After The Spies Are Removed Some Funny Things Happening With My Ie


Recommended Posts

what programs, if any, from the list of suggestions ,at the end of your computer cleaning, that therock247uk gave you did you install???

I am currently running AVG, Spy Sweeper, Spyware Guard, and i was running Ewido. i have since uninstalled Ewido. in my spy sweeper shield options the common ad shield was unticked. so i dont think it was spy sweeper. I have to go and check if uninstalling Ewido fixed the problem. I defragged last night and went to bed and never checked my laptop this morning and just went to work. so i dont know if it fixed the problem. I will post in a little bit. thanks

Link to post
Share on other sites
if you can please run SpySweeper and post the log from it. I'll know more after I see that.

********

8:59 PM: | Start of Session, Monday, December 12, 2005 |

8:59 PM: Spy Sweeper started

8:59 PM: Sweep initiated using definitions version 582

8:59 PM: Starting Memory Sweep

9:02 PM: Memory Sweep Complete, Elapsed Time: 00:02:50

9:02 PM: Starting Registry Sweep

9:02 PM: Registry Sweep Complete, Elapsed Time:00:00:18

9:02 PM: Starting Cookie Sweep

9:02 PM: Found Spy Cookie: websponsors cookie

9:02 PM: [email protected][2].txt (ID = 3665)

9:02 PM: Found Spy Cookie: adserver cookie

9:02 PM: brandi@adserver[1].txt (ID = 2141)

9:02 PM: Found Spy Cookie: atwola cookie

9:02 PM: [email protected][1].txt (ID = 2256)

9:02 PM: brandi@atwola[1].txt (ID = 2255)

9:02 PM: Found Spy Cookie: go.com cookie

9:02 PM: brandi@go[2].txt (ID = 2728)

9:02 PM: Found Spy Cookie: franklinsurveys cookie

9:02 PM: [email protected][2].txt (ID = 2689)

9:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06

9:02 PM: Starting File Sweep

9:06 PM: Found Adware: wfgtech

9:06 PM: a0124671.exe (ID = 203674)

9:09 PM: Found Adware: dialerplatform

9:09 PM: a0124667.ico (ID = 58328)

9:11 PM: Found Adware: look2me

9:11 PM: a0124665.exe (ID = 65721)

9:11 PM: a0124664.exe (ID = 65722)

9:25 PM: Found Adware: targetsaver

9:25 PM: a0124668.exe (ID = 193501)

9:25 PM: a0124669.dll (ID = 203552)

9:41 PM: a0124670.dll (ID = 203553)

10:06 PM: a0124657.dll (ID = 159)

10:07 PM: a0124663.dll (ID = 159)

10:08 PM: a0124662.dll (ID = 159)

10:08 PM: a0124661.dll (ID = 163672)

10:09 PM: a0124660.dll (ID = 159)

10:11 PM: a0124659.dll (ID = 159)

10:11 PM: a0124658.dll (ID = 159)

10:18 PM: Found Adware: command

10:18 PM: a0124666.vbs (ID = 185675)

10:23 PM: Found System Monitor: potentially rootkit-masked files

10:23 PM: appevent.log (ID = 0)

10:23 PM: eventlog.log (ID = 0)

10:23 PM: coreevent.log (ID = 0)

10:27 PM: File Sweep Complete, Elapsed Time: 01:24:05

10:27 PM: Full Sweep has completed. Elapsed time 01:27:31

10:27 PM: Traces Found: 24

10:35 PM: Removal process initiated

10:35 PM: Quarantining All Traces: look2me

10:35 PM: Quarantining All Traces: command

10:35 PM: Quarantining All Traces: dialerplatform

10:35 PM: Quarantining All Traces: targetsaver

10:35 PM: Quarantining All Traces: wfgtech

10:35 PM: Quarantining All Traces: adserver cookie

10:35 PM: Quarantining All Traces: atwola cookie

10:35 PM: Quarantining All Traces: franklinsurveys cookie

10:35 PM: Quarantining All Traces: go.com cookie

10:35 PM: Quarantining All Traces: websponsors cookie

10:35 PM: Removal process completed. Elapsed time 00:00:20

********

3:15 PM: | Start of Session, Friday, December 09, 2005 |

3:15 PM: Spy Sweeper started

3:15 PM: Sweep initiated using definitions version 582

3:15 PM: Starting Memory Sweep

3:16 PM: Found Adware: icannnews

3:16 PM: Detected running threat: C:\WINDOWS\system32\omesvr32.dll (ID = 83)

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:16 PM: Detected running threat: C:\WINDOWS\system32\l2l60c3sef.dll (ID = 83)

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:17 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: Found Adware: wfgtech

3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce80unc.dll (ID = 203552)

3:18 PM: Detected running threat: C:\WINDOWS\system32\0ce89y3o.dll (ID = 203553)

3:18 PM: Memory Sweep Complete, Elapsed Time: 00:02:38

3:18 PM: Starting Registry Sweep

3:18 PM: Found Adware: cws-aboutblank

3:18 PM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)

3:18 PM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)

3:18 PM: Found Adware: linkmaker

3:18 PM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743)

3:18 PM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750)

3:18 PM: Found Adware: minigolf

3:18 PM: HKLM\software\minigolf\ (1 subtraces) (ID = 135062)

3:18 PM: Found Adware: websearch toolbar

3:18 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)

3:18 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)

3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)

3:18 PM: Found Adware: wildmedia

3:18 PM: HKCR\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146688)

3:18 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146699)

3:18 PM: Found Adware: quicklink search toolbar

3:18 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437)

3:18 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440)

3:18 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448)

3:18 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449)

3:18 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450)

3:18 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451)

3:18 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452)

3:18 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453)

3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454)

3:18 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455)

3:18 PM: HKLM\software\ql\ (3 subtraces) (ID = 359458)

3:18 PM: Found Adware: findthewebsiteyouneed hijacker

3:18 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)

3:18 PM: Found Adware: clientman

3:18 PM: HKCR\appid\urlcli.dll\ (1 subtraces) (ID = 701476)

3:18 PM: HKLM\software\classes\appid\urlcli.dll\ (1 subtraces) (ID = 701492)

3:18 PM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328)

3:18 PM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357)

3:18 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558)

3:18 PM: Found Adware: dollarrevenue

3:18 PM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)

3:18 PM: Found Adware: command

3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)

3:18 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)

3:18 PM: Found Adware: bho_sep

3:18 PM: HKU\S-1-5-18\software\sep\ (8 subtraces) (ID = 141642)

3:18 PM: HKU\S-1-5-18\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)

3:18 PM: Registry Sweep Complete, Elapsed Time:00:00:21

3:18 PM: Starting Cookie Sweep

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: Found Spy Cookie: abcsearch cookie

3:18 PM: brandi@abcsearch[2].txt (ID = 2033)

3:18 PM: Found Spy Cookie: adknowledge cookie

3:18 PM: brandi@adknowledge[1].txt (ID = 2072)

3:18 PM: Found Spy Cookie: hbmediapro cookie

3:18 PM: [email protected][2].txt (ID = 2768)

3:18 PM: Found Spy Cookie: adrevolver cookie

3:18 PM: brandi@adrevolver[2].txt (ID = 2088)

3:18 PM: brandi@adrevolver[3].txt (ID = 2088)

3:18 PM: Found Spy Cookie: apmebf cookie

3:18 PM: brandi@apmebf[2].txt (ID = 2229)

3:18 PM: Found Spy Cookie: ask cookie

3:18 PM: brandi@ask[1].txt (ID = 2245)

3:18 PM: Found Spy Cookie: atlas dmt cookie

3:18 PM: brandi@atdmt[1].txt (ID = 2253)

3:18 PM: Found Spy Cookie: belnk cookie

3:18 PM: [email protected][2].txt (ID = 2293)

3:18 PM: Found Spy Cookie: atwola cookie

3:18 PM: brandi@atwola[1].txt (ID = 2255)

3:18 PM: Found Spy Cookie: azjmp cookie

3:18 PM: brandi@azjmp[2].txt (ID = 2270)

3:18 PM: Found Spy Cookie: banner cookie

3:18 PM: brandi@banner[1].txt (ID = 2276)

3:18 PM: brandi@belnk[2].txt (ID = 2292)

3:18 PM: Found Spy Cookie: casalemedia cookie

3:18 PM: brandi@casalemedia[1].txt (ID = 2354)

3:18 PM: [email protected][1].txt (ID = 2293)

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: Found Spy Cookie: exitexchange cookie

3:18 PM: brandi@exitexchange[1].txt (ID = 2633)

3:18 PM: Found Spy Cookie: findwhat cookie

3:18 PM: brandi@findwhat[1].txt (ID = 2674)

3:18 PM: Found Spy Cookie: go.com cookie

3:18 PM: brandi@go[1].txt (ID = 2728)

3:18 PM: brandi@go[2].txt (ID = 2728)

3:18 PM: brandi@go[3].txt (ID = 2728)

3:18 PM: Found Spy Cookie: clickandtrack cookie

3:18 PM: [email protected][2].txt (ID = 2397)

3:18 PM: Found Spy Cookie: epilot cookie

3:18 PM: [email protected][2].txt (ID = 2622)

3:18 PM: Found Spy Cookie: maxserving cookie

3:18 PM: brandi@maxserving[1].txt (ID = 2966)

3:18 PM: Found Spy Cookie: nextag cookie

3:18 PM: brandi@nextag[2].txt (ID = 5014)

3:18 PM: Found Spy Cookie: paypopup cookie

3:18 PM: brandi@paypopup[2].txt (ID = 3119)

3:18 PM: Found Spy Cookie: overture cookie

3:18 PM: [email protected][1].txt (ID = 3106)

3:18 PM: Found Spy Cookie: realmedia cookie

3:18 PM: brandi@realmedia[1].txt (ID = 3235)

3:18 PM: Found Spy Cookie: reliablestats cookie

3:18 PM: [email protected][1].txt (ID = 3254)

3:18 PM: Found Spy Cookie: tradedoubler cookie

3:18 PM: brandi@tradedoubler[2].txt (ID = 3575)

3:18 PM: Found Spy Cookie: videodome cookie

3:18 PM: brandi@videodome[1].txt (ID = 3638)

3:18 PM: Found Spy Cookie: upspiral cookie

3:18 PM: [email protected][2].txt (ID = 3615)

3:18 PM: Found Spy Cookie: winantiviruspro cookie

3:18 PM: [email protected][2].txt (ID = 3690)

3:18 PM: Found Spy Cookie: xiti cookie

3:18 PM: brandi@xiti[1].txt (ID = 3717)

3:18 PM: Found Spy Cookie: zedo cookie

3:18 PM: brandi@zedo[2].txt (ID = 3762)

3:18 PM: system@go[1].txt (ID = 2728)

3:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03

3:18 PM: Starting File Sweep

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:18 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:19 PM: Found Adware: 180search assistant/zango

3:19 PM: c:\windows\system32\fleok (ID = -2147480556)

3:19 PM: inst_0004[1].exe (ID = 203674)

3:19 PM: Found Adware: look2me

3:19 PM: appwrap[1].exe (ID = 65721)

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:20 PM: bw2.com (ID = 65721)

3:20 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124490.exe". Access is denied

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:21 PM: Found Adware: delfin

3:21 PM: 4df33016-45ef-4fe2-b7de-af8a87 (ID = 57725)

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:22 PM: 52d86398-96cb-4ce7-b76e-a73936 (ID = 57716)

3:23 PM: inst_0004.exe (ID = 203674)

3:23 PM: ltndload[1].dll (ID = 203552)

3:23 PM: 0ce80unc.dll (ID = 203552)

3:23 PM: Found Adware: targetsaver

3:23 PM: tsinstall_4_0_4_0_b4.exe (ID = 193496)

3:23 PM: ltndmain[1].dll (ID = 203553)

3:23 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp444\a0124518.exe". Access is denied

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:23 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:24 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:24 PM: 3d28b6d3-34d7-4ad1-b81f-919a27 (ID = 57781)

3:24 PM: mfex-16.dat (ID = 144945)

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: e4962307-cf35-4a28-99dc-361c44 (ID = 57718)

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: Found Adware: dialerplatform

3:25 PM: sportsinteraction.ico (ID = 58328)

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:25 PM: Found Adware: purityscan

3:25 PM: a0124578.exe (ID = 73267)

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: a7ab5c0d-dad3-44a0-a165-6b36fe (ID = 57692)

3:26 PM: 42860d3a-a13a-42f4-b2c9-dce72f (ID = 57693)

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:26 PM: Found Adware: ezula ilookup

3:26 PM: a0124580.exe (ID = 60560)

3:26 PM: 11c54bd5-143e-4c32-b0e2-728fa3 (ID = 87579)

3:27 PM: a0124565.exe (ID = 195128)

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:27 PM: a0124567.exe (ID = 195131)

3:28 PM: a0124568.exe (ID = 195132)

3:28 PM: iconu.exe (ID = 65721)

3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:28 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:28 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:28 PM: a0124521.exe (ID = 200314)

3:28 PM: icont.exe (ID = 65722)

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:29 PM: a0124563.exe (ID = 185985)

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: a0124573.exe (ID = 203611)

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:30 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:31 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:32 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:33 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:33 PM: a0124564.exe (ID = 193995)

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:34 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:35 PM: a0124566.exe (ID = 195130)

3:36 PM: Found Adware: addestroyer

3:36 PM: inneradinstall.log (ID = 49035)

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:36 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:37 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:38 PM: 0ce89y3o.dll (ID = 203553)

3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:38 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:38 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:38 PM: appwrap[1].exe (ID = 65739)

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:39 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: a0124549.dll (ID = 159)

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: a0124533.dll (ID = 163672)

3:40 PM: a0124644.dll (ID = 159)

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:40 PM: a0124552.dll (ID = 163672)

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: 5be6719c-fb86-4119-893e-60fefd (ID = 87579)

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:41 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:42 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: mfex-23.dat (ID = 144945)

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: Found Adware: keenvalue/perfectnav

3:43 PM: a0124512.exe (ID = 64892)

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:43 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:44 PM: Found Adware: whenu searchbar/pricebandit

3:44 PM: d2bd9f9d-a9f6-4552-868c-5577cf (ID = 129801)

3:44 PM: mfex-17.dat (ID = 144945)

3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:44 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:44 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:45 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: a0124587.dll (ID = 200308)

3:46 PM: c10699a5-b9b0-42a5-9cc8-d28d96 (ID = 129770)

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:46 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:47 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:48 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:49 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:50 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:51 PM: appwrap[1].exe (ID = 65722)

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: a0124527.dll (ID = 163672)

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:52 PM: mfex-24.dat (ID = 144945)

3:53 PM: a0124583.dll (ID = 163672)

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:53 PM: mfex-37.dat (ID = 144945)

3:54 PM: a0124586.dll (ID = 159)

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:54 PM: mfex-2.dat (ID = 144945)

3:54 PM: Found Adware: adtech

3:54 PM: a0124517.exe (ID = 203582)

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:54 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: mfex-18.dat (ID = 144945)

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:55 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:56 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:57 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:58 PM: mfex-3.dat (ID = 144945)

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: a0124604.dll (ID = 159)

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

3:59 PM: m4nqle551h.dll (ID = 159)

3:59 PM: a0124588.dll (ID = 159)

3:59 PM: a0124589.dll (ID = 163672)

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: a0124520.exe (ID = 200311)

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:00 PM: omesvr32.dll (ID = 159)

4:00 PM: a0124645.dll (ID = 159)

4:01 PM: mfex-4.dat (ID = 144945)

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: Warning: Failed to open file "c:\system volume information\_restore{1d754853-cd2b-4287-9a0d-7bec62082ded}\rp402\a0118452.exe". Access is denied

4:01 PM: tsuninst.exe (ID = 193501)

4:01 PM: class-barrel (ID = 78229)

4:01 PM: a0124576.dll (ID = 195129)

4:01 PM: vocabulary (ID = 78283)

4:01 PM: a0124574.exe (ID = 200300)

4:01 PM: Found Adware: apropos

4:01 PM: a0124572.exe (ID = 203610)

4:01 PM: a0124577.exe (ID = 200309)

4:01 PM: a0124575.exe (ID = 168558)

4:01 PM: mfex-5.dat (ID = 144945)

4:01 PM: mfex-1.dat (ID = 144946)

4:01 PM: f22m0cf1ef2.dll (ID = 159)

4:01 PM: mfex-6.dat (ID = 144945)

4:01 PM: mfex-7.dat (ID = 144945)

4:01 PM: mfex-19.dat (ID = 144945)

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:01 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: mv06l9ds1.dll (ID = 159)

4:02 PM: _s02786_.tmp.dll (ID = 163672)

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:02 PM: eanclass.dll (ID = 159)

4:02 PM: a0124526.dll (ID = 144945)

4:02 PM: mfex-20.dat (ID = 144945)

4:03 PM: mfex-21.dat (ID = 144945)

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: g422lefo1h2c.dll (ID = 159)

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: f83213e9-cce7-4bed-be48-d8c0f4 (ID = 161460)

4:03 PM: 8e63125c-4582-40e2-aed2-c80f54 (ID = 129805)

4:03 PM: ccusapi.dll (ID = 159)

4:03 PM: mfex-38.dat (ID = 144946)

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:03 PM: mfex-8.dat (ID = 144945)

4:04 PM: a0124525.exe (ID = 144946)

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:04 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:05 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: mfex-9.dat (ID = 144945)

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:06 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: mfex-10.dat (ID = 144945)

4:07 PM: mfex-11.dat (ID = 144945)

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:07 PM: mfex-22.dat (ID = 144945)

4:07 PM: mfex-12.dat (ID = 144945)

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:08 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:09 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: mfex-13.dat (ID = 144945)

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:10 PM: 9400[1].cab (ID = 200301)

4:10 PM: mfex-14.dat (ID = 144945)

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: 782e8e34-2fa5-4547-9f93-93352b (ID = 129799)

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:11 PM: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com

4:12 PM: The Spy

Link to post
Share on other sites

well it appears that something on your system is still trying to contact a-d-w-a-r-e.com

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.

When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.

When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

Link to post
Share on other sites

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600

Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

qoologic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT

urllogic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT

UPX! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

FSG! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

Umonitor 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

SAHAgent 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...

PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc

PEC2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll

PECompact2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll

abetterinternet.com 4/30/2004 2:29:10 PM H 12154 C:\WINDOWS\SYSTEM32\fiz0

PTech 4/30/2004 1:00:38 PM H 3066522 C:\WINDOWS\SYSTEM32\kyf.dat

PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com

abetterinternet.com 4/30/2004 2:35:34 PM H 236445 C:\WINDOWS\SYSTEM32\log.bak.txt

PECompact2 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe

aspack 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe

UPX! 8/22/2001 7:00:00 PM 86030 C:\WINDOWS\SYSTEM32\msdjgk.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll

UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe

WinShutDown 12/9/2005 2:32:12 PM 341 C:\WINDOWS\SYSTEM32\test.txt

winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002644_.tmp.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002795_.tmp.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002855_.tmp.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_004990_.tmp.dll

Checking %System%\Drivers folder and sub-folders...

UPX! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

FSG! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

PEC2 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

aspack 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

127.0.0.1 www.qoologic.com

127.0.0.1 www.urllogic.com

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

12/14/2005 11:02:32 PM S 2048 C:\WINDOWS\bootstat.dat

12/12/2005 11:49:34 PM H 54156 C:\WINDOWS\QTFont.qfn

10/25/2005 10:20:42 PM H 59556 C:\WINDOWS\Downloaded Program Files\Doremi.ttf

12/14/2005 11:02:42 PM H 12288 C:\WINDOWS\system32\config\default.LOG

12/14/2005 11:02:56 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG

12/14/2005 11:02:36 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG

12/14/2005 11:04:04 PM H 118784 C:\WINDOWS\system32\config\software.LOG

12/14/2005 11:03:00 PM H 1323008 C:\WINDOWS\system32\config\system.LOG

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49UZ8PIZ\desktop.ini

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8167S9Q3\desktop.ini

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G9YFO1IR\desktop.ini

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UFMB6VUH\desktop.ini

11/29/2005 7:58:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\81c63a88-2e4f-4c3a-b036-f3d6c453ea2b

11/29/2005 7:58:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred

12/14/2005 11:01:22 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...

Microsoft Corporation 8/29/2002 7:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

TOSHIBA Corp. 4/1/2003 8:17:14 PM 503808 C:\WINDOWS\SYSTEM32\HWSETUP.CPL

Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

Microsoft Corporation 2/20/2003 8:39:50 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl

TOSHIBA Corporation 1/22/2003 2:12:34 PM 884736 C:\WINDOWS\SYSTEM32\TPWRSAVE.CPL

Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 8/29/2002 5:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl

Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

12/3/2005 10:45:24 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...

4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

12/28/2004 8:48:34 PM 766 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

9/23/2005 10:41:20 AM 3365 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

12/3/2005 10:40:08 PM 1228 C:\Documents and Settings\Brandi\Application Data\AdobeDLM.log

4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\Brandi\Application Data\desktop.ini

12/3/2005 10:40:08 PM 0 C:\Documents and Settings\Brandi\Application Data\dm.ini

2/19/2004 8:23:14 AM 53464 C:\Documents and Settings\Brandi\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

{9ACDDC9B-79DD-453B-8FCF-E1090BB7BD84} = C:\WINDOWS\system32\_Z02656_.tmp.dll

{4ACBA77A-F129-45DC-A257-200666863E5F} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu

{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu

{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper

{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\system32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB}

MenuText = PC Confidential :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA}

ButtonText = PC Confidential : "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}

ButtonText = Research :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

ButtonText = AIM : C:\Program Files\AIM\aim.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

ButtonText = Real.com :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}

ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

Media Band = %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

00THotkey C:\WINDOWS\System32\00THotkey.exe

IgfxTray C:\WINDOWS\System32\igfxtray.exe

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe

PmProxy C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

TouchED C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

Pinger c:\toshiba\ivp\ism\pinger.exe /run

Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"

AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ctfmon.exe C:\WINDOWS\System32\ctfmon.exe

msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s

item HP Image Zone Fast Start

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s

item HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

location Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

location Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk

backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

location Startup

command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE

item reminder-ScanSoft Product Registration

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk

backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

location Startup

command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE

item reminder-ScanSoft Product Registration

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Virtual Bouncer.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk

backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup

location Startup

command C:\Program Files\VBouncer\VirtualBouncer.exe

item Virtual Bouncer

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk

backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup

location Startup

command C:\Program Files\VBouncer\VirtualBouncer.exe

item Virtual Bouncer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Webshots.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk

backup C:\WINDOWS\pss\Webshots.lnkStartup

location Startup

command C:\Program Files\Webshots\Launcher.exe /t

item Webshots

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk

backup C:\WINDOWS\pss\Webshots.lnkStartup

location Startup

command C:\Program Files\Webshots\Launcher.exe /t

item Webshots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\000StTHK

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item 000StTHK

hkey HKLM

command 000StTHK.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item 000StTHK

hkey HKLM

command 000StTHK.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2ZQLKP#2WLSCTL

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Mun8s0W

hkey HKLM

command C:\WINDOWS\System32\Mun8s0W.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Mun8s0W

hkey HKLM

command C:\WINDOWS\System32\Mun8s0W.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AGRSMMSG

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item AGRSMMSG

hkey HKLM

command AGRSMMSG.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item AGRSMMSG

hkey HKLM

command AGRSMMSG.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item aim

hkey HKCU

command C:\Program Files\AIM\aim.exe -cnetwait.odl

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item aim

hkey HKCU

command C:\Program Files\AIM\aim.exe -cnetwait.odl

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Apoint

hkey HKLM

command C:\Program Files\Apoint2K\Apoint.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Apoint

hkey HKLM

command C:\Program Files\Apoint2K\Apoint.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dsi

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dp-him

hkey HKLM

command C:\WINDOWS\System32\dp-him.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dp-him

hkey HKLM

command C:\WINDOWS\System32\dp-him.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ezShieldProtector for Px

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ezSP_Px

hkey HKLM

command C:\WINDOWS\System32\ezSP_Px.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ezSP_Px

hkey HKLM

command C:\WINDOWS\System32\ezSP_Px.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fash

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item fash

hkey HKLM

command C:\WINDOWS\fash.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item fash

hkey HKLM

command C:\WINDOWS\fash.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hFbl5wuD

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hFbl5wuD

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hFbl5wuD

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hpcmpmgr

hkey HKLM

command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hpcmpmgr

hkey HKLM

command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item iTunesHelper

hkey HKLM

command C:\Program Files\iTunes\iTunesHelper.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item iTunesHelper

hkey HKLM

command C:\Program Files\iTunes\iTunesHelper.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Money Express

hkey HKCU

command "C:\Program Files\Microsoft Money\System\Money Express.exe"

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Money Express

hkey HKCU

command "C:\Program Files\Microsoft Money\System\Money Express.exe"

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MsnMsgr

hkey HKCU

command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MsnMsgr

hkey HKCU

command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item mwsoemon

hkey HKLM

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item mwsoemon

hkey HKLM

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nyvxsc

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nyvxsc

hkey HKLM

command C:\WINDOWS\System32\nyvxsc.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nyvxsc

hkey HKLM

command C:\WINDOWS\System32\nyvxsc.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item RealPlay

hkey HKLM

command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item RealPlay

hkey HKLM

command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\stddgwkxyto

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item laesbpfl

hkey HKLM

command C:\WINDOWS\System32\laesbpfl.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item laesbpfl

hkey HKLM

command C:\WINDOWS\System32\laesbpfl.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item SNDMon

hkey HKLM

command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item SNDMon

hkey HKLM

command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TFNF5

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TFNF5

hkey HKLM

command TFNF5.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TFNF5

hkey HKLM

command TFNF5.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tpwrtray

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TPWRTRAY

hkey HKLM

command TPWRTRAY.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TPWRTRAY

hkey HKLM

command TPWRTRAY.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\z

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item z

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\z.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item z

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\z.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 0

bootini 0

services 0

startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

dontdisplaylastusername 0

legalnoticecaption

legalnoticetext

shutdownwithoutlogon 1

undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll

CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll

WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll

SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\System32\userinit.exe,

Shell = Explorer.exe

System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier

= WRLogonNTF.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif

= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.

Scan completed on 12/15/2005 2:17:24 AM

Link to post
Share on other sites

hi Shaun,

Well it seems that you may not have been totaly clean after all. Sometimes it's hard to figure out what kind of infections we are dealing with, because they can hide themselves well with other signs of infections.

Download the Hoster Here

Please do not use program yet

Unzip Hoster to your desktop

Next,

Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exeSave it to your desktop.
Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
You need an active Internet Connection, so make sure your you're not blocking any connection now.
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

Open up the Hoster program.

  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program

Then reboot into safe mode and do a scan with WinPfind then post the new log by using Add Reply

Edited by Dragon
Link to post
Share on other sites

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600

Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

qoologic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT

urllogic 12/8/2005 6:21:08 PM 11975885 C:\AVG7QT.DAT

UPX! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

FSG! 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

Umonitor 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

SAHAgent 7/2/2004 7:27:38 AM HS 518901760 C:\hiberfil.sys

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...

PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc

PEC2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll

PECompact2 8/9/2005 5:14:00 PM 692736 C:\WINDOWS\SYSTEM32\DivX.dll

abetterinternet.com 4/30/2004 2:29:10 PM H 12154 C:\WINDOWS\SYSTEM32\fiz0

PTech 4/30/2004 1:00:38 PM H 3066522 C:\WINDOWS\SYSTEM32\kyf.dat

PTech 8/3/2005 9:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL

UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com

abetterinternet.com 4/30/2004 2:35:34 PM H 236445 C:\WINDOWS\SYSTEM32\log.bak.txt

PECompact2 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe

aspack 9/8/2005 8:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe

UPX! 8/22/2001 7:00:00 PM 86030 C:\WINDOWS\SYSTEM32\msdjgk.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll

UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe

WinShutDown 12/9/2005 2:32:12 PM 341 C:\WINDOWS\SYSTEM32\test.txt

winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002644_.tmp.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002795_.tmp.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_002855_.tmp.dll

Umonitor 8/29/2002 7:00:00 AM 631808 C:\WINDOWS\SYSTEM32\_004990_.tmp.dll

Checking %System%\Drivers folder and sub-folders...

UPX! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

FSG! 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

PEC2 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

aspack 12/8/2005 6:16:00 PM 749600 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...

12/15/2005 11:48:42 PM S 2048 C:\WINDOWS\bootstat.dat

12/15/2005 9:00:52 PM H 54156 C:\WINDOWS\QTFont.qfn

10/25/2005 10:20:42 PM H 59556 C:\WINDOWS\Downloaded Program Files\Doremi.ttf

12/15/2005 11:48:52 PM H 12288 C:\WINDOWS\system32\config\default.LOG

12/15/2005 11:49:04 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG

12/15/2005 11:48:46 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG

12/15/2005 11:50:10 PM H 98304 C:\WINDOWS\system32\config\software.LOG

12/15/2005 11:49:06 PM H 1310720 C:\WINDOWS\system32\config\system.LOG

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\49UZ8PIZ\desktop.ini

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8167S9Q3\desktop.ini

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G9YFO1IR\desktop.ini

10/24/2005 6:09:16 PM HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UFMB6VUH\desktop.ini

11/29/2005 7:58:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\81c63a88-2e4f-4c3a-b036-f3d6c453ea2b

11/29/2005 7:58:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred

12/15/2005 11:47:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...

Microsoft Corporation 8/29/2002 7:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl

TOSHIBA Corp. 4/1/2003 8:17:14 PM 503808 C:\WINDOWS\SYSTEM32\HWSETUP.CPL

Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl

Microsoft Corporation 2/20/2003 8:39:50 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl

Microsoft Corporation 8/29/2002 7:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl

TOSHIBA Corporation 1/22/2003 2:12:34 PM 884736 C:\WINDOWS\SYSTEM32\TPWRSAVE.CPL

Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl

Microsoft Corporation 8/29/2002 5:41:00 AM 208896 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl

Intel Corporation 4/7/2003 2:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

12/3/2005 10:45:24 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...

4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

12/28/2004 8:48:34 PM 766 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

9/23/2005 10:41:20 AM 3365 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...

4/29/2003 12:08:10 PM HS 84 C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...

12/3/2005 10:40:08 PM 1228 C:\Documents and Settings\Brandi\Application Data\AdobeDLM.log

4/29/2003 4:58:02 AM HS 62 C:\Documents and Settings\Brandi\Application Data\desktop.ini

12/3/2005 10:40:08 PM 0 C:\Documents and Settings\Brandi\Application Data\dm.ini

2/19/2004 8:23:14 AM 53464 C:\Documents and Settings\Brandi\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

{9ACDDC9B-79DD-453B-8FCF-E1090BB7BD84} = C:\WINDOWS\system32\_Z02656_.tmp.dll

{4ACBA77A-F129-45DC-A257-200666863E5F} =

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu

{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With

{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}

Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu

{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper

{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu

{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files

{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing

{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}

= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}

= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

=

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\system32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{53F6FCCD-9E22-4d71-86EA-6E43136192AB}

MenuText = PC Confidential :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{925DAB62-F9AC-4221-806A-057BFB1014AA}

ButtonText = PC Confidential : "C:\Program Files\Winferno\PC Confidential\PCConfidential.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}

ButtonText = Research :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

ButtonText = AIM : C:\Program Files\AIM\aim.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

ButtonText = Real.com :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}

ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}

Media Band = %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}

=

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}

History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser

{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll

{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

00THotkey C:\WINDOWS\System32\00THotkey.exe

IgfxTray C:\WINDOWS\System32\igfxtray.exe

HotKeysCmds C:\WINDOWS\System32\hkcmd.exe

PmProxy C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe

TouchED C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

Pinger c:\toshiba\ivp\ism\pinger.exe /run

Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

ezShieldProtector for Px C:\WINDOWS\System32\ezSP_Px.exe

TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"

AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

ctfmon.exe C:\WINDOWS\System32\ctfmon.exe

msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

AIM C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

item HP Digital Imaging Monitor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s

item HP Image Zone Fast Start

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk

backup C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s

item HP Image Zone Fast Start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

location Common Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

location Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk

backup C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup

location Startup

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE

item MyWebSearch Email Plugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk

backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

location Startup

command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE

item reminder-ScanSoft Product Registration

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\reminder-ScanSoft Product Registration.lnk

backup C:\WINDOWS\pss\reminder-ScanSoft Product Registration.lnkStartup

location Startup

command C:\PROGRA~1\KAI'SP~1\EREG\US\REMIND32.EXE

item reminder-ScanSoft Product Registration

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Virtual Bouncer.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk

backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup

location Startup

command C:\Program Files\VBouncer\VirtualBouncer.exe

item Virtual Bouncer

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Virtual Bouncer.lnk

backup C:\WINDOWS\pss\Virtual Bouncer.lnkStartup

location Startup

command C:\Program Files\VBouncer\VirtualBouncer.exe

item Virtual Bouncer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Brandi^Start Menu^Programs^Startup^Webshots.lnk

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk

backup C:\WINDOWS\pss\Webshots.lnkStartup

location Startup

command C:\Program Files\Webshots\Launcher.exe /t

item Webshots

path C:\Documents and Settings\Brandi\Start Menu\Programs\Startup\Webshots.lnk

backup C:\WINDOWS\pss\Webshots.lnkStartup

location Startup

command C:\Program Files\Webshots\Launcher.exe /t

item Webshots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\000StTHK

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item 000StTHK

hkey HKLM

command 000StTHK.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item 000StTHK

hkey HKLM

command 000StTHK.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2ZQLKP#2WLSCTL

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Mun8s0W

hkey HKLM

command C:\WINDOWS\System32\Mun8s0W.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Mun8s0W

hkey HKLM

command C:\WINDOWS\System32\Mun8s0W.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AGRSMMSG

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item AGRSMMSG

hkey HKLM

command AGRSMMSG.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item AGRSMMSG

hkey HKLM

command AGRSMMSG.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item aim

hkey HKCU

command C:\Program Files\AIM\aim.exe -cnetwait.odl

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item aim

hkey HKCU

command C:\Program Files\AIM\aim.exe -cnetwait.odl

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Apoint

hkey HKLM

command C:\Program Files\Apoint2K\Apoint.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Apoint

hkey HKLM

command C:\Program Files\Apoint2K\Apoint.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dsi

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dp-him

hkey HKLM

command C:\WINDOWS\System32\dp-him.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item dp-him

hkey HKLM

command C:\WINDOWS\System32\dp-him.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ezShieldProtector for Px

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ezSP_Px

hkey HKLM

command C:\WINDOWS\System32\ezSP_Px.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item ezSP_Px

hkey HKLM

command C:\WINDOWS\System32\ezSP_Px.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fash

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item fash

hkey HKLM

command C:\WINDOWS\fash.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item fash

hkey HKLM

command C:\WINDOWS\fash.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hFbl5wuD

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hFbl5wuD

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hFbl5wuD

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\hFbl5wuD.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hpcmpmgr

hkey HKLM

command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item hpcmpmgr

hkey HKLM

command "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item iTunesHelper

hkey HKLM

command C:\Program Files\iTunes\iTunesHelper.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item iTunesHelper

hkey HKLM

command C:\Program Files\iTunes\iTunesHelper.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Money Express

hkey HKCU

command "C:\Program Files\Microsoft Money\System\Money Express.exe"

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item Money Express

hkey HKCU

command "C:\Program Files\Microsoft Money\System\Money Express.exe"

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MsnMsgr

hkey HKCU

command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item MsnMsgr

hkey HKCU

command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item mwsoemon

hkey HKLM

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item mwsoemon

hkey HKLM

command C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nyvxsc

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nyvxsc

hkey HKLM

command C:\WINDOWS\System32\nyvxsc.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item nyvxsc

hkey HKLM

command C:\WINDOWS\System32\nyvxsc.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item qttask

hkey HKLM

command "C:\Program Files\QuickTime\qttask.exe" -atboottime

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RealTray

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item RealPlay

hkey HKLM

command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item RealPlay

hkey HKLM

command C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\stddgwkxyto

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item laesbpfl

hkey HKLM

command C:\WINDOWS\System32\laesbpfl.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item laesbpfl

hkey HKLM

command C:\WINDOWS\System32\laesbpfl.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item SNDMon

hkey HKLM

command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item SNDMon

hkey HKLM

command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TFNF5

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TFNF5

hkey HKLM

command TFNF5.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TFNF5

hkey HKLM

command TFNF5.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tpwrtray

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TPWRTRAY

hkey HKLM

command TPWRTRAY.EXE

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item TPWRTRAY

hkey HKLM

command TPWRTRAY.EXE

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\z

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item z

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\z.exe

inimapping 0

key SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item z

hkey HKLM

command C:\documents and settings\brandi\local settings\temp\z.exe

inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

system.ini 0

win.ini 0

bootini 0

services 0

startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =

{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

dontdisplaylastusername 0

legalnoticecaption

legalnoticetext

shutdownwithoutlogon 1

undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll

CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll

WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll

SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\System32\userinit.exe,

Shell = Explorer.exe

System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier

= WRLogonNTF.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif

= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path

Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.

Scan completed on 12/16/2005 3:43:15 AM

Link to post
Share on other sites

ok, looking better, just a couple of deletions and you should be good to go.

Click Here to download TheKillbox. Extract TheKillBox.exe from the zip file and double click it to open it up. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking the button that has the red circle with a white X in it, after each one:

C:\WINDOWS\SYSTEM32\fiz0

C:\WINDOWS\SYSTEM32\locate.com

C:\WINDOWS\SYSTEM32\log.bak.txt

C:\WINDOWS\SYSTEM32\_002644_.tmp.dll

C:\WINDOWS\SYSTEM32\_002795_.tmp.dll

C:\WINDOWS\SYSTEM32\_002855_.tmp.dll

C:\WINDOWS\SYSTEM32\_004990_.tmp.dll

Click 'Exit' when done.

Note: If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run: http://www.javacoolsoftware.net/downloads/...ngfilesetup.exe. Then try TheKillbox again.

Link to post
Share on other sites

Thanks so much...things seem to be working properly now as far as i can tell...boot up time seems a little slow...but i havent tried since running killbox. anything else i should do? besides keep my wife from clicking IM links about checking out pictures...

Link to post
Share on other sites

If you click on start>all program>Accesories>system tools>and run Disk Cleanupyou can also help speed up the boot time.

As I stated before sometimes we don't know there are hidden issues until we dig a little deeper. I decided to go deeper when you were still having issues, but your Hijcak this log was clean.

the infections I instructed you to remove were hidden by your original problem, so we didn't know to look for it.

Below are some steps to help keep your system safe, I highly recommend that you seriously contemplate looking over these. Also have your wife read Tony Kleins article "how did I get infected", this is something that can benefit both of you so that you have a safe and enjoyable internet experience.

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.

Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

Restrict the actions of potentially dangerous sites in Internet Explorer.

Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.

1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox firefox.gif.

2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the programs tha we had you download if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats. :spoton:

Edited by Dragon
Link to post
Share on other sites

hey dragon,

I'm about to run disk cleanup but my boot time is really bad...like 5min. not exxagerating...use to take maybe 1.5-2max. after the windows load screen where the little green bar scrolls the screen goes black and pauses for about 2min. then goes to the windows log on. i have added one startup program, being spy s&d teatimer starts up but i dont think that should cause the boot time length. any help?

Link to post
Share on other sites
Hi Shaun,

just wanting to follow up after we talked in Chat, How is your boot time?? any problems???

hey dragon,

I tried to do the disk cleanup and i let it run for over a day and a half and it never got past the "calculating space that will be saved" part of the run. On the bottom of the window is said "compress old files" but it had 2 bars in the progress thing and never moved since it started. Not sure why its not working? any help? i tried to come into the chat room you werent there...

thanks,

Shaun

Link to post
Share on other sites

Hi Shaun,

Sorry I wasn't on when you popped into chat lastnight, I was watching the Packers game.

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).

Set the program up as follows:

Click "Options..."

Move the arrow down to "Custom CleanUp!"

Put a check next to the following (Make sure nothing else is checked!):

  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users

Click OK

Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click YES.

after reboot, let us know how your system is workin.

Link to post
Share on other sites

hey Dragon,

things seem to be running better...to let you know i also had to do something with deleting the old cache for the disk cleanup and i got it to run then...but thanks again...things seem to be working better...thanks again!

~Shaun

Link to post
Share on other sites
Guest
This topic is now closed to further replies.