Shaun

Members
  • Content Count

    22
  • Joined

  • Last visited

About Shaun

  • Rank
    Member
  1. i did everything above except i didnt see a log for active scan...but it said it found nothing here are the other two logs... Logfile of HijackThis v1.99.1 Scan saved at 7:14:58 PM, on 12/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe c:\Program Files\Norton AntiVirus\navapsvc.exe c:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe c:\Toshiba\Ivp\Swupdate\swupdtmr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Dell Photo AIO Printer 942\memcard.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AOL\1125007732\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125007732\ee\AOLServiceHost.exe C:\WINDOWS\system32\RAMASST.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Tara\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server* R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddcyx.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125007732\ee\AOLHostManager.exe O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing) O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe ***************************************************************************** VundoFix V2.15 by Atri -------------------------------------------------------------------------------------- Listing files contained in the vundofix folder. -------------------------------------------------------------------------------------- killvundo.bat process.exe ReadMe.txt vundo.reg vundofix.txt -------------------------------------------------------------------------------------- Filepaths entered -------------------------------------------------------------------------------------- The filepath entered was c:\system32\ddcyx.dll The second filepath entered was c:\system32\xycdd.* -------------------------------------------------------------------------------------- Log from Process -------------------------------------------------------------------------------------- Killing PID 140 'smss.exe' Killing PID 824 'explorer.exe' Killing PID 824 'explorer.exe' Killing PID 212 'winlogon.exe' Killing PID 212 'winlogon.exe' -------------------------------------------------------------------------------------- c:\system32\ddcyx.dll Deleted sucessfully. c:\system32\xycdd.* Deleted sucessfully. Fixing Registry --------------------------------------------------------------------------------------
  2. Winfixer popups and a few other pop ups keep popping up and then it freezes IE. here is my HJT log...can anyone help? I've run Spysweeper and Spybot s&d but things are still messed up... Logfile of HijackThis v1.99.1 Scan saved at 4:26:23 PM, on 12/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe c:\Program Files\Norton AntiVirus\navapsvc.exe c:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE c:\Toshiba\Ivp\Swupdate\swupdtmr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\Program Files\Dell Photo AIO Printer 942\memcard.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\AOL\1125007732\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125007732\ee\AOLServiceHost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Common Files\AOL\1125007732\ee\AOLServiceHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Tara\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ams-server* R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ddcyx.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125007732\ee\AOLHostManager.exe O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm565YYUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing) O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  3. hey Dragon, things seem to be running better...to let you know i also had to do something with deleting the old cache for the disk cleanup and i got it to run then...but thanks again...things seem to be working better...thanks again! ~Shaun
  4. hey dragon, I tried to do the disk cleanup and i let it run for over a day and a half and it never got past the "calculating space that will be saved" part of the run. On the bottom of the window is said "compress old files" but it had 2 bars in the progress thing and never moved since it started. Not sure why its not working? any help? i tried to come into the chat room you werent there... thanks, Shaun
  5. hey dragon, I'm about to run disk cleanup but my boot time is really bad...like 5min. not exxagerating...use to take maybe 1.5-2max. after the windows load screen where the little green bar scrolls the screen goes black and pauses for about 2min. then goes to the windows log on. i have added one startup program, being spy s&d teatimer starts up but i dont think that should cause the boot time length. any help?
  6. Thanks so much...things seem to be working properly now as far as i can tell...boot up time seems a little slow...but i havent tried since running killbox. anything else i should do? besides keep my wife from clicking IM links about checking out pictures...
