Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

me have problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

me have problem

Unread postby dragonman ZERO » October 27th, 2005, 12:39 pm

hi, i've been overrun by adware, and been surching for a way to get rid of it. nothing is working, so a friend had surgested this site, so heres my logfile

Logfile of HijackThis v1.99.1
Scan saved at 5:33:51 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\S2FyZW4A\command.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Bwqsy\Cuzxe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\WINDOWS\system32\winlog.exe
C:\windows\sp2update00.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\Karen\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.easysearch4you.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Efqxfrs] C:\Program Files\Bwqsy\Cuzxe.exe
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\414347I9\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\K-litePro\K-litePro.exe" -tray
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .PNG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\gp8ol3l31.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FyZW4A\command.exe
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england
Advertisement
Register to Remove

Unread postby D_Trojanator » October 27th, 2005, 12:40 pm

Hello

Welcome to TSG:) . I am checking your log now and will return as soon as I have researched all the items.

While we are working together, please ....
  • Reply to this thread. Do not start a new topic.
  • If you are unsure of what to do, stop and ask! Don't keep going on.
  • Be patient. HijackThis logs take some time to research.

Please note the following:
  • I will be working on your Malware issues: This may or may not, solve other issues you may have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine is clear. (Absence of symptoms does not mean that everything is clear.)
  • The process may take considerable time.


David :)
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby dragonman ZERO » October 27th, 2005, 9:08 pm

i haven't tryed anything to fix the problem my self since i sent u my logfile but this adware aint shown up for a while and that thing that changes my homepage has only happened once before i asked here for help, it hasn't changed back to blanpage since.
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby D_Trojanator » October 28th, 2005, 4:31 am

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby dragonman ZERO » October 28th, 2005, 6:06 am

i followed the instructions but wen i 1 and enter it came up with this mesage

http://img455.imageshack.us/img455/1415/somin9lg.png

i selected ignoe and it gave me the registry keys present document
and i'm preety sure thats not what u want
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby D_Trojanator » October 28th, 2005, 6:10 am

Ok, let's try the alternative method:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply along with a new HJT log.

David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby dragonman ZERO » October 28th, 2005, 9:20 am

i hope this is what u need

********
12:21 PM: | Start of Session, Friday, October 28, 2005 |
12:21 PM: Spy Sweeper started
12:21 PM: Sweep initiated using definitions version 564
12:21 PM: Found Adware: icannnews
12:21 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\shareddlls\ || dllname (ID = 359349)
12:21 PM: fp8s03l7e.dll (ID = 359349)
12:21 PM: Starting Memory Sweep
12:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:23 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:23 PM: Detected running threat: C:\WINDOWS\system32\fp8s03l7e.dll (ID = 83)
12:24 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:24 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:27 PM: Detected running threat: C:\WINDOWS\system32\uleg.dll (ID = 83)
12:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:29 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:29 PM: Found Adware: isearch desktop search
12:29 PM: Detected running threat: C:\WINDOWS\S2FyZW4A\command.exe (ID = 144946)
12:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:32 PM: Found Adware: sp2ms
12:32 PM: Detected running threat: C:\WINDOWS\sp2update00.exe (ID = 148759)
12:32 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || sp2update (ID = 0)
12:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:33 PM: Found Adware: surf accuracy
12:33 PM: Detected running threat: C:\Program Files\SurfAccuracy\SAcc.exe (ID = 180158)
12:33 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfAccuracy (ID = 0)
12:34 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:34 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:36 PM: Memory Sweep Complete, Elapsed Time: 00:14:14
12:36 PM: Starting Registry Sweep
12:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:38 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:39 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:39 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:39 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:39 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:40 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:41 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:42 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:44 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:45 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:46 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:47 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:48 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:49 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:50 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:51 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:52 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:53 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:54 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:55 PM: Found Adware: ist istbar
12:55 PM: HKLM\software\istbar\ (7 subtraces) (ID = 129110)
12:55 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:55 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:56 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:57 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:58 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
12:59 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:00 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: Found Adware: winad
1:01 PM: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 147185)
1:01 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:01 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:02 PM: HKLM\software\sacc\ (10 subtraces) (ID = 203068)
1:02 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfaccuracy (ID = 203069)
1:02 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\shareddlls\ (6 subtraces) (ID = 359347)
1:02 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:02 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:03 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || msresearch (ID = 754357)
1:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || sp2update (ID = 787992)
1:04 PM: Found Adware: winantispyware 2005
1:04 PM: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
1:04 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:04 PM: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
1:04 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: HKCR\appid\pcheck.dll\ (1 subtraces) (ID = 812730)
1:04 PM: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (15 subtraces) (ID = 812934)
1:04 PM: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
1:04 PM: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
1:04 PM: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
1:04 PM: HKLM\software\classes\appid\pcheck.dll\ (1 subtraces) (ID = 813232)
1:04 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:04 PM: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (15 subtraces) (ID = 813436)
1:04 PM: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
1:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || ni.uwfx5 (ID = 819065)
1:05 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:05 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:06 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:07 PM: Found Adware: internetoptimizer
1:07 PM: HKU\WRSS_Profile_S-1-5-21-1417001333-1965331169-839522115-1006\software\avenue media\ (ID = 128887)
1:07 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:07 PM: Found Adware: ist software
1:07 PM: HKU\WRSS_Profile_S-1-5-21-1417001333-1965331169-839522115-1006\software\ist\ (1 subtraces) (ID = 129108)
1:07 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:07 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:08 PM: Found Adware: 180search assistant/zango
1:08 PM: HKU\WRSS_Profile_S-1-5-21-1417001333-1965331169-839522115-1006\software\salm\ (11 subtraces) (ID = 135792)
1:08 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:08 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:09 PM: Found Adware: ist sidefind
1:09 PM: HKU\WRSS_Profile_S-1-5-21-1417001333-1965331169-839522115-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
1:09 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:09 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:10 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:11 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:12 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:13 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:14 PM: Found Adware: targetsaver
1:14 PM: HKU\S-1-5-21-1417001333-1965331169-839522115-1004\software\tsl2\ (1 subtraces) (ID = 143616)
1:14 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:14 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:15 PM: Found Adware: easysearch4you hijack
1:15 PM: HKU\S-1-5-21-1417001333-1965331169-839522115-1004\software\microsoft\internet explorer\ || searchurl (ID = 776495)
1:15 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:15 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:16 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:17 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:18 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:19 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:20 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:20 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:20 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:20 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:21 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:22 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:23 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:24 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:24 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:24 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:24 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:25 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:26 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:27 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:28 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: Registry Sweep Complete, Elapsed Time:00:54:03
1:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: Starting Cookie Sweep
1:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:30 PM: Found Spy Cookie: 2o7.net cookie
1:30 PM: karen@112.2o7[1].txt (ID = 1958)
1:30 PM: Found Spy Cookie: 888 cookie
1:30 PM: karen@888[1].txt (ID = 2019)
1:30 PM: Found Spy Cookie: yieldmanager cookie
1:30 PM: karen@ad.yieldmanager[1].txt (ID = 3751)
1:30 PM: Found Spy Cookie: adecn cookie
1:30 PM: karen@adecn[2].txt (ID = 2063)
1:30 PM: Found Spy Cookie: hbmediapro cookie
1:30 PM: karen@adopt.hbmediapro[1].txt (ID = 2768)
1:30 PM: Found Spy Cookie: adprofile cookie
1:30 PM: karen@adprofile[2].txt (ID = 2084)
1:30 PM: Found Spy Cookie: atwola cookie
1:30 PM: karen@atwola[1].txt (ID = 2255)
1:30 PM: Found Spy Cookie: a cookie
1:30 PM: karen@a[1].txt (ID = 2027)
1:30 PM: Found Spy Cookie: belnk cookie
1:30 PM: karen@belnk[1].txt (ID = 2292)
1:30 PM: Found Spy Cookie: burstnet cookie
1:30 PM: karen@burstnet[2].txt (ID = 2336)
1:30 PM: Found Spy Cookie: ccbill cookie
1:30 PM: karen@ccbill[1].txt (ID = 2369)
1:30 PM: karen@cnetasiapacific.122.2o7[2].txt (ID = 1958)
1:30 PM: Found Spy Cookie: dealtime cookie
1:30 PM: karen@dealtime[2].txt (ID = 2505)
1:30 PM: karen@dist.belnk[2].txt (ID = 2293)
1:30 PM: Found Spy Cookie: gamespy cookie
1:30 PM: karen@gamespy[1].txt (ID = 2719)
1:30 PM: Found Spy Cookie: starware.com cookie
1:30 PM: karen@h.starware[2].txt (ID = 3442)
1:30 PM: Found Spy Cookie: screensavers.com cookie
1:30 PM: karen@i.screensavers[1].txt (ID = 3298)
1:30 PM: Found Spy Cookie: netvenda cookie
1:30 PM: karen@netvenda[1].txt (ID = 3073)
1:30 PM: Found Spy Cookie: offeroptimizer cookie
1:30 PM: karen@offeroptimizer[1].txt (ID = 3087)
1:30 PM: Found Spy Cookie: paypopup cookie
1:30 PM: karen@paypopup[2].txt (ID = 3119)
1:30 PM: karen@pc.gamespy[1].txt (ID = 2719)
1:30 PM: Found Spy Cookie: pricegrabber cookie
1:30 PM: karen@pricegrabber[1].txt (ID = 3185)
1:30 PM: Found Spy Cookie: rn11 cookie
1:30 PM: karen@rn11[2].txt (ID = 3261)
1:30 PM: Found Spy Cookie: servlet cookie
1:30 PM: karen@servlet[2].txt (ID = 3345)
1:30 PM: karen@starware[2].txt (ID = 3441)
1:30 PM: karen@stat.dealtime[2].txt (ID = 2506)
1:30 PM: Found Spy Cookie: reliablestats cookie
1:30 PM: karen@stats1.reliablestats[1].txt (ID = 3254)
1:30 PM: Found Spy Cookie: clicktracks cookie
1:30 PM: karen@stats2.clicktracks[1].txt (ID = 2407)
1:30 PM: Found Spy Cookie: sexsearch cookie
1:30 PM: karen@tour.splash.sexsearch[2].txt (ID = 3358)
1:30 PM: Found Spy Cookie: ugo cookie
1:30 PM: karen@ugo[1].txt (ID = 3608)
1:30 PM: karen@www.netvenda[1].txt (ID = 3074)
1:30 PM: karen@www.screensavers[1].txt (ID = 3298)
1:30 PM: Found Spy Cookie: sidefind cookie
1:30 PM: karen@www.sidefind[2].txt (ID = 3374)
1:30 PM: Found Spy Cookie: xiti cookie
1:30 PM: karen@xiti[1].txt (ID = 3717)
1:30 PM: Found Spy Cookie: yadro cookie
1:30 PM: karen@yadro[1].txt (ID = 3743)
1:30 PM: Found Spy Cookie: ysbweb cookie
1:30 PM: karen@ysbweb[1].txt (ID = 3756)
1:30 PM: system@ad.yieldmanager[1].txt (ID = 3751)
1:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:30
1:31 PM: Starting File Sweep
1:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:31 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:32 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:33 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:34 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:34 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:34 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:34 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:35 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:36 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.ad-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to: http://www.a-d-w-a-r-e.com
1:37 PM: The Spy Communication shield has blocked access to
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby D_Trojanator » October 28th, 2005, 9:48 am

Can i have a new HJT log please
David :)
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby dragonman ZERO » October 28th, 2005, 10:34 am

it's nearly finished sweepping it again but it's not finding any problems, but if u still want it then i'll carry on
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby D_Trojanator » October 28th, 2005, 10:48 am

New HJt log --> New HijackThis log

not spysweeper log! :)
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby dragonman ZERO » October 28th, 2005, 11:26 am

woops sorry

Logfile of HijackThis v1.99.1
Scan saved at 4:27:00 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Bwqsy\Cuzxe.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\WINDOWS\system32\winlog.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.1sws.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Efqxfrs] C:\Program Files\Bwqsy\Cuzxe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\K-litePro\K-litePro.exe" -tray
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .PNG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FyZW4A\command.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby D_Trojanator » October 28th, 2005, 11:50 am

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :)

Please download ewido security suite it is a free version of the program.
  1. Install ewido security suite
  2. When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Post a new HJT log and the ewido log at the end! :)
David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby dragonman ZERO » October 28th, 2005, 2:00 pm

it won't let me save a report, comes up with a small box that says "have to handle all infections"

and wheres that "Perform action on all infections"
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby dragonman ZERO » October 28th, 2005, 2:51 pm

sorry i managed to get it after all, so here u go

Logfile of HijackThis v1.99.1
Scan saved at 7:53:25 PM, on 10/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Karen\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\Aveo\Attune\bin\attune_ce.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Efqxfrs] C:\Program Files\Bwqsy\Cuzxe.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\K-litePro\K-litePro.exe" -tray
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000140.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .PNG: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FyZW4A\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:46:07 PM, 10/28/2005
+ Report-Checksum: E222ED5A

+ Scan result:

C:\WINDOWS\system32\__delete_on_reboot__winlog.exe -> Backdoor.Rbot.adx : Cleaned without backup


::Report End
dragonman ZERO
Regular Member
 
Posts: 21
Joined: October 27th, 2005, 12:25 pm
Location: warrington, england

Unread postby D_Trojanator » October 29th, 2005, 4:16 am

Please download LQfix.exe and save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will now reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.

Now do a scan with HiJackThis and post a new log by using Add Reply
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware