Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Logfile


  • This topic is locked This topic is locked
16 replies to this topic

#1 tstein27

tstein27

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 24 February 2007 - 10:37 AM

I have been hijacked and have tried everything from many sites. I my Hosts file which has many entries that are obviouly bad, but they come right back. I have deleted the same enties from the registry., but am still having the same problems. Firefox seems to work OK but IE Explorer gets all kinds of redirects.
HELP

Logfile of HijackThis v1.99.1
Scan saved at 9:14:35 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472851093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472837546
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

BC AdBot (Login to Remove)

 


#2 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 24 February 2007 - 07:02 PM

• Start HijackThis, click "Open the Misc Tools section" and click "Open hosts file manger"
- Click "Open in Notepad"
- Copy and paste the contents in your next reply.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#3 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 25 February 2007 - 08:41 AM

I went through and deleted all but localhost. but they came back.

Thanks




127.0.0.1 localhost #***Inserted
# Copyright © 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch #SpySweeperCASS
127.0.0.1 \blank.htm #SpySweeperCASS
127.0.0.1 http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm #SpySweeperCASS
127.0.0.1 http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm #SpySweeperCASS
127.0.0.1 http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome #SpySweeperCASS
127.0.0.1 endmatch.com #SpySweeperCASS
127.0.0.1 www.startmatch #SpySweeperCASS
127.0.0.1 www.exactmatch.com #SpySweeperCASS
127.0.0.1 partialmatch #SpySweeperCASS
127.0.0.1 besstsearchs.com #SpySweeperCASS
127.0.0.1 0websearch.com #SpySweeperCASS
127.0.0.1 123mania.com #SpySweeperCASS
127.0.0.1 popuptoast.com #SpySweeperCASS
127.0.0.1 2020search #SpySweeperCASS
127.0.0.1 zestyfind.com #SpySweeperCASS
127.0.0.1 dev.ntcor #SpySweeperCASS
127.0.0.1 allways4u.com #SpySweeperCASS
127.0.0.1 yeak.net #SpySweeperCASS
127.0.0.1 begin2search.com #SpySweeperCASS
127.0.0.1 %62%69%67%62%72%2e%63%63 #SpySweeperCASS
127.0.0.1 \sb.htm #SpySweeperCASS
127.0.0.1 myfunstart.com #SpySweeperCASS
127.0.0.1 blazefind.com #SpySweeperCASS
127.0.0.1 blowsearch.com #SpySweeperCASS
127.0.0.1 left.html #SpySweeperCASS
127.0.0.1 startium.com #SpySweeperCASS
127.0.0.1 buldog-search.com #SpySweeperCASS
127.0.0.1 couldnotfind.com #SpySweeperCASS
127.0.0.1 cashsurfers.com #SpySweeperCASS
127.0.0.1 clickbank.net #SpySweeperCASS
127.0.0.1 comet #SpySweeperCASS
127.0.0.1 commonname #SpySweeperCASS
127.0.0.1 crackspider.net #SpySweeperCASS
127.0.0.1 klounada.com #SpySweeperCASS
127.0.0.1 213.159.117.134 #SpySweeperCASS
127.0.0.1 31234.com #SpySweeperCASS
127.0.0.1 4-counter.com #SpySweeperCASS
127.0.0.1 8ad #SpySweeperCASS
127.0.0.1 about-blank.ws #SpySweeperCASS
127.0.0.1 %2e%44%4c%4c/%73%70%2e%68%74%6d%6c #SpySweeperCASS
127.0.0.1 %2e%64%6c%6c/%73%70%2e%68%74%6d%6c #SpySweeperCASS
127.0.0.1 about:navigationfailure #SpySweeperCASS
127.0.0.1 aifind.inf #SpySweeperCASS
127.0.0.1 alfa-search #SpySweeperCASS
127.0.0.1 search-all.net #SpySweeperCASS
127.0.0.1 all-find.net #SpySweeperCASS
127.0.0.1 allcybersearch.com #SpySweeperCASS
127.0.0.1 allhyperlinks #SpySweeperCASS
127.0.0.1 allneedsearch.com #SpySweeperCASS
127.0.0.1 any-find.com #SpySweeperCASS
127.0.0.1 awebfind.biz #SpySweeperCASS
127.0.0.1 69.50.191.52 #SpySweeperCASS
127.0.0.1 69.50.191.50 #SpySweeperCASS
127.0.0.1 cashsearch.biz #SpySweeperCASS
127.0.0.1 213.159.117.132 #SpySweeperCASS
127.0.0.1 coolsearch.biz #SpySweeperCASS
127.0.0.1 coolwwwsearch #SpySweeperCASS
127.0.0.1 %77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%61%72%63%68%2e%63%6f%6d/%7a/%63/%78%31%2e%63%67%69?%36%35%36%33%38%37 #SpySweeperCASS
127.0.0.1 count-all #SpySweeperCASS
127.0.0.1 countere.com #SpySweeperCASS
127.0.0.1 devilsbleep.com #SpySweeperCASS
127.0.0.1 directwebsearch.net #SpySweeperCASS
127.0.0.1 dorkodrom.com #SpySweeperCASS
127.0.0.1 %77%77%77%2e%65%2d%66%69%6e%64%65%72%2e%63%63 #SpySweeperCASS
127.0.0.1 %65%68%74%74%70%2e%63%63 #SpySweeperCASS
127.0.0.1 ehttp.cc #SpySweeperCASS
127.0.0.1 %65%68%74%74%70%2e%63%63/? #SpySweeperCASS
127.0.0.1 enjoysearch.info #SpySweeperCASS
127.0.0.1 fastwebfinder #SpySweeperCASS
127.0.0.1 find-itnow #SpySweeperCASS
127.0.0.1 find4u.net #SpySweeperCASS
127.0.0.1 find-online.net #SpySweeperCASS
127.0.0.1 gonnasearch.com #SpySweeperCASS
127.0.0.1 hand-book.com #SpySweeperCASS
127.0.0.1 solongas.com #SpySweeperCASS
127.0.0.1 idgsearch #SpySweeperCASS
127.0.0.1 isearch.com #SpySweeperCASS
127.0.0.1 jetseeker #SpySweeperCASS
127.0.0.1 jksearch.biz #SpySweeperCASS
127.0.0.1 www.terra.es/personal7/korona01 #SpySweeperCASS
127.0.0.1 line-plus.com #SpySweeperCASS
127.0.0.1 lookfor.cc #SpySweeperCASS
127.0.0.1 magicsearch.ws #SpySweeperCASS
127.0.0.1 motor-search.info #SpySweeperCASS
127.0.0.1 res://mshp.dll #SpySweeperCASS
127.0.0.1 %61%69%64= #SpySweeperCASS
127.0.0.1 my.search #SpySweeperCASS
127.0.0.1 %31%2d%73%65%2e%63%6f%6d/%68%6f%6d%65%2e%68%74%6d%6c #SpySweeperCASS
127.0.0.1 my-find.com #SpySweeperCASS
127.0.0.1 %6e%6b%76%64%2e%75%73 #SpySweeperCASS
127.0.0.1 nkvd.us #SpySweeperCASS
127.0.0.1 .dll/index.htm #SpySweeperCASS
127.0.0.1 .dll/sp.htm #SpySweeperCASS
127.0.0.1 omega-search.com #SpySweeperCASS
127.0.0.1 on-search.com #SpySweeperCASS
127.0.0.1 perfect-search #SpySweeperCASS
127.0.0.1 power-search.info #SpySweeperCASS
127.0.0.1 rightfinder #SpySweeperCASS
127.0.0.1 search-space.com/ #SpySweeperCASS
127.0.0.1 search123.biz #SpySweeperCASS
127.0.0.1 searchdot #SpySweeperCASS
127.0.0.1 searchforge.com #SpySweeperCASS
127.0.0.1 searchmyrequest.com #SpySweeperCASS
127.0.0.1 \searchpage.html #SpySweeperCASS
127.0.0.1 \homepage.htm #SpySweeperCASS
127.0.0.1 searchportal.info #SpySweeperCASS
127.0.0.1 searchv #SpySweeperCASS
127.0.0.1 searchxp.com #SpySweeperCASS
127.0.0.1 sexkot.com #SpySweeperCASS
127.0.0.1 slawsearch #SpySweeperCASS
127.0.0.1 smart-finder #SpySweeperCASS
127.0.0.1 smartsearch.ws #SpySweeperCASS
127.0.0.1 \sp.html #SpySweeperCASS
127.0.0.1 stopxxxpics #SpySweeperCASS
127.0.0.1 super-spider.com #SpySweeperCASS
127.0.0.1 surfast #SpySweeperCASS
127.0.0.1 t.rack.cc #SpySweeperCASS
127.0.0.1 thebestse.com #SpySweeperCASS
127.0.0.1 thenewsearch.com #SpySweeperCASS
127.0.0.1 therealsearch.com #SpySweeperCASS
127.0.0.1 tinybar.com #SpySweeperCASS
127.0.0.1 tooncomics #SpySweeperCASS
127.0.0.1 topotun.com #SpySweeperCASS
127.0.0.1 out.true-counter #SpySweeperCASS
127.0.0.1 umaxsearch #SpySweeperCASS
127.0.0.1 vrape.hardloved #SpySweeperCASS
127.0.0.1 web--search.com #SpySweeperCASS
127.0.0.1 http://webcoolsearch.com/ #SpySweeperCASS
127.0.0.1 webcounter #SpySweeperCASS
127.0.0.1 win-eto.com #SpySweeperCASS
127.0.0.1 windowws.cc #SpySweeperCASS
127.0.0.1 xrenoder.com #SpySweeperCASS
127.0.0.1 http:/// #SpySweeperCASS
127.0.0.1 xwebsearch.biz #SpySweeperCASS
127.0.0.1 yellow-pages.ws #SpySweeperCASS
127.0.0.1 your-search.info #SpySweeperCASS
127.0.0.1 your-searcher.com #SpySweeperCASS
127.0.0.1 yourbookmarks.ws #SpySweeperCASS
127.0.0.1 youriskalka.com #SpySweeperCASS
127.0.0.1 yoursearcher.com #SpySweeperCASS
127.0.0.1 teensfestival.com #SpySweeperCASS
127.0.0.1 smartbotpro.net #SpySweeperCASS
127.0.0.1 default-homepage-network #SpySweeperCASS
127.0.0.1 desktoptraffic.net #SpySweeperCASS
127.0.0.1 findthewebsiteyouneed.com #SpySweeperCASS
127.0.0.1 drusearch.com #SpySweeperCASS
127.0.0.1 easy-search.biz #SpySweeperCASS
127.0.0.1 searchmiracle.com #SpySweeperCASS
127.0.0.1 ezcybersearch.com #SpySweeperCASS
127.0.0.1 fastlook.net #SpySweeperCASS
127.0.0.1 find-everything.com #SpySweeperCASS
127.0.0.1 findwhatevernow.com #SpySweeperCASS
127.0.0.1 freednshost.info #SpySweeperCASS
127.0.0.1 freednshost.inf #SpySweeperCASS
127.0.0.1 213.159.118.226/sp.php #SpySweeperCASS
127.0.0.1 freeonlinegames.com #SpySweeperCASS
127.0.0.1 xzoomy.com #SpySweeperCASS
127.0.0.1 dashbar.com #SpySweeperCASS
127.0.0.1 hotwebsearch.com #SpySweeperCASS
127.0.0.1 bigwebportal.com #SpySweeperCASS
127.0.0.1 heretofind.com #SpySweeperCASS
127.0.0.1 \spe\start. #SpySweeperCASS
127.0.0.1 hotbar.com #SpySweeperCASS
127.0.0.1 hotsearchbox.com #SpySweeperCASS
127.0.0.1 drsnsrch.com #SpySweeperCASS
127.0.0.1 ieplugin.com #SpySweeperCASS
127.0.0.1 find-on-the-net.com #SpySweeperCASS
127.0.0.1 click2findnow #SpySweeperCASS
127.0.0.1 i-lookup.com #SpySweeperCASS
127.0.0.1 spidersearch.com #SpySweeperCASS
127.0.0.1 iwantsearch.com #SpySweeperCASS
127.0.0.1 sexchoice.come.to #SpySweeperCASS
127.0.0.1 locators.com #SpySweeperCASS
127.0.0.1 kornexout.seriexxx.com #SpySweeperCASS
127.0.0.1 allaboutsearching.com #SpySweeperCASS
127.0.0.1 amazingautossearch.com #SpySweeperCASS
127.0.0.1 contexualsearch.com #SpySweeperCASS
127.0.0.1 look-today.com #SpySweeperCASS
127.0.0.1 lop.com #SpySweeperCASS
127.0.0.1 mysearchnow #SpySweeperCASS
127.0.0.1 prosearching.com #SpySweeperCASS
127.0.0.1 sckr.com #SpySweeperCASS
127.0.0.1 search200.com #SpySweeperCASS
127.0.0.1 searchexe.com #SpySweeperCASS
127.0.0.1 searchweb2.com #SpySweeperCASS
127.0.0.1 tfil.com #SpySweeperCASS
127.0.0.1 wabu #SpySweeperCASS
127.0.0.1 martfinder.com #SpySweeperCASS
127.0.0.1 65.75.143.119 #SpySweeperCASS
127.0.0.1 microsoit.com #SpySweeperCASS
127.0.0.1 netspry #SpySweeperCASS
127.0.0.1 new-search.info #SpySweeperCASS
127.0.0.1 orbitexplorer.com #SpySweeperCASS
127.0.0.1 popnav.com #SpySweeperCASS
127.0.0.1 searchnav.com #SpySweeperCASS
127.0.0.1 portalsearching #SpySweeperCASS
127.0.0.1 bluezipper.com #SpySweeperCASS
127.0.0.1 s-redirect.com #SpySweeperCASS
127.0.0.1 richfind.com #SpySweeperCASS
127.0.0.1 searchenhancement.com #SpySweeperCASS
127.0.0.1 windowenhancer.com #SpySweeperCASS
127.0.0.1 smartestsearch.com #SpySweeperCASS
127.0.0.1 search-dot.com #SpySweeperCASS
127.0.0.1 search-instructor.com #SpySweeperCASS
127.0.0.1 searchant.com #SpySweeperCASS
127.0.0.1 e-plus.cc #SpySweeperCASS
127.0.0.1 \searchbar.htm #SpySweeperCASS
127.0.0.1 privacyapi32=x292.htm #SpySweeperCASS
127.0.0.1 if.searchcentrix.com #SpySweeperCASS
127.0.0.1 search-exe.com #SpySweeperCASS
127.0.0.1 searchforit.com #SpySweeperCASS
127.0.0.1 searchhere #SpySweeperCASS
127.0.0.1 thesearchmall.com #SpySweeperCASS
127.0.0.1 searchmeup.com #SpySweeperCASS
127.0.0.1 searchmeup.cc #SpySweeperCASS
127.0.0.1 search-o-matic.mygeek.com #SpySweeperCASS
127.0.0.1 searchtraffic.com #SpySweeperCASS
127.0.0.1 searchwww.com #SpySweeperCASS
127.0.0.1 secure.html #SpySweeperCASS
127.0.0.1 securea.html #SpySweeperCASS
127.0.0.1 seekseek.com #SpySweeperCASS
127.0.0.1 seeq.com #SpySweeperCASS
127.0.0.1 slotch.com #SpySweeperCASS
127.0.0.1 myexexex.com #SpySweeperCASS
127.0.0.1 spad/start.html #SpySweeperCASS
127.0.0.1 spedia.net #SpySweeperCASS
127.0.0.1 sqwire.com #SpySweeperCASS
127.0.0.1 shopnav #SpySweeperCASS
127.0.0.1 srng.net #SpySweeperCASS
127.0.0.1 startnow.com #SpySweeperCASS
127.0.0.1 pages2start.com #SpySweeperCASS
127.0.0.1 iquicksearch #SpySweeperCASS
127.0.0.1 quickpage/portal/portal.html #SpySweeperCASS
127.0.0.1 plus18point #SpySweeperCASS
127.0.0.1 startportal #SpySweeperCASS
127.0.0.1 marketdart.com #SpySweeperCASS
127.0.0.1 shopforgood.com #SpySweeperCASS
127.0.0.1 topfivesearch.com #SpySweeperCASS
127.0.0.1 makemesearch.com #SpySweeperCASS
127.0.0.1 file://c:\winnt\system32\sb.htm #SpySweeperCASS
127.0.0.1 ramgo.com #SpySweeperCASS
127.0.0.1 venusseek.com #SpySweeperCASS
127.0.0.1 selfsearch.biz #SpySweeperCASS
127.0.0.1 webfile.com #SpySweeperCASS
127.0.0.1 web-by-search.com #SpySweeperCASS
127.0.0.1 seekerbar.com #SpySweeperCASS
127.0.0.1 websearch.com #SpySweeperCASS
127.0.0.1 toolbar.dll #SpySweeperCASS
127.0.0.1 wmmse.com #SpySweeperCASS
127.0.0.1 worldnetsearch.org #SpySweeperCASS
127.0.0.1 wowsearch.org #SpySweeperCASS
127.0.0.1 xupiter #SpySweeperCASS
127.0.0.1 searchxl.com #SpySweeperCASS
127.0.0.1 znext.com #SpySweeperCASS
127.0.0.1 topsearchdog.com #SpySweeperCASS
127.0.0.1 bettersearch.biz #SpySweeperCASS
127.0.0.1 gigasearch.biz #SpySweeperCASS
127.0.0.1 huy-search.info #SpySweeperCASS
127.0.0.1 mysearch.cc #SpySweeperCASS
127.0.0.1 americlicks.com #SpySweeperCASS
127.0.0.1 mypoisk.com #SpySweeperCASS
127.0.0.1 seekwell.net #SpySweeperCASS
127.0.0.1 i--search.com #SpySweeperCASS
127.0.0.1 www.halflemon.com #SpySweeperCASS
127.0.0.1 shdocpe.dll #SpySweeperCASS
127.0.0.1 exactsearch.net #SpySweeperCASS
127.0.0.1 fastsearchweb.com #SpySweeperCASS
127.0.0.1 globaladserver.com #SpySweeperCASS
127.0.0.1 popupsearches.com #SpySweeperCASS
127.0.0.1 onlygoodsearch.com #SpySweeperCASS
127.0.0.1 specific911 #SpySweeperCASS
127.0.0.1 nonstopsearch.com #SpySweeperCASS
127.0.0.1 realsearch.cc #SpySweeperCASS
127.0.0.1 www.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.preferances.com #SpySweeperCASS
127.0.0.1 ad.doubleclick.com #SpySweeperCASS
127.0.0.1 ads.web.aol.com #SpySweeperCASS

127.0.0.1 ad.preferences.com #SpySweeperCASS
127.0.0.1 ad.washingtonpost.com #SpySweeperCASS
127.0.0.1 adpick.switchboard.com #SpySweeperCASS
127.0.0.1 ads.doubleclick.com #SpySweeperCASS
127.0.0.1 ads.infospace.com #SpySweeperCASS
127.0.0.1 ads.msn.com #SpySweeperCASS
127.0.0.1 ads.switchboard.com #SpySweeperCASS
127.0.0.1 ads.enliven.com #SpySweeperCASS
127.0.0.1 oz.valueclick.com #SpySweeperCASS
127.0.0.1 doubleclick.net #SpySweeperCASS
127.0.0.1 ads.doubleclick.net #SpySweeperCASS
127.0.0.1 ad2.doubleclick.net #SpySweeperCASS
127.0.0.1 ad3.doubleclick.net #SpySweeperCASS
127.0.0.1 ad4.doubleclick.net #SpySweeperCASS
127.0.0.1 ad5.doubleclick.net #SpySweeperCASS
127.0.0.1 ad6.doubleclick.net #SpySweeperCASS
127.0.0.1 ad7.doubleclick.net #SpySweeperCASS
127.0.0.1 ad8.doubleclick.net #SpySweeperCASS
127.0.0.1 ad9.doubleclick.net #SpySweeperCASS
127.0.0.1 ad10.doubleclick.net #SpySweeperCASS
127.0.0.1 ad11.doubleclick.net #SpySweeperCASS
127.0.0.1 ad12.doubleclick.net #SpySweeperCASS
127.0.0.1 ad13.doubleclick.net #SpySweeperCASS
127.0.0.1 ad14.doubleclick.net #SpySweeperCASS
127.0.0.1 ad15.doubleclick.net #SpySweeperCASS
127.0.0.1 ad16.doubleclick.net #SpySweeperCASS
127.0.0.1 ad17.doubleclick.net #SpySweeperCASS
127.0.0.1 ad18.doubleclick.net #SpySweeperCASS
127.0.0.1 ad19.doubleclick.net #SpySweeperCASS
127.0.0.1 ad20.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.ch.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.linkexchange.com #SpySweeperCASS
127.0.0.1 banner.linkexchange.com #SpySweeperCASS
127.0.0.1 ads*.focalink.com #SpySweeperCASS
127.0.0.1 ads.imdb.com #SpySweeperCASS
127.0.0.1 commonwealth.riddler.com #SpySweeperCASS
127.0.0.1 globaltrak.net #SpySweeperCASS
127.0.0.1 nrsite.com #SpySweeperCASS
127.0.0.1 www.nrsite.com #SpySweeperCASS
127.0.0.1 ad-up.com #SpySweeperCASS
127.0.0.1 ad.adsmart.net #SpySweeperCASS
127.0.0.1 ad.atlas.cz #SpySweeperCASS
127.0.0.1 ad.blm.net #SpySweeperCASS
127.0.0.1 ad.dogpile.com #SpySweeperCASS
127.0.0.1 ad.infoseek.com #SpySweeperCASS
127.0.0.1 ad.net-service.de #SpySweeperCASS
127.0.0.1 ad.vol.at #SpySweeperCASS
127.0.0.1 adbot.com #SpySweeperCASS
127.0.0.1 adbureau.net #SpySweeperCASS
127.0.0.1 adcount.hollywood.com #SpySweeperCASS
127.0.0.1 add.yaho.com #SpySweeperCASS
127.0.0.1 adex3.flycast.com #SpySweeperCASS
127.0.0.1 adforce.adtech.de #SpySweeperCASS
127.0.0.1 adforce.imgis.com #SpySweeperCASS
127.0.0.1 adimage.blm.net #SpySweeperCASS
127.0.0.1 adlink.deh.de #SpySweeperCASS
127.0.0.1 ads.criticalmass.com #SpySweeperCASS
127.0.0.1 ads.csi.emcweb.com #SpySweeperCASS
127.0.0.1 ads.filez.com #SpySweeperCASS
127.0.0.1 ads.imagine-inc.com #SpySweeperCASS
127.0.0.1 ads.jwtt3.com #SpySweeperCASS
127.0.0.1 ads.mirrormedia.co.uk #SpySweeperCASS
127.0.0.1 ads.narrowline.com #SpySweeperCASS
127.0.0.1 ads.newcitynet.com #SpySweeperCASS
127.0.0.1 ads.realcities.com #SpySweeperCASS
127.0.0.1 ads.realmedia.com #SpySweeperCASS
127.0.0.1 ads.tripod.com #SpySweeperCASS
127.0.0.1 ads.usatoday.com #SpySweeperCASS
127.0.0.1 ads.washingtonpost.com #SpySweeperCASS
127.0.0.1 ads.web.de #SpySweeperCASS
127.0.0.1 ads.web21.com #SpySweeperCASS
127.0.0.1 adserv.newcentury.net #SpySweeperCASS
127.0.0.1 adservant.guj.de #SpySweeperCASS
127.0.0.1 adservant.mediapoint.de #SpySweeperCASS
127.0.0.1 adserver-espnet.sportszone.com #SpySweeperCASS
127.0.0.1 advert.heise.de #SpySweeperCASS
127.0.0.1 banners.internetextra.com #SpySweeperCASS
127.0.0.1 bannerswap.com #SpySweeperCASS
127.0.0.1 dino.mainz.ibm.de #SpySweeperCASS
127.0.0.1 ganges.imagine-inc.com #SpySweeperCASS
127.0.0.1 globaltrack.com #SpySweeperCASS
127.0.0.1 207-87-18-203.wsmg.digex.net #SpySweeperCASS
127.0.0.1 garden.ngadcenter.net #SpySweeperCASS
127.0.0.1 ogilvy.ngadcenter.net #SpySweeperCASS
127.0.0.1 responsemedia-ad.flycast.com #SpySweeperCASS
127.0.0.1 suissa-ad.flycast.com #SpySweeperCASS
127.0.0.1 ugo.eu-adcenter.net #SpySweeperCASS
127.0.0.1 vnu.eu-adcenter.net #SpySweeperCASS
127.0.0.1 ad-adex3.flycast.com #SpySweeperCASS
127.0.0.1 ad.ca.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.de.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.fr.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.jp.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.linksynergy.com #SpySweeperCASS
127.0.0.1 ad.nl.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.no.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.sma.punto.net #SpySweeperCASS
127.0.0.1 ad.uk.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.webprovider.com #SpySweeperCASS
127.0.0.1 ad08.focalink.com #SpySweeperCASS
127.0.0.1 adcontroller.unicast.com #SpySweeperCASS
127.0.0.1 adcreatives.imaginemedia.com #SpySweeperCASS
127.0.0.1 adforce.ads.imgis.com #SpySweeperCASS
127.0.0.1 adfu.blockstackers.com #SpySweeperCASS
127.0.0.1 adimages.earthweb.com #SpySweeperCASS
127.0.0.1 adimg.egroups.com #SpySweeperCASS
127.0.0.1 admedia.xoom.com #SpySweeperCASS
127.0.0.1 adremote.pathfinder.com #SpySweeperCASS
127.0.0.1 ads.admaximize.com #SpySweeperCASS
127.0.0.1 ads.bfast.com #SpySweeperCASS
127.0.0.1 ads.clickhouse.com #SpySweeperCASS
127.0.0.1 ads.fairfax.com.au #SpySweeperCASS
127.0.0.1 ads.fool.com #SpySweeperCASS
127.0.0.1 ads.freshmeat.net #SpySweeperCASS
127.0.0.1 ads.hollywood.com #SpySweeperCASS
127.0.0.1 ads.i33.com #SpySweeperCASS
127.0.0.1 ads.infi.net #SpySweeperCASS
127.0.0.1 ads.link4ads.com #SpySweeperCASS
127.0.0.1 ads.lycos.com #SpySweeperCASS
127.0.0.1 ads.madison.com #SpySweeperCASS
127.0.0.1 ads.mediaodyssey.com #SpySweeperCASS
127.0.0.1 ads.ninemsn.com.au #SpySweeperCASS
127.0.0.1 ads.seattletimes.com #SpySweeperCASS
127.0.0.1 ads.smartclicks.com #SpySweeperCASS
127.0.0.1 ads.smartclicks.net #SpySweeperCASS
127.0.0.1 ads.sptimes.com #SpySweeperCASS
127.0.0.1 ads.x10.com #SpySweeperCASS
127.0.0.1 ads.xtra.co.nz #SpySweeperCASS
127.0.0.1 ads.zdnet.com #SpySweeperCASS
127.0.0.1 ads01.focalink.com #SpySweeperCASS
127.0.0.1 ads02.focalink.com #SpySweeperCASS
127.0.0.1 ads03.focalink.com #SpySweeperCASS
127.0.0.1 ads04.focalink.com #SpySweeperCASS
127.0.0.1 ads05.focalink.com #SpySweeperCASS
127.0.0.1 ads06.focalink.com #SpySweeperCASS
127.0.0.1 ads08.focalink.com #SpySweeperCASS
127.0.0.1 ads09.focalink.com #SpySweeperCASS
127.0.0.1 ads1.activeagent.at #SpySweeperCASS
127.0.0.1 ads10.focalink.com #SpySweeperCASS
127.0.0.1 ads11.focalink.com #SpySweeperCASS
127.0.0.1 ads12.focalink.com #SpySweeperCASS
127.0.0.1 ads14.focalink.com #SpySweeperCASS
127.0.0.1 ads16.focalink.com #SpySweeperCASS
127.0.0.1 ads17.focalink.com #SpySweeperCASS
127.0.0.1 ads18.focalink.com #SpySweeperCASS
127.0.0.1 ads19.focalink.com #SpySweeperCASS
127.0.0.1 ads2.zdnet.com #SpySweeperCASS
127.0.0.1 ads20.focalink.com #SpySweeperCASS
127.0.0.1 ads21.focalink.com #SpySweeperCASS
127.0.0.1 ads22.focalink.com #SpySweeperCASS
127.0.0.1 ads23.focalink.com #SpySweeperCASS
127.0.0.1 ads24.focalink.com #SpySweeperCASS
127.0.0.1 ads25.focalink.com #SpySweeperCASS
127.0.0.1 ads3.zdnet.com #SpySweeperCASS
127.0.0.1 ads5.gamecity.net #SpySweeperCASS
127.0.0.1 adserv.iafrica.com #SpySweeperCASS
127.0.0.1 adserv.quality-channel.de #SpySweeperCASS
127.0.0.1 adserver.dbusiness.com #SpySweeperCASS
127.0.0.1 adserver.garden.com #SpySweeperCASS
127.0.0.1 adserver.janes.com #SpySweeperCASS
127.0.0.1 adserver.merc.com #SpySweeperCASS
127.0.0.1 adserver.monster.com #SpySweeperCASS
127.0.0.1 adserver.track-star.com #SpySweeperCASS
127.0.0.1 adserver1.ogilvy-interactive.de #SpySweeperCASS
127.0.0.1 adtegrity.spinbox.net #SpySweeperCASS
127.0.0.1 antfarm-ad.flycast.com #SpySweeperCASS
127.0.0.1 au.ads.link4ads.com #SpySweeperCASS
127.0.0.1 banner.media-system.de #SpySweeperCASS
127.0.0.1 banner.orb.net #SpySweeperCASS
127.0.0.1 banner.relcom.ru #SpySweeperCASS
127.0.0.1 banners.easydns.com #SpySweeperCASS
127.0.0.1 banners.looksmart.com #SpySweeperCASS
127.0.0.1 banners.wunderground.com #SpySweeperCASS
127.0.0.1 barnesandnoble.bfast.com #SpySweeperCASS
127.0.0.1 beseenad.looksmart.com #SpySweeperCASS
127.0.0.1 bizad.nikkeibp.co.jp #SpySweeperCASS
127.0.0.1 bn.bfast.com #SpySweeperCASS
127.0.0.1 c3.xxxcounter.com #SpySweeperCASS
127.0.0.1 califia.imaginemedia.com #SpySweeperCASS
127.0.0.1 cds.mediaplex.com #SpySweeperCASS
127.0.0.1 click.avenuea.com #SpySweeperCASS
127.0.0.1 click.go2net.com #SpySweeperCASS
127.0.0.1 click.linksynergy.com #SpySweeperCASS
127.0.0.1 cookies.cmpnet.com #SpySweeperCASS
127.0.0.1 cornflakes.pathfinder.com #SpySweeperCASS
127.0.0.1 counter.hitbox.com #SpySweeperCASS
127.0.0.1 crux.songline.com #SpySweeperCASS
127.0.0.1 erie.smartage.com #SpySweeperCASS
127.0.0.1 etad.telegraph.co.uk #SpySweeperCASS
127.0.0.1 fp.valueclick.com #SpySweeperCASS
127.0.0.1 gadgeteer.pdamart.com #SpySweeperCASS
127.0.0.1 gm.preferences.com #SpySweeperCASS
127.0.0.1 gp.dejanews.com #SpySweeperCASS
127.0.0.1 hg1.hitbox.com #SpySweeperCASS
127.0.0.1 image.click2net.com #SpySweeperCASS
127.0.0.1 image.eimg.com #SpySweeperCASS
127.0.0.1 images2.nytimes.com #SpySweeperCASS
127.0.0.1 jobkeys.ngadcenter.net #SpySweeperCASS
127.0.0.1 kansas.valueclick.com #SpySweeperCASS
127.0.0.1 leader.linkexchange.com #SpySweeperCASS
127.0.0.1 liquidad.narrowcastmedia.com #SpySweeperCASS
127.0.0.1 ln.doubleclick.net #SpySweeperCASS
127.0.0.1 m.doubleclick.net #SpySweeperCASS
127.0.0.1 macaddictads.snv.futurenet.com #SpySweeperCASS
127.0.0.1 maximumpcads.imaginemedia.com #SpySweeperCASS
127.0.0.1 media.preferences.com #SpySweeperCASS
127.0.0.1 mercury.rmuk.co.uk #SpySweeperCASS
127.0.0.1 mojofarm.sjc.mediaplex.com #SpySweeperCASS
127.0.0.1 nbc.adbureau.net #SpySweeperCASS
127.0.0.1 newads.cmpnet.com #SpySweeperCASS
127.0.0.1 ng3.ads.warnerbros.com #SpySweeperCASS
127.0.0.1 ngads.smartage.com #SpySweeperCASS
127.0.0.1 nsads.hotwired.com #SpySweeperCASS
127.0.0.1 ntbanner.digitalriver.com #SpySweeperCASS
127.0.0.1 ph-ad05.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad07.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad16.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad17.focalink.com #SpySweeperCASS
127.0.0.1 ph-ad18.focalink.com #SpySweeperCASS
127.0.0.1 realads.realmedia.com #SpySweeperCASS
127.0.0.1 redherring.ngadcenter.net #SpySweeperCASS
127.0.0.1 redirect.click2net.com #SpySweeperCASS
127.0.0.1 retaildirect.realmedia.com #SpySweeperCASS
127.0.0.1 s2.focalink.com #SpySweeperCASS
127.0.0.1 sh4sure-images.adbureau.net #SpySweeperCASS
127.0.0.1 spin.spinbox.net #SpySweeperCASS
127.0.0.1 static.admaximize.com #SpySweeperCASS
127.0.0.1 stats.superstats.com #SpySweeperCASS
127.0.0.1 sview.avenuea.com #SpySweeperCASS
127.0.0.1 thinknyc.eu-adcenter.net #SpySweeperCASS
127.0.0.1 tracker.clicktrade.com #SpySweeperCASS
127.0.0.1 tsms-ad.tsms.com #SpySweeperCASS
127.0.0.1 v0.extreme-dm.com #SpySweeperCASS
127.0.0.1 v1.extreme-dm.com #SpySweeperCASS
127.0.0.1 van.ads.link4ads.com #SpySweeperCASS
127.0.0.1 view.accendo.com #SpySweeperCASS
127.0.0.1 view.avenuea.com #SpySweeperCASS
127.0.0.1 w113.hitbox.com #SpySweeperCASS
127.0.0.1 w25.hitbox.com #SpySweeperCASS
127.0.0.1 web2.deja.com #SpySweeperCASS
127.0.0.1 webads.bizservers.com #SpySweeperCASS
127.0.0.1 www.postmasterbannernet.com #SpySweeperCASS
127.0.0.1 www.ad-up.com #SpySweeperCASS
127.0.0.1 www.admex.com #SpySweeperCASS
127.0.0.1 www.alladvantage.com #SpySweeperCASS
127.0.0.1 www.burstnet.com #SpySweeperCASS
127.0.0.1 www.commission-junction.com #SpySweeperCASS
127.0.0.1 www.eads.com #SpySweeperCASS