  7. WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... qoologic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT urllogic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT UPX! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys FSG! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys Umonitor 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys SAHAgent 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll abetterinternet.com 4/30/2004 2:29:10 PM H 12154 C:\WINDOWS\SYSTEM32\fiz0 PTech 4/30/2004 1:00:38 PM H 3066522 C:\WINDOWS\SYSTEM32\kyf.dat PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com abetterinternet.com 4/30/2004 2:35:34 PM H 236445 C:\WINDOWS\SYSTEM32\log.bak.txt PECompact2 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe aspack 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe UPX! 8/22/2001 7:00:00 PM 86030 C:\WINDOWS\SYSTEM32\msdjgk.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe WinShutDown 12/9/2005 2:32:12 PM 341 C:\WINDOWS\SYSTEM32\test.txt winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002644_.tmp.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002795_.tmp.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002855_.tmp.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_004990_.tmp.dll Checking %System%\Drivers folder and sub-folders... UPX! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys FSG! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys PEC2 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys aspack 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 12/15/2005 11:48:42 PM S 2048 C:\WINDOWS\bootstat.dat 12/15/2005 9:00:52 PM H 54156 C:\WINDOWS\QTFont.qfn 10/25/2005 10:20:42 PM H 59556 C:\WINDOWS\Downloaded Program Files\Doremi.ttf 12/15/2005 11:48:52 PM H 12288 C:\WINDOWS\system32\config\default.LOG 12/15/2005 11:49:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 12/15/2005 11:48:46 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG 12/15/2005 11:50:10 PM H 98304 C:\WINDOWS\system32\config\software.LOG 12/15/2005 11:49:06 PM H 1310720 C:\WINDOWS\system32\config\system.LOG 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49UZ8PIZ\desktop.ini 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8167S9Q3\desktop.ini 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G9YFO1IR\desktop.ini 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UFMB6VUH\desktop.ini 11/29/2005 7:58:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\81c63a88-2e4f-4c3a-b036-f3d6c453ea2b 11/29/2005 7:58:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 12/15/2005 11:47:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 8/29/2002 7:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl TOSHIBA Corp. 4/1/2003 8:17:14 PM 503808 C:\WINDOWS\SYSTEM32\HWSETUP.CPL Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 2/20/2003 8:39:50 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl TOSHIBA Corporation 1/22/2003 2:12:34 PM 884736 C:\WINDOWS\SYSTEM32\TPWRSAVE.CPL Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/29/2002 5:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 12/3/2005 10:45:24 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 12/28/2004 8:48:34 PM 766 C:\Documents and Settings\All Users\Application Data\hpzinstall.log 9/23/2005 10:41:20 AM 3365 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 12/3/2005 10:40:08 PM 1228 C:\Documents and Settings\Brandi\Application Data\AdobeDLM.log 4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\Brandi\Application Data\desktop.ini 12/3/2005 10:40:08 PM 0 C:\Documents and Settings\Brandi\Application Data\dm.ini 2/19/2004 8:23:14 AM 53464 C:\Documents and Settings\Brandi\Application Data\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {9ACDDC9B-79DD-453B-8FCF-E1090BB7BD84} = C:\WINDOWS\system32\_Z02656_.tmp.dll {4ACBA77A-F129-45DC-A257-200666863E5F} = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\system32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} MenuText = PC Confidential : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} ButtonText = PC Confidential : "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Research : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Program Files\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 00THotkey C:\WINDOWS\System32\00THotkey.exe IgfxTray C:\WINDOWS\System32\igfxtray.exe HotKeysCmds C:\WINDOWS\System32\hkcmd.exe PmProxy C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe TouchED C:\Program Files\TOSHIBA\TouchED\TouchED.Exe Pinger c:\toshiba\ivp\ism\pinger.exe /run Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\System32\ctfmon.exe msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background AIM C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe item HP Digital Imaging Monitor path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe item HP Digital Imaging Monitor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s item HP Image Zone Fast Start path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s item HP Image Zone Fast Start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup location Common Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup location Common Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup location Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup location Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup location Startup command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE item reminder-ScanSoft Product Registration path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup location Startup command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE item reminder-ScanSoft Product Registration HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Virtual Bouncer.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup location Startup command C:\Program Files\VBouncer\VirtualBouncer.exe item Virtual Bouncer path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup location Startup command C:\Program Files\VBouncer\VirtualBouncer.exe item Virtual Bouncer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Webshots.