
7:40 PM: cari@emode[2].txt (ID = 2603)
7:40 PM: cari@espn.go[2].txt (ID = 2729)
7:40 PM: cari@exitexchange[2].txt (ID = 2633)
7:40 PM: cari@familyfun.go[1].txt (ID = 2729)
7:40 PM: cari@fastclick[2].txt (ID = 2651)
7:40 PM: cari@fortunecity[2].txt (ID = 2686)
7:40 PM: cari@gardening.about[1].txt (ID = 2038)
7:40 PM: cari@genealogy.about[2].txt (ID = 2038)
7:40 PM: cari@go2net[1].txt (ID = 2730)
7:40 PM: cari@gostats[2].txt (ID = 2747)
7:40 PM: Found Spy Cookie: gotoast cookie
7:40 PM: cari@gotoast[2].txt (ID = 2751)
7:40 PM: cari@go[10].txt (ID = 2728)
7:40 PM: cari@go[11].txt (ID = 2728)
7:40 PM: cari@go[12].txt (ID = 2728)
7:40 PM: cari@go[1].txt (ID = 2728)
7:40 PM: cari@go[2].txt (ID = 2728)
7:40 PM: cari@go[3].txt (ID = 2728)
7:40 PM: cari@go[4].txt (ID = 2728)
7:40 PM: cari@go[5].txt (ID = 2728)
7:40 PM: cari@go[6].txt (ID = 2728)
7:40 PM: cari@go[8].txt (ID = 2728)
7:40 PM: cari@go[9].txt (ID = 2728)
7:40 PM: cari@harpo.122.2o7[1].txt (ID = 1958)
7:40 PM: cari@hits.clickandtrack[1].txt (ID = 2397)
7:40 PM: cari@hollywoodrecords.go[1].txt (ID = 2729)
7:40 PM: cari@homecooking.about[2].txt (ID = 2038)
7:40 PM: Found Spy Cookie: homestore cookie
7:40 PM: cari@homestore[2].txt (ID = 2793)
7:40 PM: cari@hometheater.about[2].txt (ID = 2038)
7:40 PM: Found Spy Cookie: hpm001 cookie
7:40 PM: cari@hpm001[1].txt (ID = 2807)
7:40 PM: cari@hypertracker[2].txt (ID = 2817)
7:40 PM: cari@ic-live[1].txt (ID = 2821)
7:40 PM: cari@infospace[1].txt (ID = 2865)
7:40 PM: cari@intercasino.touchclarity[1].txt (ID = 3566)
7:40 PM: cari@interiordec.about[1].txt (ID = 2038)
7:40 PM: cari@inventors.about[1].txt (ID = 2038)
7:40 PM: Found Spy Cookie: sb01 cookie
7:40 PM: cari@jp1.sb01[2].txt (ID = 3288)
7:40 PM: Found Spy Cookie: tripod cookie
7:40 PM: cari@judithpordon.tripod[1].txt (ID = 3592)
7:40 PM: cari@kmpads[1].txt (ID = 2909)
7:40 PM: cari@kount[1].txt (ID = 2911)
7:40 PM: cari@l2m[1].txt (ID = 2913)
7:40 PM: cari@landscaping.about[1].txt (ID = 2038)
7:40 PM: Found Spy Cookie: letitfind cookie
7:40 PM: cari@LetitFind[1].txt (ID = 2918)
7:40 PM: Found Spy Cookie: littlejohn cookie
7:40 PM: cari@LittleJohn[2].txt (ID = 2928)
7:40 PM: cari@maxserving[1].txt (ID = 2966)
7:40 PM: cari@mediaplex[1].txt (ID = 6442)
7:40 PM: cari@metareward[1].txt (ID = 2990)
7:40 PM: Found Spy Cookie: monica cookie
7:40 PM: cari@Monica[1].txt (ID = 3000)
7:40 PM: cari@movie-times.movies.go[1].txt (ID = 2729)
7:40 PM: cari@movies.go[2].txt (ID = 2729)
7:40 PM: cari@msn.espn.go[2].txt (ID = 2729)
7:40 PM: cari@msnportal.112.2o7[1].txt (ID = 1958)
7:40 PM: cari@mywebsearch[2].txt (ID = 3051)
7:40 PM: cari@nextag[2].txt (ID = 5014)
7:40 PM: cari@partygaming.122.2o7[1].txt (ID = 1958)
7:40 PM: cari@partypoker[2].txt (ID = 3111)
7:40 PM: cari@paypopup[2].txt (ID = 3119)
7:40 PM: cari@perf.overture[1].txt (ID = 3106)
7:40 PM: Found Spy Cookie: pinhead cookie
7:40 PM: cari@Pinhead[1].txt (ID = 3139)
7:40 PM: cari@pricegrabber[2].txt (ID = 3185)
7:40 PM: cari@pro-market[2].txt (ID = 3197)
7:40 PM: cari@profile.classmates[2].txt (ID = 2385)
7:40 PM: Found Spy Cookie: pub cookie
7:40 PM: cari@pub[2].txt (ID = 3205)
7:40 PM: cari@qksrv[2].txt (ID = 3213)
7:40 PM: cari@questionmarket[2].txt (ID = 3217)
7:40 PM: cari@realmedia[1].txt (ID = 3235)
7:40 PM: cari@reduxads.valuead[1].txt (ID = 3627)
7:40 PM: cari@register.go[1].txt (ID = 2729)
7:40 PM: cari@reunion[1].txt (ID = 3255)
7:40 PM: cari@revenue[1].txt (ID = 3257)
7:40 PM: cari@rightmedia[2].txt (ID = 3259)
7:40 PM: Found Spy Cookie: rn11 cookie
7:40 PM: cari@rn11[2].txt (ID = 3261)
7:40 PM: cari@rsi.abcnews.go[1].txt (ID = 2729)
7:40 PM: cari@rsi.espn.go[1].txt (ID = 2729)
7:40 PM: cari@searchb.disney.go[2].txt (ID = 2729)
7:40 PM: Found Spy Cookie: web-stat cookie
7:40 PM: cari@server3.web-stat[2].txt (ID = 3649)
7:40 PM: cari@serving-sys[1].txt (ID = 3343)
7:40 PM: Found Spy Cookie: servlet cookie
7:40 PM: cari@servlet[1].txt (ID = 3345)
7:40 PM: cari@servlet[2].txt (ID = 3345)
7:40 PM: cari@servlet[3].txt (ID = 3345)
7:40 PM: cari@servlet[4].txt (ID = 3345)
7:40 PM: cari@servlet[5].txt (ID = 3345)
7:40 PM: cari@servlet[6].txt (ID = 3345)
7:40 PM: cari@southernfood.about[2].txt (ID = 2038)
7:40 PM: cari@space.about[1].txt (ID = 2038)
7:40 PM: cari@specificpop[1].txt (ID = 3401)
7:40 PM: cari@sports.espn.go[1].txt (ID = 2729)
7:40 PM: cari@stat.dealtime[1].txt (ID = 2506)
7:40 PM: Found Spy Cookie: stats.klsoft.com cookie
7:40 PM: cari@stats.klsoft[1].txt (ID = 3451)
7:40 PM: Found Spy Cookie: megago cookie
7:40 PM: cari@sttheresa.freeservers[2].txt (ID = 2983)
7:40 PM: cari@tacoda[1].txt (ID = 6444)
7:40 PM: cari@targetnet[2].txt (ID = 3489)
7:40 PM: cari@tracking[1].txt (ID = 3571)
7:40 PM: cari@tracking[2].txt (ID = 3571)
7:40 PM: cari@tracking[4].txt (ID = 3571)
7:40 PM: cari@trafficmp[1].txt (ID = 3581)
7:40 PM: Found Spy Cookie: trb.com cookie
7:40 PM: cari@trb[1].txt (ID = 3587)
7:40 PM: cari@tribalfusion[1].txt (ID = 3589)
7:40 PM: cari@tvplex.go[1].txt (ID = 2729)
7:40 PM: Found Spy Cookie: upspiral cookie
7:40 PM: cari@upspiral[1].txt (ID = 3614)
7:40 PM: cari@web.tickle[1].txt (ID = 3530)
7:40 PM: Found Spy Cookie: wirefly cookie
7:40 PM: cari@wirefly[1].txt (ID = 3693)
7:40 PM: cari@www.888[1].txt (ID = 2020)
7:40 PM: Found Spy Cookie: adminder cookie
7:40 PM: cari@www.adminder[1].txt (ID = 2079)
7:40 PM: cari@www.burstbeacon[1].txt (ID = 2335)
7:40 PM: cari@www.burstnet[2].txt (ID = 2337)
7:40 PM: Found Spy Cookie: expage cookie
7:40 PM: cari@www.expage[1].txt (ID = 2638)
7:40 PM: Found Spy Cookie: myaffiliateprogram.com cookie
7:40 PM: cari@www.myaffiliateprogram[1].txt (ID = 3032)
7:40 PM: cari@www.starware[1].txt (ID = 3442)
7:40 PM: Found Spy Cookie: studiosoft cookie
7:40 PM: cari@www.studiosoft[2].txt (ID = 3468)
7:40 PM: cari@www.upspiral[2].txt (ID = 3615)
7:40 PM: cari@www.web-stat[1].txt (ID = 3649)
7:40 PM: cari@www.wirefly[1].txt (ID = 3694)
7:40 PM: Found Spy Cookie: xzoomy cookie
7:40 PM: cari@www.xzoomy[2].txt (ID = 3742)
7:40 PM: cari@xiti[1].txt (ID = 3717)
7:40 PM: Found Spy Cookie: xuppa cookie
7:40 PM: cari@xuppa[1].txt (ID = 3729)
7:40 PM: cari@yadro[2].txt (ID = 3743)
7:40 PM: cari@yieldmanager[2].txt (ID = 3749)
7:40 PM: cari@z1.adserver[1].txt (ID = 2142)
7:40 PM: cari@zedo[2].txt (ID = 3762)
7:40 PM: cari@zenotecnico[2].txt (ID = 3858)
7:40 PM: tim@888[2].txt (ID = 2019)
7:40 PM: tim@ad.yieldmanager[1].txt (ID = 3751)
7:40 PM: tim@adopt.hbmediapro[2].txt (ID = 2768)
7:40 PM: tim@as-eu.falkag[1].txt (ID = 2650)
7:40 PM: tim@azjmp[2].txt (ID = 2270)
7:40 PM: tim@banners.searchingbooth[1].txt (ID = 3322)
7:40 PM: tim@belnk[1].txt (ID = 2292)
7:40 PM: tim@c.enhance[1].txt (ID = 2614)
7:40 PM: tim@dist.belnk[2].txt (ID = 2293)
7:40 PM: tim@exitexchange[2].txt (ID = 2633)
7:40 PM: Found Spy Cookie: findwhat cookie
7:40 PM: tim@findwhat[1].txt (ID = 2674)
7:40 PM: tim@go[10].txt (ID = 2728)
7:40 PM: tim@go[11].txt (ID = 2728)
7:40 PM: tim@go[12].txt (ID = 2728)
7:40 PM: tim@go[13].txt (ID = 2728)
7:40 PM: tim@go[14].txt (ID = 2728)
7:40 PM: tim@go[15].txt (ID = 2728)
7:40 PM: tim@go[16].txt (ID = 2728)
7:40 PM: tim@go[18].txt (ID = 2728)
7:40 PM: tim@go[1].txt (ID = 2728)
7:40 PM: tim@go[2].txt (ID = 2728)
7:40 PM: tim@go[3].txt (ID = 2728)
7:40 PM: tim@go[4].txt (ID = 2728)
7:40 PM: tim@go[5].txt (ID = 2728)
7:40 PM: tim@go[6].txt (ID = 2728)
7:40 PM: tim@go[7].txt (ID = 2728)
7:40 PM: tim@go[8].txt (ID = 2728)
7:40 PM: tim@go[9].txt (ID = 2728)
7:40 PM: tim@hits.clickandtrack[2].txt (ID = 2397)
7:40 PM: tim@i.screensavers[1].txt (ID = 3298)
7:40 PM: tim@kmpads[2].txt (ID = 2909)
7:40 PM: tim@partypoker[1].txt (ID = 3111)
7:40 PM: tim@paypopup[2].txt (ID = 3119)
7:40 PM: tim@pro-market[2].txt (ID = 3197)
7:40 PM: tim@www.888[1].txt (ID = 2020)
7:40 PM: tim@www.screensavers[1].txt (ID = 3298)
7:40 PM: tim@z1.adserver[1].txt (ID = 2142)
7:40 PM: tim@zenotecnico[2].txt (ID = 3858)
7:40 PM: system@ad.yieldmanager[1].txt (ID = 3751)
7:40 PM: system@advertising[1].txt (ID = 2175)
7:40 PM: system@atdmt[1].txt (ID = 2253)
7:40 PM: system@banners.searchingbooth[1].txt (ID = 3322)
7:40 PM: system@c.enhance[1].txt (ID = 2614)
7:40 PM: system@c.goclick[2].txt (ID = 2733)
7:40 PM: system@c5.zedo[1].txt (ID = 3763)
7:40 PM: system@dealtime[2].txt (ID = 2505)
7:40 PM: system@hits.clickandtrack[2].txt (ID = 2397)
7:40 PM: system@maxserving[1].txt (ID = 2966)
7:40 PM: system@overture[1].txt (ID = 3105)
7:40 PM: system@realmedia[2].txt (ID = 3235)
7:40 PM: system@stat.dealtime[1].txt (ID = 2506)
7:40 PM: system@trafficmp[2].txt (ID = 3581)
7:40 PM: system@z1.adserver[1].txt (ID = 2142)
7:40 PM: system@zedo[2].txt (ID = 3762)
7:40 PM: Cookie Sweep Complete, Elapsed Time: 00:01:10
7:40 PM: Starting File Sweep
7:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: c:\documents and settings\brad\local settings\temp\gsy_temp (28 subtraces) (ID = -2147463564)
7:42 PM: c:\program files\common files\vcclient (10 subtraces) (ID = -2147461290)
7:42 PM: c:\documents and settings\cari\application data\ignite software (3 subtraces) (ID = -2147480507)
7:42 PM: c:\program files\network monitor (1 subtraces) (ID = -2147459771)
7:42 PM: c:\documents and settings\all users\start menu\programs\gotsmiley (5 subtraces) (ID = -2147474220)
7:42 PM: c:\program files\jalmp (3 subtraces) (ID = -2147459072)
7:42 PM: Found System Monitor: aimsniffer
7:42 PM: c:\documents and settings\tim\start menu\programs\aim sniffer (ID = -2147481450)
7:42 PM: c:\documents and settings\brad\start menu\programs\ucmore - the search accelerator (3 subtraces) (ID = -2147481062)
7:42 PM: c:\documents and settings\all users\application data\ignite software (3 subtraces) (ID = -2147480506)
7:42 PM: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186)
7:42 PM:

#5 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 04 February 2006 - 09:21 PM

And here's the rest (it got cut off)...

7:42 PM: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186)
7:42 PM: c:\documents and settings\emma\start menu\programs\ucmore - the search accelerator (3 subtraces) (ID = -2147481062)
7:42 PM: c:\program files\msaim (13 subtraces) (ID = -2147474897)
7:42 PM: c:\documents and settings\tim\application data\ignite software (4 subtraces) (ID = -2147480507)
7:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:42 PM: sskknwrd.dll (ID = 77733)
7:43 PM: mte3ndi6odoxng.exe (ID = 185985)
7:43 PM: eb52a1f6-0edf-4fe1-a1b1-429939 (ID = 208494)
7:43 PM: uninstall.exe (ID = 237448)
7:43 PM: rcverlib[1].exe (ID = 209705)
7:43 PM: tm24804.exe (ID = 209705)
7:43 PM: d58a2d28-27bd-4839-9c2e-253c4a (ID = 59843)
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:43 PM: d93cb457-0fdd-49aa-8814-632b63 (ID = 212830)
7:43 PM: 7cda0575-45c9-4ecf-90cc-0d1860 (ID = 212831)
7:43 PM: Found Adware: look2me
7:43 PM: g8040idqe80e0.dll (ID = 159)
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:44 PM: cygwid.exe (ID = 238239)
7:44 PM: 3b241fdb-3c86-4fa3-91aa-e84a96 (ID = 212831)
7:44 PM: 959c43a6-708c-4391-9d74-f4e796 (ID = 59843)
7:44 PM: rcverlib[1].exe (ID = 209705)
7:44 PM: tm37042.exe (ID = 209705)
7:44 PM: dh.dll (ID = 208494)
7:44 PM: vgactl.cpl (ID = 189954)
7:44 PM: 0dbafece-1892-4ab0-a536-a6fce3 (ID = 212828)
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:45 PM: a9a3.tmp (ID = 238243)
7:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:45 PM: installerus.exe (ID = 208542)
7:45 PM: wuauclt.dll (ID = 188706)
7:45 PM: command.exe (ID = 144946)
7:45 PM: c42a4803-81aa-422c-8589-ac1acd (ID = 150833)
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: yoinsi.exe (ID = 213483)
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: 240a5bad-3c09-42de-aa80-a29327 (ID = 216718)
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: dh9013.exe (ID = 208497)
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: tm32220.exe (ID = 209705)
7:48 PM: dh9013[1].exe (ID = 208497)
7:48 PM: Found Adware: wfgtech
7:48 PM: inst_0004[1].exe (ID = 203674)
7:48 PM: ltndload[1].dll (ID = 218030)
7:48 PM: mte3ndi6odoxng[1].exe (ID = 185985)
7:48 PM: installerus[1].exe (ID = 208542)
7:48 PM: Found Adware: targetsaver
7:48 PM: stub_113_4_0_4_0[1].exe (ID = 193995)
7:48 PM: ucmoreiex[1].exe (ID = 59853)
7:48 PM: sskknwrd.dll (ID = 77733)
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:48 PM: sskknwrd.dll (ID = 77733)
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: ss1001.exe (ID = 216718)
7:49 PM: vcclient.exe (ID = 212828)
7:49 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
7:49 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
7:49 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0)
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: f9e65a5f-43e4-4efe-99ff-37f489 (ID = 150833)
7:50 PM: b357aa46-33ec-4934-8d92-a2ac24 (ID = 106574)
7:50 PM: installer[1].exe (ID = 231664)
7:50 PM: Found Adware: cas
7:50 PM: pf78.exe (ID = 164525)
7:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:50 PM: stub_113_4_0_4_0.exe (ID = 193995)
7:50 PM: vcmain.exe (ID = 212830)
7:50 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1010\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
7:50 PM: HKU\WRSS_Profile_S-1-5-21-512808815-885116335-3208324174-1009\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
7:50 PM: HKU\S-1-5-21-512808815-885116335-3208324174-1007\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0)
7:50 PM: vcupdate.exe (ID = 212831)
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: jalmp.dll (ID = 238167)
7:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: ccde036a-8ceb-44f2-864f-bc43b4 (ID = 168558)
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:54 PM: uninstall_nmon.vbs (ID = 231442)
7:54 PM: gp84l3lq1.dll (ID = 159)
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: ucmoreiex[1].exe (ID = 59853)
7:56 PM: ucmoreiex.exe (ID = 59853)
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:56 PM: elitemediagroupoinuninstaller.exe (ID = 213484)
7:56 PM: winats.dll (ID = 208226)
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:57 PM: asappsrv.dll (ID = 144945)
7:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:58 PM: elite.ocx (ID = 187157)
7:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:00 PM: c2500631-9ef5-41ff-beb7-a9800c (ID = 188701)
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: installerus[1].exe (ID = 208542)
8:01 PM: ir0ol5d31.dll (ID = 159)
8:01 PM: sskknwrd.dll (ID = 77733)
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:01 PM: rcverlib[1].exe (ID = 209705)
8:01 PM: tm35746.exe (ID = 209705)
8:01 PM: tm56137.exe (ID = 209705)
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:02 PM: Found Adware: apropos
8:02 PM: exec.exe (ID = 50118)
8:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:03 PM: installer[1].exe (ID = 168558)
8:03 PM: dh9013[1].exe (ID = 208497)
8:03 PM: inst_0004[1].exe (ID = 203674)
8:03 PM: inst_0004.exe (ID = 203674)
8:04 PM: mediaview[1].cab (ID = 187158)
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: tm7991.exe (ID = 209705)
8:04 PM: db97b8ef-9943-4894-8c21-ae0ddc (ID = 106574)
8:04 PM: 372d06e7-0d53-423f-bc44-7af2dc (ID = 61483)
8:04 PM: 3470eae5-40e4-42cb-819f-429432 (ID = 106574)
8:04 PM: d6j00g1me6.dll (ID = 159)
8:04 PM: ss1001.exe (ID = 215896)
8:04 PM: f185953.exe (ID = 188701)
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:05 PM: ibycgt[1].cab (ID = 238243)
8:05 PM: a1e3.tmp (ID = 238243)
8:05 PM: rcverlib[1].exe (ID = 209705)
8:05 PM: dqdmoprp.dll (ID = 159)
8:05 PM: class-barrel (ID = 78229)
8:06 PM: tm20752.exe (ID = 209705)
8:06 PM: vocabulary (ID = 78283)
8:06 PM: ss1001[1].exe (ID = 216718)
8:06 PM: m0lsla371d.dll (ID = 159)
8:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:06 PM: installerus[1].exe (ID = 208542)
8:06 PM: elite.inf (ID = 187156)
8:06 PM: installer[1].exe (ID = 231664)
8:06 PM: wlfeman.dll (ID = 159)
8:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:07 PM: atmtd.dll._ (ID = 166754)
8:07 PM: newfrn[1].exe (ID = 215816)
8:07 PM: newfrn.exe (ID = 215816)
8:07 PM: rcverlib[1].exe (ID = 209705)
8:08 PM: c0441181-ed88-4d4f-9b60-dbbc99 (ID = 212831)
8:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:08 PM: ltndload[1].dll (ID = 218030)
8:08 PM: 0g640iv8.dll (ID = 218030)
8:08 PM: newfrn[1].exe (ID = 215816)
8:08 PM: e4f30d.tmp (ID = 238243)
8:08 PM: mte3ndi6odoxng[1].exe (ID = 185985)
8:08 PM: stub_113_4_0_4_0[1].exe (ID = 193995)
8:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:09 PM: dddiagn.dll (ID = 159)
8:09 PM: cmdinst.exe (ID = 231664)
8:09 PM: tsupdate2[1].ini (ID = 193498)
8:09 PM: cygwid[1].exe (ID = 238239)
8:09 PM: arpf.cfg (ID = 208796)
8:09 PM: ibycgt[1].cab (ID = 238243)
8:09 PM: e3e3.tmp (ID = 238243)
8:09 PM: cygwid[1].exe (ID = 238239)
8:09 PM: 2[1].bin (ID = 239203)
8:09 PM: whcc-click.exe (ID = 239203)
8:09 PM: ss1001[1].exe (ID = 216718)
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:10 PM: installer[1].exe (ID = 168558)
8:10 PM: installer.exe (ID = 168558)
8:10 PM: rcverlib[1].exe (ID = 209705)
8:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:11 PM: 876057.exe (ID = 185463)
8:11 PM: cusblfx.dll (ID = 159)
8:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:12 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:13 PM: guard.tmp (ID = 159)
8:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:13 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:14 PM: 99_app99.exe (ID = 164538)
8:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:14 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:15 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:18 PM: 8b019eff-d30d-45bd-8d86-d0ebf7 (ID = 61553)
8:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:19 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:20 PM: tm924.exe (ID = 209705)
8:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: message spy.lnk (ID = 219820)
8:22 PM: uninstall message spy.lnk (ID = 219821)
8:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: drs.exe (ID = 233925)
8:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: tsupdate2[1].ini (ID = 193498)
8:23 PM: wgse.exe (ID = 238240)
8:23 PM: dwdsregt.exe (ID = 235995)
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:23 PM: netmon.exe (ID = 231443)
8:24 PM: 51b46385-b135-45fa-ac55-68893d (ID = 212830)
8:24 PM: e6284e6b-956e-4aed-be9d-4e5103 (ID = 212828)
8:24 PM: drsmartload1.exe (ID = 239204)
8:24 PM: sskbho.dll (ID = 189)
8:24 PM: 0g6456fg.dll (ID = 236430)
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:24 PM: c0f9b18c-f885-490a-950d-7cdebe (ID = 212830)
8:24 PM: c86e8067-45e1-4b4c-920b-aa97ce (ID = 212828)
8:24 PM: ms.exe (ID = 219751)
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: elitemediapop.exe (ID = 185455)
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:26 PM: aeccb68c-4629-4dfb-be84-ee6886 (ID = 144945)
8:26 PM: idlemg.exe (ID = 235944)
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:27 PM: 89f32bd7-2ee0-4034-b6fa-cf3927 (ID = 144945)
8:27 PM: 3eabb48d-826c-4d63-9773-03c085 (ID = 215896)
8:27 PM: 7d6093d0-f3b8-45ac-91a4-a4cdb6 (ID = 208918)
8:28 PM: ea3c423f-5fd1-4323-8a73-78662f (ID = 238167)
8:28 PM: 6c759e22-ef63-4b4b-b8da-686834 (ID = 188706)
8:28 PM: f5781ef4-9f2d-4430-a8f4-452193 (ID = 144946)
8:28 PM: ed0716aa-3ecd-4ef8-bfe8-1c12bc (ID = 215896)
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:28 PM: da0b2241-8c04-42d3-9f89-5aa4e9 (ID = 238167)
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: 059936fa-65e8-448a-b945-0ede05 (ID = 144946)
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:29 PM: 0f041e05-48d6-4263-b2fb-a0b2e3 (ID = 188701)
8:29 PM: 7d70486e-3af1-4d3d-870c-01f26c (ID = 188701)
8:30 PM: hpsw.exe (ID = 238236)
8:30 PM: 73abe586-12f2-49f6-8402-4c19b0 (ID = 214221)
8:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:31 PM: zifi002.exe (ID = 235993)
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: elite.ocx (ID = 187157)
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:32 PM: f5e3.tmp (ID = 238243)
8:32 PM: b412f8e0-7ef2-4496-a087-edf37b (ID = 216718)
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:33 PM: atmtd.dll (ID = 166754)
8:34 PM: zeno.lnk (ID = 146127)
8:34 PM: nt68rrtc12.sys (ID = 220230)
8:34 PM: msnav32.ax (ID = 220229)
8:34 PM: zeno.lnk (ID = 146127)
8:34 PM: z_start.lnk (ID = 235994)
8:34 PM: sskcwrd.dll (ID = 77712)
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:35 PM: eb41c1f7-8712-45c6-ad23-bd3442 (ID = 185460)
8:35 PM: 64cc289d-2f8d-4e89-90b8-ef03f3 (ID = 59855)
8:35 PM: dh.ini (ID = 238253)
8:35 PM: zxdnt3d.cfg (ID = 91140)
8:35 PM: p35q.vbs (ID = 185675)
8:35 PM: myupdates.dat (ID = 198788)
8:35 PM: 11bc7833-0ccd-4115-b384-e33d80 (ID = 59855)
8:35 PM: 0039e156-12e6-4d7f-b419-89b66f (ID = 59838)
8:35 PM: setup[1].ini (ID = 238253)
8:35 PM: 6418df3f-367b-4ccc-a7c4-a9b545.asq (ID = 208224)
8:35 PM: ucmore tour.lnk (ID = 59855)
8:35 PM: how to uninstall.lnk (ID = 59838)
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:36 PM: message spy documentation.lnk (ID = 219816)
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: zeno.lnk (ID = 146127)
8:38 PM: z_start.lnk (ID = 235994)
8:38 PM: zeno.lnk (ID = 146127)
8:38 PM: 2276c471-745e-45cb-bd42-314a6e (ID = 59838)
8:38 PM: Found Adware: 180search assistant/zango
8:38 PM: clientax.inf (ID = 70515)
8:38 PM: ucmore tour.lnk (ID = 59855)
8:38 PM: how to uninstall.lnk (ID = 59838)
8:38 PM: setup[1].ini (ID = 238253)
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:39 PM: setup[1].ini (ID = 238253)
8:39 PM: b078c7d8-65d7-4563-b8c9-e0cdce (ID = 59855)
8:39 PM: 0f209235-ccb0-4eac-b817-7d58d2 (ID = 59838)
8:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Found Adware: java byteverify
8:40 PM: classload.jar-da12d94-478e3b7a.zip (ID = 64823)
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: Warning: Unhandled Archive Type
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:41 PM: Warning: Unhandled Archive Type
8:41 PM: Warning: Unhandled Archive Type
8:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: Warning: Invalid Stream
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:42 PM: message spy.lnk (ID = 219751)
8:43 PM: z_start.lnk (ID = 235995)
8:43 PM: z_start.lnk (ID = 235993)
8:43 PM: File Sweep Complete, Elapsed Time: 01:02:44
8:43 PM: Full Sweep has completed. Elapsed time 01:08:57
8:43 PM: Traces Found: 1532
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: Removal process initiated
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:49 PM: Quarantining All Traces: 180search assistant/zango
8:49 PM: Quarantining All Traces: aimsniffer
8:49 PM: Quarantining All Traces: atomiclog
8:49 PM: Quarantining All Traces: clkoptimizer
8:49 PM: clkoptimizer is in use. It will be removed on reboot.
8:49 PM: vgactl.cpl is in use. It will be removed on reboot.
8:49 PM: Quarantining All Traces: look2me
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:50 PM: look2me is in use. It will be removed on reboot.
8:50 PM: g8040idqe80e0.dll is in use. It will be removed on reboot.
8:50 PM: m0lsla371d.dll is in use. It will be removed on reboot.
8:50 PM: cusblfx.dll is in use. It will be removed on reboot.
8:50 PM: guard.tmp is in use. It will be removed on reboot.
8:50 PM: Quarantining All Traces: purityscan
8:50 PM: Quarantining All Traces: visfx
8:50 PM: Quarantining All Traces: apropos
8:50 PM: Quarantining All Traces: cas
8:50 PM: Quarantining All Traces: dollarrevenue
8:50 PM: Quarantining All Traces: e2g
8:50 PM: Quarantining All Traces: quicklink search toolbar
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: quicklink search toolbar is in use. It will be removed on reboot.
8:51 PM: wgse.exe is in use. It will be removed on reboot.
8:51 PM: hpsw.exe is in use. It will be removed on reboot.
8:51 PM: Quarantining All Traces: surfsidekick
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:51 PM: surfsidekick is in use. It will be removed on reboot.
8:51 PM: Ssk.exe is in use. It will be removed on reboot.
8:51 PM: SskBho.dll is in use. It will be removed on reboot.
8:51 PM: Ssk.exe is in use. It will be removed on reboot.
8:51 PM: Ssk.exe is in use. It will be removed on reboot.
8:51 PM: Ssk.exe is in use. It will be removed on reboot.
8:51 PM: Ssk.exe is in use. It will be removed on reboot.
8:51 PM: c:\program files\surfsidekick 3 is in use. It will be removed on reboot.
8:51 PM: vcclient.exe is in use. It will be removed on reboot.
8:51 PM: vcmain.exe is in use. It will be removed on reboot.
8:51 PM: sskbho.dll is in use. It will be removed on reboot.
8:51 PM: Quarantining All Traces: trojan-downloader-dh
8:51 PM: Quarantining All Traces: zquest
8:51 PM: Quarantining All Traces: command
8:52 PM: command is in use. It will be removed on reboot.
8:52 PM: c:\program files\network monitor is in use. It will be removed on reboot.
8:52 PM: command.exe is in use. It will be removed on reboot.
8:52 PM: asappsrv.dll is in use. It will be removed on reboot.
8:52 PM: netmon.exe is in use. It will be removed on reboot.
8:52 PM: C:\Program Files\Network Monitor\netmon.exe is in use. It will be removed on reboot.
8:52 PM: C:\WINDOWS\VGlt\asappsrv.dll is in use. It will be removed on reboot.
8:52 PM: C:\WINDOWS\VGlt\command.exe is in use. It will be removed on reboot.
8:52 PM: Quarantining All Traces: effective-i toolbar
8:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 PM: Quarantining All Traces: elitemediagroup-pop64
8:52 PM: Quarantining All Traces: findthewebsiteyouneed hijacker
8:52 PM: Quarantining All Traces: findthewebsiteyouneed hijack
8:52 PM: Quarantining All Traces: java byteverify
8:52 PM: Quarantining All Traces: mirar webband
8:52 PM: Quarantining All Traces: targetsaver
8:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:52 PM: Quarantining All Traces: webhancer
8:52 PM: Quarantining All Traces: wfgtech
8:52 PM: Quarantining All Traces: zenosearchassistant
8:52 PM: zenosearchassistant is in use. It will be removed on reboot.
8:52 PM: z_start.lnk is in use. It will be removed on reboot.
8:52 PM: z_start.lnk is in use. It will be removed on reboot.
8:52 PM: Quarantining All Traces: 10102 cookie
8:52 PM: Quarantining All Traces: 10105 cookie
8:52 PM: Quarantining All Traces: 216.221.138 cookie
8:52 PM: Quarantining All Traces: 2o7.net cookie
8:52 PM: Quarantining All Traces: 3 cookie
8:52 PM: Quarantining All Traces: 360i cookie
8:52 PM: Quarantining All Traces: 447 cookie
8:52 PM: Quarantining All Traces: 5 cookie
8:52 PM: Quarantining All Traces: 64.62.232 cookie
8:52 PM: Quarantining All Traces: 66.70.21 cookie
8:52 PM: Quarantining All Traces: 888 cookie
8:52 PM: Quarantining All Traces: about cookie
8:52 PM: Quarantining All Traces: addynamix cookie
8:52 PM: Quarantining All Traces: adecn cookie
8:52 PM: Quarantining All Traces: adjuggler cookie
8:52 PM: Quarantining All Traces: adknowledge cookie
8:52 PM: Quarantining All Traces: adlegend cookie
8:52 PM: Quarantining All Traces: adminder cookie
8:52 PM: Quarantining All Traces: adorigin cookie
8:52 PM: Quarantining All Traces: adprofile cookie
8:52 PM: Quarantining All Traces: adrevolver cookie
8:52 PM: Quarantining All Traces: ad-rotator cookie
8:52 PM: Quarantining All Traces: adserver cookie
8:52 PM: Quarantining All Traces: adultfriendfinder cookie
8:52 PM: Quarantining All Traces: adultrevenueservice cookie
8:52 PM: Quarantining All Traces: advertising cookie
8:52 PM: Quarantining All Traces: aff01511 cookie
8:52 PM: Quarantining All Traces: affiliate cookie
8:52 PM: Quarantining All Traces: anm.co.uk cookie
8:52 PM: Quarantining All Traces: apmebf cookie
8:52 PM: Quarantining All Traces: ask cookie
8:52 PM: Quarantining All Traces: askmen cookie
8:52 PM: Quarantining All Traces: atlas dmt cookie
8:52 PM: Quarantining All Traces: atwola cookie
8:52 PM: Quarantining All Traces: aycm5 cookie
8:52 PM: Quarantining All Traces: aycm6 cookie
8:52 PM: Quarantining All Traces: azjmp cookie
8:52 PM: Quarantining All Traces: banner cookie
8:52 PM: Quarantining All Traces: banners cookie
8:52 PM: Quarantining All Traces: bannerspace cookie
8:52 PM: Quarantining All Traces: belnk cookie
8:52 PM: Quarantining All Traces: bigblue cookie
8:52 PM: Quarantining All Traces: bizrate cookie
8:52 PM: Quarantining All Traces: bluestreak cookie
8:52 PM: Quarantining All Traces: burstbeacon cookie
8:52 PM: Quarantining All Traces: burstnet cookie
8:52 PM: Quarantining All Traces: casalemedia cookie
8:52 PM: Quarantining All Traces: cassava cookie
8:52 PM: Quarantining All Traces: cc214142 cookie
8:52 PM: Quarantining All Traces: centralmedia cookie
8:53 PM: Quarantining All Traces: classmates cookie
8:53 PM: Quarantining All Traces: clickandtrack cookie
8:53 PM: Quarantining All Traces: clickbank cookie
8:53 PM: Quarantining All Traces: clickzs cookie
8:53 PM: Quarantining All Traces: coolsavings cookie
8:53 PM: Quarantining All Traces: coremetrics cookie
8:53 PM: Quarantining All Traces: customer cookie
8:53 PM: Quarantining All Traces: dcskqeg2voifwznnd6alhtnei_8f3u cookie
8:53 PM: Quarantining All Traces: dealtime cookie
8:53 PM: Quarantining All Traces: directtrack cookie
8:53 PM: Quarantining All Traces: dw06 cookie
8:53 PM: Quarantining All Traces: emode cookie
8:53 PM: Quarantining All Traces: enhance cookie
8:53 PM: Quarantining All Traces: exitexchange cookie
8:53 PM: Quarantining All Traces: expage

#6 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 04 February 2006 - 09:22 PM

Here's some more...


8:53 PM: Quarantining All Traces: expage cookie
8:53 PM: Quarantining All Traces: falkag cookie
8:53 PM: Quarantining All Traces: fastclick cookie
8:53 PM: Quarantining All Traces: fe.lea.lycos.com cookie
8:53 PM: Quarantining All Traces: findwhat cookie
8:53 PM: Quarantining All Traces: fortunecity cookie
8:53 PM: Quarantining All Traces: gain - common components
8:53 PM: Quarantining All Traces: go.com cookie
8:53 PM: Quarantining All Traces: go2net.com cookie
8:53 PM: Quarantining All Traces: goclick cookie
8:53 PM: Quarantining All Traces: goldenpalace cookie
8:53 PM: Quarantining All Traces: gorillanation cookie
8:53 PM: Quarantining All Traces: gostats cookie
8:53 PM: Quarantining All Traces: gotoast cookie
8:53 PM: Quarantining All Traces: gotsmiley
8:53 PM: Quarantining All Traces: hbmediapro cookie
8:53 PM: Quarantining All Traces: homestore cookie
8:53 PM: Quarantining All Traces: hotbar cookie
8:53 PM: Quarantining All Traces: hpm001 cookie
8:53 PM: Quarantining All Traces: hypertracker.com cookie
8:53 PM: Quarantining All Traces: ic-live cookie
8:53 PM: Quarantining All Traces: infospace cookie
8:53 PM: Quarantining All Traces: inqwire cookie
8:53 PM: Quarantining All Traces: kmpads cookie
8:53 PM: Quarantining All Traces: kount cookie
8:53 PM: Quarantining All Traces: l2m.net cookie
8:53 PM: Quarantining All Traces: letitfind cookie
8:53 PM: Quarantining All Traces: littlejohn cookie
8:53 PM: Quarantining All Traces: maxserving cookie
8:53 PM: Quarantining All Traces: mediaplex cookie
8:53 PM: Quarantining All Traces: megago cookie
8:53 PM: Quarantining All Traces: metareward.com cookie
8:53 PM: Quarantining All Traces: military cookie
8:53 PM: Quarantining All Traces: monica cookie
8:53 PM: Quarantining All Traces: myaffiliateprogram.com cookie
8:53 PM: Quarantining All Traces: mywebsearch cookie
8:53 PM: Quarantining All Traces: netratingsselect cookie
8:53 PM: Quarantining All Traces: nextag cookie
8:53 PM: Quarantining All Traces: oinadserve cookie
8:53 PM: Quarantining All Traces: overture cookie
8:53 PM: Quarantining All Traces: partypoker cookie
8:53 PM: Quarantining All Traces: passion cookie
8:53 PM: Quarantining All Traces: paypopup cookie
8:53 PM: Quarantining All Traces: pinhead cookie
8:53 PM: Quarantining All Traces: pollstar cookie
8:53 PM: Quarantining All Traces: popuptraffic cookie
8:53 PM: Quarantining All Traces: precisead cookie
8:53 PM: Quarantining All Traces: pricegrabber cookie
8:53 PM: Quarantining All Traces: primaryads cookie
8:53 PM: Quarantining All Traces: pro-market cookie
8:53 PM: Quarantining All Traces: pub cookie
8:53 PM: Quarantining All Traces: qksrv cookie
8:53 PM: Quarantining All Traces: questionmarket cookie
8:53 PM: Quarantining All Traces: realmedia cookie
8:53 PM: Quarantining All Traces: reunion cookie
8:53 PM: Quarantining All Traces: revenue.net cookie
8:53 PM: Quarantining All Traces: rightmedia cookie
8:53 PM: Quarantining All Traces: rn11 cookie
8:53 PM: Quarantining All Traces: ru4 cookie
8:53 PM: Quarantining All Traces: sb01 cookie
8:53 PM: Quarantining All Traces: screensavers.com cookie
8:53 PM: Quarantining All Traces: searchingbooth cookie
8:53 PM: Quarantining All Traces: seeq cookie
8:53 PM: Quarantining All Traces: servedby advertising cookie
8:53 PM: Quarantining All Traces: serving-sys cookie
8:53 PM: Quarantining All Traces: servlet cookie
8:53 PM: Quarantining All Traces: smni cookie
8:53 PM: Quarantining All Traces: specificclick.com cookie
8:53 PM: Quarantining All Traces: specificpop cookie
8:53 PM: Quarantining All Traces: starware.com cookie
8:53 PM: Quarantining All Traces: stats.klsoft.com cookie
8:53 PM: Quarantining All Traces: studiosoft cookie
8:53 PM: Quarantining All Traces: tacoda cookie
8:53 PM: Quarantining All Traces: targetnet cookie
8:53 PM: Quarantining All Traces: tickle cookie
8:53 PM: Quarantining All Traces: top-banners cookie
8:53 PM: Quarantining All Traces: toplist cookie
8:53 PM: Quarantining All Traces: touchclarity cookie
8:53 PM: Quarantining All Traces: tracking cookie
8:53 PM: Quarantining All Traces: trafficmp cookie
8:53 PM: Quarantining All Traces: trb.com cookie
8:53 PM: Quarantining All Traces: tribalfusion cookie
8:53 PM: Quarantining All Traces: tripod cookie
8:53 PM: Quarantining All Traces: try games cookie
8:53 PM: Quarantining All Traces: ugo cookie
8:53 PM: Quarantining All Traces: upspiral cookie
8:53 PM: Quarantining All Traces: valuead cookie
8:53 PM: Quarantining All Traces: webpower cookie
8:53 PM: Quarantining All Traces: websponsors cookie
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: Quarantining All Traces: web-stat cookie
8:53 PM: Quarantining All Traces: webtrendslive cookie
8:53 PM: Quarantining All Traces: wirefly cookie
8:53 PM: Quarantining All Traces: xiti cookie
8:53 PM: Quarantining All Traces: xuppa cookie
8:53 PM: Quarantining All Traces: xzoomy cookie
8:53 PM: Quarantining All Traces: yadro cookie
8:53 PM: Quarantining All Traces: yieldmanager cookie
8:53 PM: Quarantining All Traces: zedo cookie
8:53 PM: Quarantining All Traces: zenotecnico cookie
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:55 PM: Removal process completed. Elapsed time 00:08:30
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
8:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
********
7:30 PM: | Start of Session, Saturday, February 04, 2006 |
7:30 PM: Spy Sweeper started
7:31 PM: Your spyware definitions have been updated.
7:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
7:34 PM: | End of Session, Saturday, February 04, 2006 |

#7 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 04 February 2006 - 09:24 PM

Sorry...finally the Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:11:23 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\msaim\ms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
c:\windows\system32\dwdsregt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\inst_0004.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\VGlt\command.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [msaim] "C:\Program Files\msaim\ms.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe
O4 - HKLM\..\Run: [{4D-DC-CA-AC-ZN}] c:\windows\system32\dwdsregt.exe FI002
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Service Monitor] update.exe
O4 - HKLM\..\RunServices: [Mozilla Firefox Browser] firefox32.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\rpdsrego.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk725DGUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Hijacked Internet access by New.Net
O15 - Trusted Zone: http://free.aol.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138768246812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.com/client/plugin/npdownload.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/hitthepros0...orts/wtinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O20 - AppInit_DLLs: repairs302972994.dll
O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\l4n40e5qeh.dll (file missing)
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\g8040idqe80e0.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGlt\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 07 February 2006 - 04:55 PM

Sorry – some how I missed it – thanks for the message
==================
You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/

============
DownLoad http://www.cexx.org/lspfix.htm

Add remove programs – remove newdotnet – surf side kick

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
=================
download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
=======================

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll

O4 - HKLM\..\Run: [msaim] "C:\Program Files\msaim\ms.exe"

O4 - HKLM\..\Run: [gimmygames] C:\\gimmygames.exe

O4 - HKLM\..\Run: [{4D-DC-CA-AC-ZN}] c:\windows\system32\dwdsregt.exe FI002

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\RunServices: [Service Monitor] update.exe

O4 - HKLM\..\RunServices: [Mozilla Firefox Browser] firefox32.exe

O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - Startup: Z_Start.lnk = C:\WINDOWS\SYSTEM32\rpdsrego.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZNxmk725DGUS

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe

O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} - http://cabs.elitemediagroup.net/cabs/mediaview.cab

O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.com/client/plugin/npdownload.cab

O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/hitthepros0...orts/wtinst.cab

O20 - AppInit_DLLs: repairs302972994.dll

O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\l4n40e5qeh.dll (file missing)

O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\g8040idqe80e0.dll (file missing)

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\SurfSideKick 3
C:\Program Files\Common Files\VCClient
C:\WINDOWS\DH.dll
C:\Program Files\msaim\ms.exe
C:\gimmygames.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\irssyncd.exe
c:\inst_0004.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 07 February 2006 - 10:54 PM

MFDnSC,

All steps followed. Couldn't remove SurfSideKick 3 using Control Panel and MS Antispyware tells me it is still present on the PC. Before the most recent re-boot, AVG said I had a Trojan Horse as well. Booting up and running well and other than SSK, all other pop-ups are gone. Looks like SurfSideKick 3 is the final hurdle to overcome!

Here's the latest HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:05 PM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138768246812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O20 - AppInit_DLLs: repairs302972994.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hltpapi.dll (file missing)
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\f4j2le1o1h.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 February 2006 - 02:27 PM

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O20 - AppInit_DLLs: repairs302972994.dll

O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\hltpapi.dll (file missing)

O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\f4j2le1o1h.dll (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Network Monitor
C:\WINDOWS\system32\repairs302972994.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 February 2006 - 08:02 PM

MFDnSC,

Here's how I made out...

HJT wouldn't allow me to fix "O20 - AppInit_DLLs: repairs302972994.dll". Here's error message it gave me:

"An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: repairs302972994.dll)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan."

Also, Killbox couldn't find "C:\Program Files\Network Monitor" and wouldn't let me delete "C:\WINDOWS\system32\repairs302972994.dll"

SurfSideKick 3 is still present and appears to be my last hurdle. HJT lets me successfully uncheck the "R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll" line in my HJT but it keeps coming back upon re-boot.

Here is my latest HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:59:14 PM, on 2/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138768246812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O20 - AppInit_DLLs: repairs302972994.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 February 2006 - 08:17 PM

Run http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 February 2006 - 12:03 AM

MFDnSC,

Here are the scan results:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, February 08, 2006 11:48:19 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 9/02/2006
Kaspersky Anti-Virus database records: 164989
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 144759
Number of viruses found: 10
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 01:41:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Brad\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.br skipped
C:\Documents and Settings\Brad\Local Settings\Temp\adwsetup_upd.exe Infected: Trojan-Dropper.Win32.Agent.abb skipped
C:\Documents and Settings\Brad\Local Settings\Temp\B1C1A9.tmp/drwst.exe/data0001 Infected: Trojan.Win32.Runner.h skipped
C:\Documents and Settings\Brad\Local Settings\Temp\B1C1A9.tmp/drwst.exe Infected: Trojan.Win32.Runner.h skipped
C:\Documents and Settings\Brad\Local Settings\Temp\B1C1A9.tmp CAB: infected - 2 skipped
C:\Documents and Settings\Emma\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-79791da6-2c37c14d.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Emma\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-79791da6-2c37c14d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Emma\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-79791da6-2c37c14d.zip ZIP: infected - 2 skipped
C:\Installs.exe/data.rar/drs.exe Infected: Trojan-Downloader.Win32.Adload.j skipped
C:\Installs.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\Installs.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped
C:\Installs.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001774.exe Infected: Trojan-Downloader.Win32.PurityScan.br skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001786.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001786.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001833.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP4\A0001833.exe NSIS: infected - 1 skipped
C:\WINDOWS\htwfdr.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped
C:\WINDOWS\SYSTEM32\firefox32.exe Infected: Backdoor.Win32.SdBot.gen skipped
C:\WINDOWS\SYSTEM32\irsinst.exe/data0006 Infected: Backdoor.Win32.HacDef.bo skipped
C:\WINDOWS\SYSTEM32\irsinst.exe NSIS: infected - 1 skipped

Scan process completed.


Here's the latest HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:02:12 AM, on 2/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138768246812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O20 - AppInit_DLLs: repairs302972994.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 09 February 2006 - 09:17 AM

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries

===============
Double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\system32\repairs302972994.dll
C:\Installs.exe
C:\WINDOWS\htwfdr.exe
C:\WINDOWS\SYSTEM32\firefox32.exe
C:\WINDOWS\SYSTEM32\irsinst.exe


Now put a tick by Delete on reboot.

Click on the button with the red circle with the X. It will ask for confirmation. Click yes – repeat on all of the files – on the last one click yes twice - Click No at the Pending Operations prompt.

Boot post a new log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 tkenney65

tkenney65
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 09 February 2006 - 09:31 PM

MFDnSC,

All went well except that on the first run through using Killbox, it would not let me delete the file "C:\WINDOWS\system32\repairs302972994.dll".

Here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:23 PM, on 2/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\JavaHMO\bin\Wrapper.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Documents and Settings\Tim\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R3 - Default URLSearchHook is missing
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ptrun32] C:\WINDOWS\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [PTRUN32] C:\WINDOWS\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.motorola.com/idenupdate/...eAutoLaunch.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138768246812
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O20 - AppInit_DLLs: repairs302972994.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JavaHMO TiVo TCM (JavaHMO) - Unknown owner - C:\Program Files\JavaHMO\bin\Wrapper.exe" -s "C:\Program Files\JavaHMO\conf\wrapper.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users