127.0.0.1 www.freestats.com #SpySweeperCASS
127.0.0.1 www.imaginemedia.com #SpySweeperCASS
127.0.0.1 www.netdirect.nl #SpySweeperCASS
127.0.0.1 www.oneandonlynetwork.com #SpySweeperCASS
127.0.0.1 www.targetshop.com #SpySweeperCASS
127.0.0.1 www.teknosurf2.com #SpySweeperCASS
127.0.0.1 www.teknosurf3.com #SpySweeperCASS
127.0.0.1 www.valueclick.com #SpySweeperCASS
127.0.0.1 www.websitefinancing.com #SpySweeperCASS
127.0.0.1 www2.burstnet.com #SpySweeperCASS
127.0.0.1 www4.trix.net #SpySweeperCASS
127.0.0.1 www80.valueclick.com #SpySweeperCASS
127.0.0.1 z.extreme-dm.com #SpySweeperCASS
127.0.0.1 z0.extreme-dm.com #SpySweeperCASS
127.0.0.1 z1.extreme-dm.com #SpySweeperCASS
127.0.0.1 ads.forbes.net #SpySweeperCASS
127.0.0.1 ads.newcity.com #SpySweeperCASS
127.0.0.1 ads.ign.com #SpySweeperCASS
127.0.0.1 adserver.ign.com #SpySweeperCASS
127.0.0.1 ads.scifi.com #SpySweeperCASS
127.0.0.1 adengine.theglobe.com #SpySweeperCASS
127.0.0.1 ads.tucows.com #SpySweeperCASS
127.0.0.1 adcontent.gamespy.com #SpySweeperCASS
127.0.0.1 ads4.advance.net #SpySweeperCASS
127.0.0.1 ads1.advance.net #SpySweeperCASS
127.0.0.1 eur.yimg.com #SpySweeperCASS
127.0.0.1 us.a1.yimg.com #SpySweeperCASS
127.0.0.1 ad.harmony-central.com #SpySweeperCASS
127.0.0.1 sg.yimg.com #SpySweeperCASS
127.0.0.1 adverity.adverity.com #SpySweeperCASS
127.0.0.1 ads.bloomberg.com #SpySweeperCASS
127.0.0.1 mojofarm.mediaplex.com #SpySweeperCASS
127.0.0.1 ads.mysimon.com #SpySweeperCASS
127.0.0.1 ad.img.yahoo.co.kr #SpySweeperCASS
127.0.0.1 adimages.go.com #SpySweeperCASS
127.0.0.1 kr-adimage.lycos.co.kr #SpySweeperCASS
127.0.0.1 ad.kimo.com.tw #SpySweeperCASS
127.0.0.1 ads.paxnet.co.kr #SpySweeperCASS
127.0.0.1 ads.paxnet.com #SpySweeperCASS
127.0.0.1 ads.eu.msn.com #SpySweeperCASS
127.0.0.1 ads.admonitor.net #SpySweeperCASS
127.0.0.1 wwa.hitbox.com #SpySweeperCASS
127.0.0.1 ads.nytimes.com #SpySweeperCASS
127.0.0.1 ads.erotism.com #SpySweeperCASS
127.0.0.1 banner.rootsweb.com #SpySweeperCASS
127.0.0.1 ads.ole.com #SpySweeperCASS
127.0.0.1 adimg1.chosun.com #SpySweeperCASS
127.0.0.1 ss.mtree.com #SpySweeperCASS
127.0.0.1 adpulse.ads.targetnet.com #SpySweeperCASS
127.0.0.1 adserver.ugo.com #SpySweeperCASS
127.0.0.1 ad.sales.olympics.com #SpySweeperCASS
127.0.0.1 m2.doubleclick.net #SpySweeperCASS
127.0.0.1 ph-ad21.focalink.com #SpySweeperCASS
127.0.0.1 focusin.ads.targetnet.com #SpySweeperCASS
127.0.0.1 www.datais.com #SpySweeperCASS
127.0.0.1 oas.mmd.ch #SpySweeperCASS
127.0.0.1 pub-g.ifrance.com #SpySweeperCASS
127.0.0.1 ads.bianca.com #SpySweeperCASS
127.0.0.1 wap.adlink.de #SpySweeperCASS
127.0.0.1 click.adlink.de #SpySweeperCASS
127.0.0.1 banner.adlink.de #SpySweeperCASS
127.0.0.1 hurricane.adlink.de #SpySweeperCASS
127.0.0.1 west.adlink.de #SpySweeperCASS
127.0.0.1 scand.adlink.de #SpySweeperCASS
127.0.0.1 regio.adlink.de #SpySweeperCASS
127.0.0.1 direct.adlink.de #SpySweeperCASS
127.0.0.1 classic.adlink.de #SpySweeperCASS
127.0.0.1 adlui001.adlink.de #SpySweeperCASS
127.0.0.1 banner1.adlink.de #SpySweeperCASS
127.0.0.1 click.mp3.com #SpySweeperCASS
127.0.0.1 adcodes.bla-bla.com #SpySweeperCASS
127.0.0.1 icover.realmedia.com #SpySweeperCASS
127.0.0.1 ca.fp.sandpiper.net #SpySweeperCASS
127.0.0.1 adfarm.mediaplex.com #SpySweeperCASS
127.0.0.1 ads.tmcs.net #SpySweeperCASS
127.0.0.1 amedia.techies.com #SpySweeperCASS
127.0.0.1 www.exchange-it.com #SpySweeperCASS
127.0.0.1 www.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 ad.tomshardware.com #SpySweeperCASS
127.0.0.1 ads.currantbun.com #SpySweeperCASS
127.0.0.1 phoenix-adrunner.mycomputer.com #SpySweeperCASS
127.0.0.1 ads15.focalink.com #SpySweeperCASS
127.0.0.1 ads13.focalink.com #SpySweeperCASS
127.0.0.1 adserver.colleges.com #SpySweeperCASS
127.0.0.1 ads.nwsource.com #SpySweeperCASS
127.0.0.1 ads.guardianunlimited.co.uk #SpySweeperCASS
127.0.0.1 ads.newsint.co.uk #SpySweeperCASS
127.0.0.1 ads.starnews.com #SpySweeperCASS
127.0.0.1 www.linksynergy.com #SpySweeperCASS
127.0.0.1 ieee-images.adbureau.net #SpySweeperCASS
127.0.0.1 connect.247media.ads.link4ads.com #SpySweeperCASS
127.0.0.1 ads.newsdigital.net #SpySweeperCASS
127.0.0.1 arc5.msn.com #SpySweeperCASS
127.0.0.1 arc4.msn.com #SpySweeperCASS
127.0.0.1 arc3.msn.com #SpySweeperCASS
127.0.0.1 arc2.msn.com #SpySweeperCASS
127.0.0.1 arc1.msn.com #SpySweeperCASS
127.0.0.1 ads.discovery.com #SpySweeperCASS
127.0.0.1 im.800.com #SpySweeperCASS
127.0.0.1 img.cmpnet.com #SpySweeperCASS
127.0.0.1 ad7.internetadserver.com #SpySweeperCASS
127.0.0.1 ads.dai.net #SpySweeperCASS
127.0.0.1 ads.cbc.ca #SpySweeperCASS
127.0.0.1 www75.valueclick.com #SpySweeperCASS
127.0.0.1 ads.clearbluemedia.com #SpySweeperCASS
127.0.0.1 ti.click2net.com #SpySweeperCASS
127.0.0.1 www.onresponse.com #SpySweeperCASS
127.0.0.1 ads.list-universe.com #SpySweeperCASS
127.0.0.1 advert.bayarea.com #SpySweeperCASS
127.0.0.1 www3.pagecount.com #SpySweeperCASS
127.0.0.1 www.netsponsors.com #SpySweeperCASS
127.0.0.1 adthru.com #SpySweeperCASS
127.0.0.1 ads.newtimes.com #SpySweeperCASS
127.0.0.1 ads.ugo.com #SpySweeperCASS
127.0.0.1 ads.belointeractive.com #SpySweeperCASS
127.0.0.1 wwb.hitbox.com #SpySweeperCASS
127.0.0.1 comtrack.comclick.com #SpySweeperCASS
127.0.0.1 www.24pm-affiliation.com #SpySweeperCASS
127.0.0.1 www.click-fr.com #SpySweeperCASS
127.0.0.1 www.cibleclick.com #SpySweeperCASS
127.0.0.1 reply.mediatris.net #SpySweeperCASS
127.0.0.1 cgi.declicnet.com #SpySweeperCASS
127.0.0.1 pubs.mgn.net #SpySweeperCASS
127.0.0.1 ads.mcafee.com #SpySweeperCASS
127.0.0.1 ads1.ad-flow.com #SpySweeperCASS
127.0.0.1 ad.be.doubleclick.net #SpySweeperCASS
127.0.0.1 ad.adtraq.com #SpySweeperCASS
127.0.0.1 ad.sg.doubleclick.net #SpySweeperCASS
127.0.0.1 adpop.theglobe.com #SpySweeperCASS
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com #SpySweeperCASS
127.0.0.1 ads.adflight.com #SpySweeperCASS
127.0.0.1 ads.detelefoongids.nl #SpySweeperCASS
127.0.0.1 ads.ecircles.com #SpySweeperCASS
127.0.0.1 ads.god.co.uk #SpySweeperCASS
127.0.0.1 ads.hyperbanner.net #SpySweeperCASS
127.0.0.1 ads.jpost.com #SpySweeperCASS
127.0.0.1 ads.netmechanic.com #SpySweeperCASS
127.0.0.1 ads.webcash.nl #SpySweeperCASS
127.0.0.1 adserver.netcast.nl #SpySweeperCASS
127.0.0.1 adserver.webads.com #SpySweeperCASS
127.0.0.1 adserver.webads.nl #SpySweeperCASS
127.0.0.1 adserver1.realtracker.com #SpySweeperCASS
127.0.0.1 adserver2.realtracker.com #SpySweeperCASS
127.0.0.1 adserver3.realtracker.com #SpySweeperCASS
127.0.0.1 delivery1.ads.telegraaf.nl #SpySweeperCASS
127.0.0.1 holland.hyperbanner.net #SpySweeperCASS
127.0.0.1 images.webads.nl #SpySweeperCASS
127.0.0.1 sc.clicksupply.com #SpySweeperCASS
127.0.0.1 service.bfast.com #SpySweeperCASS
127.0.0.1 www.ad4ex.com #SpySweeperCASS
127.0.0.1 www.bannercampaign.com #SpySweeperCASS
127.0.0.1 www.cyberbounty.com #SpySweeperCASS
127.0.0.1 www.netvertising.be #SpySweeperCASS
127.0.0.1 www.speedyclick.com #SpySweeperCASS
127.0.0.1 www.webads.nl #SpySweeperCASS
127.0.0.1 ads.snowball.com #SpySweeperCASS
127.0.0.1 ads.amazingmedia.com #SpySweeperCASS
127.0.0.1 www10.valueclick.com #SpySweeperCASS
127.0.0.1 js1.hitbox.com #SpySweeperCASS
127.0.0.1 rd1.hitbox.com #SpySweeperCASS
127.0.0.1 mt37.mtree.com #SpySweeperCASS
127.0.0.1 ads.gameanswers.com #SpySweeperCASS
127.0.0.1 ads7.udc.advance.net #SpySweeperCASS
127.0.0.1 www23.valueclick.com #SpySweeperCASS
127.0.0.1 ads.fortunecity.com #SpySweeperCASS
127.0.0.1 banners.nextcard.com #SpySweeperCASS
127.0.0.1 ads.iwon.com #SpySweeperCASS
127.0.0.1 www.qksrv.net #SpySweeperCASS
127.0.0.1 clickserve.cc-dt.com #SpySweeperCASS
127.0.0.1 ads-b.focalink.com #SpySweeperCASS
127.0.0.1 ad2.peel.com #SpySweeperCASS
127.0.0.1 ads.floridatoday.com #SpySweeperCASS
127.0.0.1 stats.adultrevenueservice.com #SpySweeperCASS
127.0.0.1 ads18.bpath.com #SpySweeperCASS
127.0.0.1 ph-ad06.focalink.com #SpySweeperCASS
127.0.0.1 global.msads.net #SpySweeperCASS
127.0.0.1 pluto1.iserver.net #SpySweeperCASS
127.0.0.1 ads1.intelliads.com #SpySweeperCASS
127.0.0.1 primetime.ad.asap-asp.net #SpySweeperCASS
127.0.0.1 ads.stileproject.com #SpySweeperCASS
127.0.0.1 di.image.eshop.msn.com #SpySweeperCASS
127.0.0.1 www.blissnet.net #SpySweeperCASS
127.0.0.1 www.consumerinfo.com #SpySweeperCASS
127.0.0.1 ads.rottentomatoes.com #SpySweeperCASS
127.0.0.1 k5ads.osdn.com #SpySweeperCASS
127.0.0.1 actionsplash.com #SpySweeperCASS
127.0.0.1 campaigns.f2.com.au #SpySweeperCASS
127.0.0.1 adserver.news.com.au #SpySweeperCASS
127.0.0.1 servedby.advertising.com #SpySweeperCASS
127.0.0.1 java.yahoo.com #SpySweeperCASS
127.0.0.1 ad.howstuffworks.com #SpySweeperCASS
127.0.0.1 ads.1for1.com #SpySweeperCASS
127.0.0.1 images.ads.fairfax.com.au #SpySweeperCASS
127.0.0.1 ads.devx.com #SpySweeperCASS
127.0.0.1 utils.mediageneral.com #SpySweeperCASS
127.0.0.1 banners.friendfinder.com #SpySweeperCASS
127.0.0.1 adserver.matchcraft.com #SpySweeperCASS
127.0.0.1 www.dnps.com #SpySweeperCASS
127.0.0.1 creative.whi.co.nz #SpySweeperCASS
127.0.0.1 rmedia.boston.com #SpySweeperCASS
127.0.0.1 webaffiliate.covad.com #SpySweeperCASS
127.0.0.1 ad.iwin.com #SpySweeperCASS
127.0.0.1 www.nailitonline2.com #SpySweeperCASS
127.0.0.1 mds.centrport.net #SpySweeperCASS
127.0.0.1 oas.dispatch.com #SpySweeperCASS
127.0.0.1 adserver.ads360.com #SpySweeperCASS
127.0.0.1 banners.adultfriendfinder.com #SpySweeperCASS
127.0.0.1 ads.as4x.tmcs.net #SpySweeperCASS
127.0.0.1 ads.clickagents.com #SpySweeperCASS
127.0.0.1 banners.chek.com #SpySweeperCASS
127.0.0.1 zi.r.tv.com #SpySweeperCASS
127.0.0.1 ph-ad19.focalink.com #SpySweeperCASS
127.0.0.1 ads.greensboro.com #SpySweeperCASS
127.0.0.1 ad2.adcept.net #SpySweeperCASS
127.0.0.1 ads.colo.kiva.net #SpySweeperCASS
127.0.0.1 adsrv.iol.co.za #SpySweeperCASS
127.0.0.1 mjxads.internet.com #SpySweeperCASS
127.0.0.1 adimage.asiaone.com.sg #SpySweeperCASS
127.0.0.1 ads.vnuemedia.com #SpySweeperCASS
127.0.0.1 affiliate.doteasy.com #SpySweeperCASS
127.0.0.1 m.tribalfusion.com #SpySweeperCASS
127.0.0.1 oas.lee.net #SpySweeperCASS
127.0.0.1 www.banneroverdrive.com #SpySweeperCASS
127.0.0.1 ad3.peel.com #SpySweeperCASS
127.0.0.1 ad1.peel.comwww.xbn.ru #SpySweeperCASS
127.0.0.1 adserver.snowball.com #SpySweeperCASS
127.0.0.1 media15.fastclick.net #SpySweeperCASS
127.0.0.1 ads5.advance.net #SpySweeperCASS
127.0.0.1 ads3.advance.net #SpySweeperCASS
127.0.0.1 ads2.advance.net #SpySweeperCASS
127.0.0.1 ads.advance.net #SpySweeperCASS
127.0.0.1 usbytecom.orbitcycle.com #SpySweeperCASS
127.0.0.1 adbanner.sweepsclub.com #SpySweeperCASS
127.0.0.1 oas.villagevoice.com #SpySweeperCASS
127.0.0.1 www.ad-flow.com #SpySweeperCASS
127.0.0.1 ads.guardian.co.uk #SpySweeperCASS
127.0.0.1 ads.hitcents.com #SpySweeperCASS
127.0.0.1 media19.fastclick.net #SpySweeperCASS
127.0.0.1 a.tribalfusion.com #SpySweeperCASS
127.0.0.1 ads.nypost.com #SpySweeperCASS
127.0.0.1 ads.premiumnetwork.com #SpySweeperCASS
127.0.0.1 ads.ad-flow.com #SpySweeperCASS
127.0.0.1 adserver.hispavista.com #SpySweeperCASS
127.0.0.1 ads.musiccity.com #SpySweeperCASS
127.0.0.1 banners.revenuelink.com #SpySweeperCASS
127.0.0.1 ads1.sptimes.com #SpySweeperCASS
127.0.0.1 adserver.bizland-inc.net #SpySweeperCASS
127.0.0.1 ads.adtegrity.net #SpySweeperCASS
127.0.0.1 media13.fastclick.net #SpySweeperCASS
127.0.0.1 adserver.ukplus.co.uk #SpySweeperCASS
127.0.0.1 ads.live365.com #SpySweeperCASS
127.0.0.1 ads.fredericksburg.com #SpySweeperCASS
127.0.0.1 banners.affiliatefuel.com #SpySweeperCASS

127.0.0.1 ads.bigcitytools.com #SpySweeperCASS
127.0.0.1 netshelter.adtrix.com #SpySweeperCASS
127.0.0.1 y.ibsys.com #SpySweeperCASS
127.0.0.1 adserver.nydailynews.com #SpySweeperCASS
127.0.0.1 s0b.bluestreak.com #SpySweeperCASS
127.0.0.1 images.scripps.com #SpySweeperCASS
127.0.0.1 images.cybereps.com #SpySweeperCASS
127.0.0.1 altfarm.mediaplex.com #SpySweeperCASS
127.0.0.1 krd.realcities.com #SpySweeperCASS
127.0.0.1 www3.bannerspace.com #SpySweeperCASS
127.0.0.1 view.atdmt.com #SpySweeperCASS
127.0.0.1 ads7.advance.net #SpySweeperCASS
127.0.0.1 ad.abcnews.com #SpySweeperCASS
127.0.0.1 ads.newsquest.co.uk #SpySweeperCASS
127.0.0.1 secure.webconnect.net #SpySweeperCASS
127.0.0.1 ads.nandomedia.com #SpySweeperCASS
127.0.0.1 banners.babylon-x.com #SpySweeperCASS
127.0.0.1 media17.fastclick.net #SpySweeperCASS
127.0.0.1 techreview-images.adbureau.net #SpySweeperCASS
127.0.0.1 ads.exhedra.com #SpySweeperCASS
127.0.0.1 ad.trafficmp.com #SpySweeperCASS
127.0.0.1 realmedia-a800.d4p.net #SpySweeperCASS
127.0.0.1 banner.northsky.com #SpySweeperCASS
127.0.0.1 ftp.nacorp.com #SpySweeperCASS
127.0.0.1 www.digitalbettingcasinos.com #SpySweeperCASS
127.0.0.1 c1.zedo.com #SpySweeperCASS
127.0.0.1 ads4.condenet.com #SpySweeperCASS
127.0.0.1 www.brilliantdigital.com #SpySweeperCASS
127.0.0.1 desktop.kazaa.com #SpySweeperCASS
127.0.0.1 shop.kazaa.com #SpySweeperCASS
127.0.0.1 www.bonzi.com #SpySweeperCASS
127.0.0.1 www.b3d.com #SpySweeperCASS
127.0.0.1 neighborhood.standard.net #SpySweeperCASS
127.0.0.1 ads.telegraph.co.uk #SpySweeperCASS
127.0.0.1 spinbox.techtracker.com #SpySweeperCASS
127.0.0.1 toads.osdn.com #SpySweeperCASS
127.0.0.1 ads.themes.org #SpySweeperCASS
127.0.0.1 adserver.trb.com #SpySweeperCASS

127.0.0.1 banner.easyspace.com #SpySweeperCASS
127.0.0.1 www.banner2u.com #SpySweeperCASS
127.0.0.1 ads.thestar.com #SpySweeperCASS
127.0.0.1 ads.digitalmedianet.com #SpySweeperCASS
127.0.0.1 www.fineclicks.com #SpySweeperCASS
127.0.0.1 ads.mdchoice.com #SpySweeperCASS
127.0.0.1 ad.horvitznewspapers.net #SpySweeperCASS
127.0.0.1 adtegrity.thruport.com #SpySweeperCASS
127.0.0.1 a.mktw.net #SpySweeperCASS
127.0.0.1 ads.pennyweb.com #SpySweeperCASS
127.0.0.1 www3.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www4.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www6.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www8.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 www15.ad.tomshardware.com #SpySweeperCASS
127.0.0.1 ads.forbes.com #SpySweeperCASS
127.0.0.1 ads.desmoinesregister.com #SpySweeperCASS
127.0.0.1 adserver.tribuneinteractive.com #SpySweeperCASS
127.0.0.1 bannerads.anytimenews.com #SpySweeperCASS
127.0.0.1 ads1.condenet.com #SpySweeperCASS
127.0.0.1 adserver.anm.co.uk #SpySweeperCASS
127.0.0.1 zrap.zdnet.com.com #SpySweeperCASS
127.0.0.1 bidclix.net #SpySweeperCASS
127.0.0.1 media.popuptraffic.com #SpySweeperCASS
127.0.0.1 coreg.flashtrack.net #SpySweeperCASS
127.0.0.1 rmads.msn.com #SpySweeperCASS
127.0.0.1 ads.icq.com #SpySweeperCASS
127.0.0.1 cb.icq.com #SpySweeperCASS
127.0.0.1 cf.icq.com #SpySweeperCASS
127.0.0.1 www2.newtopsites.com #SpySweeperCASS
127.0.0.1 adserv.internetfuel.com #SpySweeperCASS
127.0.0.1 images.fastclick.net #SpySweeperCASS
127.0.0.1 adserver.securityfocus.com #SpySweeperCASS
127.0.0.1 www.avsads.com #SpySweeperCASS
127.0.0.1 banners.moviegoods.com #SpySweeperCASS
127.0.0.1 ads.bitsonthewire.com #SpySweeperCASS
127.0.0.1 ads.iambic.com #SpySweeperCASS
127.0.0.1 sfads.osdn.com #SpySweeperCASS
127.0.0.1 fl01.ct2.comclick.com #SpySweeperCASS
127.0.0.1 adserver.phillyburbs.com #SpySweeperCASS
127.0.0.1 marketing.nyi.net #SpySweeperCASS
127.0.0.1 www.netflip.com #SpySweeperCASS
127.0.0.1 image.imgfarm.com #SpySweeperCASS
127.0.0.1 ads.viaarena.com #SpySweeperCASS
127.0.0.1 phpads2.cnpapers.com #SpySweeperCASS
127.0.0.1 ads.astalavista.us #SpySweeperCASS
127.0.0.1 banner.coza.com #SpySweeperCASS
127.0.0.1 adcreative.tribuneinteractive.com #SpySweeperCASS
127.0.0.1 ads.democratandchronicle.com #SpySweeperCASS
127.0.0.1 adlog.com.com #SpySweeperCASS
127.0.0.1 adimg.com.com #SpySweeperCASS
127.0.0.1 adimage.bankrate.com #SpySweeperCASS
127.0.0.1 ads.mediadevil.com #SpySweeperCASS
127.0.0.1 imageserv.adtech.de #SpySweeperCASS
127.0.0.1 ad.se.doubleclick.net #SpySweeperCASS
127.0.0.1 ads.cashsurfers.com #SpySweeperCASS
127.0.0.1 ads.specificpop.com #SpySweeperCASS
127.0.0.1 z1.adserver.com #SpySweeperCASS
127.0.0.1 images.bizrate.com #SpySweeperCASS
127.0.0.1 q.pni.com #SpySweeperCASS
127.0.0.1 ad01.mediacorpsingapore.com #SpySweeperCASS
127.0.0.1 adimage.asia1.com.sg #SpySweeperCASS
127.0.0.1 images.newsx.cc #SpySweeperCASS
127.0.0.1 www.adireland.com #SpySweeperCASS
127.0.0.1 ads.iafrica.com #SpySweeperCASS
127.0.0.1 ads.nyi.net #SpySweeperCASS
127.0.0.1 geoads.osdn.com #SpySweeperCASS
127.0.0.1 www.crisscross.com #SpySweeperCASS
127.0.0.1 netcomm.spinbox.net #SpySweeperCASS
127.0.0.1 ads.videoaxs.com #SpySweeperCASS
127.0.0.1 mediamgr.ugo.com #SpySweeperCASS
127.0.0.1 adserver.pollstar.com #SpySweeperCASS
127.0.0.1 information.gopher.com #SpySweeperCASS
127.0.0.1 ads.adviva.net #SpySweeperCASS
127.0.0.1 adsrv.bankrate.com #SpySweeperCASS
127.0.0.1 a207.p.f.qz3.net #SpySweeperCASS
127.0.0.1 ehg-bestbuy.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-intel.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-espn.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-macromedia.hitbox.com #SpySweeperCASS
127.0.0.1 ehg-dig.hitbox.com #SpySweeperCASS
127.0.0.1 speed.pointroll.com #SpySweeperCASS
127.0.0.1 amch.questionmarket.com #SpySweeperCASS
127.0.0.1 ads.gamespy.com #SpySweeperCASS

127.0.0.1 ads.columbian.com #SpySweeperCASS
127.0.0.1 clickit.go2net.com #SpySweeperCASS
127.0.0.1 vpdc.ru4.com #SpySweeperCASS
127.0.0.1 ads.developershed.com #SpySweeperCASS
127.0.0.1 ads.globeandmail.com #SpySweeperCASS
127.0.0.1 ads.nerve.com #SpySweeperCASS
127.0.0.1 iv.doubleclick.net #SpySweeperCASS
127.0.0.1 ads2.condenet.com #SpySweeperCASS
127.0.0.1 ads5.canoe.ca #SpySweeperCASS
127.0.0.1 askmen.thruport.com #SpySweeperCASS
127.0.0.1 adsrv2.gainesvillesun.com #SpySweeperCASS
127.0.0.1 ads.theolympian.com #SpySweeperCASS
127.0.0.1 ads.courierpostonline.com #SpySweeperCASS
127.0.0.1 i.timeinc.net #SpySweeperCASS
127.0.0.1 oasads.whitepages.com #SpySweeperCASS
127.0.0.1 rad.msn.com #SpySweeperCASS
127.0.0.1 serve.thisbanner.com #SpySweeperCASS
127.0.0.1 images.trafficmp.com #SpySweeperCASS
127.0.0.1 www.kaplanindex.com #SpySweeperCASS
127.0.0.1 kaplanindex.com #SpySweeperCASS
127.0.0.1 1.httpdads.com #SpySweeperCASS
127.0.0.1 spinbox.maccentral.com #SpySweeperCASS
127.0.0.1 akaads-abc.starwave.com #SpySweeperCASS
127.0.0.1 webad.ajeeb.com #SpySweeperCASS
127.0.0.1 ads.granadamedia.com #SpySweeperCASS
127.0.0.1 oas.uniontrib.com #SpySweeperCASS
127.0.0.1 ads.wnd.com #SpySweeperCASS
127.0.0.1 a3.suntimes.com #SpySweeperCASS
127.0.0.1 tmsads.tribune.com #SpySweeperCASS
127.0.0.1 ads.peel.com #SpySweeperCASS
127.0.0.1 ads.mh5.com #SpySweeperCASS
127.0.0.1 ad.usatoday.com #SpySweeperCASS
127.0.0.1 adserver.digitalpartners.com #SpySweeperCASS
127.0.0.1 ads.mediaturf.net #SpySweeperCASS
127.0.0.1 ads4.clearchannel.com #SpySweeperCASS
127.0.0.1 ads.clearchannel.com #SpySweeperCASS
127.0.0.1 ads2.clearchannel.com #SpySweeperCASS
127.0.0.1 ads.jacksonsun.com #SpySweeperCASS
127.0.0.1 servads.aip.org #SpySweeperCASS
127.0.0.1 ad.au.doubleclick.net #SpySweeperCASS
127.0.0.1 adng.ascii24.com #SpySweeperCASS
127.0.0.1 engage.speedera.net #SpySweeperCASS
127.0.0.1 ads.msn-ppe.com #SpySweeperCASS
127.0.0.1 ad.openfind.com.tw #SpySweeperCASS
127.0.0.1 adi.mainichi.co.jp #SpySweeperCASS
127.0.0.1 ads.northjersey.com #SpySweeperCASS
127.0.0.1 ad.moscowtimes.ru #SpySweeperCASS
127.0.0.1 banners.valuead.com #SpySweeperCASS
127.0.0.1 ad1.aaddzz.com #SpySweeperCASS
127.0.0.1 ds.eyeblaster.com #SpySweeperCASS
127.0.0.1 ads.statesmanjournal.com #SpySweeperCASS
127.0.0.1 ads.centralohio.com #SpySweeperCASS
127.0.0.1 aifind.ino #SpySweeperCASS
127.0.0.1 aaawebsearch.com #SpySweeperCASS
127.0.0.1 abosearch.com #SpySweeperCASS
127.0.0.1 clearsurfing.net #SpySweeperCASS
127.0.0.1 more-pages.com #SpySweeperCASS
127.0.0.1 search-system.com #SpySweeperCASS
127.0.0.1 linkz.com #SpySweeperCASS
127.0.0.1 sl.to #SpySweeperCASS
127.0.0.1 best-search.us #SpySweeperCASS
127.0.0.1 quickmetasearch.com #SpySweeperCASS
127.0.0.1 rootsearch.biz #SpySweeperCASS
127.0.0.1 allwebsearcher.com #SpySweeperCASS
127.0.0.1 topsearcher.com #SpySweeperCASS
127.0.0.1 bussolaweb.com #SpySweeperCASS
127.0.0.1 trafficworld.biz #SpySweeperCASS
127.0.0.1 24-7-search.com #SpySweeperCASS
127.0.0.1 69.42.87.219 #SpySweeperCASS
127.0.0.1 216.130.185.122 #SpySweeperCASS
127.0.0.1 69.31.79.100 #SpySweeperCASS
127.0.0.1 http://default.home/ #SpySweeperCASS
127.0.0.1 mssearch4u.com #SpySweeperCASS
127.0.0.1 myfind4u.com #SpySweeperCASS
127.0.0.1 %74%72%75%65%2d%63%6f%75%6e%74%65%72%2e%63%6f%6d #SpySweeperCASS
127.0.0.1 http://smarter.com #SpySweeperCASS
127.0.0.1 letgohome.com #SpySweeperCASS
127.0.0.1 abx4.com #SpySweeperCASS
127.0.0.1 anquiro.com #SpySweeperCASS
127.0.0.1 ez-finder.com #SpySweeperCASS
127.0.0.1 mysearchpage.biz #SpySweeperCASS
127.0.0.1 trendysearch.com #SpySweeperCASS
127.0.0.1 4count.com #SpySweeperCASS
127.0.0.1 desktoplife.net #SpySweeperCASS
127.0.0.1 hotoffers.info #SpySweeperCASS
127.0.0.1 hugesearch #SpySweeperCASS
127.0.0.1 oemji.com #SpySweeperCASS
127.0.0.1 pornsexarchives #SpySweeperCASS
127.0.0.1 search--control.com #SpySweeperCASS
127.0.0.1 targetclicks.net #SpySweeperCASS
127.0.0.1 searchmaid.com #SpySweeperCASS
127.0.0.1 w-find.com #SpySweeperCASS
127.0.0.1 azesearch.com #SpySweeperCASS
127.0.0.1 balabolka.biz #SpySweeperCASS
127.0.0.1 seek.3721.com #SpySweeperCASS
127.0.0.1 daosearch.com #SpySweeperCASS
127.0.0.1 gohip.com #SpySweeperCASS
127.0.0.1 interbusca.com #SpySweeperCASS
127.0.0.1 ecpm.com #SpySweeperCASS
127.0.0.1 nowfind.biz #SpySweeperCASS
127.0.0.1 offeroptimizer.com #SpySweeperCASS
127.0.0.1 www-start-page.com #SpySweeperCASS
127.0.0.1 iesp.mht #SpySweeperCASS
127.0.0.1 hot-search.biz #SpySweeperCASS
127.0.0.1 searchforfree.info #SpySweeperCASS
127.0.0.1 69.50.191.139 #SpySweeperCASS
127.0.0.1 about-blank.biz #SpySweeperCASS
127.0.0.1 69.50.191.53 #SpySweeperCASS
127.0.0.1 res://msn.dll #SpySweeperCASS
127.0.0.1 linksummary.com #SpySweeperCASS
127.0.0.1 mizuba.org #SpySweeperCASS
127.0.0.1 newgenlook.info #SpySweeperCASS
127.0.0.1 panet.org #SpySweeperCASS
127.0.0.1 uchase.com #SpySweeperCASS
127.0.0.1 wind-find.com #SpySweeperCASS
127.0.0.1 yupsearch.com #SpySweeperCASS
127.0.0.1 clon.biz #SpySweeperCASS
127.0.0.1 webforuser.com #SpySweeperCASS
127.0.0.1 quicknavigate.com #SpySweeperCASS
127.0.0.1 69.50.184.51 #SpySweeperCASS
127.0.0.1 aflashcounter.com #SpySweeperCASS
127.0.0.1 big-search.org #SpySweeperCASS
127.0.0.1 cool-partner.com #SpySweeperCASS
127.0.0.1 crazy-toolbar.com #SpySweeperCASS
127.0.0.1 iesearchengine.com #SpySweeperCASS
127.0.0.1 clicksearchclick.com #SpySweeperCASS
127.0.0.1 findyourcouple.com #SpySweeperCASS
127.0.0.1 fogsearch.net #SpySweeperCASS
127.0.0.1 online-service.cc #SpySweeperCASS
127.0.0.1 redzip.com #SpySweeperCASS
127.0.0.1 searchcat.info #SpySweeperCASS
127.0.0.1 searchterror.com #SpySweeperCASS
127.0.0.1 searchweb.cc #SpySweeperCASS
127.0.0.1 startsearches.net #SpySweeperCASS
127.0.0.1 superwebsearch.com #SpySweeperCASS
127.0.0.1 top20results.com #SpySweeperCASS
127.0.0.1 blank.mht #SpySweeperCASS
127.0.0.1 powdersearch.com #SpySweeperCASS
127.0.0.1 rimssearch.com #SpySweeperCASS
127.0.0.1 zpecialoffer.com #SpySweeperCASS
127.0.0.1 195.95.218.172 #SpySweeperCASS
127.0.0.1 gophersearch.com #SpySweeperCASS
127.0.0.1 skymasters.biz #SpySweeperCASS
127.0.0.1 supret.com #SpySweeperCASS
127.0.0.1 trustyhound.com #SpySweeperCASS
127.0.0.1 updatesearches.com #SpySweeperCASS
127.0.0.1 searchco.com #SpySweeperCASS
127.0.0.1 whatsfind.com #SpySweeperCASS
127.0.0.1 ie-searchengine.com #SpySweeperCASS
127.0.0.1 oneclicksearches.com #SpySweeperCASS
127.0.0.1 letsroll911.org #SpySweeperCASS
127.0.0.1 bestwebslinks.com #SpySweeperCASS
127.0.0.1 69.50.191.51 #SpySweeperCASS
127.0.0.1 searchwebzone.com #SpySweeperCASS
127.0.0.1 globalefinder.com #SpySweeperCASS
127.0.0.1 presearchforyou.com #SpySweeperCASS
127.0.0.1 go2realsearch.com #SpySweeperCASS
127.0.0.1 clicktomakeasearch.com #SpySweeperCASS
127.0.0.1 as.casalemedia.com #SpySweeperCASS
127.0.0.1 servedby.mediaplace.tv #SpySweeperCASS

#4 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 25 February 2007 - 11:43 AM

Those entries in your HOSTS file were put there by Spysweeper to protect you. Those are known malware sites, and those entries prevent you from connecting to them.

Your log looks clean.

• You have an outdated version of Java which, because of security reasons, needs to be updated. To update Java:
- Download the latest version of Java Runtime Environment (JRE) 6.
- Click the "Download" button to the right.
- Check the box at the top that says: "Accept License Agreement".
- The page will refresh.
- Click on the top link to download "Windows Offline Installation, Multi-language" and save to your Desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel > Add/Remove Programs and remove all older versions of Java by checking any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the coffee cup icon next to it.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your Desktop, double-click on the downloaded Java file to install the newest version.

After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache. Leave ALL 3 checked:
- Downloaded Applets
- Downloaded Applications
- Other Files

Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#5 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 27 February 2007 - 06:50 AM

I did this and I still am having problems. In my registry I have tried to edit and delete entries in IE Explorer for Search that do not match known entries on a clean computer. Every time I delete or modify them they revert right back to what they were.
I have scanned with several registry cleaners and spyware checkers. I am running Norton Internet Security, Windows Defender, SpySweeper and Windows Washer and AdWare.

Any Help???

Thanks

#6 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 27 February 2007 - 01:26 PM

I did this and I still am having problems. In my registry I have tried to edit and delete entries in IE Explorer for Search that do not match known entries on a clean computer. Every time I delete or modify them they revert right back to what they were.
I have scanned with several registry cleaners and spyware checkers. I am running Norton Internet Security, Windows Defender, SpySweeper and Windows Washer and AdWare.

Any Help???

Thanks


No, because I don't know what you're trying to do. You thought the O1 entries were malware, and you were trying to delete them. Now, you're mucking around in your Registry trying to delete entries that you state "do not match known entries on a clean computer."
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#7 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 27 February 2007 - 06:30 PM

Sorry I upset you...I'll look elsewhere for help.

Thanks Anyway

#8 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 27 February 2007 - 06:42 PM

A blanket statement that you were trying to delete certain entries in your Registry because they should not be there does not provide me with any information. Also, deleting entries that should be there can cause damage to your system.

If you wish assistance, I will happy to do so. However, you will have to post exactly what you have been trying to do in your Registry, and if you were experiencing any problems which caused you to do so.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#9 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 28 February 2007 - 10:09 PM

Thanks for your patience. As you may have guessed I'm a novice.

I believe that my browser was hijacked. I have run all suggested scans, posted logs and followed the other instructions posted, but continue to have problems.
My Searches still do not work with IE Explorer. When I search and then click on a link from a Google search it is redirected to another site. The back button will not work when I am diverted. I must close the window and reopen. As far as I could tell from what I have read, these were symptoms of a browser hijack.
I thought I might have had bad entries left in the registry. When I edited or deleted entries that I thought might be suspect they came back after closing the registry editor. This led me to think something was reinstalling them

Below are my registry entries. I don't know if this is any help or if my problem is in another area.



Any help would be appreciated.
Thanks


HKEY_LOCAL _MACHINE-Software-Microsoft-IE Explorer

Search

Default REG_SZ (no value set)
SearchAssistant REG_SZ http://ie.search.msn.com/{sub_rec1766}/src...st/srchasst.htm

Searchscopes

Default REG_SZ (no value set)
Defaultscope REG_SZ {0633EE93-D776-472f-AFF-E1416B8B2E3A}

HKEY_CURRENT_USER-Software-Microsoft-IE Explorer

Search

Default REG_SZ (no value set)

Searchscopes
Default REG_SZ (no value set)

Defaultscope REG_SZ {148A5AB3-27E3-4387-B5F1-8F0B3DE91677}

Version REG_DWORD 0X00000001 (1)

SearchURL

Default REG_SZ (no value set)

URLSearchHooks

Default REG_SZ (no value set)

CFBFAE00-17A6-1100-99CB-00C04FD64497 REG_SZ (no data entry)

#10 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 28 February 2007 - 11:27 PM

Hi -

Thanks for the info.

• Download ComboScan to your Desktop.
1. Close all applications and windows.
2. Double-click on comboscan.exe to run it, and follow the prompts.
3. When the scan is complete, a text file will open - ComboScan.txt
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt in your next reply.
5. A folder called C:\ComboScan will also open. In the folder, there will be a text file called Supplementary.txt
6. Please also post Supplementary.txt in your next reply.

Note: Some firewalls may warn that sigcheck.exe is trying to access the Internet. Please ensure that you allow sigcheck.exe permission to do so.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#11 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 01 March 2007 - 06:29 PM

Here are the scan results.

Thanks for your continued Help.



ComboScan v20070226.18 run by HP_Administrator on 2007-03-01 at 17:20:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.


-- HijackThis (run as HP_Administrator.exe) -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:21:25 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Documents and Settings\HP_Administrator\Desktop\comboscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HIJACK~1\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472851093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472837546
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1R AmdK8 (AMD Processor Driver) - C:\WINDOWS\system32\drivers\AmdK8.sys
3R aracpi - C:\WINDOWS\system32\drivers\aracpi.sys
3R arhidfltr (MS Ar HID Filter Driver) - C:\WINDOWS\system32\drivers\arhidfltr.sys
3R arkbcfltr (Microsoft PS2 Keyboard Filter) - C:\WINDOWS\system32\drivers\arkbcfltr.sys
3R armoucfltr (Microsoft PS2 Mouse Filter) - C:\WINDOWS\system32\drivers\armoucfltr.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R ARPolicy - C:\WINDOWS\system32\drivers\arpolicy.sys
0R bb-run (Promise driver accelerator) - C:\WINDOWS\system32\drivers\bb-run.sys
3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0R ftsata2 - C:\WINDOWS\system32\drivers\ftsata2.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3R HSXHWBS2 - C:\WINDOWS\system32\drivers\HSXHWBS2.sys
3R HSX_DP - C:\WINDOWS\system32\drivers\HSX_DP.sys
3R IntcAzAudAddService (Service for Realtek HD Audio (WDM)) - C:\WINDOWS\system32\drivers\RtkHDAud.sys
1S intelppm (Intel Processor Driver) - C:\WINDOWS\system32\DRIVERS\intelppm.sys (not found)
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S MHNDRV (MHN driver) - C:\WINDOWS\system32\drivers\mhndrv.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070228.017\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070228.017\NAVEX15.SYS
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R Ps2 - C:\WINDOWS\system32\drivers\PS2.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
0R SSFS0509 (Spy Sweeper File System Filer Driver: 0509) - C:\WINDOWS\system32\drivers\SSFS0509.sys
0R SSHRMD (Spy Sweeper Hookrack MiniDriver) - C:\WINDOWS\system32\drivers\sshrmd.sys
0R SSIDRV (Spy Sweeper Interdiction Driver) - C:\WINDOWS\system32\drivers\ssidrv.sys
3R SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - C:\WINDOWS\system32\drivers\sskbfd.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070222.002\SymIDSCo.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
0S szkg - C:\WINDOWS\system32\DRIVERS\szkg.sys (not found)
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3R winachsx - C:\WINDOWS\system32\drivers\HSX_CNXT.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R ARSVC - C:\WINDOWS\arservice.exe
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S comHost (COM Host) - "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
2R ehRecvr (Media Center Receiver Service) - C:\WINDOWS\eHome\ehRecvr.exe
2R ehSched (Media Center Scheduler Service) - C:\WINDOWS\eHome\ehSched.exe
3S Fax - C:\WINDOWS\system32\fxssvc.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
2R LightScribeService (LightScribeService Direct Disc Labeling Service) - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2R McrdSvc (Media Center Extender Service) - C:\WINDOWS\ehome\mcrdsvc.exe
3S MHN - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2S RoxLiveShare (LiveShare P2P Server) - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe"
3R RoxMediaDB - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe"
2R RoxWatch (Roxio Hard Drive Watcher) - "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe"
2R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"
3S UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R WebrootSpySweeperService (Webroot Spy Sweeper Engine) - "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
2R wwSecSvc (Washer Security Access) - C:\WINDOWS\system32\wwSecure.exe


-- Scheduled Tasks --------------------------------------------------------------

2007-03-01 16:40:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-02-04 08:50:11 586 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job<NORTON~1.JOB>


-- Files created between 2007-02-01 and 2007-03-01 ------------------------------

2007-03-01 17:21:15 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-28 19:57:44 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-02-28 19:57:43 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-28 19:57:43 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-28 19:57:43 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-28 19:57:43 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-28 19:57:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-02-26 17:45:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Uniblue
2007-02-26 17:45:01 0 d-------- C:\Program Files\Uniblue
2007-02-26 17:32:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-26 17:32:29 0 d-------- C:\Program Files\CleanMyPC<CLEANM~1>
2007-02-26 17:21:19 0 d-------- C:\Program Files\RegistryFix<REGIST~1>
2007-02-26 17:11:11 26000 --a------ C:\WINDOWS\system32\E3TL.DLL
2007-02-26 17:11:01 0 d-------- C:\Program Files\Zenturi
2007-02-26 17:11:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Zenturi
2007-02-25 12:38:59 0 d-------- C:\Program Files\Common Files\Java
2007-02-24 15:46:36 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Registry Cleaner<REGIST~1>
2007-02-24 12:14:22 0 d-------- C:\Program Files\Trend Micro<TRENDM~1>
2007-02-23 16:45:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-23 06:00:33 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-22 16:36:19 0 d--h---c- C:\WINDOWS\ie7
2007-02-22 16:34:31 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-22 06:08:09 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-22 06:07:57 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-21 05:51:13 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-20 16:48:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2007-02-20 16:48:12 0 d-------- C:\Program Files\Lavasoft
2007-02-20 16:47:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-19 17:21:18 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 16:14:42 0 d-------- C:\Program Files\CCleaner
2007-02-14 18:06:14 0 d-------- C:\84edbc74a5e92a6d218f9dac46<84EDBC~1>
2007-02-14 11:16:06 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-14 11:10:09 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-14 11:08:00 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-02-14 11:08:00 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-02-14 09:15:35 102912 --a------ C:\WINDOWS\system32\islzma.dll
2007-02-14 09:15:28 424960 --a------ C:\WINDOWS\WRServices.dll<WRSERV~1.DLL>
2007-02-11 08:58:56 118784 --a------ C:\WINDOWS\system32\pdfmona.dll
2007-02-11 08:58:56 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll<PDF995~1.DLL>
2007-02-11 08:58:56 0 d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2007-02-11 08:57:16 0 d-------- C:\Program Files\TaxCut06
2007-02-08 09:10:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-02-07 18:18:14 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-06 12:38:02 0 d-------- C:\Program Files\Win32coMessenger<WIN32C~1>
2007-02-04 15:00:40 0 d-------- C:\WINDOWS\WBEM
2007-02-04 15:00:39 0 d-------- C:\WINDOWS\system32\en-US
2007-02-04 14:58:14 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-04 12:26:31 0 d-------- C:\Program Files\Outlook Express Quick Backup<OUTLOO~2>
2007-02-04 12:26:10 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-02-04 12:26:08 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-04 08:40:43 0 d-------- C:\Program Files\Norton Internet Security<NORTON~1>
2007-02-04 08:39:38 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-02-04 08:39:38 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-04 08:39:04 0 d-------- C:\Program Files\Symantec
2007-02-04 05:42:54 0 d-------- C:\TEMP
2007-02-03 21:26:49 486400 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-02-03 19:22:55 0 d-------- C:\WINDOWS\system32\NtmsData
2007-02-03 18:59:54 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-02-03 18:59:51 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-03 18:59:43 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-02-03 18:59:41 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-02-03 18:27:42 0 dr-hs---- C:\WINDOWS\system32\dllcache
2007-02-03 18:19:09 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-03 18:16:03 16496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-02-03 18:16:00 49664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-02-03 18:15:36 77824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-02-03 18:15:33 38400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-02-03 18:15:26 282624 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2007-02-03 18:15:25 21568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-02-03 18:11:59 254026 -ra------ C:\WINDOWS\system32\hpovst09.dll
2007-02-03 18:11:57 827392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
2007-02-03 18:11:56 659456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
2007-02-03 18:11:52 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-03 18:10:51 0 dr-hs---- C:\cmdcons
2007-02-03 18:10:36 0 d-------- C:\WINDOWS\setupupd
2007-02-03 18:07:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Spearit
2007-02-03 18:07:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Real
2007-02-03 18:07:15 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2007-02-03 18:07:14 0 d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2007-02-03 18:07:14 3670016 --a------ C:\Documents and Settings\HP_Administrator\NTUSER.DAT
2007-02-03 16:23:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Corel
2007-02-03 16:22:41 0 d-------- C:\Program Files\Corel
2007-02-03 16:22:41 0 d-------- C:\Program Files\Common Files\Corel
2007-02-03 15:46:54 0 d-------- C:\NETSCAPE
2007-02-02 06:45:15 164 --a------ C:\install.dat


-- Find3M Report ----------------------------------------------------------------

2007-03-01 17:21:13 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-28 20:50:43 1274 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-02-26 17:50:00 0 d---s---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft<MICROS~1>
2007-02-25 12:38:59 0 d-------- C:\Program Files\Java
2007-02-22 06:08:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2007-02-20 16:39:55 0 d-------- C:\Program Files\STOPzilla!<STOPZI~1>
2007-02-18 09:30:30 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Roxio
2007-02-18 09:25:23 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Sonic
2007-02-14 09:15:28 0 d-------- C:\Program Files\Webroot
2007-02-14 09:13:04 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Webroot
2007-02-08 09:09:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-02-07 18:37:25 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-07 18:36:45 0 d-------- C:\Program Files\Common Files\Roxio Shared<ROXIOS~1>
2007-02-04 12:43:28 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\U3
2007-02-04 08:15:12 0 d-------- C:\Program Files\Yahoo!
2007-02-03 21:43:11 0 d-------- C:\Program Files\Family Tree Maker 2005<FAMILY~1>
2007-02-03 21:40:23 0 d-------- C:\Program Files\Sonic
2007-02-03 21:27:05 0 d-------- C:\Program Files\Common Files\Webroot Shared<WEBROO~1>
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 18:12:46 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech<LEADER~1>
2007-01-28 18:02:54 0 d-------- C:\Program Files\Common Files\Sonic
2007-01-28 14:28:31 0 d-------- C:\Program Files\Roxio
2007-01-17 17:28:30 117155 --a------ C:\WINDOWS\hpoins11.dat
2007-01-16 17:03:23 0 d-------- C:\Program Files\Common Files\Hewlett-Packard<HEWLET~1>
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-09 20:24:45 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\GTek
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-01-06 13:04:28 1156 --a------ C:\WINDOWS\checkip.dat
2007-01-06 08:27:45 1921 --a------ C:\WINDOWS\mozver.dat
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-06 22:14:51 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 05:36:04 156404 -----n--- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log<PATCHU~1.LOG>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="\"rundll32.exe\" ftutil2.dll,SetWriteCacheMode"
"RTHDCPL"="RTHDCPL.EXE"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"="kdfmw.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K]
Shell\AutoRun\command K:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d21312d-b479-11db-8c66-0018f34c71f5}]
Shell\AutoRun\command L:\PCConnect.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


-- End of ComboScan: finished at 2007-03-01 at 17:22:31 -------------------------



ComboScan v20070226.18 run by HP_Administrator on 2007-03-01 at 17:20:21
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 5200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 5200+
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 1982.48 MiB / 1413.74 MiB
Pagefile Memory (total/avail): 3875.3 MiB / 3375.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1989.18 MiB

C: is Fixed (NTFS) - 224.04 GiB total, 196.34 GiB free.
D: is Fixed (FAT32) - 8.82 GiB total, 0.56 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\PROGRA~1\COMMON~1\SONICS~1\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 67 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4302
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

HP_Administrator (admin)
Administrator (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> "C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
--> "C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
--> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /X{1359D6D8-B1F0-4335-AE79-49CD2AF8EA26}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DISCover --> "C:\Program Files\DISC\uninstall.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
Family Tree Maker 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}\Setup.exe" -l0x9
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft Away Mode -->
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 60 days trial --> c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (2.0.0.2) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_0_0_86\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Outlook Express Quick Backup --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Outlook Express Quick Backup\ST6UNST.LOG"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio MyDVD Premier 8 --> MsiExec.exe /I{8F0A7DCB-D605-4890-B842-D5480F3B9232}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD SlideShow --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Uniblue SpeedUpMyPC --> "C:\Program Files\Uniblue\SpeedUpMyPC\unins000.exe"
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"


-- End of ComboScan: finished at 2007-03-01 at 17:22:31 -------------------------

#12 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 02 March 2007 - 02:08 AM

• You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your Desktop and run it. Click Next, then Install.
Make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the Desktop loads, please post the text that will open (report.txt) and a new HijackThis log.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#13 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 02 March 2007 - 07:00 AM

Here is the Fixwareout txt file and a new Hijackthis log.

Thanks again for your continued suuport.


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdfmw.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdfmw.ren 63289 08/09/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="\"rundll32.exe\" ftutil2.dll,SetWriteCacheMode"
"RTHDCPL"="RTHDCPL.EXE"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPwuSchd2.exe\""
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"RoxWatchTray"="\"C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Window Washer"="\"C:\\Program Files\\Webroot\\Washer\\wwDisp.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»



Logfile of HijackThis v1.99.1
Scan saved at 5:57:18 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472851093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472837546
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

#14 waterfalls

waterfalls

    Malware Exorcist


  • Members
  • 621 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:02 AM

Posted 02 March 2007 - 01:45 PM

Hi there -

• We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
* Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
* Click on Tools, General Settings
* Under Real-time protection options, unselect the Turn on real-time protection check box
* Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

• Start HijackThis, click System Scan Only and place a checkmark next to the following item:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Close ALL browsers and open windows/programs except HijackThis and click 'Fix Checked'.

• Reboot your computer.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
• Download and scan with AVG Anti-Spyware v7.5
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the
AVG Anti-Spyware Full database installer from here.

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions?" button.

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
6. Exit AVG Anti-Spyware when done and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

• Post back with the AVG Anti-Spyware log and a new HijackThis log. Also, let me know how your computer is running now.
Take only memories, leave nothing but footprints.

Posted ImagePosted Image

#15 tstein27

tstein27
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 03 March 2007 - 10:02 AM

Here are the logs. The searches seem to be working properly in IE EXplorer now. The R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = seems to be back though. I don't know if this is a problem or not.

Anyway I think things are better now.

Thanks so much for all of your help.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:27:12 AM 3/3/2007

+ Scan result:



Nothing found.


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 8:48:35 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\RunOnce: [Index Washer] "C:\Program Files\Webroot\Washer\WashIdx.exe" "HP_Administrator"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472851093
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171472837546
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users