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk backup C:\WINDOWS\pss\Webshots.lnkStartup location Startup command C:\Program Files\Webshots\Launcher.exe /t item Webshots path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk backup C:\WINDOWS\pss\Webshots.lnkStartup location Startup command C:\Program Files\Webshots\Launcher.exe /t item Webshots HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\000StTHK key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item 000StTHK hkey HKLM command 000StTHK.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item 000StTHK hkey HKLM command 000StTHK.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2ZQLKP#2WLSCTL key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Mun8s0W hkey HKLM command C:\WINDOWS\System32\Mun8s0W.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Mun8s0W hkey HKLM command C:\WINDOWS\System32\Mun8s0W.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AGRSMMSG key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item AGRSMMSG hkey HKLM command AGRSMMSG.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item AGRSMMSG hkey HKLM command AGRSMMSG.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item aim hkey HKCU command C:\Program Files\AIM\aim.exe -cnetwait.odl inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item aim hkey HKCU command C:\Program Files\AIM\aim.exe -cnetwait.odl inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Apoint hkey HKLM command C:\Program Files\Apoint2K\Apoint.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Apoint hkey HKLM command C:\Program Files\Apoint2K\Apoint.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dsi key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dp-him hkey HKLM command C:\WINDOWS\System32\dp-him.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dp-him hkey HKLM command C:\WINDOWS\System32\dp-him.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ezShieldProtector for Px key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ezSP_Px hkey HKLM command C:\WINDOWS\System32\ezSP_Px.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ezSP_Px hkey HKLM command C:\WINDOWS\System32\ezSP_Px.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fash key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item fash hkey HKLM command C:\WINDOWS\fash.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item fash hkey HKLM command C:\WINDOWS\fash.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hFbl5wuD key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hFbl5wuD hkey HKLM command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hFbl5wuD hkey HKLM command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hpcmpmgr hkey HKLM command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hpcmpmgr hkey HKLM command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command C:\Program Files\iTunes\iTunesHelper.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command C:\Program Files\iTunes\iTunesHelper.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Money Express hkey HKCU command "C:\Program Files\Microsoft Money\System\Money Express.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Money Express hkey HKCU command "C:\Program Files\Microsoft Money\System\Money Express.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mwsoemon hkey HKLM command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mwsoemon hkey HKLM command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nyvxsc key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nyvxsc hkey HKLM command C:\WINDOWS\System32\nyvxsc.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nyvxsc hkey HKLM command C:\WINDOWS\System32\nyvxsc.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item RealPlay hkey HKLM command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item RealPlay hkey HKLM command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\stddgwkxyto key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item laesbpfl hkey HKLM command C:\WINDOWS\System32\laesbpfl.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item laesbpfl hkey HKLM command C:\WINDOWS\System32\laesbpfl.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SNDMon hkey HKLM command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SNDMon hkey HKLM command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TFNF5 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TFNF5 hkey HKLM command TFNF5.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TFNF5 hkey HKLM command TFNF5.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tpwrtray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TPWRTRAY hkey HKLM command TPWRTRAY.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TPWRTRAY hkey HKLM command TPWRTRAY.EXE inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\z key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item z hkey HKLM command C:\documents and settings\brandi\local settings\temp\z.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item z hkey HKLM command C:\documents and settings\brandi\local settings\temp\z.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\System32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier = WRLogonNTF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif = wzcdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 12/16/2005 3:43:15 AM
  8. WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... qoologic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT urllogic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT UPX! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys FSG! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys Umonitor 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys SAHAgent 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PEC2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll PECompact2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll abetterinternet.com 4/30/2004 2:29:10 PM H 12154 C:\WINDOWS\SYSTEM32\fiz0 PTech 4/30/2004 1:00:38 PM H 3066522 C:\WINDOWS\SYSTEM32\kyf.dat PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com abetterinternet.com 4/30/2004 2:35:34 PM H 236445 C:\WINDOWS\SYSTEM32\log.bak.txt PECompact2 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe aspack 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe UPX! 8/22/2001 7:00:00 PM 86030 C:\WINDOWS\SYSTEM32\msdjgk.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe WinShutDown 12/9/2005 2:32:12 PM 341 C:\WINDOWS\SYSTEM32\test.txt winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002644_.tmp.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002795_.tmp.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002855_.tmp.dll Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_004990_.tmp.dll Checking %System%\Drivers folder and sub-folders... UPX! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys FSG! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys PEC2 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys aspack 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts 127.0.0.1 www.qoologic.com 127.0.0.1 www.urllogic.com Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 12/14/2005 11:02:32 PM S 2048 C:\WINDOWS\bootstat.dat 12/12/2005 11:49:34 PM H 54156 C:\WINDOWS\QTFont.qfn 10/25/2005 10:20:42 PM H 59556 C:\WINDOWS\Downloaded Program Files\Doremi.ttf 12/14/2005 11:02:42 PM H 12288 C:\WINDOWS\system32\config\default.LOG 12/14/2005 11:02:56 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 12/14/2005 11:02:36 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG 12/14/2005 11:04:04 PM H 118784 C:\WINDOWS\system32\config\software.LOG 12/14/2005 11:03:00 PM H 1323008 C:\WINDOWS\system32\config\system.LOG 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49UZ8PIZ\desktop.ini 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8167S9Q3\desktop.ini 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G9YFO1IR\desktop.ini 10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UFMB6VUH\desktop.ini 11/29/2005 7:58:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\81c63a88-2e4f-4c3a-b036-f3d6c453ea2b 11/29/2005 7:58:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 12/14/2005 11:01:22 PM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 8/29/2002 7:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl TOSHIBA Corp. 4/1/2003 8:17:14 PM 503808 C:\WINDOWS\SYSTEM32\HWSETUP.CPL Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 2/20/2003 8:39:50 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/29/2002 7:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl TOSHIBA Corporation 1/22/2003 2:12:34 PM 884736 C:\WINDOWS\SYSTEM32\TPWRSAVE.CPL Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/29/2002 5:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 12/3/2005 10:45:24 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk 4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 12/28/2004 8:48:34 PM 766 C:\Documents and Settings\All Users\Application Data\hpzinstall.log 9/23/2005 10:41:20 AM 3365 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 12/3/2005 10:40:08 PM 1228 C:\Documents and Settings\Brandi\Application Data\AdobeDLM.log 4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\Brandi\Application Data\desktop.ini 12/3/2005 10:40:08 PM 0 C:\Documents and Settings\Brandi\Application Data\dm.ini 2/19/2004 8:23:14 AM 53464 C:\Documents and Settings\Brandi\Application Data\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] {9ACDDC9B-79DD-453B-8FCF-E1090BB7BD84} = C:\WINDOWS\system32\_Z02656_.tmp.dll {4ACBA77A-F129-45DC-A257-200666863E5F} = [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\system32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB} MenuText = PC Confidential : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA} ButtonText = PC Confidential : "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Research : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Program Files\AIM\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 00THotkey C:\WINDOWS\System32\00THotkey.exe IgfxTray C:\WINDOWS\System32\igfxtray.exe HotKeysCmds C:\WINDOWS\System32\hkcmd.exe PmProxy C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe TouchED C:\Program Files\TOSHIBA\TouchED\TouchED.Exe Pinger c:\toshiba\ivp\ism\pinger.exe /run Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe" AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ctfmon.exe C:\WINDOWS\System32\ctfmon.exe msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background AIM C:\Program Files\AIM\aim.exe -cnetwait.odl [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe item HP Digital Imaging Monitor path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe item HP Digital Imaging Monitor HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s item HP Image Zone Fast Start path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup location Common Startup command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s item HP Image Zone Fast Start HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup location Common Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup location Common Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup location Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup location Startup command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE item MyWebSearch Email Plugin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup location Startup command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE item reminder-ScanSoft Product Registration path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup location Startup command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE item reminder-ScanSoft Product Registration HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Virtual Bouncer.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup location Startup command C:\Program Files\VBouncer\VirtualBouncer.exe item Virtual Bouncer path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup location Startup command C:\Program Files\VBouncer\VirtualBouncer.exe item Virtual Bouncer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Webshots.lnk path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk backup C:\WINDOWS\pss\Webshots.lnkStartup location Startup command C:\Program Files\Webshots\Launcher.exe /t item Webshots path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk backup C:\WINDOWS\pss\Webshots.lnkStartup location Startup command C:\Program Files\Webshots\Launcher.exe /t item Webshots HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\000StTHK key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item 000StTHK hkey HKLM command 000StTHK.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item 000StTHK hkey HKLM command 000StTHK.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2ZQLKP#2WLSCTL key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Mun8s0W hkey HKLM command C:\WINDOWS\System32\Mun8s0W.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Mun8s0W hkey HKLM command C:\WINDOWS\System32\Mun8s0W.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AGRSMMSG key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item AGRSMMSG hkey HKLM command AGRSMMSG.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item AGRSMMSG hkey HKLM command AGRSMMSG.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item aim hkey HKCU command C:\Program Files\AIM\aim.exe -cnetwait.odl inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item aim hkey HKCU command C:\Program Files\AIM\aim.exe -cnetwait.odl inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Apoint hkey HKLM command C:\Program Files\Apoint2K\Apoint.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Apoint hkey HKLM command C:\Program Files\Apoint2K\Apoint.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dsi key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dp-him hkey HKLM command C:\WINDOWS\System32\dp-him.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item dp-him hkey HKLM command C:\WINDOWS\System32\dp-him.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ezShieldProtector for Px key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ezSP_Px hkey HKLM command C:\WINDOWS\System32\ezSP_Px.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ezSP_Px hkey HKLM command C:\WINDOWS\System32\ezSP_Px.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fash key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item fash hkey HKLM command C:\WINDOWS\fash.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item fash hkey HKLM command C:\WINDOWS\fash.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hFbl5wuD key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hFbl5wuD hkey HKLM command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hFbl5wuD hkey HKLM command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hpcmpmgr hkey HKLM command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hpcmpmgr hkey HKLM command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command C:\Program Files\iTunes\iTunesHelper.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command C:\Program Files\iTunes\iTunesHelper.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Money Express hkey HKCU command "C:\Program Files\Microsoft Money\System\Money Express.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Money Express hkey HKCU command "C:\Program Files\Microsoft Money\System\Money Express.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mwsoemon hkey HKLM command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item mwsoemon hkey HKLM command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nyvxsc key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nyvxsc hkey HKLM command C:\WINDOWS\System32\nyvxsc.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item nyvxsc hkey HKLM command C:\WINDOWS\System32\nyvxsc.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item RealPlay hkey HKLM command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item RealPlay hkey HKLM command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\stddgwkxyto key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item laesbpfl hkey HKLM command C:\WINDOWS\System32\laesbpfl.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item laesbpfl hkey HKLM command C:\WINDOWS\System32\laesbpfl.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SNDMon hkey HKLM command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item SNDMon hkey HKLM command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TFNF5 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TFNF5 hkey HKLM command TFNF5.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TFNF5 hkey HKLM command TFNF5.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tpwrtray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TPWRTRAY hkey HKLM command TPWRTRAY.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item TPWRTRAY hkey HKLM command TPWRTRAY.EXE inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\z key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item z hkey HKLM command C:\documents and settings\brandi\local settings\temp\z.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item z hkey HKLM command C:\documents and settings\brandi\local settings\temp\z.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\System32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier = WRLogonNTF.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif = wzcdlg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 12/15/2005 2:17:24 AM
  9. ******** 8:59 PM: | Start of Session, Monday, December 12, 2005 | 8:59 PM: Spy Sweeper started 8:59 PM: Sweep initiated using definitions version 582 8:59 PM: Starting Memory Sweep 9:02 PM: Memory Sweep Complete, Elapsed Time: 00:02:50 9:02 PM: Starting Registry Sweep 9:02 PM: Registry Sweep Complete, Elapsed Time:00:00:18 9:02 PM: Starting Cookie Sweep 9:02 PM: Found Spy Cookie: websponsors cookie 9:02 PM: [email protected][2].txt (ID = 3665) 9:02 PM: Found Spy Cookie: adserver cookie 9:02 PM: [email protected][1].txt (ID = 2141) 9:02 PM: Found Spy Cookie: atwola cookie 9:02 PM: [email protected][1].txt (ID = 2256) 9:02 PM: [email protected][1].txt (ID = 2255) 9:02 PM: Found Spy Cookie: go.com cookie 9:02 PM: [email protected][2].txt (ID = 2728) 9:02 PM: Found Spy Cookie: franklinsurveys cookie 9:02 PM: [email protected][2].txt (ID = 2689) 9:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06 9:02 PM: Starting File Sweep 9:06 PM: Found Adware: wfgtech 9:06 PM: a0124671.exe (ID = 203674) 9:09 PM: Found Adware: dialerplatform 9:09 PM: a0124667.ico (ID = 58328) 9:11 PM: Found Adware: look2me 9:11 PM: a0124665.exe (ID = 65721) 9:11 PM: a0124664.exe (ID = 65722) 9:25 PM: Found Adware: targetsaver 9:25 PM: a0124668.exe (ID = 193501) 9:25 PM: a0124669.dll (ID = 203552) 9:41 PM: a0124670.dll (ID = 203553) 10:06 PM: a0124657.dll (ID = 159) 10:07 PM: a0124663.dll (ID = 159) 10:08 PM: a0124662.dll (ID = 159) 10:08 PM: a0124661.dll (ID = 163672) 10:09 PM: a0124660.dll (ID = 159) 10:11 PM: a0124659.dll (ID = 159) 10:11 PM: a0124658.dll (ID = 159) 10:18 PM: Found Adware: command 10:18 PM: a0124666.vbs (ID = 185675) 10:23 PM: Found System Monitor: potentially rootkit-masked files 10:23 PM: appevent.log (ID = 0) 10:23 PM: eventlog.log (ID = 0) 10:23 PM: coreevent.log (ID = 0) 10:27 PM: File Sweep Complete, Elapsed Time: 01:24:05 10:27 PM: Full Sweep has completed. Elapsed time 01:27:31 10:27 PM: Traces Found: 24 10:35 PM: Removal process initiated 10:35 PM: Quarantining All Traces: look2me 10:35 PM: Quarantining All Traces: command 10:35 PM: Quarantining All Traces: dialerplatform 10:35 PM: Quarantining All Traces: targetsaver 10:35 PM: Quarantining All Traces: wfgtech 10:35 PM: Quarantining All Traces: adserver cookie 10:35 PM: Quarantining All Traces: atwola cookie 10:35 PM: Quarantining All Traces: franklinsurveys cookie 10:35 PM: Quarantining All Traces: go.com cookie 10:35 PM: Quarantining All Traces: websponsors cookie 10:35 PM: Removal process completed. Elapsed time 00:00:20 ******** 3:15 PM: | Start of Session, Friday, December 09, 2005 | 3:15 PM: Spy Sweeper started 3:15 PM: Sweep initiated using definitions version 582 3:15 PM: Starting Memory Sweep 3:16 PM: Found Adware: icannnews 3:16 PM: Detected running threat: C:\WINDOWS\system32\omesvr32.dll (ID = 83) 3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:16 PM: Detected running threat: C:\WINDOWS\system32\l2l60c3sef.dll (ID = 83) 3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:18 PM: Found Adware: wfgtech 3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce80unc.dll (ID = 203552) 3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce89y3o.dll (ID = 203553) 3:18 PM: Memory Sweep Complete, Elapsed Time: 00:02:38 3:18 PM: Starting Registry Sweep 3:18 PM: Found Adware: cws-aboutblank 3:18 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343) 3:18 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907) 3:18 PM: Found Adware: linkmaker 3:18 PM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743) 3:18 PM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750) 3:18 PM: Found Adware: minigolf 3:18 PM: HKLM\software\minigolf\ (1 subtraces) (ID = 135062) 3:18 PM: Found Adware: websearch toolbar 3:18 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481) 3:18 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496) 3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518) 3:18 PM: Found Adware: wildmedia 3:18 PM: HKCR\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146688) 3:18 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146699) 3:18 PM: Found Adware: quicklink search toolbar 3:18 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437) 3:18 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440) 3:18 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448) 3:18 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449) 3:18 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450) 3:18 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451) 3:18 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452) 3:18 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453) 3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454) 3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455) 3:18 PM: HKLM\software\ql\ (3 subtraces) (ID = 359458) 3:18 PM: Found Adware: findthewebsiteyouneed hijacker 3:18 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438) 3:18 PM: Found Adware: clientman 3:18 PM: HKCR\appid\urlcli.dll\ (1 subtraces) (ID = 701476) 3:18 PM: HKLM\software\classes\appid\urlcli.dll\ (1 subtraces) (ID = 701492) 3:18 PM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328) 3:18 PM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357) 3:18 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558) 3:18 PM: Found Adware: dollarrevenue 3:18 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795) 3:18 PM: Found Adware: command 3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064) 3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072) 3:18 PM: Found Adware: bho_sep 3:18 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642) 3:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 3:18 PM: Registry Sweep Complete, Elapsed Time:00:00:21 3:18 PM: Starting Cookie Sweep 3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:18 PM: Found Spy Cookie: abcsearch cookie 3:18 PM: [email protected][2].txt (ID = 2033) 3:18 PM: Found Spy Cookie: adknowledge cookie 3:18 PM: [email protected][1].txt (ID = 2072) 3:18 PM: Found Spy Cookie: hbmediapro cookie 3:18 PM: [email protected][2].txt (ID = 2768) 3:18 PM: Found Spy Cookie: adrevolver cookie 3:18 PM: [email protected][2].txt (ID = 2088) 3:18 PM: [email protected][3].txt (ID = 2088) 3:18 PM: Found Spy Cookie: apmebf cookie 3:18 PM: [email protected][2].txt (ID = 2229) 3:18 PM: Found Spy Cookie: ask cookie 3:18 PM: [email protected][1].txt (ID = 2245) 3:18 PM: Found Spy Cookie: atlas dmt cookie 3:18 PM: [email protected][1].txt (ID = 2253) 3:18 PM: Found Spy Cookie: belnk cookie 3:18 PM: [email protected][2].txt (ID = 2293) 3:18 PM: Found Spy Cookie: atwola cookie 3:18 PM: [email protected][1].txt (ID = 2255) 3:18 PM: Found Spy Cookie: azjmp cookie 3:18 PM: [email protected][2].txt (ID = 2270) 3:18 PM: Found Spy Cookie: banner cookie 3:18 PM: [email protected][1].txt (ID = 2276) 3:18 PM: [email protected][2].txt (ID = 2292) 3:18 PM: Found Spy Cookie: casalemedia cookie 3:18 PM: [email protected][1].txt (ID = 2354) 3:18 PM: [email protected][1].txt (ID = 2293) 3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:18 PM: Found Spy Cookie: exitexchange cookie 3:18 PM: [email protected][1].txt (ID = 2633) 3:18 PM: Found Spy Cookie: findwhat cookie 3:18 PM: [email protected][1].txt (ID = 2674) 3:18 PM: Found Spy Cookie: go.com cookie 3:18 PM: [email protected][1].txt (ID = 2728) 3:18 PM: [email protected][2].txt (ID = 2728) 3:18 PM: [email protected][3].txt (ID = 2728) 3:18 PM: Found Spy Cookie: clickandtrack cookie 3:18 PM: [email protected][2].txt (ID = 2397) 3:18 PM: Found Spy Cookie: epilot cookie 3:18 PM: [email protected][2].txt (ID = 2622) 3:18 PM: Found Spy Cookie: maxserving cookie 3:18 PM: [email protected][1].txt (ID = 2966) 3:18 PM: Found Spy Cookie: nextag cookie 3:18 PM: [email protected][2].txt (ID = 5014) 3:18 PM: Found Spy Cookie: paypopup cookie 3:18 PM: [email protected][2].txt (ID = 3119) 3:18 PM: Found Spy Cookie: overture cookie 3:18 PM: [email protected][1].txt (ID = 3106) 3:18 PM: Found Spy Cookie: realmedia cookie 3:18 PM: [email protected][1].txt (ID = 3235) 3:18 PM: Found Spy Cookie: reliablestats cookie 3:18 PM: [email protected][1].txt (ID = 3254) 3:18 PM: Found Spy Cookie: tradedoubler cookie 3:18 PM: [email protected][2].txt (ID = 3575) 3:18 PM: Found Spy Cookie: videodome cookie 3:18 PM: [email protected][1].txt (ID = 3638) 3:18 PM: Found Spy Cookie: upspiral cookie 3:18 PM: [email protected][2].txt (ID = 3615) 3:18 PM: Found Spy Cookie: winantiviruspro cookie 3:18 PM: [email protected][2].txt (ID = 3690) 3:18 PM: Found Spy Cookie: xiti cookie 3:18 PM: [email protected][1].txt (ID = 3717) 3:18 PM: Found Spy Cookie: zedo cookie 3:18 PM: [email protected][2].txt (ID = 3762) 3:18 PM: [email protected][1].txt (ID = 2728) 3:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03 3:18 PM: Starting File Sweep 3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:19 PM: Found Adware: 180search assistant/zango 3:19 PM: c:\windows\system32\fleok (ID = -2147480556) 3:19 PM: inst_0004[1].exe (ID = 203674) 3:19 PM: Found Adware: look2me 3:19 PM: appwrap[1].exe (ID = 65721) 3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:20 PM: bw2.com (ID = 65721) 3:20 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124490.exe". Access is denied 3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:21 PM: Found Adware: delfin 3:21 PM: 4df33016-45ef-4fe2-b7de-af8a87 (ID = 57725) 3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:22 PM: 52d86398-96cb-4ce7-b76e-a73936 (ID = 57716) 3:23 PM: inst_0004.exe (ID = 203674) 3:23 PM: ltndload[1].dll (ID = 203552) 3:23 PM: 0ce80unc.dll (ID = 203552) 3:23 PM: Found Adware: targetsaver 3:23 PM: tsinstall_4_0_4_0_b4.exe (ID = 193496) 3:23 PM: ltndmain[1].dll (ID = 203553) 3:23 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124518.exe". Access is denied 3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:24 PM: 3d28b6d3-34d7-4ad1-b81f-919a27 (ID = 57781) 3:24 PM: mfex-16.dat (ID = 144945) 3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:25 PM: e4962307-cf35-4a28-99dc-361c44 (ID = 57718) 3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:25 PM: Found Adware: dialerplatform 3:25 PM: sportsinteraction.ico (ID = 58328) 3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:25 PM: Found Adware: purityscan 3:25 PM: a0124578.exe (ID = 73267) 3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:26 PM: a7ab5c0d-dad3-44a0-a165-6b36fe (ID = 57692) 3:26 PM: 42860d3a-a13a-42f4-b2c9-dce72f (ID = 57693) 3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:26 PM: Found Adware: ezula ilookup 3:26 PM: a0124580.exe (ID = 60560) 3:26 PM: 11c54bd5-143e-4c32-b0e2-728fa3 (ID = 87579) 3:27 PM: a0124565.exe (ID = 195128) 3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:27 PM: a0124567.exe (ID = 195131) 3:28 PM: a0124568.exe (ID = 195132) 3:28 PM: iconu.exe (ID = 65721) 3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:28 PM: a0124521.exe (ID = 200314) 3:28 PM: icont.exe (ID = 65722) 3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:29 PM: a0124563.exe (ID = 185985) 3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:30 PM: a0124573.exe (ID = 203611) 3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:33 PM: a0124564.exe (ID = 193995) 3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:35 PM: a0124566.exe (ID = 195130) 3:36 PM: Found Adware: addestroyer 3:36 PM: inneradinstall.log (ID = 49035) 3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:38 PM: 0ce89y3o.dll (ID = 203553) 3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:38 PM: appwrap[1].exe (ID = 65739) 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:40 PM: a0124549.dll (ID = 159) 3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:40 PM: a0124533.dll (ID = 163672) 3:40 PM: a0124644.dll (ID = 159) 3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:40 PM: a0124552.dll (ID = 163672) 3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:41 PM: 5be6719c-fb86-4119-893e-60fefd (ID = 87579) 3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:43 PM: mfex-23.dat (ID = 144945) 3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:43 PM: Found Adware: keenvalue/perfectnav 3:43 PM: a0124512.exe (ID = 64892) 3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:44 PM: Found Adware: whenu searchbar/pricebandit 3:44 PM: d2bd9f9d-a9f6-4552-868c-5577cf (ID = 129801) 3:44 PM: mfex-17.dat (ID = 144945) 3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:46 PM: a0124587.dll (ID = 200308) 3:46 PM: c10699a5-b9b0-42a5-9cc8-d28d96 (ID = 129770) 3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:51 PM: appwrap[1].exe (ID = 65722) 3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:52 PM: a0124527.dll (ID = 163672) 3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:52 PM: mfex-24.dat (ID = 144945) 3:53 PM: a0124583.dll (ID = 163672) 3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:53 PM: mfex-37.dat (ID = 144945) 3:54 PM: a0124586.dll (ID = 159) 3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:54 PM: mfex-2.dat (ID = 144945) 3:54 PM: Found Adware: adtech 3:54 PM: a0124517.exe (ID = 203582) 3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:55 PM: mfex-18.dat (ID = 144945) 3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:58 PM: mfex-3.dat (ID = 144945) 3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:59 PM: a0124604.dll (ID = 159) 3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 3:59 PM: m4nqle551h.dll (ID = 159) 3:59 PM: a0124588.dll (ID = 159) 3:59 PM: a0124589.dll (ID = 163672) 4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:00 PM: a0124520.exe (ID = 200311) 4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:00 PM: omesvr32.dll (ID = 159) 4:00 PM: a0124645.dll (ID = 159) 4:01 PM: mfex-4.dat (ID = 144945) 4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:01 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp402\a0118452.exe". Access is denied 4:01 PM: tsuninst.exe (ID = 193501) 4:01 PM: class-barrel (ID = 78229) 4:01 PM: a0124576.dll (ID = 195129) 4:01 PM: vocabulary (ID = 78283) 4:01 PM: a0124574.exe (ID = 200300) 4:01 PM: Found Adware: apropos 4:01 PM: a0124572.exe (ID = 203610) 4:01 PM: a0124577.exe (ID = 200309) 4:01 PM: a0124575.exe (ID = 168558) 4:01 PM: mfex-5.dat (ID = 144945) 4:01 PM: mfex-1.dat (ID = 144946) 4:01 PM: f22m0cf1ef2.dll (ID = 159) 4:01 PM: mfex-6.dat (ID = 144945) 4:01 PM: mfex-7.dat (ID = 144945) 4:01 PM: mfex-19.dat (ID = 144945) 4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:02 PM: mv06l9ds1.dll (ID = 159) 4:02 PM: _s02786_.tmp.dll (ID = 163672) 4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:02 PM: eanclass.dll (ID = 159) 4:02 PM: a0124526.dll (ID = 144945) 4:02 PM: mfex-20.dat (ID = 144945) 4:03 PM: mfex-21.dat (ID = 144945) 4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:03 PM: g422lefo1h2c.dll (ID = 159) 4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:03 PM: f83213e9-cce7-4bed-be48-d8c0f4 (ID = 161460) 4:03 PM: 8e63125c-4582-40e2-aed2-c80f54 (ID = 129805) 4:03 PM: ccusapi.dll (ID = 159) 4:03 PM: mfex-38.dat (ID = 144946) 4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:03 PM: mfex-8.dat (ID = 144945) 4:04 PM: a0124525.exe (ID = 144946) 4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:06 PM: mfex-9.dat (ID = 144945) 4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:07 PM: mfex-10.dat (ID = 144945) 4:07 PM: mfex-11.dat (ID = 144945) 4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:07 PM: mfex-22.dat (ID = 144945) 4:07 PM: mfex-12.dat (ID = 144945) 4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: mfex-13.dat (ID = 144945) 4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:10 PM: 9400[1].cab (ID = 200301) 4:10 PM: mfex-14.dat (ID = 144945) 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: 782e8e34-2fa5-4547-9f93-93352b (ID = 129799) 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com 4:12 PM: The Spy
  10. So i checked and still the same...banner ads dont load which isnt a bad thing persay but on myspace none of the music players load. I'm only running spysweeper...any help?
  11. I am currently running AVG, Spy Sweeper, Spyware Guard, and i was running Ewido. i have since uninstalled Ewido. in my spy sweeper shield options the common ad shield was unticked. so i dont think it was spy sweeper. I have to go and check if uninstalling Ewido fixed the problem. I defragged last night and went to bed and never checked my laptop this morning and just went to work. so i dont know if it fixed the problem. I will post in a little bit. thanks
  12. Hello I got help the other day to get rid of the L2mix or whatever spyware junk. everything is great as far as that goes but it seems now all banner ads don't load neither do the song players on myspace.com. any help would be great. thanks!
  13. Hello I got help the other day to get rid of the L2mix or whatever spyware junk. everything is great as far as that goes but it seems now all banner ads don't load neither do the song players on myspace.com. any help would be great. thanks!
  14. Logfile of HijackThis v1.99.1 Scan saved at 5:37:05 PM, on 12/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\DRIVERS\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Brandi\My Documents\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/ O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing) O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing) O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  15. Log of AproposFix v1 ************ Running from directory: C:\Documents and Settings\Brandi\Desktop\aproposfix ************ Registry entries found: ************ No service found! Removing hidden folder: No folder found! Deleting files: Backing up files: Done! Removing registry entries: REGEDIT4 Done! Finished! *************************************************************************** Logfile of HijackThis v1.99.1 Scan saved at 5:30:04 PM, on 12/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\WINDOWS\System32\DRIVERS\dcfssvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\ESPNRunTime\DIGServices.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Brandi\My Documents\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [0ce80unc.dll] RUNDLL32.EXE 0ce80unc.dll,b 660046376 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing) O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing) O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe" (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.sharewareonline.com/adserver/Install.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe