Post by: nunya53 on October 25, 2005, 08:18:47 PM
I have come across some nasty spyware lately. Most of it I have successfully removed following various tutorials posted here. Unfortunately, I still have one bit of annoying spyware. This spyware seems to tailor itself to the particular website I'm visiting. When I am here, I get pop-up ads for anti-virus and spyware programs, when I am on my university website, I get educational pop-ups, on MSN, I get search pop-ups, and so on....
My Hijackthis log follows. I appreciate all help.
Thanks,
Jerry
Logfile of HijackThis v1.99.1
Scan saved at 8:12:59 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/ (http://\"http://toshibadirect.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab (http://\"http://www.linksysfix.com/check/netset/install/gtdownls.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Post by: nunya53 on October 26, 2005, 06:50:34 AM
Post by: guestolo on October 26, 2005, 11:56:07 AM
But can you do the following, I just want to check on somthing
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
Open hijackthis
Do a SCAN and Save a Log file>>Save this log
Reboot back to Normal mode
Post the log from Safe mode
Could you also
Save Silent Runners.vbs (http://\"http://www.silentrunners.org/Silent%20Runners.vbs\") to your desktop and double click on it to run.
Don't click anything on the Yes or No prompt, it will continue to run
If prompted by your AV, please let this script run, we are just collecting information
This will create a text file on your desktop
Open the text file and copy and paste the contents back here
NOTE: let silentrunners completely finish, it should prompt when it is done
Post by: nunya53 on October 26, 2005, 07:16:56 PM
First, let me say a big THANK YOU for you taking the time to help. I normally read and try to figure problems out myself, but this one has me stumped.
Here is the HijackThis log from the SAFE mode:
Logfile of HijackThis v1.99.1
Scan saved at 7:07:58 PM, on 10/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Download\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search (http://\"http://www.toshiba.com/search\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/ (http://\"http://toshibadirect.com/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/ (http://\"http://toshibadirect.com/\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/ (http://\"http://toshibadirect.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab (http://\"http://www.linksysfix.com/check/netset/install/gtdownls.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
And here is the Silent Runner log after restarting in NORMAL mode:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/ (http://\"http://www.silentrunners.org/\")
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PhotoShow Deluxe Media Manager" = "C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [null data]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"tunebite.exe" = "C:\Program Files\tunebite\tunebite.exe" ["RapidSolution Software AG"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CeEKEY" = "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" ["COMPAL ELECTRONIC INC."]
"CeEPOWER" = "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" ["COMPAL ELECTRONIC INC."]
"TPNF" = "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" ["COMPAL ELECTRONIC INC."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"EzButton" = "C:\Program Files\EzButton\EzButton.EXE" ["Dritek System Inc."]
"PadTouch" = "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" ["TOSHIBA"]
"Notebook Maximizer" = "C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [null data]
"SM1BG" = "C:\WINDOWS\SM1BG.EXE" ["Cypress Semiconductor"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"USB Storage Toolbox" = "C:\Program Files\USBToolbox\Res.EXE" ["ali"]
"CloneCDElbyCDFL" = ""C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL" ["Elaborate Bytes"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"masqform.exe" = "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser" ["PureEdge Solutions Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}" = "CePMTab Property Sheet"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\CePMTab.dll" ["COMPAL ELECTRONIC INC."]
"{9ED66769-A198-41FE-8615-601691C68846}" = "TouchPad Property Sheet"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\TPprop.dll" ["COMPAL ELECTRONIC INC."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\background.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ss3dfo.scr" [MS]
Startup items in "user" & "All Users" startup folders:
------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer - user" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.toshiba.com
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Atheros Configuration Service, ACS, "C:\WINDOWS\system32\ACS.exe" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["C-Dilla Ltd"]
CeEPwrSvc, CeEPwrSvc, "C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe" ["COMPAL ELECTRONIC INC."]
ConfigFree Service, CFSvcs, "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]
DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\system32\DVDRAMSV.exe" ["Matsu[censored]a Electric Industrial Co., Ltd."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Swupdtmr, Swupdtmr, "c:\Toshiba\Ivp\Swupdate\swupdtmr.exe" [null data]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
SSGB1 Langmon\Driver = "Ssgb1mon.dll" ["Samsung Electronics."]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 52 seconds, including 18 seconds for message boxes)
Once again, thanks for your help.
Jerry
Post by: guestolo on October 26, 2005, 09:37:48 PM
Is your popup blocker enabled in Internet Explorer?
In IE>>Popup blocker
Turn on popupblocker if turned off
I want to check something else
these should be disabled, but let's take a look
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Messenger
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for Alerter
Download and run BlackLight:
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml (http://\"http://www.f-secure.com/blacklight/try.shtml\")
leave [X]scan through windows explorer checked,
click > scan then > next,
If any items show have BlackLight rename them except for wbemtest.exe"
Do not rename "wbemtest.exe"; it's a windows file
The tool will ask if you want to reboot (restart) choose yes.
After you have rebooted post back with BlackLight's log
Post by: nunya53 on October 26, 2005, 10:20:05 PM
First, let me say THANKS for your time and effort, Guestolo.
The IE pop-up blocker IS turned on.
When running services.msc:
messenger is stopped and disabled...
alerter was running and enabled, I stopped it and disabled it...
Blacklight (beta) must have changed because it didn't look like you described...
I ran the program and there were two programs with a different icon as the very first two in the list...I renamed them...if nothing else I can reload my computer, not that I want to but I have everything backed up...just time-consuming. I rebooted the computer and didn't see a log anywhere and reran the program to look for a log option but couldn't find one. Coincidently, I opened another window to my university website and got pop-ups while typing this.
I appreciate your help, but I am at a loss...maybe this is something new and my trials can help those in the future.
As background, all my problems started about a week ago when I was watching the World Series of Poker on ESPNHD and poked around on partypoker.net. I am an experience computer use, and know what to avoid on the internet to prevent being infected...well, apparently not!
Thanks, Guestolo....
Jerry
BTW...some of the pop-ups have a disclaimer link at the botton <more info> that state the pop-up is not necessarily from the website owner and could be from a competitor, which make me think GATOR or the other one I can't remember the name of...
Post by: nunya53 on October 26, 2005, 10:37:10 PM
Jerry
or not...it didn't seem to attach.
Post by: guestolo on October 26, 2005, 10:49:53 PM
Post by: nunya53 on October 26, 2005, 11:09:25 PM
I am going out of town tomorrow for four days...will be back Sunday afternoon...will check back here then.
Thanks for everyone's help.
Jerry
Post by: guestolo on October 26, 2005, 11:21:52 PM
I wouldn't be without these, I want to see if it helps
Both of these don't run in the background
You'll read more from my links
Download and Install
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
Restart the computer when your done
Back in Windows, startup may be a bit slower as we cleaned your prefetch folder
It will increase next startup
Let me know if the popups remain
EDIT>>Can I also see the following when you have done the above
Open Hijackthis>>Open Misc tools section>>Open Hosts file manager
Click the "Open in Notepad" button
A text file will open, copy and paste back here the Whole contents please
Also, I want to check on something else
Download L2mfix from here
http://www.atribune.org/downloads/l2mfix.exe (http://\"http://www.atribune.org/downloads/l2mfix.exe\")
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
[color=\"red\"]IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so![/color]
Post by: nunya53 on October 27, 2005, 07:55:16 AM
I only have a few minutes because I am bugging out of town here in few minutes. I only had time to download and install spyblaster 3.4 and run the Windows Cleanup 4.0. I will run the rest of the stuff for you and post back here Sunday afternoon.
Jerry
Post by: nunya53 on November 05, 2005, 01:42:07 PM
After running the Spywareblaster 3.4 and the Cleanup! 4.0, I still get popups, but not nearly as many and not as consistently. The popups I do get are more infrequent and sporadic.
Here is the Hijackthis! Hosts File Manager log:
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
And here is the L2mfix option 1 logfile:
L2MFIX find log 1.04a
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}"="CePMTab Property Sheet"
"{9ED66769-A198-41FE-8615-601691C68846}"="TouchPad Property Sheet"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
bho.dll Sat Oct 8 2005 4:21:48p A.... 172,032 168.00 K
browseui.dll Fri Sep 2 2005 5:52:04p A.... 1,019,904 996.00 K
cdfview.dll Fri Sep 2 2005 5:52:04p A.... 151,040 147.50 K
cdosys.dll Fri Sep 9 2005 7:53:42p A.... 2,067,968 1.97 M
danim.dll Fri Sep 2 2005 5:52:04p A.... 1,053,696 1.00 M
dxtrans.dll Fri Sep 2 2005 5:52:04p A.... 205,312 200.50 K
extmgr.dll Fri Sep 2 2005 5:52:04p A.... 55,808 54.50 K
iepeers.dll Fri Sep 2 2005 5:52:04p A.... 251,392 245.50 K
inseng.dll Fri Sep 2 2005 5:52:04p A.... 96,256 94.00 K
linkinfo.dll Wed Aug 31 2005 7:41:54p A.... 19,968 19.50 K
mshtml.dll Tue Oct 4 2005 4:26:00p A.... 3,015,168 2.88 M
mshtmled.dll Fri Sep 2 2005 5:52:06p A.... 448,512 438.00 K
msrating.dll Fri Sep 2 2005 5:52:06p A.... 146,432 143.00 K
mstime.dll Fri Sep 2 2005 5:52:06p A.... 530,432 518.00 K
msvcp71.dll Wed Aug 31 2005 6:44:24a A.... 503,808 492.00 K
msvcr71.dll Wed Aug 31 2005 6:44:24a A.... 348,160 340.00 K
netman.dll Mon Aug 22 2005 12:29:46p A.... 197,632 193.00 K
odperfos.dll Wed Oct 19 2005 4:14:42p A.... 45,056 44.00 K
pngfilt.dll Fri Sep 2 2005 5:52:06p A.... 39,424 38.50 K
pxsfs.dll Wed Aug 31 2005 6:44:40a ..... 1,093,632 1.04 M
quartz.dll Mon Aug 29 2005 9:54:26p A.... 1,287,168 1.23 M
shdocvw.dll Fri Sep 2 2005 5:52:06p A.... 1,483,776 1.41 M
shell32.dll Thu Sep 22 2005 9:05:30p A.... 8,450,560 8.06 M
shlwapi.dll Fri Sep 2 2005 5:52:06p A.... 473,600 462.50 K
umpnpmgr.dll Mon Aug 22 2005 9:35:42p A.... 123,392 120.50 K
urlmon.dll Fri Sep 2 2005 5:52:06p A.... 608,768 594.50 K
vb40032.dll Mon Oct 24 2005 4:20:06p A.... 722,192 705.27 K
vb5db.dll Mon Oct 24 2005 4:20:06p A.... 89,360 87.27 K
wininet.dll Fri Sep 2 2005 5:52:06p A.... 658,432 643.00 K
winsrv.dll Wed Aug 31 2005 7:41:54p A.... 291,840 285.00 K
30 items found: 30 files, 0 directories.
Total of file sizes: 25,650,720 bytes 24.46 M
Locate .tmp files:
No matches found.
********************************************************************************
**
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 6C40-871F
Directory of C:\WINDOWS\System32
10/20/2005 04:54 PM <DIR> dllcache
08/09/2004 06:12 PM <DIR> Microsoft
0 File(s) 0 bytes
2 Dir(s) 36,565,336,064 bytes free
Thanks for the help.
Jerry
Post by: guestolo on November 05, 2005, 04:20:47 PM
Please download WebRoot's SpySweeper (http://\"http://www.webroot.com/downloads/\") (It's a 2 week trial):
* Click the Free Trial link under to "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the SweepOptions tab.
* Under What to Sweep please put a check next to the following:
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
[/list] Please UNCHECK Do not Sweep System Restore Folder.
* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Post by: nunya53 on November 06, 2005, 11:02:07 PM
In any case, it looks good so far, but I will keep you posted. Thanks for all of your help.
Jerry
Here is the SpySweeper log.
********
6:38 PM: | Start of Session, Saturday, November 05, 2005 |
6:38 PM: Spy Sweeper started
6:38 PM: Sweep initiated using definitions version 567
6:38 PM: Starting Memory Sweep
6:40 PM: Memory Sweep Complete, Elapsed Time: 00:02:38
6:40 PM: Starting Registry Sweep
6:41 PM: Found Adware: quicklink search toolbar
6:41 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quick links\ (2 subtraces) (ID = 359457)
6:41 PM: Found Adware: ezula ilookup
6:41 PM: HKLM\software\microsoft\webext\ (30 subtraces) (ID = 828947)
6:41 PM: Found Adware: cws-aboutblank
6:41 PM: HKU\S-1-5-21-775847664-4091230895-862719317-1006\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
6:41 PM: HKU\S-1-5-21-775847664-4091230895-862719317-1006\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
6:41 PM: HKU\S-1-5-21-775847664-4091230895-862719317-1006\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
6:41 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
6:41 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
6:41 PM: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
6:41 PM: Registry Sweep Complete, Elapsed Time:00:00:25
6:41 PM: Starting Cookie Sweep
6:41 PM: Found Spy Cookie: reliablestats cookie
6:41 PM: [email protected][2].txt (ID = 3254)
6:41 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:41 PM: Starting File Sweep
6:41 PM: Found Adware: dealhelper
6:41 PM: a0098271.exe (ID = 57643)
6:41 PM: a0098269.exe (ID = 125700)
6:41 PM: Found Adware: internetoptimizer
6:41 PM: a0088947.exe (ID = 122872)
6:41 PM: Found Adware: ist yoursitebar
6:41 PM: a0091020.exe (ID = 131738)
6:42 PM: Found Adware: surf accuracy
6:42 PM: a0095676.cfg (ID = 162775)
6:42 PM: a0095683.exe (ID = 122872)
6:42 PM: Found Adware: powerscan
6:42 PM: a0088917.exe (ID = 72675)
6:42 PM: a0095669.exe (ID = 57643)
6:42 PM: a0089059.dll (ID = 153756)
6:43 PM: a0095671.exe (ID = 72675)
6:43 PM: a0096715.exe (ID = 122872)
6:43 PM: a0088933.exe (ID = 131738)
6:43 PM: a0088934.exe (ID = 131722)
6:43 PM: a0095667.exe (ID = 73428)
6:43 PM: a0096720.exe (ID = 72675)
6:44 PM: a0095666.exe (ID = 131326)
6:44 PM: a0098577.exe (ID = 163218)
6:44 PM: a0088912.cfg (ID = 115677)
6:45 PM: a0096724.dll (ID = 153756)
6:45 PM: a0098578.exe (ID = 163218)
6:45 PM: a0098270.dll (ID = 57618)
6:46 PM: a0095339.exe (ID = 131738)
6:46 PM: a0088926.dll (ID = 144079)
6:47 PM: ycznrzu2.xml (ID = 57651)
6:47 PM: ycznrzu3.xml (ID = 57652)
6:48 PM: a0095567.dll (ID = 166574)
6:48 PM: a0095700.exe (ID = 131326)
6:48 PM: a0097258.exe (ID = 131326)
6:48 PM: a0095701.exe (ID = 73428)
6:48 PM: a0096728.exe (ID = 73428)
6:48 PM: Found Adware: apropos
6:48 PM: wingenerics.dll (ID = 50187)
6:49 PM: a0095698.exe (ID = 131738)
6:49 PM: a0096726.cfg (ID = 162775)
6:49 PM: a0096725.exe (ID = 180326)
6:49 PM: ycznrzk.xml (ID = 57646)
6:49 PM: ycznrzk1.xml (ID = 57647)
6:49 PM: ycznrzk2.xml (ID = 57648)
6:49 PM: ycznrzu1.xml (ID = 57650)
6:49 PM: a0095699.dll (ID = 153756)
6:49 PM: bho.dll (ID = 167068)
6:49 PM: ycznrzu.xml (ID = 57649)
6:50 PM: mp3.exe (ID = 131722)
6:50 PM: a0091021.exe (ID = 131722)
6:51 PM: ysbactivex.inf (ID = 91034)
6:51 PM: newycznrztime.xml (ID = 163168)
6:51 PM: ycznrzdk.xml (ID = 57645)
6:51 PM: Found System Monitor: potentially rootkit-masked files
6:51 PM: 00006df1_435d64ae_000aba95 (ID = 0)
6:51 PM: 00003807_435ef772_00031975 (ID = 0)
6:51 PM: 000039b3_4360cdb2_000632ea (ID = 0)
6:51 PM: 00007ff5_435d81d7_00040d99 (ID = 0)
6:51 PM: 000041bb_4360ccb0_0002625a (ID = 0)
6:51 PM: 00005db2_436ce70c_00022551 (ID = 0)
6:51 PM: 0000153c_435bf32a_000501bd (ID = 0)
6:51 PM: 00006784_4360c9e2_0000b71b (ID = 0)
6:51 PM: 00000120_436041e6_0001e848 (ID = 0)
6:51 PM: 00000902_435ec73c_00031975 (ID = 0)
6:51 PM: 00002cd6_435d934f_000a7d8c (ID = 0)
6:51 PM: 00005d2b_436d23e3_000b34a7 (ID = 0)
6:51 PM: 00006e5d_43603963_00040d99 (ID = 0)
6:51 PM: 0000409d_436d02d7_0008d24d (ID = 0)
6:51 PM: 00001316_436d1881_000dd40a (ID = 0)
6:51 PM: 000066bb_4360ce5f_00000000 (ID = 0)
6:51 PM: 00006784_435d6583_000a4083 (ID = 0)
6:51 PM: 0000773b_435ef772_000af79e (ID = 0)
6:51 PM: 000020a8_436d2193_0003567e (ID = 0)
6:51 PM: 00005878_435d8922_000af79e (ID = 0)
6:51 PM: 00001f16_435eec35_000a037a (ID = 0)
6:51 PM: 00002d12_4360cdb2_000b71b0 (ID = 0)
6:51 PM: 00002350_435d825d_00057bcf (ID = 0)
6:51 PM: 0000153c_43582255_0007a120 (ID = 0)
6:51 PM: 00000633_435ef772_000ca2dd (ID = 0)
6:51 PM: 000041bb_436002db_00066ff3 (ID = 0)
6:51 PM: 00002cd6_435ea4bd_000a4083 (ID = 0)
6:51 PM: 00004cff_436d227a_0007270e (ID = 0)
6:51 PM: 00006d4e_436d1e05_00094c5f (ID = 0)
6:51 PM: 000026ca_435d8cdc_000d59f8 (ID = 0)
6:51 PM: 00007f61_435ef70c_00098968 (ID = 0)
6:51 PM: 00005af1_435d93ab_000d59f8 (ID = 0)
6:51 PM: 00007282_435ef7a3_000501bd (ID = 0)
6:51 PM: 00002ea6_4360ccb0_00081b32 (ID = 0)
6:51 PM: 000039ce_435ef7c9_00089544 (ID = 0)
6:51 PM: 00001547_436cfd04_000dd40a (ID = 0)
6:52 PM: 00004e45_43603eaf_0006acfc (ID = 0)
6:52 PM: 0000074d_4360ce39_00094c5f (ID = 0)
6:52 PM: 00004944_435ef27b_000e1113 (ID = 0)
6:52 PM: 00007049_43604eb7_0007270e (ID = 0)
6:52 PM: 000072ae_435ea533_0006acfc (ID = 0)
6:52 PM: 00004823_435d9308_000ec82e (ID = 0)
6:52 PM: 00004080_435ed725_00066ff3 (ID = 0)
6:52 PM: 00006784_435d5d58_000487ab (ID = 0)
6:52 PM: 000072ae_435d936a_000ca2dd (ID = 0)
6:52 PM: 00007f61_435ee8b1_0001312d (ID = 0)
6:52 PM: 00004944_435d89c4_0007a120 (ID = 0)
6:52 PM: 00005f90_435f6c99_0001e848 (ID = 0)
6:52 PM: 00000c15_435ee909_0001312d (ID = 0)
6:52 PM: 000033ea_436ce71b_00022551 (ID = 0)
6:52 PM: 00000e12_435ef52a_000c65d4 (ID = 0)
6:52 PM: 000041bb_435d93ba_000a037a (ID = 0)
6:52 PM: 0000251f_435ef7a3_0008583b (ID = 0)
6:52 PM: 00005db2_435ed726_00053ec6 (ID = 0)
6:52 PM: 00004dc8_4360ce3a_0003d090 (ID = 0)
6:52 PM: 00003a61_435ed778_00098968 (ID = 0)
6:52 PM: 00003a8d_435ee8b1_00029f63 (ID = 0)
6:52 PM: 000033ea_435ed726_0005b8d8 (ID = 0)
6:52 PM: 00001d18_435ef7a3_000ec82e (ID = 0)
6:52 PM: 00006d22_435edd45_000c65d4 (ID = 0)
6:52 PM: 0000249e_436d0db3_0005b8d8 (ID = 0)
6:52 PM: 000011f4_435edc92_000b34a7 (ID = 0)
6:52 PM: 000022cd_435ed778_000aba95 (ID = 0)
6:52 PM: 0000305e_436ccca5_000f0537 (ID = 0)
6:52 PM: 000023c9_435ed726_0008583b (ID = 0)
6:52 PM: 00006443_4360ce3a_0005b8d8 (ID = 0)
6:52 PM: 00001e1f_435d6af8_0002625a (ID = 0)
6:52 PM: 000018d7_435ed97c_00016e36 (ID = 0)
6:52 PM: 00005f90_435eb077_000d9701 (ID = 0)
6:52 PM: 0000113e_436d1ed7_00098968 (ID = 0)
6:52 PM: 000012db_435ea830_000d59f8 (ID = 0)
6:52 PM: 00007a5a_43602cce_00039387 (ID = 0)
6:52 PM: 00004823_436cc27a_00031975 (ID = 0)
6:52 PM: 00002cd6_436c0f14_00094c5f (ID = 0)
6:52 PM: 000023c9_436ce71f_00081b32 (ID = 0)
6:52 PM: 0000366b_435d8ae3_00076417 (ID = 0)
6:52 PM: 00001238_436cfe66_0001e848 (ID = 0)
6:52 PM: 00004b40_435d8920_0002625a (ID = 0)
6:52 PM: 00005dd5_435edc92_000c28cb (ID = 0)
6:52 PM: 00004ae1_435d6429_00094c5f (ID = 0)
6:52 PM: 00005753_435ed729_0008d24d (ID = 0)
6:52 PM: 0000074d_435d6893_000b34a7 (ID = 0)
6:52 PM: 00007dd1_435ed798_0001ab3f (ID = 0)
6:53 PM: 000060bf_435ed72a_0000f424 (ID = 0)
6:53 PM: 00000029_436d40bb_0001ab3f (ID = 0)
6:53 PM: 000049d0_436d22dd_000dd40a (ID = 0)
6:53 PM: 00002462_436d1edb_000487ab (ID = 0)
6:53 PM: 00004823_435821bc_0006ea05 (ID = 0)
6:53 PM: 000026a6_4360cf2f_00000000 (ID = 0)
6:53 PM: 000054de_436cfd05_000c65d4 (ID = 0)
6:53 PM: 0000701f_4360cf2f_00016e36 (ID = 0)
6:53 PM: 00005d24_436d18aa_000e8b25 (ID = 0)
6:53 PM: 000012e1_435ec718_0003d090 (ID = 0)
6:53 PM: 0000638c_436d23eb_000a7d8c (ID = 0)
6:53 PM: 000064a0_436d227a_0008d24d (ID = 0)
6:53 PM: 000012e1_436d02d7_000e1113 (ID = 0)
6:53 PM: 000039b3_436cfd05_000d9701 (ID = 0)
6:53 PM: 000012db_4360cd7e_000c65d4 (ID = 0)
6:53 PM: 00006e5d_436cfe96_0007a120 (ID = 0)
6:53 PM: 00004db7_4360493b_0001312d (ID = 0)
6:53 PM: 00000fbf_436d076f_000632ea (ID = 0)
6:53 PM: 0000153c_4360cd7e_000d59f8 (ID = 0)
6:53 PM: 00004d06_435822a3_0001e848 (ID = 0)
6:53 PM: 0000390c_43582256_0002dc6c (ID = 0)
6:53 PM: 0000390c_4360cd86_000f0537 (ID = 0)
6:53 PM: 00006952_435ea56d_000b34a7 (ID = 0)
6:53 PM: 00007e87_4360cd7f_00053ec6 (ID = 0)
6:53 PM: 00005d03_436cfe00_000a037a (ID = 0)
6:53 PM: 00000f3e_43582261_000c65d4 (ID = 0)
6:53 PM: 00005d03_4360cf32_00016e36 (ID = 0)
6:53 PM: 000013d3_436d196e_000c28cb (ID = 0)
6:53 PM: 00003c61_436d07b2_00076417 (ID = 0)
6:53 PM: 00000f3e_4360cd87_000b71b0 (ID = 0)
6:53 PM: 00000099_435f6d40_00094c5f (ID = 0)
6:53 PM: 00001ad4_435d81ce_000d9701 (ID = 0)
6:53 PM: 00000099_4360cd87_000c28cb (ID = 0)
6:53 PM: 00000124_4360cd88_0001ab3f (ID = 0)
6:53 PM: 000066bb_43602b22_000ec82e (ID = 0)
6:53 PM: 00004eae_436d1897_00094c5f (ID = 0)
6:53 PM: 00007a5a_4360cf32_0003567e (ID = 0)
6:53 PM: 00004db7_435bf403_0008583b (ID = 0)
6:53 PM: 0000153c_43581557_000d59f8 (ID = 0)
6:53 PM: 0000767d_4360cf32_0008583b (ID = 0)
6:53 PM: 00005039_435eda1b_000632ea (ID = 0)
6:53 PM: 0000305e_4360cd8a_000d1cef (ID = 0)
6:53 PM: 0000323b_43603eaf_0006ea05 (ID = 0)
6:53 PM: 00000bb3_435ea7c8_0001ab3f (ID = 0)
6:53 PM: 0000440d_435ea8d2_000cdfe6 (ID = 0)
6:53 PM: 000018be_435d930f_00057bcf (ID = 0)
6:53 PM: 00005a9c_436d1e30_000baeb9 (ID = 0)
6:53 PM: 0000440d_4360cd8a_000dd40a (ID = 0)
6:53 PM: 00004e45_43604b8a_0006acfc (ID = 0)
6:53 PM: 0000428b_435bf474_000aba95 (ID = 0)
6:53 PM: 0000692c_435d8e04_000b34a7 (ID = 0)
6:54 PM: 00004509_4360cf34_000ca2dd (ID = 0)
6:54 PM: 00005af1_43604769_000e8b25 (ID = 0)
6:54 PM: 0000261e_435ed798_0007a120 (ID = 0)
6:54 PM: 000026a6_435d68e5_00044aa2 (ID = 0)
6:54 PM: 0000491c_4360cd9b_000b34a7 (ID = 0)
6:54 PM: 00005772_435ecd50_0000f424 (ID = 0)
6:54 PM: 000058b0_435d8b75_00089544 (ID = 0)
6:54 PM: 000018be_435bf287_0001ab3f (ID = 0)
6:54 PM: 00007fbe_435ee8bd_0004c4b4 (ID = 0)
6:54 PM: 000026a6_43602b23_0001ab3f (ID = 0)
6:54 PM: 0000767d_43602cce_00044aa2 (ID = 0)
6:54 PM: 00004ae1_4360c9e2_000c28cb (ID = 0)
6:54 PM: 00006c69_4358196d_0002dc6c (ID = 0)
6:54 PM: 000073da_436d060e_0002dc6c (ID = 0)
6:54 PM: 00004230_4360183a_00098968 (ID = 0)
6:54 PM: 00000588_436d18bc_00094c5f (ID = 0)
6:54 PM: 00000e12_436d0d75_000e8b25 (ID = 0)
6:54 PM: 00005f90_436cc29e_000d1cef (ID = 0)
6:54 PM: 00002d12_436cfd0c_000632ea (ID = 0)
6:54 PM: 00000fc9_436d0d65_00053ec6 (ID = 0)
6:54 PM: 0000798b_436d02d7_000f0537 (ID = 0)
6:54 PM: 00000f3e_43601ff0_00090f56 (ID = 0)
6:54 PM: 00001238_4360cf34_000d1cef (ID = 0)
6:54 PM: 00004d06_4360cd9b_000dd40a (ID = 0)
6:54 PM: 00007f96_4360396e_000bebc2 (ID = 0)
6:54 PM: 0000288f_4358196d_000b71b0 (ID = 0)
6:54 PM: 0000542c_436d0d39_0008d24d (ID = 0)
6:54 PM: 00004db7_4360cda3_000b71b0 (ID = 0)
6:54 PM: 00001547_4360cda3_000f0537 (ID = 0)
6:54 PM: 00007eb7_4360183a_000d59f8 (ID = 0)
6:54 PM: 00003b25_4360cf3c_000c28cb (ID = 0)
6:54 PM: 000054de_4360cda4_0000f424 (ID = 0)
6:54 PM: 00000f3e_435ea879_000d59f8 (ID = 0)
6:54 PM: 00004823_43600242_000cdfe6 (ID = 0)
6:54 PM: 00001e1f_4360cf3d_00057bcf (ID = 0)
6:54 PM: 000039b3_436049a5_00053ec6 (ID = 0)
6:54 PM: 000018be_43600242_000f0537 (ID = 0)
6:54 PM: 00007ff5_4360396e_000e4e1c (ID = 0)
6:54 PM: 00006784_43600243_00094c5f (ID = 0)
6:54 PM: 00006e5d_4360cf3d_000632ea (ID = 0)
6:54 PM: 0000491c_435bf18e_000bebc2 (ID = 0)
6:54 PM: 00004ae1_43600249_00053ec6 (ID = 0)
6:54 PM: 00007f4f_435819d1_0008583b (ID = 0)
6:54 PM: 0000153c_43601d4a_00003d09 (ID = 0)
6:54 PM: 00000384_435819b7_00053ec6 (ID = 0)
6:54 PM: 000041bb_4360476a_00031975 (ID = 0)
6:54 PM: 00006032_4360183b_000632ea (ID = 0)
6:54 PM: 00003d6c_4360024a_0001e848 (ID = 0)
6:54 PM: 000001eb_435bf166_00066ff3 (ID = 0)
6:54 PM: 00000120_436cff50_000cdfe6 (ID = 0)
6:54 PM: 000026ca_435ec720_00022551 (ID = 0)
6:54 PM: 00002cd6_4360024a_00053ec6 (ID = 0)
6:54 PM: 000063cb_436ce397_0007270e (ID = 0)
6:54 PM: 00001ad4_4360cf4e_00003d09 (ID = 0)
6:54 PM: 0000314f_43604cba_000dd40a (ID = 0)
6:54 PM: 00005f90_4360ca4d_000ec82e (ID = 0)
6:54 PM: 000072ae_4360024a_0007270e (ID = 0)
6:55 PM: 000063cb_4360cf4e_0002625a (ID = 0)
6:55 PM: 00000029_4360c9bf_0009c671 (ID = 0)
6:55 PM: 00000588_435eeee7_0006acfc (ID = 0)
6:55 PM: 00005f49_4358255b_0001e848 (ID = 0)
6:55 PM: 00004823_4360c9bf_000c28cb (ID = 0)
6:55 PM: 00002c3b_4360184d_000d9701 (ID = 0)
6:55 PM: 00001649_4360ca51_000632ea (ID = 0)
6:55 PM: 00000bb3_4358154b_00057bcf (ID = 0)
6:55 PM: 000022ee_435ef249_000e4e1c (ID = 0)
6:55 PM: 0000759a_43604210_000f0537 (ID = 0)
6:55 PM: 0000798b_436ce60a_0006acfc (ID = 0)
6:55 PM: 00002c3b_43581831_00089544 (ID = 0)
6:55 PM: 00007514_436d1fd4_00000000 (ID = 0)
6:55 PM: 000015a1_4360184e_0009c671 (ID = 0)
6:55 PM: 00003699_436d06a9_000a4083 (ID = 0)
6:55 PM: 000001eb_436002de_00089544 (ID = 0)
6:55 PM: 000018be_4360c9c0_00094c5f (ID = 0)
6:55 PM: 000063cb_435ef171_000e1113 (ID = 0)
6:55 PM: 00006df1_4360ca53_000e8b25 (ID = 0)
6:55 PM: 00007bb9_435ec782_00039387 (ID = 0)
6:55 PM: 00006952_435eefdf_0006ea05 (ID = 0)
6:55 PM: 0000542c_435eda1b_000a037a (ID = 0)
6:55 PM: 00006952_4360024e_0002dc6c (ID = 0)
6:55 PM: 0000123b_436d22de_00003d09 (ID = 0)
6:55 PM: 00005422_4360184e_000a7d8c (ID = 0)
6:55 PM: 00003d6c_4360c9e3_00000000 (ID = 0)
6:55 PM: 00004823_436cfaff_000a7d8c (ID = 0)
6:55 PM: 0000074d_436cfd0c_0007a120 (ID = 0)
6:55 PM: 00005e9d_435ed7a4_000dd40a (ID = 0)
6:55 PM: 0000759a_436cff68_00022551 (ID = 0)
6:55 PM: 00002d12_436049a5_0006acfc (ID = 0)
6:55 PM: 00003699_435818ab_0008d24d (ID = 0)
6:55 PM: 00003ef6_4360184e_000b71b0 (ID = 0)
6:55 PM: 00005f90_4360024e_000f0537 (ID = 0)
6:55 PM: 00002213_43603eaf_000c65d4 (ID = 0)
6:55 PM: 00002cd6_4360c9e3_00029f63 (ID = 0)
6:55 PM: 00004ae1_435ea478_0001312d (ID = 0)
6:55 PM: 00006270_435ef7ba_00094c5f (ID = 0)
6:55 PM: 00004e45_435ef1af_0008d24d (ID = 0)
6:55 PM: 00007eb7_43581811_00090f56 (ID = 0)
6:55 PM: 00000ddc_435ef26a_000baeb9 (ID = 0)
6:55 PM: 00001649_4360024f_00007a12 (ID = 0)
6:55 PM: 0000759a_435ef241_00094c5f (ID = 0)
6:55 PM: 00001bd9_436d1e3b_0001312d (ID = 0)
6:55 PM: 0000323b_435ef1b9_00098968 (ID = 0)
6:55 PM: 00001c75_436d22de_0008583b (ID = 0)
6:55 PM: 000072ae_43604576_0001312d (ID = 0)
6:55 PM: 000072ae_4360c9eb_0005f5e1 (ID = 0)
6:55 PM: 000027da_436d1ec5_000a7d8c (ID = 0)
6:55 PM: 000026e9_4360476a_0008583b (ID = 0)
6:55 PM: 00006952_43604576_0003d090 (ID = 0)
6:55 PM: 00005f90_43604584_00098968 (ID = 0)
6:55 PM: 00006952_4360c9eb_0008d24d (ID = 0)
6:55 PM: 00005af1_4360ca56_00066ff3 (ID = 0)
6:55 PM: 00006d69_435ef7ec_000b34a7 (ID = 0)
6:55 PM: 00003a8d_436d16b2_00040d99 (ID = 0)
6:55 PM: 0000368e_4360531e_000c28cb (ID = 0)
6:55 PM: 0000759a_435eb311_00090f56 (ID = 0)
6:55 PM: 00006bfc_435eb229_000b34a7 (ID = 0)
6:56 PM: 00002f14_436052ee_00039387 (ID = 0)
6:56 PM: 00006ad6_436052ee_0005f5e1 (ID = 0)
6:56 PM: 000058b0_436d063e_000af79e (ID = 0)
6:56 PM: 0000323b_43604b8b_00007a12 (ID = 0)
6:56 PM: 00001649_43604585_00016e36 (ID = 0)
6:56 PM: 0000047e_436052f9_0000f424 (ID = 0)
6:56 PM: 00006df1_43600260_00053ec6 (ID = 0)
6:56 PM: 00002350_43604236_000a037a (ID = 0)
6:56 PM: 0000422d_436052f9_000a4083 (ID = 0)
6:56 PM: 00005af1_43600260_000632ea (ID = 0)
6:56 PM: 0000139d_435ecd55_000baeb9 (ID = 0)
6:56 PM: 00000822_43601859_00098968 (ID = 0)
6:56 PM: 000001eb_435bf2ee_00090f56 (ID = 0)
6:56 PM: 00006ad4_435edc92_000ca2dd (ID = 0)
6:56 PM: 000054dc_436052f9_000c28cb (ID = 0)
6:56 PM: 00006bfc_4360cf59_000632ea (ID = 0)
6:56 PM: 000026a6_436ce2b0_000ec82e (ID = 0)
6:56 PM: 00000d66_4360531f_00022551 (ID = 0)
6:56 PM: 00007983_4360531f_0002dc6c (ID = 0)
6:56 PM: 00007f96_4360cf59_0007a120 (ID = 0)
6:56 PM: 00007ff5_4360cf59_00089544 (ID = 0)
6:56 PM: 0000489c_435ed7a5_0004c4b4 (ID = 0)
6:56 PM: 00001850_435ef708_00022551 (ID = 0)
6:56 PM: 000054de_435ef0ec_0008d24d (ID = 0)
6:56 PM: 00000732_43581635_000aba95 (ID = 0)
6:56 PM: 00002f14_435ed72d_000487ab (ID = 0)
6:56 PM: 00002b00_435ef708_000632ea (ID = 0)
6:56 PM: 00005991_43601859_000cdfe6 (ID = 0)
6:56 PM: 00006a15_435ef7ed_00044aa2 (ID = 0)
6:56 PM: 000016d4_435ef708_0007de29 (ID = 0)
6:56 PM: 000001eb_43601d17_0000f424 (ID = 0)
6:56 PM: 00007a5a_435ef13a_00098968 (ID = 0)
6:56 PM: 0000549b_436d1e6e_000a037a (ID = 0)
6:56 PM: 00000099_43601ff0_000d9701 (ID = 0)
6:56 PM: 000026a6_435bf220_000d1cef (ID = 0)
6:56 PM: 00006bfc_435ef1a0_00057bcf (ID = 0)
6:56 PM: 00003d6c_435ea48d_000e1113 (ID = 0)
6:56 PM: 00004509_43604ab5_00081b32 (ID = 0)
6:56 PM: 00004ff8_435ef7ed_00057bcf (ID = 0)
6:56 PM: 00000728_436d1dc1_000a4083 (ID = 0)
6:56 PM: 00000124_43601ff0_000dd40a (ID = 0)
6:56 PM: 00003a8d_435ef70c_000ec82e (ID = 0)
6:56 PM: 00005d03_43582352_0006ea05 (ID = 0)
6:56 PM: 00004d06_4360203f_0008583b (ID = 0)
6:56 PM: 00002cd6_4360cc72_00031975 (ID = 0)
6:56 PM: 00007fbe_435ef70d_0001ab3f (ID = 0)
6:57 PM: 00000c7b_435ef70d_0002625a (ID = 0)
6:57 PM: 000033ea_435d8e6f_000dd40a (ID = 0)
6:57 PM: 00003492_435ef7ba_000e1113 (ID = 0)
6:57 PM: 00001238_43604ab5_00090f56 (ID = 0)
6:57 PM: 00002213_43604b8b_00016e36 (ID = 0)
6:57 PM: 00006b89_43604ba4_0006ea05 (ID = 0)
6:57 PM: 0000074d_436049ce_00016e36 (ID = 0)
6:57 PM: 00005c67_435ed72b_0001ab3f (ID = 0)
6:57 PM: 000001eb_4360478e_000c65d4 (ID = 0)
6:57 PM: 00001af4_435edd46_0000f424 (ID = 0)
6:57 PM: 0000701f_435bf225_00066ff3 (ID = 0)
6:57 PM: 00003cd6_435ed72b_0003d090 (ID = 0)
6:57 PM: 00004dc8_436049ce_0001e848 (ID = 0)
6:57 PM: 00000fbf_435ed72b_00094c5f (ID = 0)
6:57 PM: 00000732_436041af_0004c4b4 (ID = 0)
6:57 PM: 000054de_435f6d5f_00007a12 (ID = 0)
6:57 PM: 000063cb_43604b6b_00053ec6 (ID = 0)
6:57 PM: 0000305e_43604931_00090f56 (ID = 0)
6:57 PM: 00005d03_4358158a_00089544 (ID = 0)
6:57 PM: 00001649_4360cc75_0003567e (ID = 0)
6:57 PM: 00007eb7_43604d0f_00076417 (ID = 0)
6:57 PM: 00004e45_4360cf5d_00016e36 (ID = 0)
6:57 PM: 0000030a_43604ba4_00076417 (ID = 0)
6:57 PM: 0000440d_43604931_000a7d8c (ID = 0)
6:57 PM: 0000791b_436d2019_00098968 (ID = 0)
6:57 PM: 00002ea6_4360ca9e_00089544 (ID = 0)
6:57 PM: 00005af1_4360cc8d_000dd40a (ID = 0)
6:57 PM: 00001916_435ed7a5_00098968 (ID = 0)
6:57 PM: 00007a36_436d206d_000632ea (ID = 0)
6:57 PM: 00003106_436d22e3_0002dc6c (ID = 0)
6:57 PM: 00004dc8_435bf44d_00039387 (ID = 0)
6:57 PM: 00004a80_43604eb9_000dd40a (ID = 0)
6:57 PM: 0000260d_43600529_000632ea (ID = 0)
6:57 PM: 00000120_43581637_0007de29 (ID = 0)
6:57 PM: 0000491c_43604934_0003567e (ID = 0)
6:57 PM: 00004d06_43604934_00039387 (ID = 0)
6:57 PM: 00001238_435815a4_000e1113 (ID = 0)
6:57 PM: 00001547_4360493b_000b34a7 (ID = 0)
6:57 PM: 000054de_4360493b_000e8b25 (ID = 0)
6:57 PM: 00000390_436d1d87_000b71b0 (ID = 0)
6:57 PM: 00000e12_435edc69_0006ea05 (ID = 0)
6:57 PM: 00002e40_436ce55e_00040d99 (ID = 0)
6:57 PM: 0000305e_435bf185_000e8b25 (ID = 0)
6:57 PM: 000012db_4360ca9e_000baeb9 (ID = 0)
6:57 PM: 00007049_435ecd62_000aba95 (ID = 0)
6:57 PM: 000041bb_435d65b6_00053ec6 (ID = 0)
6:57 PM: 0000153c_4360ca9e_000e4e1c (ID = 0)
6:57 PM: 0000008c_436d22e3_00040d99 (ID = 0)
6:57 PM: 00001ad4_435815aa_0009c671 (ID = 0)
6:57 PM: 000063cb_435815aa_000ec82e (ID = 0)
6:57 PM: 000018be_435d657f_0000f424 (ID = 0)
6:57 PM: 000075ef_43605358_0003d090 (ID = 0)
6:57 PM: 000051d1_436d1de7_0003d090 (ID = 0)
6:58 PM: 00007f96_435815ab_0008583b (ID = 0)
6:58 PM: 0000440d_435eb13d_000baeb9 (ID = 0)
6:58 PM: 00007e87_43600386_00003d09 (ID = 0)
6:58 PM: 00006443_436049ce_00039387 (ID = 0)
6:58 PM: 00006784_435d9315_000b71b0 (ID = 0)
6:58 PM: 00007ff5_435815b3_000e4e1c (ID = 0)
6:58 PM: 00005005_435ef718_000a7d8c (ID = 0)
6:58 PM: 00006bc9_436d204b_0004c4b4 (ID = 0)
6:58 PM: 00005dd5_435ef540_0007a120 (ID = 0)
6:58 PM: 00001ad4_436ce37d_0008d24d (ID = 0)
6:58 PM: 00000035_436d0e73_000d9701 (ID = 0)
6:58 PM: 00001238_435d69ff_000dd40a (ID = 0)
6:58 PM: 00002350_436cff71_00039387 (ID = 0)
6:58 PM: 00007fbe_436d16b9_000bebc2 (ID = 0)
6:58 PM: 00006747_436d1e73_00076417 (ID = 0)
6:58 PM: 000022ee_436cff74_000cdfe6 (ID = 0)
6:58 PM: 000039b3_435eb177_0004c4b4 (ID = 0)
6:58 PM: 00004cd4_436d0e19_000e1113 (ID = 0)
6:58 PM: 00006bfc_43604b6b_000632ea (ID = 0)
6:58 PM: 00000c7b_436d16ba_00090f56 (ID = 0)
6:58 PM: 000072ae_43581537_000a037a (ID = 0)
6:58 PM: 00005c46_435ef7f1_000e4e1c (ID = 0)
6:58 PM: 0000301c_4360052a_000c65d4 (ID = 0)
6:58 PM: 00001850_436d14ef_000d9701 (ID = 0)
6:58 PM: 0000390c_435d683c_0007de29 (ID = 0)
6:58 PM: 00005005_436d16bd_0008583b (ID = 0)
6:58 PM: 00006899_435d8e22_000f0537 (ID = 0)
6:58 PM: 0000357e_436d2321_00016e36 (ID = 0)
6:58 PM: 000066bb_436049ce_0007270e (ID = 0)
6:58 PM: 00006032_43604d0f_0008d24d (ID = 0)
6:58 PM: 00000c15_436d16c1_000a037a (ID = 0)
6:58 PM: 00005f32_436005d8_000e8b25 (ID = 0)
6:58 PM: 00003cd5_435d8e23_00007a12 (ID = 0)
6:58 PM: 00005d03_435bf237_000a4083 (ID = 0)
6:58 PM: 00007cfe_436d18fc_000d1cef (ID = 0)
6:58 PM: 00002b0c_436d0dcc_00031975 (ID = 0)
6:58 PM: 00004b40_4360055f_00081b32 (ID = 0)
6:58 PM: 00000c15_435ef718_000b71b0 (ID = 0)
6:58 PM: 000003fa_436d23ec_0007de29 (ID = 0)
6:58 PM: 00003807_436d16ca_000d59f8 (ID = 0)
6:58 PM: 00004b40_435ef24a_000e4e1c (ID = 0)
6:58 PM: 00004657_43605358_0004c4b4 (ID = 0)
6:58 PM: 00000bb3_4360478f_0007de29 (ID = 0)
6:58 PM: 0000692c_435ecd62_000ec82e (ID = 0)
6:58 PM: 0000701f_43602c89_0006ea05 (ID = 0)
6:58 PM: 00001ad4_43604b6a_0007de29 (ID = 0)
6:58 PM: 00005f1e_435ef52b_0007270e (ID = 0)
6:58 PM: 000041bb_435d64dc_0002dc6c (ID = 0)
6:58 PM: 00000bb3_43601d17_00022551 (ID = 0)
6:58 PM: 00007f96_43604b7d_0006acfc (ID = 0)
6:58 PM: 00004e08_436d1a27_000a7d8c (ID = 0)
6:58 PM: 00002852_436d18ff_0001e848 (ID = 0)
6:58 PM: 00000871_436d1e41_0006acfc (ID = 0)
6:58 PM: 00006f30_436d23ec_0008583b (ID = 0)
6:58 PM: 00007ff5_43604b7d_000b34a7 (ID = 0)
6:58 PM: 00006df1_435ea611_00029f63 (ID = 0)
6:58 PM: 00004db7_435822a3_0008d24d (ID = 0)
6:58 PM: 0000486a_435ef7f1_000f0537 (ID = 0)
6:59 PM: 00005cfd_43604c03_00003d09 (ID = 0)
6:59 PM: 00006d73_436d239d_000632ea (ID = 0)
6:59 PM: 00001f16_436d17ee_00039387 (ID = 0)
6:59 PM: 00002c3b_43604d30_000bebc2 (ID = 0)
6:59 PM: 0000182f_436d17ee_0004c4b4 (ID = 0)
6:59 PM: 0000260d_43604ba0_0008d24d (ID = 0)
6:59 PM: 000015a1_43604d31_000501bd (ID = 0)
6:59 PM: 00004d67_436d17ee_000632ea (ID = 0)
6:59 PM: 000019da_435ef7ba_000e8b25 (ID = 0)
6:59 PM: 00000a87_436d2327_000f0537 (ID = 0)
6:59 PM: 00006952_435bf132_000e1113 (ID = 0)
6:59 PM: 00005968_436d17ee_0007a120 (ID = 0)
6:59 PM: 00005064_435ef7bb_00007a12 (ID = 0)
6:59 PM: 00007e87_4360caa2_00007a12 (ID = 0)
6:59 PM: 00002350_43604bbe_000e4e1c (ID = 0)
6:59 PM: 00003004_435ef7f2_0005b8d8 (ID = 0)
6:59 PM: 000048db_436d190b_000c65d4 (ID = 0)
6:59 PM: 0000486a_436d17c1_000c65d4 (ID = 0)
6:59 PM: 00002ea6_435ea7d9_00003d09 (ID = 0)
6:59 PM: 00003004_436d17c6_000a037a (ID = 0)
6:59 PM: 00002350_435ef246_0004c4b4 (ID = 0)
6:59 PM: 0000390c_4360caa2_000b71b0 (ID = 0)
6:59 PM: 000040a5_436d1b0f_000ec82e (ID = 0)
6:59 PM: 00000f3e_4360caa2_000c65d4 (ID = 0)
6:59 PM: 00001649_435d65a7_0004c4b4 (ID = 0)
6:59 PM: 00005422_43604d31_0008583b (ID = 0)
6:59 PM: 000022ee_43604bc1_00007a12 (ID = 0)
6:59 PM: 00004ae1_435eefb8_000bebc2 (ID = 0)
6:59 PM: 000013e9_435d8e23_0001312d (ID = 0)
6:59 PM: 00004b40_43604bc1_0000b71b (ID = 0)
6:59 PM: 00003b25_435eb1ef_00040d99 (ID = 0)
6:59 PM: 00005e73_436d17e9_000487ab (ID = 0)
6:59 PM: 00004080_435d8e5d_00066ff3 (ID = 0)
6:59 PM: 0000767d_436cfe38_000dd40a (ID = 0)
6:59 PM: 00005db2_435d8e5d_0006acfc (ID = 0)
6:59 PM: 00006df1_436cc2a3_0001ab3f (ID = 0)
6:59 PM: 000018be_435eb04e_0007a120 (ID = 0)
6:59 PM: 000026e9_435d93c9_00053ec6 (ID = 0)
6:59 PM: 000058c5_436d204b_0006acfc (ID = 0)
6:59 PM: 000018be_436cfaff_000d1cef (ID = 0)
6:59 PM: 0000773b_436d16d4_000e1113 (ID = 0)
6:59 PM: 00004dc8_436cfd0c_00090f56 (ID = 0)
6:59 PM: 0000074d_435f6d76_000f0537 (ID = 0)
6:59 PM: 00004d54_435ef7bd_0006ea05 (ID = 0)
6:59 PM: 000018be_436cc27e_00039387 (ID = 0)
6:59 PM: 00006784_435bf29a_0008583b (ID = 0)
6:59 PM: 00004dc8_436ccd22_000a4083 (ID = 0)
6:59 PM: 0000084d_436d23a5_00003d09 (ID = 0)
6:59 PM: 0000261e_4358198a_0007a120 (ID = 0)
6:59 PM: 00004823_435ea464_000a037a (ID = 0)
6:59 PM: 00002c49_43581967_000dd40a (ID = 0)
6:59 PM: dns (ID = 0)
6:59 PM: 000049bb_436d1886_000b34a7 (ID = 0)
6:59 PM: 000022ee_4360423e_00000000 (ID = 0)
6:59 PM: 00004ae1_43601b94_000f0537 (ID = 0)
6:59 PM: 0000527f_436d23ec_0009c671 (ID = 0)
6:59 PM: 0000153c_435d6839_0003d090 (ID = 0)
6:59 PM: 00005f32_436cfffe_0001e848 (ID = 0)
6:59 PM: 000001eb_435d93d1_0007de29 (ID = 0)
6:59 PM: 00005d03_43602c89_0007a120 (ID = 0)
6:59 PM: 00002ea6_4360478f_00089544 (ID = 0)
6:59 PM: 000054be_436d23bf_00039387 (ID = 0)
7:00 PM: 000022ee_435d890d_00007a12 (ID = 0)
7:00 PM: 000072ae_435eefda_00066ff3 (ID = 0)
7:00 PM: 00000124_4360caa8_00044aa2 (ID = 0)
7:00 PM: 000023c9_435d8e6f_000ec82e (ID = 0)
7:00 PM: 00000bb3_435d93e1_000d1cef (ID = 0)
7:00 PM: 00004d06_435bf19d_0002625a (ID = 0)
7:00 PM: 00003ef6_43604d37_00003d09 (ID = 0)
7:00 PM: 000075c1_436d1b4c_000e8b25 (ID = 0)
7:00 PM: 00004823_435814dd_0008583b (ID = 0)
7:00 PM: 0000491c_43602009_000baeb9 (ID = 0)
7:00 PM: 000016c5_435ecf2b_0008d24d (ID = 0)
7:00 PM: 00005a70_436d23f0_000c65d4 (ID = 0)
7:00 PM: 00005af1_435ea626_000cdfe6 (ID = 0)
7:00 PM: 00006b36_43582553_000aba95 (ID = 0)
7:00 PM: 00002ea6_435d93e1_000ec82e (ID = 0)
7:00 PM: 000026ca_436d0659_00090f56 (ID = 0)
7:00 PM: 00006b89_4360052a_0002625a (ID = 0)
7:00 PM: 000048cc_435d8e70_0004c4b4 (ID = 0)
7:00 PM: 00004365_436d1e76_000dd40a (ID = 0)
7:00 PM: 00004cad_436d014d_00022551 (ID = 0)
7:00 PM: 0000767d_43582360_0004c4b4 (ID = 0)
7:00 PM: 0000759a_43581637_000cdfe6 (ID = 0)
7:00 PM: 00000822_43604d37_0000b71b (ID = 0)
7:00 PM: index (ID = 0)
7:00 PM: 00006be8_435eda1a_000af79e (ID = 0)
7:00 PM: 000022cd_435ef4dc_00098968 (ID = 0)
7:00 PM: 00006952_436c0f2f_00081b32 (ID = 0)
7:00 PM: 00002a38_436d1d8e_000d9701 (ID = 0)
7:00 PM: 00004db7_435bf1ac_000a4083 (ID = 0)
7:00 PM: 000026e9_435d65bb_0008d24d (ID = 0)
7:00 PM: 0000701f_436ce2d4_0002625a (ID = 0)
7:00 PM: 00001547_435f6d57_000aba95 (ID = 0)
7:00 PM: 00005f90_435ea598_000ec82e (ID = 0)
7:00 PM: 00000124_435f6d52_000d9701 (ID = 0)
7:00 PM: 00004dc8_435f6d77_00022551 (ID = 0)
7:00 PM: 00001649_435ea5fa_0003d090 (ID = 0)
7:00 PM: 00004a80_435ecd63_0007a120 (ID = 0)
7:00 PM: 000066bb_435bf450_0006acfc (ID = 0)
7:00 PM: 00006899_435ecf33_00053ec6 (ID = 0)
7:00 PM: 000073d9_436d17ed_000b34a7 (ID = 0)
7:00 PM: 000026e9_435ea628_00094c5f (ID = 0)
7:00 PM: 00004e38_436d1e82_000b71b0 (ID = 0)
7:00 PM: 0000314f_435ef26c_0003567e (ID = 0)
7:00 PM: 000001eb_435ea629_00000000 (ID = 0)
7:00 PM: 0000767d_435bf24a_00022551 (ID = 0)
7:00 PM: 000001eb_435d65c6_000aba95 (ID = 0)
7:00 PM: 000012db_436047a6_00044aa2 (ID = 0)
7:00 PM: 00006be8_436d0d2d_00039387 (ID = 0)
7:00 PM: 00004ad4_436d17ee_000b71b0 (ID = 0)
7:00 PM: 00006df1_435d65ab_00090f56 (ID = 0)
7:00 PM: 00000124_43582262_0008583b (ID = 0)
7:00 PM: 00003d6c_436c0ef3_0009c671 (ID = 0)
7:00 PM: 00002213_436ce44f_0001312d (ID = 0)
7:00 PM: 000029d8_436d1976_000a4083 (ID = 0)
7:01 PM: 00003308_436d218e_0004c4b4 (ID = 0)
7:01 PM: 0000491c_435ef0b2_0001ab3f (ID = 0)
7:01 PM: 000066bb_436004af_0007270e (ID = 0)
7:01 PM: 00007dd1_435ef4e0_000dd40a (ID = 0)
7:01 PM: 00004944_43604cd5_000bebc2 (ID = 0)
7:01 PM: 00006172_435ed7b0_000baeb9 (ID = 0)
7:01 PM: 000026b1_436d1eb1_000cdfe6 (ID = 0)
7:01 PM: 0000153c_435ef078_0007270e (ID = 0)
7:01 PM: 0000323b_436cff04_000dd40a (ID = 0)
7:01 PM: 0000305e_4358226c_0004c4b4 (ID = 0)
7:01 PM: 00001289_436d1e86_000af79e (ID = 0)
7:01 PM: 00001547_435822a3_000a037a (ID = 0)
7:01 PM: 000058b0_436ce6ec_000c28cb (ID = 0)
7:01 PM: 00002ea6_435d6544_000bebc2 (ID = 0)
7:01 PM: 0000260d_436ce44f_0003d090 (ID = 0)
7:01 PM: 00006784_435821c4_00094c5f (ID = 0)
7:01 PM: 00003382_436d1e8b_00029f63 (ID = 0)
7:01 PM: 0000440d_4358226c_000b71b0 (ID = 0)
7:01 PM: 00002e40_43604cd5_000cdfe6 (ID = 0)
7:01 PM: 000041bb_4360ca58_00007a12 (ID = 0)
7:01 PM: 00004dc8_435d68b1_000d59f8 (ID = 0)
7:01 PM: 00006784_4360cc63_00040d99 (ID = 0)
7:01 PM: 00004ae1_435821c4_000c65d4 (ID = 0)
7:01 PM: 00005db2_436052b1_0005b8d8 (ID = 0)
7:01 PM: 00000bb3_435bf307_000c28cb (ID = 0)
7:01 PM: 00003699_435ec735_00022551 (ID = 0)
7:01 PM: 0000153c_435ea85a_00003d09 (ID = 0)
7:01 PM: 0000491c_4358226c_000e1113 (ID = 0)
7:01 PM: 000032e7_436d204b_00081b32 (ID = 0)
7:01 PM: 00002079_436d1e91_000a4083 (ID = 0)
7:01 PM: 00000120_435824ce_00053ec6 (ID = 0)
7:01 PM: 00003b25_436ce33a_0001ab3f (ID = 0)
7:01 PM: 00003087_436d1bb4_00016e36 (ID = 0)
7:01 PM: 00002cf7_436d17ee_000e1113 (ID = 0)
7:01 PM: 00000732_43604bbd_000ca2dd (ID = 0)
7:01 PM: 0000767d_435d69b4_0001e848 (ID = 0)
7:01 PM: 00001ad4_436cfeb5_0008583b (ID = 0)
7:01 PM: 0000117a_436d1e9a_00057bcf (ID = 0)
7:01 PM: 00001edc_436d218e_00076417 (ID = 0)
7:01 PM: 00001366_43604cdd_0008583b (ID = 0)
7:01 PM: 00005e14_43604cca_00003d09 (ID = 0)
7:01 PM: 000026e9_4360ca5b_000a7d8c (ID = 0)
7:01 PM: 00006172_436d0cbe_00016e36 (ID = 0)
7:01 PM: 00006b72_436d0cbe_0004c4b4 (ID = 0)
7:01 PM: 00004d06_435eb142_000d1cef (ID = 0)
7:01 PM: 00003e12_43604c05_0007de29 (ID = 0)
7:01 PM: 00005f49_436ce508_000a4083 (ID = 0)
7:01 PM: 00006784_436cfb00_0005f5e1 (ID = 0)
7:01 PM: 000026ca_436ce6ec_000ec82e (ID = 0)
7:01 PM: 00003699_436ce6ed_0000f424 (ID = 0)
7:01 PM: 00004ae1_435d9321_000a037a (ID = 0)
7:01 PM: 00004af3_436d218e_000a037a (ID = 0)
7:01 PM: 0000153c_436047a6_00089544 (ID = 0)
7:01 PM: 00000902_436ce6f2_0007270e (ID = 0)
7:01 PM: 00001a49_436cffdd_00029f63 (ID = 0)
7:01 PM: 00003d6c_435d9331_00094c5f (ID = 0)
7:01 PM: 00005f49_436d009a_0002625a (ID = 0)
7:01 PM: 000018be_435821c3_000a4083 (ID = 0)
7:01 PM: 0000030a_436ce44f_00090f56 (ID = 0)
7:01 PM: 00000ecc_435edd46_00098968 (ID = 0)
7:01 PM: 00004db7_435eb146_0000b71b (ID = 0)
7:01 PM: 0000187e_435ecd70_0002dc6c (ID = 0)
7:01 PM: 00007bb9_436ce6f3_00053ec6 (ID = 0)
7:01 PM: 00007282_436d16dd_0001312d (ID = 0)
7:01 PM: 00005772_436ce6f3_000632ea (ID = 0)
7:02 PM: 000054de_435822cf_0000b71b (ID = 0)
7:02 PM: 0000578d_436d2193_000d1cef (ID = 0)
7:02 PM: 000072ae_435821e1_0000b71b (ID = 0)
7:02 PM: 000078fe_436d2193_000e1113 (ID = 0)
7:02 PM: 00007049_436ce6fb_0002625a (ID = 0)
7:02 PM: 000032e6_436d0cbe_00094c5f (ID = 0)
7:02 PM: 000037be_436d2194_0000b71b (ID = 0)
7:02 PM: 00000633_436d16d9_00057bcf (ID = 0)
7:02 PM: 00004823_435e1cfc_00031975 (ID = 0)
7:02 PM: 000071f2_436d2199_000c28cb (ID = 0)
7:02 PM: 0000301c_436ce44f_000a4083 (ID = 0)
7:02 PM: 00005a9f_435edccf_0002dc6c (ID = 0)
7:02 PM: 000019d9_436d0f33_000d1cef (ID = 0)
7:02 PM: 00006bfc_436cfec7_000b34a7 (ID = 0)
7:02 PM: 00000029_436c0e9a_00016e36 (ID = 0)
7:02 PM: 000011f4_436d0dd7_000a7d8c (ID = 0)
7:02 PM: 00004cad_435d8958_000f0537 (ID = 0)
7:02 PM: 00007a5a_4358235e_0003567e (ID = 0)
7:02 PM: 000000eb_436d2199_000d9701 (ID = 0)
7:02 PM: 00002f14_435ef46a_000af79e (ID = 0)
7:02 PM: 0000401d_436d0cc1_0003567e (ID = 0)
7:02 PM: 00006ad6_435ed733_000632ea (ID = 0)
7:02 PM: 000071f0_436d0cc1_000e1113 (ID = 0)
7:02 PM: 000018be_435e1cfc_000aba95 (ID = 0)
7:02 PM: 00006b72_435ed7b1_0007de29 (ID = 0)
7:02 PM: 00003ef6_435ef333_00029f63 (ID = 0)
7:02 PM: 00007871_436d219a_00022551 (ID = 0)
7:02 PM: 00006048_436d0efe_00057bcf (ID = 0)
7:02 PM: 00007a5a_435eb1d2_00022551 (ID = 0)
7:02 PM: 00001cd0_43604cdd_000a037a (ID = 0)
7:02 PM: 00000f3e_435eb0dc_000dd40a (ID = 0)
7:02 PM: 0000692c_436ce6fc_00003d09 (ID = 0)
7:02 PM: 000032e6_435ed7b1_00098968 (ID = 0)
7:02 PM: 00000ecc_436d0ecc_0008d24d (ID = 0)
7:02 PM: 0000030a_436cff15_0003567e (ID = 0)
7:02 PM: 00003f4a_436d17fd_00057bcf (ID = 0)
7:02 PM: 00006952_435d659a_0008d24d (ID = 0)
7:02 PM: 00006d76_436d1e9e_0001e848 (ID = 0)
7:02 PM: 00006df1_435f6d2c_000c28cb (ID = 0)
7:02 PM: 00005a9f_436d0dfc_0000b71b (ID = 0)
7:02 PM: 00006f11_436d188c_000a4083 (ID = 0)
7:02 PM: 00007bb9_436d0703_000dd40a (ID = 0)
7:02 PM: 00000a4a_436d1811_000a037a (ID = 0)
7:02 PM: 00007f96_436cfed1_000bebc2 (ID = 0)
7:02 PM: 00005cfd_43582555_000af79e (ID = 0)
7:02 PM: 0000305e_435f6d52_000e8b25 (ID = 0)
7:02 PM: 000066c4_435d8ae3_000cdfe6 (ID = 0)
7:02 PM: 00004a80_436ce6fc_0001ab3f (ID = 0)
7:02 PM: 000046cf_436d0ed0_000b34a7 (ID = 0)
7:03 PM: 00004cd4_435edccf_00057bcf (ID = 0)
7:03 PM: 00007e87_436c0f87_000c28cb (ID = 0)
7:03 PM: 00003b25_435815a5_00029f63 (ID = 0)
7:03 PM: 0000301c_43604bb7_0007270e (ID = 0)
7:03 PM: 00000af0_436d23f1_0001312d (ID = 0)
7:03 PM: 000026e9_43601d16_00076417 (ID = 0)
7:03 PM: 00003cd5_435ed696_000bebc2 (ID = 0)
7:03 PM: 00007f96_436ce3ed_00081b32 (ID = 0)
7:03 PM: 00000bdb_43604bb7_00090f56 (ID = 0)
7:03 PM: 00005f90_435d936f_000a4083 (ID = 0)
7:03 PM: 0000468c_436d1b4e_000af79e (ID = 0)
7:03 PM: 00005ed0_436d1816_0007a120 (ID = 0)
7:03 PM: mspotmdm.sys (ID = 0)
7:03 PM: 00004b40_43581651_000487ab (ID = 0)
7:03 PM: 00000029_43604565_0007270e (ID = 0)
7:03 PM: 00007e87_435ea863_0003d090 (ID = 0)
7:03 PM: 00003699_435d8cdd_0003567e (ID = 0)
7:03 PM: 000013e9_435ed697_00003d09 (ID = 0)
7:03 PM: 00000bb3_43600308_000dd40a (ID = 0)
7:03 PM: 00003a9e_43582558_000af79e (ID = 0)
7:03 PM: 00004e57_436d181f_00003d09 (ID = 0)
7:03 PM: 0000187e_436ce6fc_00031975 (ID = 0)
7:03 PM: 000000c1_436d1c4c_0001ab3f (ID = 0)
7:03 PM: 00000bb3_435d65cc_0002dc6c (ID = 0)
7:03 PM: 000010d9_436d1dea_000c28cb (ID = 0)
7:03 PM: 00004823_435eef6c_0002dc6c (ID = 0)
7:03 PM: 00003807_435ee909_0005b8d8 (ID = 0)
7:03 PM: 0000074d_435eb181_000487ab (ID = 0)
7:03 PM: 0000401d_435ed881_0009c671 (ID = 0)
7:03 PM: 000033ea_436052b1_0006ea05 (ID = 0)
7:03 PM: 000016c5_436ce6fd_000baeb9 (ID = 0)
7:03 PM: 00006443_435d68bc_000d9701 (ID = 0)
7:03 PM: 00000bdb_436cff32_0003d090 (ID = 0)
7:03 PM: 00004df2_435eb3a1_000c65d4 (ID = 0)
7:03 PM: 00003a61_43581972_0001312d (ID = 0)
7:03 PM: 000071f0_435ed881_000a7d8c (ID = 0)
7:03 PM: 0000366b_43604cde_0000b71b (ID = 0)
7:03 PM: 00004230_435ef2ff_000501bd (ID = 0)
7:03 PM: 00000c7b_435ee8be_0009c671 (ID = 0)
7:03 PM: 00000384_436d0cc1_000e8b25 (ID = 0)
7:03 PM: 00000384_435ed881_000b71b0 (ID = 0)
7:03 PM: 000012db_435d6820_00040d99 (ID = 0)
7:03 PM: 000066bb_435d68c3_000b71b0 (ID = 0)
7:03 PM: 00005878_43600560_00044aa2 (ID = 0)
7:03 PM: 0000323b_43600519_0001e848 (ID = 0)
7:03 PM: 00005dd5_436d0de2_0008d24d (ID = 0)
7:03 PM: 00002350_43581640_000cdfe6 (ID = 0)
7:03 PM: 00006899_436ce6fe_00022551 (ID = 0)
7:03 PM: 00006952_435821e1_000af79e (ID = 0)
7:03 PM: 00004ae1_436cfb03_00094c5f (ID = 0)
7:03 PM: 0000428b_43581585_00031975 (ID = 0)
7:03 PM: 00003cd5_436ce6fe_0003567e (ID = 0)
7:03 PM: 00005882_436d23c5_00039387 (ID = 0)
7:03 PM: 000013e9_436ce70b_0005f5e1 (ID = 0)
7:03 PM: 0000440d_435f6d53_0007270e (ID = 0)
7:03 PM: 00006784_436cc27f_0003d090 (ID = 0)
7:03 PM: 000056ae_43604bb7_000d1cef (ID = 0)
7:03 PM: 00007f4f_435ed886_000487ab (ID = 0)
7:03 PM: 00005e14_435ef26e_00098968 (ID = 0)
7:03 PM: 000041bb_436cc2d5_000aba95 (ID = 0)
7:03 PM: 00005fa4_435edccf_000bebc2 (ID = 0)
7:03 PM: 00004080_436ce70b_000a4083 (ID = 0)
7:04 PM: 000041bb_43581546_0008583b (ID = 0)
7:04 PM: 000066be_436d23cc_00094c5f (ID = 0)
7:04 PM: 0000494a_435ed886_0008d24d (ID = 0)
7:04 PM: 0000314f_436ce51f_00000000 (ID = 0)
7:04 PM: 00006952_435d936d_000af79e (ID = 0)
7:04 PM: 000056ae_436041a7_00098968 (ID = 0)
7:04 PM: 00003d6c_436cfb04_0002625a (ID = 0)
7:04 PM: 0000252a_435ee768_0001312d (ID = 0)
7:04 PM: 00002f14_43581922_000bebc2 (ID = 0)
7:04 PM: 00004cad_4360064e_0006ea05 (ID = 0)
7:04 PM: 000043db_436d23cc_000d59f8 (ID = 0)
7:04 PM: 00000a28_436d197e_000487ab (ID = 0)
7:04 PM: 00000d6a_436d1a68_0009c671 (ID = 0)
7:04 PM: 000041bb_435bf162_0004c4b4 (ID = 0)
7:04 PM: 0000422d_435ed739_000d1cef (ID = 0)
7:04 PM: 000057d3_436d0f0a_00007a12 (ID = 0)
7:04 PM: 000066c4_43604ce0_000a037a (ID = 0)
7:04 PM: 00001953_436d0d3e_00076417 (ID = 0)
7:04 PM: 00004df2_436ce526_000632ea (ID = 0)
7:04 PM: 00004230_43604ce0_000a7d8c (ID = 0)
7:04 PM: 000057c2_436d23d2_0002625a (ID = 0)
7:04 PM: 0000428b_435d68c6_000d9701 (ID = 0)
7:04 PM: 000018be_436c0ed0_0007a120 (ID = 0)
7:04 PM: 00005cfd_435d8927_00076417 (ID = 0)
7:04 PM: 00004509_436cfe4b_00040d99 (ID = 0)
7:04 PM: 00000de5_436d1928_000e1113 (ID = 0)
7:04 PM: 00003a61_435ef4d8_00081b32 (ID = 0)
7:04 PM: 000023c9_436052b1_000ec82e (ID = 0)
7:04 PM: 00003e12_435d8927_00081b32 (ID = 0)
7:04 PM: 00001a49_435d8927_000af79e (ID = 0)
7:04 PM: 00000732_435824c0_000632ea (ID = 0)
7:04 PM: 00000677_435ed886_00094c5f (ID = 0)
7:04 PM: 0000159f_436d1e4b_000501bd (ID = 0)
7:04 PM: 00007bb9_435d8db6_0002dc6c (ID = 0)
7:04 PM: 00003b25_435d6a2f_0001ab3f (ID = 0)
7:04 PM: 000012db_435eb0ce_0001e848 (ID = 0)
7:04 PM: 00001246_436d23e3_000501bd (ID = 0)
7:04 PM: 0000676d_436d1ed1_0005f5e1 (ID = 0)
7:04 PM: 00005841_436d23e3_0007a120 (ID = 0)
7:04 PM: 00005991_43604db3_0008d24d (ID = 0)
7:04 PM: 00006899_435ef418_0004c4b4 (ID = 0)
7:04 PM: 00000822_436ce5db_000e1113 (ID = 0)
7:04 PM: 00003a2d_436d0ed6_00007a12 (ID = 0)
7:04 PM: 00005af1_435c0d36_000bebc2 (ID = 0)
7:04 PM: 00002ea6_43601d39_0001e848 (ID = 0)
7:04 PM: 00003d6c_43601b95_00016e36 (ID = 0)
7:04 PM: 00001649_435d9376_000487ab (ID = 0)
7:04 PM: 00003d6c_435bf109_00094c5f (ID = 0)
7:04 PM: 00000029_435ea14c_000ec82e (ID = 0)
7:04 PM: 00000029_435c0d2e_0009c671 (ID = 0)
7:04 PM: 00002cd6_43601b95_00098968 (ID = 0)
7:04 PM: 00005078_436d1027_000c65d4 (ID = 0)
7:04 PM: 0000491c_435f6d56_000d9701 (ID = 0)
7:04 PM: 00002e40_435ef2b2_00003d09 (ID = 0)
7:05 PM: 00001649_435f6ca2_00007a12 (ID = 0)
7:05 PM: 00007874_436d0d8b_000d59f8 (ID = 0)
7:05 PM: 00004d06_435f6d57_0005f5e1 (ID = 0)
7:05 PM: 00002059_435edce2_0002625a (ID = 0)
7:05 PM: 00004823_435ea14d_0000f424 (ID = 0)
7:05 PM: 00002cd6_436cfb04_00039387 (ID = 0)
7:05 PM: 000012db_43601d39_0003d090 (ID = 0)
7:05 PM: 000054de_43581568_0002dc6c (ID = 0)
7:05 PM: 00003d6c_435eefbd_00016e36 (ID = 0)
7:05 PM: 00004b40_436cff82_00098968 (ID = 0)
7:05 PM: 00006c6c_436d1ded_000e8b25 (ID = 0)
7:05 PM: 00000f3e_435d6840_0005f5e1 (ID = 0)
7:05 PM: 00000099_436c0f89_000dd40a (ID = 0)
7:05 PM: 0000127e_435edce2_0005f5e1 (ID = 0)
7:05 PM: 00000e90_435ef609_0000f424 (ID = 0)
7:05 PM: 00005005_435ee8be_000c65d4 (ID = 0)
7:05 PM: 00000035_435edce2_0007de29 (ID = 0)
7:05 PM: 00005f1e_436d0d86_0001ab3f (ID = 0)
7:05 PM: 00003a9e_436d0042_0007a120 (ID = 0)
7:05 PM: 000026e9_436c0f7a_00044aa2 (ID = 0)
7:05 PM: 00006512_436d1ee8_0003d090 (ID = 0)
7:05 PM: 00005e73_435eebce_000c28cb (ID = 0)
7:05 PM: 00006443_435eb18c_0003d090 (ID = 0)
7:05 PM: 00002cd6_435bf29e_0003d090 (ID = 0)
7:05 PM: 00002b0f_436d1fc9_0001ab3f (ID = 0)
7:05 PM: 0000491c_43600477_000cdfe6 (ID = 0)
7:05 PM: 0000261e_435ef4ef_0007de29 (ID = 0)
7:05 PM: 000046cf_435ee3a8_0000f424 (ID = 0)
7:05 PM: 000064e0_436d1ee4_00053ec6 (ID = 0)
7:05 PM: 000048cc_436052bc_000cdfe6 (ID = 0)
7:05 PM: 0000428b_435eb19d_0003d090 (ID = 0)
7:05 PM: 0000212c_436d2050_000baeb9 (ID = 0)
7:05 PM: 000018be_4360cc62_0007270e (ID = 0)
7:05 PM: 00000e29_436d1ecc_000cdfe6 (ID = 0)
7:05 PM: 00001547_435eb148_0000b71b (ID = 0)
7:05 PM: 00002833_435ef52d_0005f5e1 (ID = 0)
7:05 PM: 000001d3_435ee3a8_00031975 (ID = 0)
7:05 PM: 00006ad4_435ef54d_00089544 (ID = 0)
7:05 PM: 000007cf_435edcf3_000a037a (ID = 0)
7:05 PM: 00001a49_43604c06_000cdfe6 (ID = 0)
7:05 PM: 00000732_435ef1ee_00081b32 (ID = 0)
7:05 PM: 00002d12_43581569_00057bcf (ID = 0)
7:05 PM: 00004823_43604565_0009c671 (ID = 0)
7:05 PM: 00006732_435edcf3_000af79e (ID = 0)
7:05 PM: 00000e90_435ee3a8_000b34a7 (ID = 0)
7:05 PM: 00005f32_435d8928_0002dc6c (ID = 0)
7:05 PM: 00003b25_43604b57_000e4e1c (ID = 0)
7:05 PM: 00005991_436ce5dc_000a7d8c (ID = 0)
7:05 PM: 0000773b_435ee909_000632ea (ID = 0)
7:05 PM: 000072ae_43601b9a_0003d090 (ID = 0)
7:05 PM: 0000008e_436d205b_0003567e (ID = 0)
7:05 PM: 00005af1_4358153f_00044aa2 (ID = 0)
7:05 PM: 00006f3c_436d1950_000aba95 (ID = 0)
7:05 PM: 00006952_43601b9a_000501bd (ID = 0)
7:05 PM: 00003a2d_435ee3af_0001ab3f (ID = 0)
7:05 PM: 00003bf6_436005dd_000bebc2 (ID = 0)
7:05 PM: 0000390c_435c1081_00000000 (ID = 0)
7:05 PM: 00005753_436052bd_0008d24d (ID = 0)
7:05 PM: 000039b3_435f6d5f_00053ec6 (ID = 0)
7:06 PM: 0000692c_43604eb9_0009c671 (ID = 0)
7:06 PM: 00006048_435ee3af_0008583b (ID = 0)
7:06 PM: 000018be_43604566_0002625a (ID = 0)
7:06 PM: 00000633_435ee935_000c65d4 (ID = 0)
7:06 PM: 0000486a_435eeb2b_0005f5e1 (ID = 0)
7:06 PM: 00007282_435ee936_00031975 (ID = 0)
7:06 PM: 00000099_435eb0e1_000dd40a (ID = 0)
7:06 PM: 000057d3_435ee3b8_00098968 (ID = 0)
7:06 PM: 00003cd5_436d0745_0000b71b (ID = 0)
7:06 PM: 00006443_436cfd12_000c65d4 (ID = 0)
7:06 PM: 0000121f_436d05db_000e8b25 (ID = 0)
7:06 PM: 00003cd5_435ef423_000ec82e (ID = 0)
7:06 PM: 00006e5d_435bf4dc_00081b32 (ID = 0)
7:06 PM: 0000323b_435eb24e_00029f63 (ID = 0)
7:06 PM: 000060bf_436052bd_000b34a7 (ID = 0)
7:06 PM: 00002d12_435f6d5f_000632ea (ID = 0)
7:06 PM: 0000458f_435ee3b8_000d9701 (ID = 0)
7:06 PM: 0000797d_435d8928_000baeb9 (ID = 0)
7:06 PM: 00006952_436cfb10_00022551 (ID = 0)
7:06 PM: 00005f90_435821e1_000b34a7 (ID = 0)
7:06 PM: 000066bb_436cfd12_000ec82e (ID = 0)
7:06 PM: 000039b3_435822cf_0000f424 (ID = 0)
7:06 PM: 00004509_435ef142_00089544 (ID = 0)
7:06 PM: 00005f90_436cfb10_000487ab (ID = 0)
7:06 PM: 000026e9_436cc2d7_000501bd (ID = 0)
7:06 PM: 00007a61_436d1a29_0006ea05 (ID = 0)
7:06 PM: 00001649_436cfb14_0000b71b (ID = 0)
7:06 PM: 000054dc_435ed745_000a037a (ID = 0)
7:06 PM: 00005039_436d0d32_000b71b0 (ID = 0)
7:06 PM: 00000975_435ee3b9_0001e848 (ID = 0)
7:06 PM: 00006cf4_436d1956_00076417 (ID = 0)
7:06 PM: 00006bfc_435823e3_000d59f8 (ID = 0)
7:06 PM: 0000368e_435ed745_000b34a7 (ID = 0)
7:06 PM: 00007e87_43601d4a_00081b32 (ID = 0)
7:06 PM: 00000099_435c1084_0005b8d8 (ID = 0)
7:06 PM: 00001953_435edc63_0004c4b4 (ID = 0)
7:06 PM: 00005af1_436cfb14_00076417 (ID = 0)
7:06 PM: 00005c67_436052bd_000d59f8 (ID = 0)
7:06 PM: 00006bfc_436ce39f_00066ff3 (ID = 0)
7:06 PM: 00006784_4360456d_0001ab3f (ID = 0)
7:06 PM: 000012db_435c0d75_0005f5e1 (ID = 0)
7:06 PM: 00005f49_435817be_000a4083 (ID = 0)
7:06 PM: 0000187e_435818cc_000c28cb (ID = 0)
7:06 PM: 00004ae1_4360cc63_0005f5e1 (ID = 0)
7:06 PM: 00005af1_435d64c7_0001ab3f (ID = 0)
7:06 PM: 0000767d_436ce307_0000f424 (ID = 0)
7:06 PM: 0000440d_435bf3d5_000b34a7 (ID = 0)
7:06 PM: 00003d6c_4360cc63_000af79e (ID = 0)
7:06 PM: 00000bdb_4360052c_000632ea (ID = 0)
7:06 PM: 000041bb_436cfb1b_000e4e1c (ID = 0)
7:06 PM: 00005f90_4358153c_000baeb9 (ID = 0)
7:06 PM: 000037e5_435ee76a_0003567e (ID = 0)
7:06 PM: 0000366b_436ce58a_00000000 (ID = 0)
7:06 PM: 00000d66_435ed74b_000501bd (ID = 0)
7:07 PM: 0000251f_435ee936_00040d99 (ID = 0)
7:07 PM: 000026e9_436cfb1c_00007a12 (ID = 0)
7:07 PM: 00006bcb_435edc63_0007a120 (ID = 0)
7:07 PM: 00007983_435ed74b_000632ea (ID = 0)
7:07 PM: 00004080_436d0751_0003d090 (ID = 0)
7:07 PM: 000075ef_435ed74b_000b71b0 (ID = 0)
7:07 PM: 00000822_43581836_000e4e1c (ID = 0)
7:07 PM: 00003004_435eeb30_00007a12 (ID = 0)
7:07 PM: 00001e1f_43604b58_0001ab3f (ID = 0)
7:07 PM: 00001dc0_435ee76a_00044aa2 (ID = 0)
7:07 PM: 00000fc9_435edc63_000a4083 (ID = 0)
7:07 PM: 0000701f_435d6909_000d9701 (ID = 0)
7:07 PM: 0000767d_435ef13c_000d59f8 (ID = 0)
7:07 PM: 00000ce1_436d1c4d_000aba95 (ID = 0)
7:07 PM: 000066c4_436ce58a_00094c5f (ID = 0)
7:07 PM: 00004ae1_4360456d_00039387 (ID = 0)
7:07 PM: 000037e6_435ee406_0008d24d (ID = 0)
7:07 PM: 00004657_435ed74f_000501bd (ID = 0)
7:07 PM: 00006784_436c0edc_000a037a (ID = 0)
7:07 PM: 00007dd1_43581975_000c28cb (ID = 0)
7:07 PM: 00002c49_435ed74f_00081b32 (ID = 0)
7:07 PM: 0000030a_435eb2b4_00098968 (ID = 0)
7:07 PM: 0000030a_435d8226_000b34a7 (ID = 0)
7:07 PM: 00001547_435bf1cf_000bebc2 (ID = 0)
7:07 PM: 00004f68_436d1848_00039387 (ID = 0)
7:07 PM: 00007cfe_435eeee7_00081b32 (ID = 0)
7:07 PM: 00003c61_435ed74f_000a7d8c (ID = 0)
7:07 PM: 00005878_43604bf1_00029f63 (ID = 0)
7:07 PM: 000026a6_436049d6_0007de29 (ID = 0)
7:07 PM: 00006df1_435821e8_0007270e (ID = 0)
7:07 PM: 00002cd6_435d6435_0002dc6c (ID = 0)
7:07 PM: 0000422d_436d078c_000e4e1c (ID = 0)
7:07 PM: 000058b0_43604eb5_00089544 (ID = 0)
7:07 PM: 00005f1e_435edc6a_00031975 (ID = 0)
7:07 PM: 00002d12_435822d0_0008d24d (ID = 0)
7:07 PM: 00005af1_435821e8_00081b32 (ID = 0)
7:07 PM: 000048cc_435ed729_0001e848 (ID = 0)
7:07 PM: 00007f96_435823e3_000d9701 (ID = 0)
7:07 PM: 000022ee_43581643_00000000 (ID = 0)
7:07 PM: 000019d9_435ee406_000e4e1c (ID = 0)
7:07 PM: 00002fff_435ed753_000a7d8c (ID = 0)
7:07 PM: 00000ddc_435817c2_0008d24d (ID = 0)
7:07 PM: 00000bb3_436cfb20_0002625a (ID = 0)
7:07 PM: 00006784_43581534_00089544 (ID = 0)
7:07 PM: 00005db2_436d0752_0001e848 (ID = 0)
7:07 PM: 00001238_435ef154_00098968 (ID = 0)
7:07 PM: 0000494a_436d0cd0_000ec82e (ID = 0)
7:07 PM: 00005f45_436d1963_000bebc2 (ID = 0)
7:07 PM: 000001eb_435eb0a4_00031975 (ID = 0)
7:07 PM: 00004823_435d638c_00031975 (ID = 0)
7:07 PM: 00006c69_435ed753_000b34a7 (ID = 0)
7:07 PM: 00004626_436d1ebb_0002dc6c (ID = 0)
7:07 PM: 00003699_435ef3c5_00040d99 (ID = 0)
7:07 PM: 00005f32_43604c07_0003d090 (ID = 0)
7:07 PM: 00005f90_43601bac_00003d09 (ID = 0)
7:08 PM: 00004230_436d02c6_0003d090 (ID = 0)
7:08 PM: 00006e5d_43604b58_00029f63 (ID = 0)
7:08 PM: 00006b36_436cff95_00066ff3 (ID = 0)
7:08 PM: 000001d3_436d0ed1_000501bd (ID = 0)
7:08 PM: 00005878_4358165b_000ec82e (ID = 0)
7:08 PM: 00002833_435edc6a_000501bd (ID = 0)
7:08 PM: 00001d3f_436d1f08_0006ea05 (ID = 0)
7:08 PM: 00004dc8_435822d0_000d9701 (ID = 0)
7:08 PM: 00001a49_436005c8_0002dc6c (ID = 0)
7:08 PM: 0000182f_435eec47_000c65d4 (ID = 0)
7:08 PM: 000026e9_435821f2_00076417 (ID = 0)
7:08 PM: 00001d18_436d1728_00081b32 (ID = 0)
7:08 PM: 000001eb_435821f2_0008d24d (ID = 0)
7:08 PM: 00007874_435edc6a_0008583b (ID = 0)
7:08 PM: 000072ae_435d6435_00094c5f (ID = 0)
7:08 PM: 0000390c_43601d4a_0009c671 (ID = 0)
7:08 PM: 00004d67_435eec48_00000000 (ID = 0)
7:08 PM: 0000249e_435edc6f_00094c5f (ID = 0)
7:08 PM: 0000797d_43582558_000e4e1c (ID = 0)
7:08 PM: 00006952_435c0d36_0005b8d8 (ID = 0)
7:08 PM: 00004dc8_435bf1e3_000e1113 (ID = 0)
7:08 PM: 00006270_436d1728_000ec82e (ID = 0)
7:08 PM: 000023c9_436d0752_00098968 (ID = 0)
7:08 PM: 00004e45_435d81da_000487ab (ID = 0)
7:08 PM: 00000878_436d1ea1_000e8b25 (ID = 0)
7:08 PM: 000056ae_436ce450_0007de29 (ID = 0)
7:08 PM: 00000bb3_4360ca62_00039387 (ID = 0)
7:08 PM: 0000767d_435bf49e_000aba95 (ID = 0)
7:08 PM: 0000658c_436d1bc4_00029f63 (ID = 0)
7:08 PM: 00006bfc_435d81d6_00016e36 (ID = 0)
7:08 PM: 00002b0c_435edc6f_000c65d4 (ID = 0)
7:08 PM: 00005d03_435d6922_00000000 (ID = 0)
7:08 PM: 00001796_435eeb3b_00040d99 (ID = 0)
7:08 PM: 00006443_435ef11a_00016e36 (ID = 0)
7:08 PM: 00002e40_435817e2_0002625a (ID = 0)
7:08 PM: 00005e14_436d0190_0002dc6c (ID = 0)
7:08 PM: 00000bb3_436c0f80_0006acfc (ID = 0)
7:08 PM: 00006270_435eeab1_000e4e1c (ID = 0)
7:08 PM: 00002f0c_436d1e68_000a037a (ID = 0)
7:08 PM: 00003492_436d1729_00076417 (ID = 0)
7:08 PM: 00003a9e_43604c10_000632ea (ID = 0)
7:08 PM: 00002c3b_436ce599_0002625a (ID = 0)
7:08 PM: 00004fe2_436d1e52_000f0537 (ID = 0)
7:08 PM: 00007eb7_436ce590_0006ea05 (ID = 0)
7:08 PM: 000015a1_436ce599_0005b8d8 (ID = 0)
7:08 PM: 0000301c_435eb2ce_0005b8d8 (ID = 0)
7:08 PM: 0000260d_435ef1e1_000487ab (ID = 0)
7:08 PM: 00004df2_435ef276_0008583b (ID = 0)
7:08 PM: 00003b25_435ef158_0001e848 (ID = 0)
7:08 PM: 00006ad6_43581927_000c28cb (ID = 0)
7:08 PM: 00000124_436c0f98_00040d99 (ID = 0)
7:08 PM: 00004d06_435ef0b5_00003d09 (ID = 0)
7:08 PM: 00005d03_435eb1be_0007270e (ID = 0)
7:08 PM: 000041bb_435821f2_000632ea (ID = 0)
7:08 PM: 0000121f_435ef367_0005f5e1 (ID = 0)
7:08 PM: 00000e90_436d0ed1_0005b8d8 (ID = 0)
7:08 PM: 000056ae_436cff39_000d1cef (ID = 0)
7:09 PM: 00007983_43581955_000632ea (ID = 0)
7:09 PM: 0000366b_435ef2c1_00040d99 (ID = 0)
7:09 PM: 00001ad4_435bf4f4_0006acfc (ID = 0)
7:09 PM: 000022ee_43600548_0005b8d8 (ID = 0)
7:09 PM: 000056ae_43600533_00016e36 (ID = 0)
7:09 PM: 0000249e_435ef531_0009c671 (ID = 0)
7:09 PM: 00001316_435eed5c_0003d090 (ID = 0)
7:09 PM: 00005e9d_4358198d_0000b71b (ID = 0)
7:09 PM: 00001e1f_436004e4_00039387 (ID = 0)
7:09 PM: 00000a6c_436d1f3e_00016e36 (ID = 0)
7:09 PM: 000018d7_43581a38_00003d09 (ID = 0)
7:09 PM: 00000bdb_435eb2d1_0008583b (ID = 0)
7:09 PM: 00006b36_43600560_00089544 (ID = 0)
7:09 PM: 00004944_435eb3aa_000bebc2 (ID = 0)
7:09 PM: 00002b0c_435ef533_0007270e (ID = 0)
7:09 PM: 00000ecc_435ef5c7_00007a12 (ID = 0)
7:09 PM: 0000591d_435ef659_000e1113 (ID = 0)
7:09 PM: 00005968_435eec48_0003d090 (ID = 0)
7:09 PM: 0000305e_436c0f9b_0001312d (ID = 0)
7:09 PM: 00000732_436ce450_00089544 (ID = 0)
7:09 PM: 00005f90_435c0d36_0005f5e1 (ID = 0)
7:09 PM: 00006443_435822d6_0006acfc (ID = 0)
7:09 PM: 00000ddc_435d892c_00066ff3 (ID = 0)
7:09 PM: 00001481_435ee88e_00044aa2 (ID = 0)
7:09 PM: 00004087_436d102d_0002625a (ID = 0)
7:09 PM: 00004c66_436d1dfe_000d9701 (ID = 0)
7:09 PM: 0000767d_435eb1d7_00090f56 (ID = 0)
7:09 PM: 00002fe7_436d1d48_000c65d4 (ID = 0)
7:09 PM: 00005cfd_435ef25d_0009c671 (ID = 0)
7:09 PM: 00004346_436d205f_0003567e (ID = 0)
7:09 PM: 00002852_435eeeed_0001e848 (ID = 0)
7:09 PM: 00006e5d_435ef15b_000e4e1c (ID = 0)
7:09 PM: 000054de_435bf1d3_00057bcf (ID = 0)
7:09 PM: 000066bb_435eb18f_000e8b25 (ID = 0)
7:09 PM: 00006ad6_435ef481_00040d99 (ID = 0)
7:09 PM: 0000591d_436d0f39_00031975 (ID = 0)
7:09 PM: 00000a41_436d1f80_000632ea (ID = 0)
7:09 PM: 00002e39_436d1efa_00076417 (ID = 0)
7:09 PM: 000072ae_435bf2b1_00053ec6 (ID = 0)
7:09 PM: 00002cd6_435eefc2_00039387 (ID = 0)
7:09 PM: 000066bb_435bf1e9_0000f424 (ID = 0)
7:09 PM: 00001e1f_435ef15a_000c28cb (ID = 0)
7:09 PM: 0000428b_435bf1ef_000c65d4 (ID = 0)
7:09 PM: 00004509_435eb1db_0000b71b (ID = 0)
7:09 PM: 000011f4_435ef537_000e8b25 (ID = 0)
7:09 PM: 00004087_435ee88e_0005b8d8 (ID = 0)
7:09 PM: 000001eb_4360ccb0_0006acfc (ID = 0)
7:09 PM: 000026e9_4360ccb0_000632ea (ID = 0)
7:09 PM: 00001366_435eb3b0_00081b32 (ID = 0)
7:09 PM: 00000bb3_4360ccb0_00076417 (ID = 0)
7:09 PM: 000013e9_435ef435_000e8b25 (ID = 0)
7:09 PM: 00005c67_435ef45b_000b34a7 (ID = 0)
7:09 PM: 00000822_435eb414_0007a120 (ID = 0)
7:09 PM: 00005a9f_435ef552_000aba95 (ID = 0)
7:09 PM: 00003699_43604eb6_00089544 (ID = 0)
7:09 PM: 000054d6_436d1b75_0008d24d (ID = 0)
7:09 PM: 0000773f_436d1f6b_000f0537 (ID = 0)
7:09 PM: 000056ae_435eb2e9_0001e848 (ID = 0)
7:10 PM: 000072ae_4360cc73_000c65d4 (ID = 0)
7:10 PM: 00004fc0_436d1c6a_0001312d (ID = 0)
7:10 PM: 0000314f_436d016e_0007a120 (ID = 0)
7:10 PM: 00000732_436cff3b_000b71b0 (ID = 0)
7:10 PM: 00006732_436d0e9f_0009c671 (ID = 0)
7:10 PM: 000032e6_43581999_000bebc2 (ID = 0)
7:10 PM: 00006952_4360cc73_000dd40a (ID = 0)
7:10 PM: 00007b44_435ee899_000a4083 (ID = 0)
7:10 PM: 00006a15_435eeade_000d9701 (ID = 0)
7:10 PM: 00003e12_435ef25d_000a7d8c (ID = 0)
7:10 PM: 000066c4_435ef2c7_00022551 (ID = 0)
7:10 PM: 0000590e_435ee899_000af79e (ID = 0)
7:10 PM: 00007e87_435ef07c_000c65d4 (ID = 0)
7:10 PM: 00002ea6_435821f8_000c28cb (ID = 0)
7:10 PM: ace.dll (ID = 0)
7:10 PM: 00006952_435d6435_000e8b25 (ID = 0)
7:10 PM: 00001649_435c0d36_0007de29 (ID = 0)
7:10 PM: 00000029_435821b7_000501bd (ID = 0)
7:10 PM: 00005422_436ce5aa_00044aa2 (ID = 0)
7:10 PM: 00007ff5_435823f3_00031975 (ID = 0)
7:10 PM: 000066bb_435822d6_0007de29 (ID = 0)
7:10 PM: 000012db_435821f8_000e1113 (ID = 0)
7:10 PM: 00007eb7_436d02c8_00098968 (ID = 0)
7:10 PM: 000009ce_436d1986_00076417 (ID = 0)
7:10 PM: 0000428b_435822ed_0001312d (ID = 0)
7:10 PM: 000010d9_436d1d5f_00089544 (ID = 0)
7:10 PM: 00001e1f_436ce361_0008d24d (ID = 0)
7:10 PM: 000026a6_435822fc_0003567e (ID = 0)
7:10 PM: 00006df1_435c0d36_0009c671 (ID = 0)
7:10 PM: 0000440d_436ccca6_0000f424 (ID = 0)
7:10 PM: 000019da_436d1770_00039387 (ID = 0)
7:10 PM: 0000138a_436d19cd_0002625a (ID = 0)
7:10 PM: 00003ef6_43581836_000632ea (ID = 0)
7:10 PM: 00007e87_4360492d_00053ec6 (ID = 0)
7:10 PM: 000072ae_435bf11d_00094c5f (ID = 0)
7:10 PM: 00001649_43601bac_0001e848 (ID = 0)
7:10 PM: 000026a6_436cfdd1_0008d24d (ID = 0)
7:10 PM: 0000301c_435d8227_0002dc6c (ID = 0)
7:10 PM: 0000797d_43604c11_000dd40a (ID = 0)
7:10 PM: 000001eb_436c0f7d_000b71b0 (ID = 0)
7:10 PM: 00002cd6_4360456d_00076417 (ID = 0)
7:10 PM: 0000701f_435822fd_000632ea (ID = 0)
7:10 PM: 00002959_436d19d0_0007a120 (ID = 0)
7:10 PM: 00002ea6_436cfbcf_0004c4b4 (ID = 0)
7:10 PM: 00002ea6_435bf308_0005f5e1 (ID = 0)
7:10 PM: 00005e76_436d19e4_00003d09 (ID = 0)
7:10 PM: 00002833_436d0d8a_00003d09 (ID = 0)
7:10 PM: 00006032_436d02cd_000f0537 (ID = 0)
7:10 PM: 00001cdf_436d1ec0_000e1113 (ID = 0)
7:10 PM: 0000701f_435bf498_0005b8d8 (ID = 0)
7:10 PM: 00001cd0_436ce56c_0000f424 (ID = 0)
7:10 PM: 00005064_436d177f_0000f424 (ID = 0)
7:10 PM: 000007cf_436d0e8b_000bebc2 (ID = 0)
7:10 PM: 0000520b_436d1996_00016e36 (ID = 0)
7:10 PM: 000012db_436cfbcf_0007270e (ID = 0)
7:10 PM: 00000029_435d57d7_000d9701 (ID = 0)
7:11 PM: 000068f5_436d1996_0002dc6c (ID = 0)
7:11 PM: 0000153c_436cfbcf_000a037a (ID = 0)
7:11 PM: 00000677_436d0cd6_000a4083 (ID = 0)
7:11 PM: 00006df1_435d9382_00053ec6 (ID = 0)
7:11 PM: 00002c3b_436d02ce_00016e36 (ID = 0)
7:11 PM: 00001649_435d6439_0002dc6c (ID = 0)
7:11 PM: 00007e87_436cfbd2_00040d99 (ID = 0)
7:11 PM: 0000759a_436ce450_000b71b0 (ID = 0)
7:11 PM: 0000282d_436d19e5_000e4e1c (ID = 0)
7:11 PM: 000015a1_436d02ce_000487ab (ID = 0)
7:11 PM: 00002350_436ce450_000d1cef (ID = 0)
7:11 PM: 00005753_435d8ee3_0008583b (ID = 0)
7:11 PM: 000022ee_436ce450_000ec82e (ID = 0)
7:11 PM: 0000765f_435ee89a_00053ec6 (ID = 0)
7:11 PM: 00004d54_436d1793_000b71b0 (ID = 0)
7:11 PM: 0000301c_436cff27_000e4e1c (ID = 0)
7:11 PM: 0000701f_436cfde8_0007270e (ID = 0)
7:11 PM: 00005878_4360426b_000f0537 (ID = 0)
7:11 PM: 00005422_436d02d2_0006ea05 (ID = 0)
7:11 PM: 00001850_435ee8a3_0000b71b (ID = 0)
7:11 PM: 0000169a_436d1d36_000a4083 (ID = 0)
7:11 PM: 00000124_435d6858_00003d09 (ID = 0)
7:11 PM: 00001238_435eb1dd_0004c4b4 (ID = 0)
7:11 PM: 00004db7_4360047d_0007de29 (ID = 0)
7:11 PM: 00002213_435eb269_00076417 (ID = 0)
7:11 PM: 00006d22_436d0eac_000af79e (ID = 0)
7:11 PM: 000036c2_436d1ea7_000aba95 (ID = 0)
7:11 PM: 00003cd6_435ef45f_0001e848 (ID = 0)
7:11 PM: 00003ef6_436d02d3_0001e848 (ID = 0)
7:11 PM: 00002b00_435ee8a3_00022551 (ID = 0)
7:11 PM: 000048db_435eeeed_000487ab (ID = 0)
7:11 PM: 00004ad4_435eec4c_000dd40a (ID = 0)
7:11 PM: 00005c46_435eeae2_00039387 (ID = 0)
7:11 PM: 000016d4_435ee8a3_000b71b0 (ID = 0)
7:11 PM: 000026a6_43581589_00029f63 (ID = 0)
7:11 PM: 00006b36_43604bf4_0005b8d8 (ID = 0)
7:11 PM: 00003e12_4358168f_0005b8d8 (ID = 0)
7:11 PM: 00003cd6_436052c0_000a4083 (ID = 0)
7:11 PM: 00000822_436d02d3_0002625a (ID = 0)
7:11 PM: 0000390c_436cfbd3_00003d09 (ID = 0)
7:11 PM: 00000f3e_436cfbd3_00022551 (ID = 0)
7:11 PM: 00000029_436cc267_0009c671 (ID = 0)
7:11 PM: 00006df1_43601c7d_0008d24d (ID = 0)
7:11 PM: 00000bdb_435824b5_0001312d (ID = 0)
7:11 PM: 000026e9_435c0d38_00000000 (ID = 0)
7:11 PM: 00000029_435bf0aa_00039387 (ID = 0)
7:11 PM: 000066bb_435f6d83_0001ab3f (ID = 0)
7:11 PM: 00002cf7_435eec4d_00090f56 (ID = 0)
7:11 PM: 00000099_436cfbd3_00031975 (ID = 0)
7:11 PM: 00000732_435eb30f_00094c5f (ID = 0)
7:11 PM: 0000314f_435817cd_0002625a (ID = 0)
7:11 PM: 00003f4a_435eec4d_0009c671 (ID = 0)
7:11 PM: 00005991_436d02d3_00031975 (ID = 0)
7:11 PM: 00000d66_435ef49b_00031975 (ID = 0)
7:11 PM: 000066c4_435eb3ca_00089544 (ID = 0)
7:11 PM: 0000797d_436005e3_0001ab3f (ID = 0)
7:11 PM: 0000390c_435ef082_000dd40a (ID = 0)
7:11 PM: 0000252a_435ef65f_0007a120 (ID = 0)
7:11 PM: 00004b40_436ce452_00007a12 (ID = 0)
7:11 PM: 0000127e_436d0e5d_000501bd (ID = 0)
7:11 PM: 00000124_43600467_000d1cef (ID = 0)
7:12 PM: 00005f23_436d1d66_000a7d8c (ID = 0)
7:12 PM: 000048cc_436d075a_00007a12 (ID = 0)
7:12 PM: 00000029_43601b8f_000ec82e (ID = 0)
7:12 PM: 00004963_436d1eac_000a4083 (ID = 0)
7:12 PM: 00005fa8_436d1c6d_00098968 (ID = 0)
7:12 PM: 000079d1_436d1d69_0001312d (ID = 0)
7:12 PM: 00002ba5_436d1e5c_0003d090 (ID = 0)
7:12 PM: 00003305_436d1fe3_000bebc2 (ID = 0)
7:12 PM: 00003ef6_436ce5ae_0007270e (ID = 0)
7:12 PM: 00002725_435eeeed_0009c671 (ID = 0)
7:12 PM: 00001a49_43581693_000f0537 (ID = 0)
7:12 PM: 000045c5_436d1997_00007a12 (ID = 0)
7:12 PM: 0000288f_435ed778_0002dc6c (ID = 0)
7:12 PM: 00004230_435d8b16_00057bcf (ID = 0)
7:1
Post by: guestolo on November 06, 2005, 11:31:37 PM
Can you do the following, I suspect some things are still lurking
Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe (http://\"http://swandog46.geekstogo.com/aproposfix.exe\")
Save it to your desktop but do NOT run it yet.
Reboot into safe mode
Once in safe mode
Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode
Post the entire contents of the log.txt file in the aproposfix folder.
Could I see another hijackthis log too, thanks
Post by: nunya53 on November 07, 2005, 06:56:28 PM
7:12 PM: 00005f23_436d1d66_000a7d8c (ID = 0)
7:12 PM: 000048cc_436d075a_00007a12 (ID = 0)
7:12 PM: 00000029_43601b8f_000ec82e (ID = 0)
7:12 PM: 00004963_436d1eac_000a4083 (ID = 0)
7:12 PM: 00005fa8_436d1c6d_00098968 (ID = 0)
7:12 PM: 000079d1_436d1d69_0001312d (ID = 0)
7:12 PM: 00002ba5_436d1e5c_0003d090 (ID = 0)
7:12 PM: 00003305_436d1fe3_000bebc2 (ID = 0)
7:12 PM: 00003ef6_436ce5ae_0007270e (ID = 0)
7:12 PM: 00002725_435eeeed_0009c671 (ID = 0)
7:12 PM: 00001a49_43581693_000f0537 (ID = 0)
7:12 PM: 000045c5_436d1997_00007a12 (ID = 0)
7:12 PM: 0000288f_435ed778_0002dc6c (ID = 0)
7:12 PM: 00004230_435d8b16_00057bcf (ID = 0)
7:12 PM: 00006b89_43603eb2_000a7d8c (ID = 0)
7:12 PM: 00004823_435f64ab_000501bd (ID = 0)
7:12 PM: 0000401d_435819b0_00057bcf (ID = 0)
7:12 PM: 00001a49_435ef25e_00031975 (ID = 0)
7:12 PM: 00004823_43601b90_00003d09 (ID = 0)
7:12 PM: 000001eb_435d6519_00016e36 (ID = 0)
7:12 PM: 00005772_436d070d_000f0537 (ID = 0)
7:12 PM: 00000124_436cfbda_0001312d (ID = 0)
7:12 PM: 00000732_435d8231_0006ea05 (ID = 0)
7:12 PM: 00005ed0_435eec56_000cdfe6 (ID = 0)
7:12 PM: 00005f32_43581695_000cdfe6 (ID = 0)
7:12 PM: 00003a9e_435eb378_000501bd (ID = 0)
7:12 PM: 0000442b_436d0f65_000e1113 (ID = 0)
7:12 PM: 00006b89_436cff0e_000c28cb (ID = 0)
7:12 PM: 00004e57_435eec56_000d1cef (ID = 0)
7:12 PM: 00001a49_435eb36e_000dd40a (ID = 0)
7:12 PM: 00002350_435eb314_00000000 (ID = 0)
7:12 PM: 0000121f_436ce613_00094c5f (ID = 0)
7:12 PM: 00001366_435ef2ba_00081b32 (ID = 0)
7:12 PM: 00003a2d_435ef60a_0007de29 (ID = 0)
7:12 PM: 00004cd4_435ef554_00039387 (ID = 0)
7:12 PM: 0000440d_436cfbdb_000ca2dd (ID = 0)
7:12 PM: 00001af4_436d0eb1_000bebc2 (ID = 0)
7:12 PM: 00000fbf_436052c0_000baeb9 (ID = 0)
7:12 PM: 00004ae1_43581536_000f0537 (ID = 0)
7:12 PM: 0000428b_435f6d83_00040d99 (ID = 0)
7:12 PM: 00004509_4358236a_0001312d (ID = 0)
7:12 PM: 0000701f_4358158a_0000f424 (ID = 0)
7:12 PM: 00003bf6_435816a1_0007a120 (ID = 0)
7:12 PM: 00000124_4358155e_00022551 (ID = 0)
7:12 PM: 00004ae1_435eb064_0002625a (ID = 0)
7:12 PM: 0000701f_436049d8_00090f56 (ID = 0)
7:12 PM: 000018be_43601b90_000c65d4 (ID = 0)
7:12 PM: 0000139d_436d070e_0000f424 (ID = 0)
7:12 PM: 00000124_435ea87c_000501bd (ID = 0)
7:12 PM: 0000767d_43604ab5_000632ea (ID = 0)
7:12 PM: 0000797d_435eb383_00098968 (ID = 0)
7:12 PM: 00006e89_436d1f1d_000d59f8 (ID = 0)
7:12 PM: 000056ae_435824b9_000dd40a (ID = 0)
7:12 PM: 00005af1_435f6d2e_0002dc6c (ID = 0)
7:12 PM: 00007049_436d070e_00029f63 (ID = 0)
7:12 PM: 00006784_43601b94_00031975 (ID = 0)
7:12 PM: 00007eb7_435d8b16_0008d24d (ID = 0)
7:13 PM: 00000902_435d8cdd_00040d99 (ID = 0)
7:13 PM: 00006032_435d8b16_000a037a (ID = 0)
7:13 PM: 000048cc_435818fd_000af79e (ID = 0)
7:13 PM: 0000692c_436d070e_0003d090 (ID = 0)
7:13 PM: 00002fff_436d07d6_00031975 (ID = 0)
7:13 PM: 00006c69_436d07d6_000487ab (ID = 0)
7:13 PM: 0000305e_435ea88c_0003567e (ID = 0)
7:13 PM: 00004d06_436cfbe6_0005b8d8 (ID = 0)
7:13 PM: 00006048_435ef60a_000c65d4 (ID = 0)
7:13 PM: 00005815_436d1c0c_0007de29 (ID = 0)
7:13 PM: 000018be_435eef87_00044aa2 (ID = 0)
7:13 PM: 000018be_435f64ab_00081b32 (ID = 0)
7:13 PM: 000026a6_435f6d8e_000a037a (ID = 0)
7:13 PM: 0000428b_43602b23_00003d09 (ID = 0)
7:13 PM: 00005e9d_435ef4f3_00031975 (ID = 0)
7:13 PM: 000073da_436ce630_00007a12 (ID = 0)
7:13 PM: 00006784_435f64ad_00000000 (ID = 0)
7:13 PM: 0000288f_436d07d6_0009c671 (ID = 0)
7:13 PM: 00007f96_436004f2_000e1113 (ID = 0)
7:13 PM: 00001238_4358238c_0008d24d (ID = 0)
7:13 PM: 00005af1_43601c7e_0003d090 (ID = 0)
7:13 PM: 000054dc_436d078e_000b71b0 (ID = 0)
7:13 PM: 00001547_4360047f_000632ea (ID = 0)
7:13 PM: 00005f32_43582558_0000b71b (ID = 0)
7:13 PM: 000041bb_43601c7e_0007a120 (ID = 0)
7:13 PM: 00006ad4_436d0de8_0002625a (ID = 0)
7:13 PM: 00004ae1_435f64b0_00089544 (ID = 0)
7:13 PM: 00002c3b_435d8b1c_00040d99 (ID = 0)
7:13 PM: 00007014_436d1a43_0006ea05 (ID = 0)
7:13 PM: 00003d6c_435f64b1_0008583b (ID = 0)
7:13 PM: 000028e2_436d1e62_0004c4b4 (ID = 0)
7:13 PM: 0000701f_435f6d8f_00039387 (ID = 0)
7:13 PM: 00001d5e_436d1f20_00031975 (ID = 0)
7:13 PM: 00001ff1_436d1f29_000aba95 (ID = 0)
7:13 PM: 0000456d_436d1f2a_0001312d (ID = 0)
7:13 PM: 0000263d_436d19a3_000f0537 (ID = 0)
7:13 PM: 000071f0_435819b3_0003567e (ID = 0)
7:13 PM: 00002cd6_435f64b1_00090f56 (ID = 0)
7:13 PM: 00004cad_43604c16_00066ff3 (ID = 0)
7:13 PM: 00002ea6_43600341_0000b71b (ID = 0)
7:13 PM: 000015a1_435d8b1c_00044aa2 (ID = 0)
7:13 PM: 000018be_435d63b5_0002dc6c (ID = 0)
7:13 PM: 000018be_435bf0cf_000a7d8c (ID = 0)
7:13 PM: 00005772_435d8db6_0008583b (ID = 0)
7:13 PM: 000072ae_435f64b1_000f0537 (ID = 0)
7:13 PM: 000019da_435eeab4_000501bd (ID = 0)
7:13 PM: 0000139d_435d8db6_0008d24d (ID = 0)
7:13 PM: 00006952_435eb06e_00098968 (ID = 0)
7:13 PM: 00004df2_436d01df_000ca2dd (ID = 0)
7:13 PM: 0000441d_436d1c1b_0006ea05 (ID = 0)
7:13 PM: 000057d3_435ef610_000d9701 (ID = 0)
7:13 PM: 00000120_43604bbe_00094c5f (ID = 0)
7:13 PM: 0000305e_43601ff4_0003d090 (ID = 0)
7:14 PM: 00005f49_435eb384_00016e36 (ID = 0)
7:14 PM: 0000074d_435ef113_00081b32 (ID = 0)
7:14 PM: 00004db7_436cfbe6_0008583b (ID = 0)
7:14 PM: 00005991_435ef35b_000c65d4 (ID = 0)
7:14 PM: 00005d03_435f6d8f_0005f5e1 (ID = 0)
7:14 PM: 0000323b_435d81db_0003d090 (ID = 0)
7:14 PM: 00003d6c_43581537_0001e848 (ID = 0)
7:14 PM: 00002cd6_43581537_0002625a (ID = 0)
7:14 PM: 00002e40_435d8a61_000f0537 (ID = 0)
7:14 PM: 0000390c_4360492d_0007de29 (ID = 0)
7:14 PM: 00000bdb_43603eb5_0004c4b4 (ID = 0)
7:14 PM: 000012db_435bf309_000a037a (ID = 0)
7:14 PM: 000073da_435ef3b1_0003d090 (ID = 0)
7:14 PM: 00007ff5_436ce3fd_0001ab3f (ID = 0)
7:14 PM: 000041bb_436c0f64_000e1113 (ID = 0)
7:14 PM: 00004f68_435eed56_00081b32 (ID = 0)
7:14 PM: 00007ff5_436cfee0_00000000 (ID = 0)
7:14 PM: 00006b36_4358166c_000d59f8 (ID = 0)
7:14 PM: 00003b97_436d19ac_00094c5f (ID = 0)
7:14 PM: 00005878_436ce45e_000c28cb (ID = 0)
7:14 PM: 00006899_43604ec0_0000f424 (ID = 0)
7:14 PM: 00007e0e_436d1f2c_000d9701 (ID = 0)
7:14 PM: 0000409d_436ce5e3_000e1113 (ID = 0)
7:14 PM: 000006e3_436d1f33_000dd40a (ID = 0)
7:14 PM: 000058b0_435ef3b5_000c65d4 (ID = 0)
7:14 PM: 0000260d_436cff0c_000f0537 (ID = 0)
7:14 PM: 00005876_435eed56_0009c671 (ID = 0)
7:14 PM: 00001366_435d8a62_000d59f8 (ID = 0)
7:14 PM: 00004df2_435817cf_00094c5f (ID = 0)
7:14 PM: 00004b40_435eb343_000c28cb (ID = 0)
7:14 PM: 00004ae1_435bf0f3_00053ec6 (ID = 0)
7:14 PM: 000041bb_435f6d2e_0006acfc (ID = 0)
7:14 PM: 00005422_435d8b4c_0007de29 (ID = 0)
7:14 PM: 000066fa_435eed57_0001e848 (ID = 0)
7:14 PM: 00004823_435d59ac_000a037a (ID = 0)
7:14 PM: 00006784_435ea470_000aba95 (ID = 0)
7:14 PM: 00004ae1_436cc280_0003d090 (ID = 0)
7:14 PM: 00007049_435d8db6_0009c671 (ID = 0)
7:14 PM: 00007a5a_435f6d92_00081b32 (ID = 0)
7:14 PM: 000018be_435d59b3_0001ab3f (ID = 0)
7:14 PM: 00002213_43582424_00089544 (ID = 0)
7:14 PM: 00003cd5_43604ec0_000a037a (ID = 0)
7:14 PM: 0000314f_435d895b_0003d090 (ID = 0)
7:14 PM: 00000099_435d6845_000e8b25 (ID = 0)
7:14 PM: 00003a61_436d07dc_000aba95 (ID = 0)
7:14 PM: 00000f3e_435bf33a_00057bcf (ID = 0)
7:14 PM: 000026a6_436004b3_0005f5e1 (ID = 0)
7:14 PM: 00001238_4360395d_00053ec6 (ID = 0)
7:14 PM: 000001eb_435ef033_000a7d8c (ID = 0)
7:14 PM: 000022cd_436d07dd_0005f5e1 (ID = 0)
7:14 PM: 00006172_435ef4f4_00022551 (ID = 0)
7:14 PM: 00000fbf_435ef464_00022551 (ID = 0)
7:14 PM: 00004027_436d19b1_000e1113 (ID = 0)
7:14 PM: 0000767d_435f6d92_00090f56 (ID = 0)
7:15 PM: 00003b25_43582393_0000f424 (ID = 0)
7:15 PM: 00000f3e_4360492d_000b34a7 (ID = 0)
7:15 PM: 0000759a_43604bbe_000b71b0 (ID = 0)
7:15 PM: 00000099_436ccca5_000bebc2 (ID = 0)
7:15 PM: 000049bb_435eed5d_0002dc6c (ID = 0)
7:15 PM: 0000260d_4358242b_00029f63 (ID = 0)
7:15 PM: 00004509_435f6d92_000aba95 (ID = 0)
7:15 PM: pstatl.exe (ID = 0)
7:15 PM: 0000153c_436cca3c_00076417 (ID = 0)
7:15 PM: 00003b25_4360395d_0008d24d (ID = 0)
7:15 PM: 00007dd1_436d07dd_0006ea05 (ID = 0)
7:15 PM: 000026e9_435f6d2e_000a4083 (ID = 0)
7:15 PM: 000069d0_436d19e9_0003567e (ID = 0)
7:15 PM: 0000261e_436d07dd_00081b32 (ID = 0)
7:15 PM: 00006f11_435eed5d_00040d99 (ID = 0)
7:15 PM: 0000759a_435d8234_00003d09 (ID = 0)
7:15 PM: 000046c2_436d1c72_000cdfe6 (ID = 0)
7:15 PM: 00001649_436c0f61_0006acfc (ID = 0)
7:15 PM: 00006b89_435815d3_00040d99 (ID = 0)
7:15 PM: 0000412f_436d1bc9_00066ff3 (ID = 0)
7:15 PM: 00006b72_435ef4f4_00029f63 (ID = 0)
7:15 PM: 00005f90_435bf2c2_00003d09 (ID = 0)
7:15 PM: 00000bb3_435c0d3d_00057bcf (ID = 0)
7:15 PM: 0000798b_43581859_0004c4b4 (ID = 0)
7:15 PM: 00003ef6_435d8b4c_00089544 (ID = 0)
7:15 PM: 00002db5_436d1c72_000dd40a (ID = 0)
7:15 PM: 00001ad4_435ef15d_0000f424 (ID = 0)
7:15 PM: 00002cd6_436cc28b_000ec82e (ID = 0)
7:15 PM: 00000902_435ef3db_00094c5f (ID = 0)
7:15 PM: 00007a54_436d1c72_000e8b25 (ID = 0)
7:15 PM: 00000124_436ccca5_000d1cef (ID = 0)
7:15 PM: 00006784_435d6427_000a4083 (ID = 0)
7:15 PM: 00005e9d_436d07e4_000d9701 (ID = 0)
7:15 PM: 00000bb3_435ef053_0005b8d8 (ID = 0)
7:15 PM: 00001643_435eef05_000dd40a (ID = 0)
7:15 PM: 00002ea6_435c0d3e_0001e848 (ID = 0)
7:15 PM: 00006032_4358182c_0003567e (ID = 0)
7:15 PM: 00007eb7_435ef302_00090f56 (ID = 0)
7:15 PM: 00000099_435bf33a_00098968 (ID = 0)
7:15 PM: 00004d06_436cccc0_000aba95 (ID = 0)
7:15 PM: 0000489c_436d07e5_0004c4b4 (ID = 0)
7:15 PM: 00003a9e_435816c1_00090f56 (ID = 0)
7:15 PM: 00001916_436d07e5_0006ea05 (ID = 0)
7:15 PM: 000013e9_43604ec1_000d9701 (ID = 0)
7:15 PM: 00004080_43604ec1_000e4e1c (ID = 0)
7:15 PM: 00006b89_4358242d_00029f63 (ID = 0)
7:15 PM: 000074ad_435eed5d_0005f5e1 (ID = 0)
7:15 PM: 0000759a_43582514_0001e848 (ID = 0)
7:15 PM: 00001e1f_4358239a_00022551 (ID = 0)
7:15 PM: 00002d12_435ef110_0009c671 (ID = 0)
7:15 PM: 00004db7_436cccc1_00057bcf (ID = 0)
7:15 PM: 0000030a_4358242d_00057bcf (ID = 0)
7:15 PM: 000066bb_436ce27c_000a4083 (ID = 0)
7:15 PM: 00000975_436d0f14_000e1113 (ID = 0)
7:15 PM: 00004eae_435eed66_000a4083 (ID = 0)
7:15 PM: 000039ce_436d179a_0008d24d (ID = 0)
7:15 PM: 00005991_435d8b60_00040d99 (ID = 0)
7:15 PM: 0000368e_436d0793_000c28cb (ID = 0)
7:15 PM: 00004944_436d0203_000d9701 (ID = 0)
7:15 PM: 000053b1_436d1a54_0003d090 (ID = 0)
7:15 PM: 00002350_43582518_000632ea (ID = 0)
7:15 PM: 000072ae_436cc29b_0005b8d8 (ID = 0)
7:15 PM: 0000366b_435817f9_000b34a7 (ID = 0)
7:16 PM: 00000607_436d1f8d_000dd40a (ID = 0)
7:16 PM: 00001cd0_435d8ae2_000b71b0 (ID = 0)
7:16 PM: 00007e87_435eb0d3_000a4083 (ID = 0)
7:16 PM: 00006df1_435eb091_0006acfc (ID = 0)
7:16 PM: 000001eb_4358154a_0008583b (ID = 0)
7:16 PM: 00005d24_435eed66_000bebc2 (ID = 0)
7:16 PM: 00004dc8_435ef115_000f0537 (ID = 0)
7:16 PM: 000050bf_436d1c73_00016e36 (ID = 0)
7:16 PM: 000001e1_436d1e14_000e1113 (ID = 0)
7:16 PM: 0000153c_435bf16d_00053ec6 (ID = 0)
7:16 PM: 00004080_435818ee_0002625a (ID = 0)
7:16 PM: 000058b0_4358187c_00094c5f (ID = 0)
7:16 PM: 00001e1f_4360395d_000baeb9 (ID = 0)
7:16 PM: 00000099_43604930_000c28cb (ID = 0)
7:16 PM: 00001547_43602b12_00031975 (ID = 0)
7:16 PM: 0000428b_436cfdc2_0007a120 (ID = 0)
7:16 PM: 000022ee_43582520_00044aa2 (ID = 0)
7:16 PM: 00001649_435bf14b_000c65d4 (ID = 0)
7:16 PM: 00006df1_436c0f61_000a4083 (ID = 0)
7:16 PM: 0000440d_435d685a_0006ea05 (ID = 0)
7:16 PM: 00003492_435eeab4_00016e36 (ID = 0)
7:16 PM: 00002e40_436d0210_00081b32 (ID = 0)
7:16 PM: 0000440d_435ef0af_0002dc6c (ID = 0)
7:16 PM: 00002d12_435d686e_0003d090 (ID = 0)
7:16 PM: 00004509_435d69dc_000e1113 (ID = 0)
7:16 PM: 00000124_435bf33a_000ca2dd (ID = 0)
7:16 PM: 000041bb_435eb09b_000a4083 (ID = 0)
7:16 PM: 00002213_43600525_000aba95 (ID = 0)
7:16 PM: 00006e5d_4358239b_000cdfe6 (ID = 0)
7:16 PM: 000054de_43602b12_0005f5e1 (ID = 0)
7:16 PM: 00005d03_436ce2e7_000d9701 (ID = 0)
7:16 PM: 000039b3_43602b12_000aba95 (ID = 0)
7:16 PM: 00005d03_436004b6_000cdfe6 (ID = 0)
7:16 PM: 000026a6_435ef134_00031975 (ID = 0)
7:16 PM: 00004ae1_436c0ee2_000c28cb (ID = 0)
7:16 PM: 00000ddc_436005fc_000d1cef (ID = 0)
7:16 PM: 00007a5a_435bf49d_000d9701 (ID = 0)
7:16 PM: 00004cad_435eb391_0008583b (ID = 0)
7:16 PM: 0000293b_436d1a64_00066ff3 (ID = 0)
7:16 PM: 00003bf6_436d003f_000aba95 (ID = 0)
7:16 PM: 00005f90_435d65a0_000b71b0 (ID = 0)
7:16 PM: 00007049_435818b1_0008583b (ID = 0)
7:16 PM: 00006e5d_436004e7_0005f5e1 (ID = 0)
7:16 PM: 0000047e_435ef482_0001e848 (ID = 0)
7:16 PM: 00000677_43581a28_000f0537 (ID = 0)
7:16 PM: 0000305e_435bf33d_00007a12 (ID = 0)
7:16 PM: 00007e87_435bf16d_000d1cef (ID = 0)
7:16 PM: 00003e12_43600575_00044aa2 (ID = 0)
7:16 PM: 00001366_436d0218_000f0537 (ID = 0)
7:16 PM: 00004823_435eb047_000bebc2 (ID = 0)
7:16 PM: 00005f49_436005f3_000d9701 (ID = 0)
7:16 PM: 0000692c_435818be_0000b71b (ID = 0)
7:16 PM: 000039b3_43600499_000501bd (ID = 0)
7:16 PM: 00004d06_435bf3ed_00066ff3 (ID = 0)
7:16 PM: 00005f90_435ef009_00076417 (ID = 0)
7:16 PM: 00007ac2_436d19ec_00057bcf (ID = 0)
7:16 PM: 00000029_435bf25d_00076417 (ID = 0)
7:17 PM: 000030f1_436d1be2_00053ec6 (ID = 0)
7:17 PM: 00000099_43600463_00040d99 (ID = 0)
7:17 PM: 000060bf_435818fe_000a7d8c (ID = 0)
7:17 PM: 0000489c_43581991_00016e36 (ID = 0)
7:17 PM: 00005fa4_435ef55d_000501bd (ID = 0)
7:17 PM: 00004823_435bf25d_00081b32 (ID = 0)
7:17 PM: 000015a1_435ef31c_00089544 (ID = 0)
7:17 PM: 0000030a_435ef1eb_0002625a (ID = 0)
7:17 PM: 0000422d_43581938_0006acfc (ID = 0)
7:17 PM: 000026ca_43581891_0002dc6c (ID = 0)
7:17 PM: 000054de_435bf422_000a4083 (ID = 0)
7:17 PM: 00004328_436d1f3e_000af79e (ID = 0)
7:17 PM: 00005af1_436c0f61_000b34a7 (ID = 0)
7:17 PM: 0000458f_436d0f0d_00022551 (ID = 0)
7:17 PM: 00003bb1_436d17a1_000ca2dd (ID = 0)
7:17 PM: 00006e5d_435eb204_00044aa2 (ID = 0)
7:17 PM: 00005c67_43581908_000a037a (ID = 0)
7:17 PM: 00006bfc_436004ed_000baeb9 (ID = 0)
7:17 PM: 00002c3b_435ef318_0002dc6c (ID = 0)
7:17 PM: 00003cd6_4358190d_0002625a (ID = 0)
7:17 PM: 00004dc8_4360049b_000e8b25 (ID = 0)
7:17 PM: 00000c1e_436d1f3f_000e8b25 (ID = 0)
7:17 PM: 0000491c_435bf3d9_0003d090 (ID = 0)
7:17 PM: 00001cd0_436d0228_000d1cef (ID = 0)
7:17 PM: 00001ad4_436004e8_000e1113 (ID = 0)
7:17 PM: 00001ad4_435eb206_0001312d (ID = 0)
7:17 PM: 0000797d_435ef264_0001ab3f (ID = 0)
7:17 PM: 00006443_4360049c_000632ea (ID = 0)
7:17 PM: 00002ea6_435eb0c9_00081b32 (ID = 0)
7:17 PM: 000022ee_435eb33f_0000b71b (ID = 0)
7:17 PM: 00002120_436d1f40_0000f424 (ID = 0)
7:17 PM: 0000422d_435ef488_0008583b (ID = 0)
7:17 PM: 00003c61_435ef4bd_000af79e (ID = 0)
7:17 PM: 00005db2_435ef439_00057bcf (ID = 0)
7:17 PM: 00000732_43600536_0006acfc (ID = 0)
7:17 PM: 00001238_435bf4a1_0005b8d8 (ID = 0)
7:17 PM: 00006172_43581996_000b34a7 (ID = 0)
7:17 PM: 000026e9_435ef01c_0007a120 (ID = 0)
7:17 PM: 00001796_436d17da_00016e36 (ID = 0)
7:17 PM: 00004e55_436d1d6a_00031975 (ID = 0)
7:17 PM: 00004402_43581a2d_0007de29 (ID = 0)
7:17 PM: 00006032_435ef305_0001ab3f (ID = 0)
7:17 PM: 0000458f_435ef61a_000d1cef (ID = 0)
7:17 PM: 00000784_436d1fb5_000487ab (ID = 0)
7:17 PM: 00001030_436d1e19_000af79e (ID = 0)
7:17 PM: 00006b36_435eb352_0004c4b4 (ID = 0)
7:17 PM: 00000975_435ef639_0007270e (ID = 0)
7:17 PM: 0000721d_436d1f40_0003567e (ID = 0)
7:17 PM: 00002ea6_435ef074_000c65d4 (ID = 0)
7:17 PM: 00003e12_435eb36b_000b34a7 (ID = 0)
7:17 PM: 00005991_435eb41a_00081b32 (ID = 0)
7:18 PM: 00007eb7_435eb3ce_00007a12 (ID = 0)
7:18 PM: 00003f97_436d1bc3_00000000 (ID = 0)
7:18 PM: 0000798b_435ef35f_000a7d8c (ID = 0)
7:18 PM: 0000305e_4358155f_000b34a7 (ID = 0)
7:18 PM: 00007bb9_435818b0_0001e848 (ID = 0)
7:18 PM: 00001d11_436d1b18_000a7d8c (ID = 0)
7:18 PM: 000001eb_435f6d3b_0001ab3f (ID = 0)
7:18 PM: 00004c85_436d17a3_000ca2dd (ID = 0)
7:18 PM: 0000513e_436d17a3_000ec82e (ID = 0)
7:18 PM: 00000120_43600538_000aba95 (ID = 0)
7:18 PM: 00000de5_435eef21_00053ec6 (ID = 0)
7:18 PM: 00006b89_435eb2b1_000501bd (ID = 0)
7:18 PM: 00006b28_436d2038_0001e848 (ID = 0)
7:18 PM: 00006b36_436ce461_00003d09 (ID = 0)
7:18 PM: 000012db_436c0f83_000c28cb (ID = 0)
7:18 PM: 000066c4_43581800_000f0537 (ID = 0)
7:18 PM: 00002d12_43602b18_00031975 (ID = 0)
7:18 PM: 0000759a_43600538_000f0537 (ID = 0)
7:18 PM: 00007b44_435ef66d_0004c4b4 (ID = 0)
7:18 PM: 00007bb9_435ef3df_000dd40a (ID = 0)
7:18 PM: 00005cfd_4358166e_000cdfe6 (ID = 0)
7:18 PM: 00007049_435ef3fd_00090f56 (ID = 0)
7:18 PM: 0000513e_435ef7e3_00000000 (ID = 0)
7:18 PM: 00006e5d_435815a6_00066ff3 (ID = 0)
7:18 PM: 0000409d_435d8b60_0006ea05 (ID = 0)
7:18 PM: 00006fc9_436d19ed_000e4e1c (ID = 0)
7:18 PM: 00005cfd_436cffd4_00081b32 (ID = 0)
7:18 PM: 00001ad4_4358239e_000f0537 (ID = 0)
7:18 PM: 00000d66_436d0795_0008583b (ID = 0)
7:18 PM: 00004db7_435ef0b8_00003d09 (ID = 0)
7:18 PM: 00004b40_43582525_000f0537 (ID = 0)
7:18 PM: 000015a1_435eb3f8_0003d090 (ID = 0)
7:18 PM: 00004a80_435d8e05_0001312d (ID = 0)
7:18 PM: 00002059_436d0e53_0009c671 (ID = 0)
7:18 PM: 0000409d_43604dbd_0000b71b (ID = 0)
7:18 PM: 0000187e_435d8e05_0002dc6c (ID = 0)
7:18 PM: 000012e1_43604dbd_0001312d (ID = 0)
7:18 PM: 00007e87_435bf32c_00057bcf (ID = 0)
7:18 PM: 00001ad4_43603964_00003d09 (ID = 0)
7:18 PM: 0000368e_43581943_00040d99 (ID = 0)
7:18 PM: 0000074d_43602b19_00007a12 (ID = 0)
7:18 PM: 00006899_435818d4_000ca2dd (ID = 0)
7:18 PM: 00005ccd_436d19f2_000c65d4 (ID = 0)
7:18 PM: 000071f0_435ef4fe_0005f5e1 (ID = 0)
7:18 PM: 00004a80_435ef40f_00039387 (ID = 0)
7:18 PM: 000054dc_435ef491_0006ea05 (ID = 0)
7:18 PM: 0000368e_435ef491_000c28cb (ID = 0)
7:18 PM: 00002c49_435ef4b7_000aba95 (ID = 0)
7:18 PM: 00002fff_435ef4bd_000e4e1c (ID = 0)
7:18 PM: 000032e6_435ef4fa_000e4e1c (ID = 0)
7:18 PM: 00006c69_435ef4c2_00040d99 (ID = 0)
7:18 PM: 00006df1_435bf151_00016e36 (ID = 0)
7:18 PM: 0000314f_435eb393_000d1cef (ID = 0)
7:18 PM: 00001649_435bf2c4_0008583b (ID = 0)
7:18 PM: 00006df1_435ef00e_00098968 (ID = 0)
7:19 PM: 00004461_436d203d_0009c671 (ID = 0)
7:19 PM: 00004509_435bf4a0_0006acfc (ID = 0)
7:19 PM: 000063cb_4358239f_00000000 (ID = 0)
7:19 PM: data.bin (ID = 0)
7:19 PM: wifmmc.exe (ID = 0)
7:19 PM: pxdtedit.exe (ID = 0)
7:19 PM: 00007983_435ef4a8_0007a120 (ID = 0)
7:19 PM: 00000822_435ef338_00022551 (ID = 0)
7:19 PM: 000056ae_435ef1eb_000b34a7 (ID = 0)
7:19 PM: 0000491c_435d685b_0001312d (ID = 0)
7:19 PM: 00004230_436ce590_000501bd (ID = 0)
7:19 PM: 0000798b_43604dbd_0001e848 (ID = 0)
7:19 PM: 00004dc8_43602b19_0001e848 (ID = 0)
7:19 PM: 0000798b_435d8b69_0001312d (ID = 0)
7:19 PM: 00002213_435d81db_0009c671 (ID = 0)
7:19 PM: 00004df2_435d8969_0006acfc (ID = 0)
7:19 PM: 00005878_43582552_00031975 (ID = 0)
7:19 PM: 0000121f_435d8b75_0000b71b (ID = 0)
7:19 PM: 00000029_435eef3d_0005b8d8 (ID = 0)
7:19 PM: 00001649_435eb08d_00089544 (ID = 0)
7:19 PM: 000060bf_435ef457_000bebc2 (ID = 0)
7:19 PM: 000012db_4360035f_000ca2dd (ID = 0)
7:19 PM: 0000305e_4360caa8_000cdfe6 (ID = 0)
7:19 PM: 00007983_436d079a_00000000 (ID = 0)
7:19 PM: 00007e87_436ccca1_0007270e (ID = 0)
7:19 PM: 00006e5d_436ce36b_000d1cef (ID = 0)
7:19 PM: 00005af1_435bf162_0001ab3f (ID = 0)
7:19 PM: 0000121f_43604dbd_00090f56 (ID = 0)
7:19 PM: 00003e12_436cffdd_00007a12 (ID = 0)
7:19 PM: 00006df1_4358153f_00003d09 (ID = 0)
7:19 PM: 0000252a_436d0f4a_000bebc2 (ID = 0)
7:19 PM: 0000767d_436004cd_000501bd (ID = 0)
7:19 PM: 00005991_4358183b_00039387 (ID = 0)
7:19 PM: 00002528_436d1b4a_0002625a (ID = 0)
7:19 PM: 00000f3e_435ef085_0001ab3f (ID = 0)
7:19 PM: 0000153c_436c0f84_00081b32 (ID = 0)
7:19 PM: 0000494a_435ef50f_00031975 (ID = 0)
7:19 PM: 00000677_435ef511_000b71b0 (ID = 0)
7:19 PM: 00006be8_435ef518_000c65d4 (ID = 0)
7:19 PM: 0000542c_435ef51b_00066ff3 (ID = 0)
7:19 PM: 00002059_435ef581_000d1cef (ID = 0)
7:19 PM: 000037e6_435ef64a_0006acfc (ID = 0)
7:19 PM: 000023c9_435ef44e_00039387 (ID = 0)
7:19 PM: 000007cf_435ef59b_00039387 (ID = 0)
7:19 PM: 000019d9_435ef653_0008583b (ID = 0)
7:19 PM: 00006bcb_435ef526_00089544 (ID = 0)
7:19 PM: 0000390c_435eb0d8_00089544 (ID = 0)
7:19 PM: 00005422_435eb3fa_00057bcf (ID = 0)
7:19 PM: 000049f7_436d0f4f_0007de29 (ID = 0)
7:19 PM: 00001238_436004e2_00000000 (ID = 0)
7:19 PM: 00005af1_435ef011_00076417 (ID = 0)
7:19 PM: 0000494a_43581a24_000c28cb (ID = 0)
7:19 PM: 00005af1_435d65ae_000e1113 (ID = 0)
7:19 PM: 000075ef_435ef4ad_0009c671 (ID = 0)
7:19 PM: 00005753_435ef451_000d9701 (ID = 0)
7:19 PM: 00004823_435d656d_0003d090 (ID = 0)
7:19 PM: 00005cfd_43600563_0007270e (ID = 0)
7:19 PM: 0000366b_436d022f_0000f424 (ID = 0)
7:19 PM: 000041bb_435ef014_0002dc6c (ID = 0)
7:20 PM: 000026a6_435eb1a3_00094c5f (ID = 0)
7:20 PM: 00007f96_435eb231_00053ec6 (ID = 0)
7:20 PM: 000039b3_435bf425_000aba95 (ID = 0)
7:20 PM: 0000187e_435ef412_000d59f8 (ID = 0)
7:20 PM: 00005fa4_436d0e40_0003d090 (ID = 0)
7:20 PM: 00002668_436d19fe_00000000 (ID = 0)
7:20 PM: 0000153c_435eb0d0_000b34a7 (ID = 0)
7:20 PM: 000066bb_435ef120_000e8b25 (ID = 0)
7:20 PM: 00007ff5_435eb23e_0001ab3f (ID = 0)
7:20 PM: 0000390c_435bf338_00090f56 (ID = 0)
7:20 PM: 00003b25_435bf4a6_00031975 (ID = 0)
7:20 PM: 000063cb_43603964_0001312d (ID = 0)
7:20 PM: 000037e6_436d0f17_0004c4b4 (ID = 0)
7:20 PM: 000016c5_435d8e05_00066ff3 (ID = 0)
7:20 PM: 0000701f_435eb1a5_0007270e (ID = 0)
7:20 PM: 00002d12_435bf1da_000aba95 (ID = 0)
7:20 PM: 000073da_435d8b75_0006ea05 (ID = 0)
7:20 PM: 000026e9_435bf165_000d1cef (ID = 0)
7:20 PM: 000078d4_436d1a00_00031975 (ID = 0)
7:20 PM: 00006443_43602b19_00081b32 (ID = 0)
7:20 PM: 00003cd5_435818e7_0007de29 (ID = 0)
7:20 PM: 00000124_435ef08c_0000b71b (ID = 0)
7:20 PM: 00004e45_435eb246_000d1cef (ID = 0)
7:20 PM: 00006df1_435bf2dd_000632ea (ID = 0)
7:20 PM: 0000440d_435bf18b_0006acfc (ID = 0)
7:20 PM: 00005db2_435818f5_0007270e (ID = 0)
7:20 PM: 00002d12_435bf444_000e4e1c (ID = 0)
7:20 PM: 000041bb_435bf2de_00029f63 (ID = 0)
7:20 PM: 00005af1_435bf2dd_0006acfc (ID = 0)
7:20 PM: 0000428b_436ce2a3_0002625a (ID = 0)
7:20 PM: 00005753_436d075c_00089544 (ID = 0)
7:20 PM: 00001547_436cccc2_0007de29 (ID = 0)
7:20 PM: 000054de_436cccc2_0009c671 (ID = 0)
7:20 PM: 000039b3_436cccc2_000baeb9 (ID = 0)
7:20 PM: 00006a15_436d17aa_00016e36 (ID = 0)
7:20 PM: 00001049_436d1a04_000aba95 (ID = 0)
7:20 PM: 00004e45_435815b8_0002dc6c (ID = 0)
7:20 PM: 0000086a_436d1a08_00031975 (ID = 0)
7:20 PM: 000018d7_436d0d07_000dd40a (ID = 0)
7:20 PM: 00006d69_436d17a4_000c28cb (ID = 0)
7:20 PM: 00006032_436ce590_00098968 (ID = 0)
7:20 PM: 00006479_436d1a1f_0001312d (ID = 0)
7:20 PM: 00002d12_436cccc2_000c28cb (ID = 0)
7:20 PM: 00007a5a_436cfe25_0007270e (ID = 0)
7:20 PM: 00004ff8_436d17b2_0008d24d (ID = 0)
7:20 PM: 00003b25_436cfe76_00094c5f (ID = 0)
7:20 PM: 00004325_436d1a26_0008583b (ID = 0)
7:20 PM: 00005c46_436d17b9_0000f424 (ID = 0)
7:20 PM: 000026e9_435bf2e0_00039387 (ID = 0)
7:20 PM: 00003295_436d1c47_000dd40a (ID = 0)
7:20 PM: 00004e45_436004f5_000f0537 (ID = 0)
7:20 PM: 00005878_435ef24d_000632ea (ID = 0)
7:20 PM: 00000f3e_435bf17b_000a7d8c (ID = 0)
7:20 PM: 00001e1f_435bf4bf_00003d09 (ID = 0)
7:20 PM: 00006b89_435d81e1_0005f5e1 (ID = 0)
7:20 PM: 00002b00_436d14f1_00081b32 (ID = 0)
7:20 PM: 00005f90_4360cc73_000e4e1c (ID = 0)
7:20 PM: 0000139d_436ce6f3_00094c5f (ID = 0)
7:20 PM: ai_05-11-2005.log (ID = 0)
7:20 PM: 00004823_435c0d2f_000cdfe6 (ID = 0)
7:20 PM: 000018be_435c0d32_00040d99 (ID = 0)
7:20 PM: 00003d6c_435c0d34_0007de29 (ID = 0)
7:20 PM: 00002cd6_435c0d34_000a7d8c (ID = 0)
7:21 PM: 000072ae_435c0d35_000487ab (ID = 0)
7:21 PM: 00003d6c_436cc280_000487ab (ID = 0)
7:21 PM: 00006952_436cc29d_00031975 (ID = 0)
7:21 PM: 00000902_436d06dc_0005f5e1 (ID = 0)
7:21 PM: 00005af1_436cc2a6_0005b8d8 (ID = 0)
7:21 PM: 0000323b_4360cf5e_00057bcf (ID = 0)
7:21 PM: 000041bb_435c0d37_0002625a (ID = 0)
7:21 PM: ai_30-10-2005.log (ID = 0)
7:21 PM: 00004a80_436d0725_0002625a (ID = 0)
7:21 PM: 0000187e_436d0725_0009c671 (ID = 0)
7:21 PM: 000016c5_436d073a_00000000 (ID = 0)
7:21 PM: 00006899_436d073f_000d59f8 (ID = 0)
7:21 PM: 000013e9_436d0746_00003d09 (ID = 0)
7:21 PM: 0000470e_436d17ec_000d1cef (ID = 0)
7:21 PM: 000033ea_436d0752_000487ab (ID = 0)
7:21 PM: 000001eb_435c0d39_0008d24d (ID = 0)
7:21 PM: 0000314f_436007fd_000501bd (ID = 0)
7:21 PM: 00005e14_436007fd_000632ea (ID = 0)
7:21 PM: 00004df2_436007fd_0006acfc (ID = 0)
7:21 PM: 00004944_436007fd_00081b32 (ID = 0)
7:21 PM: 00001cd0_436007fd_000d9701 (ID = 0)
7:21 PM: 0000366b_436007fd_000e1113 (ID = 0)
7:21 PM: 000066c4_436007fd_000e8b25 (ID = 0)
7:21 PM: 00003d6c_435821cf_000aba95 (ID = 0)
7:21 PM: 00002cd6_435821d0_00000000 (ID = 0)
7:21 PM: 00000f3e_436ccca5_0003d090 (ID = 0)
7:21 PM: 00001649_435821e6_00057bcf (ID = 0)
7:21 PM: 0000074d_436cccc3_00053ec6 (ID = 0)
7:21 PM: 00007f4f_436d0cc2_00031975 (ID = 0)
7:21 PM: 00004402_436d0cfc_00090f56 (ID = 0)
7:21 PM: 00007e87_43582256_00022551 (ID = 0)
7:21 PM: 00000099_43582262_0002dc6c (ID = 0)
7:21 PM: 00003960_436d1997_000a7d8c (ID = 0)
7:21 PM: 00003459_436d1997_000b71b0 (ID = 0)
7:21 PM: 0000074d_435822d0_000d59f8 (ID = 0)
7:21 PM: ai_31-10-2005.log (ID = 0)
7:21 PM: 00006784_4366cbb7_000b71b0 (ID = 0)
7:21 PM: ai_04-11-2005.log (ID = 0)
7:21 PM: 0000409d_435ec70f_0008d24d (ID = 0)
7:21 PM: 00004e45_436ce3fd_00044aa2 (ID = 0)
7:21 PM: 00006b89_436ce44f_0005b8d8 (ID = 0)
7:21 PM: 0000798b_435ec71b_000487ab (ID = 0)
7:21 PM: 00004e45_435823f3_0003567e (ID = 0)
7:21 PM: 0000323b_435823f3_00039387 (ID = 0)
7:21 PM: 0000301c_4358242d_0007a120 (ID = 0)
7:21 PM: 0000121f_435ec71b_00057bcf (ID = 0)
7:21 PM: 000073da_435ec71b_000632ea (ID = 0)
7:21 PM: 00000bdb_436ce450_00057bcf (ID = 0)
7:21 PM: 000058b0_435ec71b_0006acfc (ID = 0)
7:21 PM: 00000120_436ce450_000a4083 (ID = 0)
7:23 PM: File Sweep Complete, Elapsed Time: 00:41:39
7:23 PM: Full Sweep has completed. Elapsed time 00:44:46
7:23 PM: Traces Found: 1802
7:25 PM: Removal process initiated
7:25 PM: Quarantining All Traces: cws-aboutblank
7:25 PM: Quarantining All Traces: apropos
7:25 PM: apropos is in use. It will be removed on reboot.
7:25 PM: wingenerics.dll is in use. It will be removed on reboot.
7:25 PM: Quarantining All Traces: internetoptimizer
7:25 PM: Quarantining All Traces: dealhelper
7:25 PM: Quarantining All Traces: ezula ilookup
7:25 PM: Quarantining All Traces: ist yoursitebar
7:25 PM: Quarantining All Traces: powerscan
7:25 PM: Quarantining All Traces: quicklink search toolbar
7:25 PM: Quarantining All Traces: surf accuracy
7:25 PM: Quarantining All Traces: reliablestats cookie
7:26 PM: Removal process completed. Elapsed time 00:00:53
********
Post by: guestolo on November 07, 2005, 07:11:30 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Quote
Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe (http://\"http://swandog46.geekstogo.com/aproposfix.exe\")
Save it to your desktop but do NOT run it yet.
Reboot into safe mode
Once in safe mode
Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.
When the tool is finished, please reboot back into normal mode
Post the entire contents of the log.txt file in the aproposfix folder.
Could I see another hijackthis log too, thanks
Post by: nunya53 on November 07, 2005, 07:53:07 PM
Actually, I had to run out for a few minutes...getting ready to do it now.
Jerry
Post by: nunya53 on November 07, 2005, 08:23:23 PM
Here is the Aproposfix log:
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\user\Desktop\Spyware Software\aproposfix\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CtiS6A25Zg5m]
@="9NILgpSWXXWXXYX6 S5D_L1WXXWmZX2sxny2.XOUOPAIdcX9NERANOXIOLKPI9IYOUO"
"Device"="\\\\.\\aQwZh_pV"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\mspotmdm.sys"
"DriverName"="drmp6Fw"
"HideUninstallerName"="C:\\Program Files\\Musffice\\wifmmc.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\netclr40.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7AA7033B-47BA-4244-A688-EE8A465B114B}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\odperfos.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xccbb153-4fe1-16a9-e1b9-297dd8f6ad09}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Musffice\\pstatl.exe"
************
Removing hidden service:
Service drmp6Fw removed.
Removing hidden folder:
Deletion of folder Musffice succeeded!
Deleting files:
Deletion of file C:\WINDOWS\system32\drivers\mspotmdm.sys succeeded!
Deletion of file C:\WINDOWS\system32\pxdtedit.exe succeeded!
Deletion of file C:\WINDOWS\system32\odperfos.dll succeeded!
Deletion of file C:\WINDOWS\system32\netclr40.exe succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CtiS6A25Zg5m]
[-HKEY_LOCAL_MACHINE\Software\CtiS6A25Zg5m]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AA7033B-47BA-4244-A688-EE8A465B114B}]
Done!
Finished!
And here is the Hijackthis log I ran after Aproposfix:
Logfile of HijackThis v1.99.1
Scan saved at 7:19:08 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/ (http://\"http://toshibadirect.com/\")
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab (http://\"http://www.linksysfix.com/check/netset/install/gtdownls.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
I hope this does the trick.
Guestolo,
Many thanks for this help. I'm sure you have a life and I appreciate your taking the time to help an idiot like me.
Jerry
Post by: guestolo on November 07, 2005, 08:33:42 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Can you do the following for some final cleanup
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2
Hold onto SpySweeper till the expiration if your running the trial version
Afterwards, if you want to uninstall it shut it down by right clicking the icon and then uninstall it
I hope your running Spybot 1.4
Also use the immunize feature, Click on Immunize>>OK>>Immunize in the top bar
Do this after every update
Stay safe
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: nunya53 on November 08, 2005, 06:26:35 PM
Post by: guestolo on November 08, 2005, 09:27:32 PM
Take care nunya53
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />