Tailored Pop-ups

[nunya53]

Hey all,

I have come across some nasty spyware lately.  Most of it I have successfully removed following various tutorials posted here.  Unfortunately, I still have one bit of annoying spyware.  This spyware seems to tailor itself to the particular website I'm visiting.  When I am here, I get pop-up ads for anti-virus and spyware programs, when I am on my university website, I get educational pop-ups, on MSN, I get search pop-ups, and so on....

My Hijackthis log follows.  I appreciate all help.

Thanks,

Jerry



Logfile of HijackThis v1.99.1
Scan saved at 8:12:59 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[nunya53]

Anyone?

[guestolo]

Normally I don't ask for a Hijackthis log in Safe mode
But can you do the following, I just want to check on somthing

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

Open hijackthis
Do a SCAN and Save a Log file>>Save this log

Reboot back to Normal mode
Post the log from Safe mode

Could you also
Save Silent Runners.vbs to your desktop and double click on it to run.
Don't click anything on the Yes or No prompt, it will continue to run
If prompted by your AV, please let this script run, we are just collecting information

 This will create a text file on your desktop
Open the text file and copy and paste the contents back here

NOTE: let silentrunners completely finish, it should prompt when it is done

[nunya53]

Guestolo,

First, let me say a big THANK YOU for you taking the time to help.  I normally read and try to figure problems out myself, but this one has me stumped.


Here is the HijackThis log from the SAFE mode:


Logfile of HijackThis v1.99.1
Scan saved at 7:07:58 PM, on 10/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Download\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



And here is the Silent Runner log after restarting in NORMAL mode:


"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PhotoShow Deluxe Media Manager" = "C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [null data]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS]
"tunebite.exe" = "C:\Program Files\tunebite\tunebite.exe" ["RapidSolution Software AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CeEKEY" = "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" ["COMPAL ELECTRONIC INC."]
"CeEPOWER" = "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" ["COMPAL ELECTRONIC INC."]
"TPNF" = "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" ["COMPAL ELECTRONIC INC."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
"EzButton" = "C:\Program Files\EzButton\EzButton.EXE" ["Dritek System Inc."]
"PadTouch" = "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" ["TOSHIBA"]
"Notebook Maximizer" = "C:\Program Files\Notebook Maximizer\maximizer_startup.exe" [null data]
"SM1BG" = "C:\WINDOWS\SM1BG.EXE" ["Cypress Semiconductor"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"USB Storage Toolbox" = "C:\Program Files\USBToolbox\Res.EXE" ["ali"]
"CloneCDElbyCDFL" = ""C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL" ["Elaborate Bytes"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"masqform.exe" = "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser" ["PureEdge Solutions Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = "AcroIEToolbarHelper Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}" = "CePMTab Property Sheet"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\CePMTab.dll" ["COMPAL ELECTRONIC INC."]
"{9ED66769-A198-41FE-8615-601691C68846}" = "TouchPad Property Sheet"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\TPprop.dll" ["COMPAL ELECTRONIC INC."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\background.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ss3dfo.scr" [MS]


Startup items in "user" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."]
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Scan my computer - user" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data]

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.toshiba.com

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Atheros Configuration Service, ACS, "C:\WINDOWS\system32\ACS.exe" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\system32\drivers\CDAC11BA.EXE" ["C-Dilla Ltd"]
CeEPwrSvc, CeEPwrSvc, "C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe" ["COMPAL ELECTRONIC INC."]
ConfigFree Service, CFSvcs, "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]
DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\system32\DVDRAMSV.exe" ["Matsu[censored]a Electric Industrial Co., Ltd."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
Swupdtmr, Swupdtmr, "c:\Toshiba\Ivp\Swupdate\swupdtmr.exe" [null data]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
SSGB1 Langmon\Driver = "Ssgb1mon.dll" ["Samsung Electronics."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
  use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 52 seconds, including 18 seconds for message boxes)


Once again, thanks for your help.

Jerry

[guestolo]

Let's try something else
Is your popup blocker enabled in Internet Explorer?
In IE>>Popup blocker
Turn on popupblocker if turned off

I want to check something else
these should be disabled, but let's take a look
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Messenger

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for Alerter


Download and run BlackLight:
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
leave [X]scan through windows explorer checked,
click > scan then > next,
If any items show have BlackLight rename them except for wbemtest.exe"
Do not rename "wbemtest.exe"; it's a windows file
The tool will ask if you want to reboot (restart) choose yes.

After you have rebooted post back with BlackLight's log

[nunya53]

Alright,

First, let me say THANKS for your time and effort, Guestolo.

The IE pop-up blocker IS turned on.

When running services.msc:

messenger is stopped and disabled...

alerter was running and enabled, I stopped it and disabled it...

Blacklight (beta) must have changed because it didn't look like you described...

I ran the program and there were two programs with a different icon as the very first two in the list...I renamed them...if nothing else I can reload my computer, not that I want to but I have everything backed up...just time-consuming.  I rebooted the computer and didn't see a log anywhere and reran the program to look for a log option but couldn't find one.  Coincidently, I opened another window to my university website and got pop-ups while typing this.

I appreciate your help, but I am at a loss...maybe this is something new and my trials can help those in the future.

As background, all my problems started about a week ago when I was watching the World Series of Poker on ESPNHD and poked around on partypoker.net.  I am an experience computer use, and know what to avoid on the internet to prevent being infected...well, apparently not!

Thanks, Guestolo....

Jerry


BTW...some of the pop-ups have a disclaimer link at the botton <more info> that state the pop-up is not necessarily from the website owner and could be from a competitor, which make me think GATOR or the other one I can't remember the name of...

[nunya53]

Here is an interesting screenshot of a pop-up I just got from Ebay.  I've used Ebay for about four years now and have never seen this before...looks like someone phishing for information.  I will post screenshots of any other pop-ups I get.

Jerry


or not...it didn't seem to attach.

[guestolo]

I've pm'ed you, can you check your messages

[nunya53]

YGM

I am going out of town tomorrow for four days...will be back Sunday afternoon...will check back here then.

Thanks for everyone's help.


Jerry

[guestolo]

Can you do something for me please
I wouldn't be without these, I want to see if it helps

Both of these don't run in the background
You'll read more from my links

Download and Install
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

Restart the computer when your done

Back in Windows, startup may be a bit slower as we cleaned your prefetch folder
It will increase next startup

Let me know if the popups remain

EDIT>>Can I also see the following when you have done the above
Open Hijackthis>>Open Misc tools section>>Open Hosts file manager
Click the "Open in Notepad" button
A text file will open, copy and paste back here the Whole contents please

Also, I want to check on something else
Download L2mfix from here

http://www.atribune.org/downloads/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

[color=\"red\"]IMPORTANT:  Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so![/color]

[nunya53]

Guestolo,

I only have a few minutes because I am bugging out of town here in few minutes.  I only had time to download and install spyblaster 3.4 and run the Windows Cleanup 4.0.  I will run the rest of the stuff for you and post back here Sunday afternoon.

Jerry

[nunya53]

Alright, sorry for the delay...I only had one day at home before I left again for five days.

After running the Spywareblaster 3.4 and the Cleanup! 4.0, I still get popups, but not nearly as many and not as consistently.  The popups I do get are more infrequent and sporadic.


Here is the Hijackthis! Hosts File Manager log:


# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost




And here is the L2mfix option 1 logfile:



L2MFIX find log 1.04a
These are the registry keys present
********************************************************************************
**
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
  6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
  6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW  Read           BUILTIN\Users
(ID-IO) ALLOW  Read           BUILTIN\Users
(ID-NI) ALLOW  Full access    BUILTIN\Administrators
(ID-IO) ALLOW  Full access    BUILTIN\Administrators
(ID-NI) ALLOW  Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access    NT AUTHORITY\SYSTEM
(ID-IO) ALLOW  Full access    CREATOR OWNER


********************************************************************************
**
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""

********************************************************************************
**
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{8FF43EAA-2BB1-4A53-8E18-D9221E56E593}"="CePMTab Property Sheet"
"{9ED66769-A198-41FE-8615-601691C68846}"="TouchPad Property Sheet"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"

********************************************************************************
**
HKEY ROOT CLASSIDS:
********************************************************************************
**
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
   bho.dll        Sat Oct  8 2005   4:21:48p  A....        172,032   168.00 K
   browseui.dll   Fri Sep  2 2005   5:52:04p  A....      1,019,904   996.00 K
   cdfview.dll    Fri Sep  2 2005   5:52:04p  A....        151,040   147.50 K
   cdosys.dll     Fri Sep  9 2005   7:53:42p  A....      2,067,968     1.97 M
   danim.dll      Fri Sep  2 2005   5:52:04p  A....      1,053,696     1.00 M
   dxtrans.dll    Fri Sep  2 2005   5:52:04p  A....        205,312   200.50 K
   extmgr.dll     Fri Sep  2 2005   5:52:04p  A....         55,808    54.50 K
   iepeers.dll    Fri Sep  2 2005   5:52:04p  A....        251,392   245.50 K
   inseng.dll     Fri Sep  2 2005   5:52:04p  A....         96,256    94.00 K
   linkinfo.dll   Wed Aug 31 2005   7:41:54p  A....         19,968    19.50 K
   mshtml.dll     Tue Oct  4 2005   4:26:00p  A....      3,015,168     2.88 M
   mshtmled.dll   Fri Sep  2 2005   5:52:06p  A....        448,512   438.00 K
   msrating.dll   Fri Sep  2 2005   5:52:06p  A....        146,432   143.00 K
   mstime.dll     Fri Sep  2 2005   5:52:06p  A....        530,432   518.00 K
   msvcp71.dll    Wed Aug 31 2005   6:44:24a  A....        503,808   492.00 K
   msvcr71.dll    Wed Aug 31 2005   6:44:24a  A....        348,160   340.00 K
   netman.dll     Mon Aug 22 2005  12:29:46p  A....        197,632   193.00 K
   odperfos.dll   Wed Oct 19 2005   4:14:42p  A....         45,056    44.00 K
   pngfilt.dll    Fri Sep  2 2005   5:52:06p  A....         39,424    38.50 K
   pxsfs.dll      Wed Aug 31 2005   6:44:40a  .....      1,093,632     1.04 M
   quartz.dll     Mon Aug 29 2005   9:54:26p  A....      1,287,168     1.23 M
   shdocvw.dll    Fri Sep  2 2005   5:52:06p  A....      1,483,776     1.41 M
   shell32.dll    Thu Sep 22 2005   9:05:30p  A....      8,450,560     8.06 M
   shlwapi.dll    Fri Sep  2 2005   5:52:06p  A....        473,600   462.50 K
   umpnpmgr.dll   Mon Aug 22 2005   9:35:42p  A....        123,392   120.50 K
   urlmon.dll     Fri Sep  2 2005   5:52:06p  A....        608,768   594.50 K
   vb40032.dll    Mon Oct 24 2005   4:20:06p  A....        722,192   705.27 K
   vb5db.dll      Mon Oct 24 2005   4:20:06p  A....         89,360    87.27 K
   wininet.dll    Fri Sep  2 2005   5:52:06p  A....        658,432   643.00 K
   winsrv.dll     Wed Aug 31 2005   7:41:54p  A....        291,840   285.00 K

30 items found:  30 files, 0 directories.
   Total of file sizes:  25,650,720 bytes     24.46 M
Locate .tmp files:

No matches found.
********************************************************************************
**
Directory Listing of system files:
 Volume in drive C has no label.
 Volume Serial Number is 6C40-871F

 Directory of C:\WINDOWS\System32

10/20/2005  04:54 PM    <DIR>          dllcache
08/09/2004  06:12 PM    <DIR>          Microsoft
               0 File(s)              0 bytes
               2 Dir(s)  36,565,336,064 bytes free


Thanks for the help.

Jerry

[guestolo]

Can you run another tool please

Please download WebRoot's SpySweeper (It's a 2 week trial):

    * Click the Free Trial link under to "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the SweepOptions tab.
    * Under What to Sweep please put a check next to the following:
           

Sweep Memory
           Sweep Registry
           Sweep Cookies
           Sweep All User Accounts
           Enable Direct Disk Sweeping
           Sweep Contents of Compressed Files
           Sweep for Rootkits
[/list]           Please UNCHECK Do not Sweep System Restore Folder.
    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that                window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

[nunya53]

Well, I ran Spysweeper and so far, so good.  When it finished, there was an odd entry at the end with 2,000 files it said was hidden from Windows.  I tried to delete it but my computer locked up, so I ran the Spysweeper again and did not check it the second time but checked everything else.  It was originally showing up in a Program Files subdirectory called "Musffice".  When I went back to look at the quarentine log, it was there and I couldn't find the directory, so I guess it deleted it.

In any case, it looks good so far, but I will keep you posted.  Thanks for all of your help.

Jerry


Here is the SpySweeper log.


********
6:38 PM: |       Start of Session, Saturday, November 05, 2005       |
6:38 PM: Spy Sweeper started
6:38 PM: Sweep initiated using definitions version 567
6:38 PM: Starting Memory Sweep
6:40 PM: Memory Sweep Complete, Elapsed Time: 00:02:38
6:40 PM: Starting Registry Sweep
6:41 PM:   Found Adware: quicklink search toolbar
6:41 PM:   HKLM\software\microsoft\windows\currentversion\uninstall\quick links\  (2 subtraces) (ID = 359457)
6:41 PM:   Found Adware: ezula ilookup
6:41 PM:   HKLM\software\microsoft\webext\  (30 subtraces) (ID = 828947)
6:41 PM:   Found Adware: cws-aboutblank
6:41 PM:   HKU\S-1-5-21-775847664-4091230895-862719317-1006\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
6:41 PM:   HKU\S-1-5-21-775847664-4091230895-862719317-1006\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
6:41 PM:   HKU\S-1-5-21-775847664-4091230895-862719317-1006\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
6:41 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
6:41 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
6:41 PM:   HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
6:41 PM: Registry Sweep Complete, Elapsed Time:00:00:25
6:41 PM: Starting Cookie Sweep
6:41 PM:   Found Spy Cookie: reliablestats cookie
6:41 PM:   [email protected][2].txt (ID = 3254)
6:41 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:41 PM: Starting File Sweep
6:41 PM:   Found Adware: dealhelper
6:41 PM:   a0098271.exe (ID = 57643)
6:41 PM:   a0098269.exe (ID = 125700)
6:41 PM:   Found Adware: internetoptimizer
6:41 PM:   a0088947.exe (ID = 122872)
6:41 PM:   Found Adware: ist yoursitebar
6:41 PM:   a0091020.exe (ID = 131738)
6:42 PM:   Found Adware: surf accuracy
6:42 PM:   a0095676.cfg (ID = 162775)
6:42 PM:   a0095683.exe (ID = 122872)
6:42 PM:   Found Adware: powerscan
6:42 PM:   a0088917.exe (ID = 72675)
6:42 PM:   a0095669.exe (ID = 57643)
6:42 PM:   a0089059.dll (ID = 153756)
6:43 PM:   a0095671.exe (ID = 72675)
6:43 PM:   a0096715.exe (ID = 122872)
6:43 PM:   a0088933.exe (ID = 131738)
6:43 PM:   a0088934.exe (ID = 131722)
6:43 PM:   a0095667.exe (ID = 73428)
6:43 PM:   a0096720.exe (ID = 72675)
6:44 PM:   a0095666.exe (ID = 131326)
6:44 PM:   a0098577.exe (ID = 163218)
6:44 PM:   a0088912.cfg (ID = 115677)
6:45 PM:   a0096724.dll (ID = 153756)
6:45 PM:   a0098578.exe (ID = 163218)
6:45 PM:   a0098270.dll (ID = 57618)
6:46 PM:   a0095339.exe (ID = 131738)
6:46 PM:   a0088926.dll (ID = 144079)
6:47 PM:   ycznrzu2.xml (ID = 57651)
6:47 PM:   ycznrzu3.xml (ID = 57652)
6:48 PM:   a0095567.dll (ID = 166574)
6:48 PM:   a0095700.exe (ID = 131326)
6:48 PM:   a0097258.exe (ID = 131326)
6:48 PM:   a0095701.exe (ID = 73428)
6:48 PM:   a0096728.exe (ID = 73428)
6:48 PM:   Found Adware: apropos
6:48 PM:   wingenerics.dll (ID = 50187)
6:49 PM:   a0095698.exe (ID = 131738)
6:49 PM:   a0096726.cfg (ID = 162775)
6:49 PM:   a0096725.exe (ID = 180326)
6:49 PM:   ycznrzk.xml (ID = 57646)
6:49 PM:   ycznrzk1.xml (ID = 57647)
6:49 PM:   ycznrzk2.xml (ID = 57648)
6:49 PM:   ycznrzu1.xml (ID = 57650)
6:49 PM:   a0095699.dll (ID = 153756)
6:49 PM:   bho.dll (ID = 167068)
6:49 PM:   ycznrzu.xml (ID = 57649)
6:50 PM:   mp3.exe (ID = 131722)
6:50 PM:   a0091021.exe (ID = 131722)
6:51 PM:   ysbactivex.inf (ID = 91034)
6:51 PM:   newycznrztime.xml (ID = 163168)
6:51 PM:   ycznrzdk.xml (ID = 57645)
6:51 PM:   Found System Monitor: potentially rootkit-masked files
6:51 PM:   00006df1_435d64ae_000aba95 (ID = 0)
6:51 PM:   00003807_435ef772_00031975 (ID = 0)
6:51 PM:   000039b3_4360cdb2_000632ea (ID = 0)
6:51 PM:   00007ff5_435d81d7_00040d99 (ID = 0)
6:51 PM:   000041bb_4360ccb0_0002625a (ID = 0)
6:51 PM:   00005db2_436ce70c_00022551 (ID = 0)
6:51 PM:   0000153c_435bf32a_000501bd (ID = 0)
6:51 PM:   00006784_4360c9e2_0000b71b (ID = 0)
6:51 PM:   00000120_436041e6_0001e848 (ID = 0)
6:51 PM:   00000902_435ec73c_00031975 (ID = 0)
6:51 PM:   00002cd6_435d934f_000a7d8c (ID = 0)
6:51 PM:   00005d2b_436d23e3_000b34a7 (ID = 0)
6:51 PM:   00006e5d_43603963_00040d99 (ID = 0)
6:51 PM:   0000409d_436d02d7_0008d24d (ID = 0)
6:51 PM:   00001316_436d1881_000dd40a (ID = 0)
6:51 PM:   000066bb_4360ce5f_00000000 (ID = 0)
6:51 PM:   00006784_435d6583_000a4083 (ID = 0)
6:51 PM:   0000773b_435ef772_000af79e (ID = 0)
6:51 PM:   000020a8_436d2193_0003567e (ID = 0)
6:51 PM:   00005878_435d8922_000af79e (ID = 0)
6:51 PM:   00001f16_435eec35_000a037a (ID = 0)
6:51 PM:   00002d12_4360cdb2_000b71b0 (ID = 0)
6:51 PM:   00002350_435d825d_00057bcf (ID = 0)
6:51 PM:   0000153c_43582255_0007a120 (ID = 0)
6:51 PM:   00000633_435ef772_000ca2dd (ID = 0)
6:51 PM:   000041bb_436002db_00066ff3 (ID = 0)
6:51 PM:   00002cd6_435ea4bd_000a4083 (ID = 0)
6:51 PM:   00004cff_436d227a_0007270e (ID = 0)
6:51 PM:   00006d4e_436d1e05_00094c5f (ID = 0)
6:51 PM:   000026ca_435d8cdc_000d59f8 (ID = 0)
6:51 PM:   00007f61_435ef70c_00098968 (ID = 0)
6:51 PM:   00005af1_435d93ab_000d59f8 (ID = 0)
6:51 PM:   00007282_435ef7a3_000501bd (ID = 0)
6:51 PM:   00002ea6_4360ccb0_00081b32 (ID = 0)
6:51 PM:   000039ce_435ef7c9_00089544 (ID = 0)
6:51 PM:   00001547_436cfd04_000dd40a (ID = 0)
6:52 PM:   00004e45_43603eaf_0006acfc (ID = 0)
6:52 PM:   0000074d_4360ce39_00094c5f (ID = 0)
6:52 PM:   00004944_435ef27b_000e1113 (ID = 0)
6:52 PM:   00007049_43604eb7_0007270e (ID = 0)
6:52 PM:   000072ae_435ea533_0006acfc (ID = 0)
6:52 PM:   00004823_435d9308_000ec82e (ID = 0)
6:52 PM:   00004080_435ed725_00066ff3 (ID = 0)
6:52 PM:   00006784_435d5d58_000487ab (ID = 0)
6:52 PM:   000072ae_435d936a_000ca2dd (ID = 0)
6:52 PM:   00007f61_435ee8b1_0001312d (ID = 0)
6:52 PM:   00004944_435d89c4_0007a120 (ID = 0)
6:52 PM:   00005f90_435f6c99_0001e848 (ID = 0)
6:52 PM:   00000c15_435ee909_0001312d (ID = 0)
6:52 PM:   000033ea_436ce71b_00022551 (ID = 0)
6:52 PM:   00000e12_435ef52a_000c65d4 (ID = 0)
6:52 PM:   000041bb_435d93ba_000a037a (ID = 0)
6:52 PM:   0000251f_435ef7a3_0008583b (ID = 0)
6:52 PM:   00005db2_435ed726_00053ec6 (ID = 0)
6:52 PM:   00004dc8_4360ce3a_0003d090 (ID = 0)
6:52 PM:   00003a61_435ed778_00098968 (ID = 0)
6:52 PM:   00003a8d_435ee8b1_00029f63 (ID = 0)
6:52 PM:   000033ea_435ed726_0005b8d8 (ID = 0)
6:52 PM:   00001d18_435ef7a3_000ec82e (ID = 0)
6:52 PM:   00006d22_435edd45_000c65d4 (ID = 0)
6:52 PM:   0000249e_436d0db3_0005b8d8 (ID = 0)
6:52 PM:   000011f4_435edc92_000b34a7 (ID = 0)
6:52 PM:   000022cd_435ed778_000aba95 (ID = 0)
6:52 PM:   0000305e_436ccca5_000f0537 (ID = 0)
6:52 PM:   000023c9_435ed726_0008583b (ID = 0)
6:52 PM:   00006443_4360ce3a_0005b8d8 (ID = 0)
6:52 PM:   00001e1f_435d6af8_0002625a (ID = 0)
6:52 PM:   000018d7_435ed97c_00016e36 (ID = 0)
6:52 PM:   00005f90_435eb077_000d9701 (ID = 0)
6:52 PM:   0000113e_436d1ed7_00098968 (ID = 0)
6:52 PM:   000012db_435ea830_000d59f8 (ID = 0)
6:52 PM:   00007a5a_43602cce_00039387 (ID = 0)
6:52 PM:   00004823_436cc27a_00031975 (ID = 0)
6:52 PM:   00002cd6_436c0f14_00094c5f (ID = 0)
6:52 PM:   000023c9_436ce71f_00081b32 (ID = 0)
6:52 PM:   0000366b_435d8ae3_00076417 (ID = 0)
6:52 PM:   00001238_436cfe66_0001e848 (ID = 0)
6:52 PM:   00004b40_435d8920_0002625a (ID = 0)
6:52 PM:   00005dd5_435edc92_000c28cb (ID = 0)
6:52 PM:   00004ae1_435d6429_00094c5f (ID = 0)
6:52 PM:   00005753_435ed729_0008d24d (ID = 0)
6:52 PM:   0000074d_435d6893_000b34a7 (ID = 0)
6:52 PM:   00007dd1_435ed798_0001ab3f (ID = 0)
6:53 PM:   000060bf_435ed72a_0000f424 (ID = 0)
6:53 PM:   00000029_436d40bb_0001ab3f (ID = 0)
6:53 PM:   000049d0_436d22dd_000dd40a (ID = 0)
6:53 PM:   00002462_436d1edb_000487ab (ID = 0)
6:53 PM:   00004823_435821bc_0006ea05 (ID = 0)
6:53 PM:   000026a6_4360cf2f_00000000 (ID = 0)
6:53 PM:   000054de_436cfd05_000c65d4 (ID = 0)
6:53 PM:   0000701f_4360cf2f_00016e36 (ID = 0)
6:53 PM:   00005d24_436d18aa_000e8b25 (ID = 0)
6:53 PM:   000012e1_435ec718_0003d090 (ID = 0)
6:53 PM:   0000638c_436d23eb_000a7d8c (ID = 0)
6:53 PM:   000064a0_436d227a_0008d24d (ID = 0)
6:53 PM:   000012e1_436d02d7_000e1113 (ID = 0)
6:53 PM:   000039b3_436cfd05_000d9701 (ID = 0)
6:53 PM:   000012db_4360cd7e_000c65d4 (ID = 0)
6:53 PM:   00006e5d_436cfe96_0007a120 (ID = 0)
6:53 PM:   00004db7_4360493b_0001312d (ID = 0)
6:53 PM:   00000fbf_436d076f_000632ea (ID = 0)
6:53 PM:   0000153c_4360cd7e_000d59f8 (ID = 0)
6:53 PM:   00004d06_435822a3_0001e848 (ID = 0)
6:53 PM:   0000390c_43582256_0002dc6c (ID = 0)
6:53 PM:   0000390c_4360cd86_000f0537 (ID = 0)
6:53 PM:   00006952_435ea56d_000b34a7 (ID = 0)
6:53 PM:   00007e87_4360cd7f_00053ec6 (ID = 0)
6:53 PM:   00005d03_436cfe00_000a037a (ID = 0)
6:53 PM:   00000f3e_43582261_000c65d4 (ID = 0)
6:53 PM:   00005d03_4360cf32_00016e36 (ID = 0)
6:53 PM:   000013d3_436d196e_000c28cb (ID = 0)
6:53 PM:   00003c61_436d07b2_00076417 (ID = 0)
6:53 PM:   00000f3e_4360cd87_000b71b0 (ID = 0)
6:53 PM:   00000099_435f6d40_00094c5f (ID = 0)
6:53 PM:   00001ad4_435d81ce_000d9701 (ID = 0)
6:53 PM:   00000099_4360cd87_000c28cb (ID = 0)
6:53 PM:   00000124_4360cd88_0001ab3f (ID = 0)
6:53 PM:   000066bb_43602b22_000ec82e (ID = 0)
6:53 PM:   00004eae_436d1897_00094c5f (ID = 0)
6:53 PM:   00007a5a_4360cf32_0003567e (ID = 0)
6:53 PM:   00004db7_435bf403_0008583b (ID = 0)
6:53 PM:   0000153c_43581557_000d59f8 (ID = 0)
6:53 PM:   0000767d_4360cf32_0008583b (ID = 0)
6:53 PM:   00005039_435eda1b_000632ea (ID = 0)
6:53 PM:   0000305e_4360cd8a_000d1cef (ID = 0)
6:53 PM:   0000323b_43603eaf_0006ea05 (ID = 0)
6:53 PM:   00000bb3_435ea7c8_0001ab3f (ID = 0)
6:53 PM:   0000440d_435ea8d2_000cdfe6 (ID = 0)
6:53 PM:   000018be_435d930f_00057bcf (ID = 0)
6:53 PM:   00005a9c_436d1e30_000baeb9 (ID = 0)
6:53 PM:   0000440d_4360cd8a_000dd40a (ID = 0)
6:53 PM:   00004e45_43604b8a_0006acfc (ID = 0)
6:53 PM:   0000428b_435bf474_000aba95 (ID = 0)
6:53 PM:   0000692c_435d8e04_000b34a7 (ID = 0)
6:54 PM:   00004509_4360cf34_000ca2dd (ID = 0)
6:54 PM:   00005af1_43604769_000e8b25 (ID = 0)
6:54 PM:   0000261e_435ed798_0007a120 (ID = 0)
6:54 PM:   000026a6_435d68e5_00044aa2 (ID = 0)
6:54 PM:   0000491c_4360cd9b_000b34a7 (ID = 0)
6:54 PM:   00005772_435ecd50_0000f424 (ID = 0)
6:54 PM:   000058b0_435d8b75_00089544 (ID = 0)
6:54 PM:   000018be_435bf287_0001ab3f (ID = 0)
6:54 PM:   00007fbe_435ee8bd_0004c4b4 (ID = 0)
6:54 PM:   000026a6_43602b23_0001ab3f (ID = 0)
6:54 PM:   0000767d_43602cce_00044aa2 (ID = 0)
6:54 PM:   00004ae1_4360c9e2_000c28cb (ID = 0)
6:54 PM:   00006c69_4358196d_0002dc6c (ID = 0)
6:54 PM:   000073da_436d060e_0002dc6c (ID = 0)
6:54 PM:   00004230_4360183a_00098968 (ID = 0)
6:54 PM:   00000588_436d18bc_00094c5f (ID = 0)
6:54 PM:   00000e12_436d0d75_000e8b25 (ID = 0)
6:54 PM:   00005f90_436cc29e_000d1cef (ID = 0)
6:54 PM:   00002d12_436cfd0c_000632ea (ID = 0)
6:54 PM:   00000fc9_436d0d65_00053ec6 (ID = 0)
6:54 PM:   0000798b_436d02d7_000f0537 (ID = 0)
6:54 PM:   00000f3e_43601ff0_00090f56 (ID = 0)
6:54 PM:   00001238_4360cf34_000d1cef (ID = 0)
6:54 PM:   00004d06_4360cd9b_000dd40a (ID = 0)
6:54 PM:   00007f96_4360396e_000bebc2 (ID = 0)
6:54 PM:   0000288f_4358196d_000b71b0 (ID = 0)
6:54 PM:   0000542c_436d0d39_0008d24d (ID = 0)
6:54 PM:   00004db7_4360cda3_000b71b0 (ID = 0)
6:54 PM:   00001547_4360cda3_000f0537 (ID = 0)
6:54 PM:   00007eb7_4360183a_000d59f8 (ID = 0)
6:54 PM:   00003b25_4360cf3c_000c28cb (ID = 0)
6:54 PM:   000054de_4360cda4_0000f424 (ID = 0)
6:54 PM:   00000f3e_435ea879_000d59f8 (ID = 0)
6:54 PM:   00004823_43600242_000cdfe6 (ID = 0)
6:54 PM:   00001e1f_4360cf3d_00057bcf (ID = 0)
6:54 PM:   000039b3_436049a5_00053ec6 (ID = 0)
6:54 PM:   000018be_43600242_000f0537 (ID = 0)
6:54 PM:   00007ff5_4360396e_000e4e1c (ID = 0)
6:54 PM:   00006784_43600243_00094c5f (ID = 0)
6:54 PM:   00006e5d_4360cf3d_000632ea (ID = 0)
6:54 PM:   0000491c_435bf18e_000bebc2 (ID = 0)
6:54 PM:   00004ae1_43600249_00053ec6 (ID = 0)
6:54 PM:   00007f4f_435819d1_0008583b (ID = 0)
6:54 PM:   0000153c_43601d4a_00003d09 (ID = 0)
6:54 PM:   00000384_435819b7_00053ec6 (ID = 0)
6:54 PM:   000041bb_4360476a_00031975 (ID = 0)
6:54 PM:   00006032_4360183b_000632ea (ID = 0)
6:54 PM:   00003d6c_4360024a_0001e848 (ID = 0)
6:54 PM:   000001eb_435bf166_00066ff3 (ID = 0)
6:54 PM:   00000120_436cff50_000cdfe6 (ID = 0)
6:54 PM:   000026ca_435ec720_00022551 (ID = 0)
6:54 PM:   00002cd6_4360024a_00053ec6 (ID = 0)
6:54 PM:   000063cb_436ce397_0007270e (ID = 0)
6:54 PM:   00001ad4_4360cf4e_00003d09 (ID = 0)
6:54 PM:   0000314f_43604cba_000dd40a (ID = 0)
6:54 PM:   00005f90_4360ca4d_000ec82e (ID = 0)
6:54 PM:   000072ae_4360024a_0007270e (ID = 0)
6:55 PM:   000063cb_4360cf4e_0002625a (ID = 0)
6:55 PM:   00000029_4360c9bf_0009c671 (ID = 0)
6:55 PM:   00000588_435eeee7_0006acfc (ID = 0)
6:55 PM:   00005f49_4358255b_0001e848 (ID = 0)
6:55 PM:   00004823_4360c9bf_000c28cb (ID = 0)
6:55 PM:   00002c3b_4360184d_000d9701 (ID = 0)
6:55 PM:   00001649_4360ca51_000632ea (ID = 0)
6:55 PM:   00000bb3_4358154b_00057bcf (ID = 0)
6:55 PM:   000022ee_435ef249_000e4e1c (ID = 0)
6:55 PM:   0000759a_43604210_000f0537 (ID = 0)
6:55 PM:   0000798b_436ce60a_0006acfc (ID = 0)
6:55 PM:   00002c3b_43581831_00089544 (ID = 0)
6:55 PM:   00007514_436d1fd4_00000000 (ID = 0)
6:55 PM:   000015a1_4360184e_0009c671 (ID = 0)
6:55 PM:   00003699_436d06a9_000a4083 (ID = 0)
6:55 PM:   000001eb_436002de_00089544 (ID = 0)
6:55 PM:   000018be_4360c9c0_00094c5f (ID = 0)
6:55 PM:   000063cb_435ef171_000e1113 (ID = 0)
6:55 PM:   00006df1_4360ca53_000e8b25 (ID = 0)
6:55 PM:   00007bb9_435ec782_00039387 (ID = 0)
6:55 PM:   00006952_435eefdf_0006ea05 (ID = 0)
6:55 PM:   0000542c_435eda1b_000a037a (ID = 0)
6:55 PM:   00006952_4360024e_0002dc6c (ID = 0)
6:55 PM:   0000123b_436d22de_00003d09 (ID = 0)
6:55 PM:   00005422_4360184e_000a7d8c (ID = 0)
6:55 PM:   00003d6c_4360c9e3_00000000 (ID = 0)
6:55 PM:   00004823_436cfaff_000a7d8c (ID = 0)
6:55 PM:   0000074d_436cfd0c_0007a120 (ID = 0)
6:55 PM:   00005e9d_435ed7a4_000dd40a (ID = 0)
6:55 PM:   0000759a_436cff68_00022551 (ID = 0)
6:55 PM:   00002d12_436049a5_0006acfc (ID = 0)
6:55 PM:   00003699_435818ab_0008d24d (ID = 0)
6:55 PM:   00003ef6_4360184e_000b71b0 (ID = 0)
6:55 PM:   00005f90_4360024e_000f0537 (ID = 0)
6:55 PM:   00002213_43603eaf_000c65d4 (ID = 0)
6:55 PM:   00002cd6_4360c9e3_00029f63 (ID = 0)
6:55 PM:   00004ae1_435ea478_0001312d (ID = 0)
6:55 PM:   00006270_435ef7ba_00094c5f (ID = 0)
6:55 PM:   00004e45_435ef1af_0008d24d (ID = 0)
6:55 PM:   00007eb7_43581811_00090f56 (ID = 0)
6:55 PM:   00000ddc_435ef26a_000baeb9 (ID = 0)
6:55 PM:   00001649_4360024f_00007a12 (ID = 0)
6:55 PM:   0000759a_435ef241_00094c5f (ID = 0)
6:55 PM:   00001bd9_436d1e3b_0001312d (ID = 0)
6:55 PM:   0000323b_435ef1b9_00098968 (ID = 0)
6:55 PM:   00001c75_436d22de_0008583b (ID = 0)
6:55 PM:   000072ae_43604576_0001312d (ID = 0)
6:55 PM:   000072ae_4360c9eb_0005f5e1 (ID = 0)
6:55 PM:   000027da_436d1ec5_000a7d8c (ID = 0)
6:55 PM:   000026e9_4360476a_0008583b (ID = 0)
6:55 PM:   00006952_43604576_0003d090 (ID = 0)
6:55 PM:   00005f90_43604584_00098968 (ID = 0)
6:55 PM:   00006952_4360c9eb_0008d24d (ID = 0)
6:55 PM:   00005af1_4360ca56_00066ff3 (ID = 0)
6:55 PM:   00006d69_435ef7ec_000b34a7 (ID = 0)
6:55 PM:   00003a8d_436d16b2_00040d99 (ID = 0)
6:55 PM:   0000368e_4360531e_000c28cb (ID = 0)
6:55 PM:   0000759a_435eb311_00090f56 (ID = 0)
6:55 PM:   00006bfc_435eb229_000b34a7 (ID = 0)
6:56 PM:   00002f14_436052ee_00039387 (ID = 0)
6:56 PM:   00006ad6_436052ee_0005f5e1 (ID = 0)
6:56 PM:   000058b0_436d063e_000af79e (ID = 0)
6:56 PM:   0000323b_43604b8b_00007a12 (ID = 0)
6:56 PM:   00001649_43604585_00016e36 (ID = 0)
6:56 PM:   0000047e_436052f9_0000f424 (ID = 0)
6:56 PM:   00006df1_43600260_00053ec6 (ID = 0)
6:56 PM:   00002350_43604236_000a037a (ID = 0)
6:56 PM:   0000422d_436052f9_000a4083 (ID = 0)
6:56 PM:   00005af1_43600260_000632ea (ID = 0)
6:56 PM:   0000139d_435ecd55_000baeb9 (ID = 0)
6:56 PM:   00000822_43601859_00098968 (ID = 0)
6:56 PM:   000001eb_435bf2ee_00090f56 (ID = 0)
6:56 PM:   00006ad4_435edc92_000ca2dd (ID = 0)
6:56 PM:   000054dc_436052f9_000c28cb (ID = 0)
6:56 PM:   00006bfc_4360cf59_000632ea (ID = 0)
6:56 PM:   000026a6_436ce2b0_000ec82e (ID = 0)
6:56 PM:   00000d66_4360531f_00022551 (ID = 0)
6:56 PM:   00007983_4360531f_0002dc6c (ID = 0)
6:56 PM:   00007f96_4360cf59_0007a120 (ID = 0)
6:56 PM:   00007ff5_4360cf59_00089544 (ID = 0)
6:56 PM:   0000489c_435ed7a5_0004c4b4 (ID = 0)
6:56 PM:   00001850_435ef708_00022551 (ID = 0)
6:56 PM:   000054de_435ef0ec_0008d24d (ID = 0)
6:56 PM:   00000732_43581635_000aba95 (ID = 0)
6:56 PM:   00002f14_435ed72d_000487ab (ID = 0)
6:56 PM:   00002b00_435ef708_000632ea (ID = 0)
6:56 PM:   00005991_43601859_000cdfe6 (ID = 0)
6:56 PM:   00006a15_435ef7ed_00044aa2 (ID = 0)
6:56 PM:   000016d4_435ef708_0007de29 (ID = 0)
6:56 PM:   000001eb_43601d17_0000f424 (ID = 0)
6:56 PM:   00007a5a_435ef13a_00098968 (ID = 0)
6:56 PM:   0000549b_436d1e6e_000a037a (ID = 0)
6:56 PM:   00000099_43601ff0_000d9701 (ID = 0)
6:56 PM:   000026a6_435bf220_000d1cef (ID = 0)
6:56 PM:   00006bfc_435ef1a0_00057bcf (ID = 0)
6:56 PM:   00003d6c_435ea48d_000e1113 (ID = 0)
6:56 PM:   00004509_43604ab5_00081b32 (ID = 0)
6:56 PM:   00004ff8_435ef7ed_00057bcf (ID = 0)
6:56 PM:   00000728_436d1dc1_000a4083 (ID = 0)
6:56 PM:   00000124_43601ff0_000dd40a (ID = 0)
6:56 PM:   00003a8d_435ef70c_000ec82e (ID = 0)
6:56 PM:   00005d03_43582352_0006ea05 (ID = 0)
6:56 PM:   00004d06_4360203f_0008583b (ID = 0)
6:56 PM:   00002cd6_4360cc72_00031975 (ID = 0)
6:56 PM:   00007fbe_435ef70d_0001ab3f (ID = 0)
6:57 PM:   00000c7b_435ef70d_0002625a (ID = 0)
6:57 PM:   000033ea_435d8e6f_000dd40a (ID = 0)
6:57 PM:   00003492_435ef7ba_000e1113 (ID = 0)
6:57 PM:   00001238_43604ab5_00090f56 (ID = 0)
6:57 PM:   00002213_43604b8b_00016e36 (ID = 0)
6:57 PM:   00006b89_43604ba4_0006ea05 (ID = 0)
6:57 PM:   0000074d_436049ce_00016e36 (ID = 0)
6:57 PM:   00005c67_435ed72b_0001ab3f (ID = 0)
6:57 PM:   000001eb_4360478e_000c65d4 (ID = 0)
6:57 PM:   00001af4_435edd46_0000f424 (ID = 0)
6:57 PM:   0000701f_435bf225_00066ff3 (ID = 0)
6:57 PM:   00003cd6_435ed72b_0003d090 (ID = 0)
6:57 PM:   00004dc8_436049ce_0001e848 (ID = 0)
6:57 PM:   00000fbf_435ed72b_00094c5f (ID = 0)
6:57 PM:   00000732_436041af_0004c4b4 (ID = 0)
6:57 PM:   000054de_435f6d5f_00007a12 (ID = 0)
6:57 PM:   000063cb_43604b6b_00053ec6 (ID = 0)
6:57 PM:   0000305e_43604931_00090f56 (ID = 0)
6:57 PM:   00005d03_4358158a_00089544 (ID = 0)
6:57 PM:   00001649_4360cc75_0003567e (ID = 0)
6:57 PM:   00007eb7_43604d0f_00076417 (ID = 0)
6:57 PM:   00004e45_4360cf5d_00016e36 (ID = 0)
6:57 PM:   0000030a_43604ba4_00076417 (ID = 0)
6:57 PM:   0000440d_43604931_000a7d8c (ID = 0)
6:57 PM:   0000791b_436d2019_00098968 (ID = 0)
6:57 PM:   00002ea6_4360ca9e_00089544 (ID = 0)
6:57 PM:   00005af1_4360cc8d_000dd40a (ID = 0)
6:57 PM:   00001916_435ed7a5_00098968 (ID = 0)
6:57 PM:   00007a36_436d206d_000632ea (ID = 0)
6:57 PM:   00003106_436d22e3_0002dc6c (ID = 0)
6:57 PM:   00004dc8_435bf44d_00039387 (ID = 0)
6:57 PM:   00004a80_43604eb9_000dd40a (ID = 0)
6:57 PM:   0000260d_43600529_000632ea (ID = 0)
6:57 PM:   00000120_43581637_0007de29 (ID = 0)
6:57 PM:   0000491c_43604934_0003567e (ID = 0)
6:57 PM:   00004d06_43604934_00039387 (ID = 0)
6:57 PM:   00001238_435815a4_000e1113 (ID = 0)
6:57 PM:   00001547_4360493b_000b34a7 (ID = 0)
6:57 PM:   000054de_4360493b_000e8b25 (ID = 0)
6:57 PM:   00000390_436d1d87_000b71b0 (ID = 0)
6:57 PM:   00000e12_435edc69_0006ea05 (ID = 0)
6:57 PM:   00002e40_436ce55e_00040d99 (ID = 0)
6:57 PM:   0000305e_435bf185_000e8b25 (ID = 0)
6:57 PM:   000012db_4360ca9e_000baeb9 (ID = 0)
6:57 PM:   00007049_435ecd62_000aba95 (ID = 0)
6:57 PM:   000041bb_435d65b6_00053ec6 (ID = 0)
6:57 PM:   0000153c_4360ca9e_000e4e1c (ID = 0)
6:57 PM:   0000008c_436d22e3_00040d99 (ID = 0)
6:57 PM:   00001ad4_435815aa_0009c671 (ID = 0)
6:57 PM:   000063cb_435815aa_000ec82e (ID = 0)
6:57 PM:   000018be_435d657f_0000f424 (ID = 0)
6:57 PM:   000075ef_43605358_0003d090 (ID = 0)
6:57 PM:   000051d1_436d1de7_0003d090 (ID = 0)
6:58 PM:   00007f96_435815ab_0008583b (ID = 0)
6:58 PM:   0000440d_435eb13d_000baeb9 (ID = 0)
6:58 PM:   00007e87_43600386_00003d09 (ID = 0)
6:58 PM:   00006443_436049ce_00039387 (ID = 0)
6:58 PM:   00006784_435d9315_000b71b0 (ID = 0)
6:58 PM:   00007ff5_435815b3_000e4e1c (ID = 0)
6:58 PM:   00005005_435ef718_000a7d8c (ID = 0)
6:58 PM:   00006bc9_436d204b_0004c4b4 (ID = 0)
6:58 PM:   00005dd5_435ef540_0007a120 (ID = 0)
6:58 PM:   00001ad4_436ce37d_0008d24d (ID = 0)
6:58 PM:   00000035_436d0e73_000d9701 (ID = 0)
6:58 PM:   00001238_435d69ff_000dd40a (ID = 0)
6:58 PM:   00002350_436cff71_00039387 (ID = 0)
6:58 PM:   00007fbe_436d16b9_000bebc2 (ID = 0)
6:58 PM:   00006747_436d1e73_00076417 (ID = 0)
6:58 PM:   000022ee_436cff74_000cdfe6 (ID = 0)
6:58 PM:   000039b3_435eb177_0004c4b4 (ID = 0)
6:58 PM:   00004cd4_436d0e19_000e1113 (ID = 0)
6:58 PM:   00006bfc_43604b6b_000632ea (ID = 0)
6:58 PM:   00000c7b_436d16ba_00090f56 (ID = 0)
6:58 PM:   000072ae_43581537_000a037a (ID = 0)
6:58 PM:   00005c46_435ef7f1_000e4e1c (ID = 0)
6:58 PM:   0000301c_4360052a_000c65d4 (ID = 0)
6:58 PM:   00001850_436d14ef_000d9701 (ID = 0)
6:58 PM:   0000390c_435d683c_0007de29 (ID = 0)
6:58 PM:   00005005_436d16bd_0008583b (ID = 0)
6:58 PM:   00006899_435d8e22_000f0537 (ID = 0)
6:58 PM:   0000357e_436d2321_00016e36 (ID = 0)
6:58 PM:   000066bb_436049ce_0007270e (ID = 0)
6:58 PM:   00006032_43604d0f_0008d24d (ID = 0)
6:58 PM:   00000c15_436d16c1_000a037a (ID = 0)
6:58 PM:   00005f32_436005d8_000e8b25 (ID = 0)
6:58 PM:   00003cd5_435d8e23_00007a12 (ID = 0)
6:58 PM:   00005d03_435bf237_000a4083 (ID = 0)
6:58 PM:   00007cfe_436d18fc_000d1cef (ID = 0)
6:58 PM:   00002b0c_436d0dcc_00031975 (ID = 0)
6:58 PM:   00004b40_4360055f_00081b32 (ID = 0)
6:58 PM:   00000c15_435ef718_000b71b0 (ID = 0)
6:58 PM:   000003fa_436d23ec_0007de29 (ID = 0)
6:58 PM:   00003807_436d16ca_000d59f8 (ID = 0)
6:58 PM:   00004b40_435ef24a_000e4e1c (ID = 0)
6:58 PM:   00004657_43605358_0004c4b4 (ID = 0)
6:58 PM:   00000bb3_4360478f_0007de29 (ID = 0)
6:58 PM:   0000692c_435ecd62_000ec82e (ID = 0)
6:58 PM:   0000701f_43602c89_0006ea05 (ID = 0)
6:58 PM:   00001ad4_43604b6a_0007de29 (ID = 0)
6:58 PM:   00005f1e_435ef52b_0007270e (ID = 0)
6:58 PM:   000041bb_435d64dc_0002dc6c (ID = 0)
6:58 PM:   00000bb3_43601d17_00022551 (ID = 0)
6:58 PM:   00007f96_43604b7d_0006acfc (ID = 0)
6:58 PM:   00004e08_436d1a27_000a7d8c (ID = 0)
6:58 PM:   00002852_436d18ff_0001e848 (ID = 0)
6:58 PM:   00000871_436d1e41_0006acfc (ID = 0)
6:58 PM:   00006f30_436d23ec_0008583b (ID = 0)
6:58 PM:   00007ff5_43604b7d_000b34a7 (ID = 0)
6:58 PM:   00006df1_435ea611_00029f63 (ID = 0)
6:58 PM:   00004db7_435822a3_0008d24d (ID = 0)
6:58 PM:   0000486a_435ef7f1_000f0537 (ID = 0)
6:59 PM:   00005cfd_43604c03_00003d09 (ID = 0)
6:59 PM:   00006d73_436d239d_000632ea (ID = 0)
6:59 PM:   00001f16_436d17ee_00039387 (ID = 0)
6:59 PM:   00002c3b_43604d30_000bebc2 (ID = 0)
6:59 PM:   0000182f_436d17ee_0004c4b4 (ID = 0)
6:59 PM:   0000260d_43604ba0_0008d24d (ID = 0)
6:59 PM:   000015a1_43604d31_000501bd (ID = 0)
6:59 PM:   00004d67_436d17ee_000632ea (ID = 0)
6:59 PM:   000019da_435ef7ba_000e8b25 (ID = 0)
6:59 PM:   00000a87_436d2327_000f0537 (ID = 0)
6:59 PM:   00006952_435bf132_000e1113 (ID = 0)
6:59 PM:   00005968_436d17ee_0007a120 (ID = 0)
6:59 PM:   00005064_435ef7bb_00007a12 (ID = 0)
6:59 PM:   00007e87_4360caa2_00007a12 (ID = 0)
6:59 PM:   00002350_43604bbe_000e4e1c (ID = 0)
6:59 PM:   00003004_435ef7f2_0005b8d8 (ID = 0)
6:59 PM:   000048db_436d190b_000c65d4 (ID = 0)
6:59 PM:   0000486a_436d17c1_000c65d4 (ID = 0)
6:59 PM:   00002ea6_435ea7d9_00003d09 (ID = 0)
6:59 PM:   00003004_436d17c6_000a037a (ID = 0)
6:59 PM:   00002350_435ef246_0004c4b4 (ID = 0)
6:59 PM:   0000390c_4360caa2_000b71b0 (ID = 0)
6:59 PM:   000040a5_436d1b0f_000ec82e (ID = 0)
6:59 PM:   00000f3e_4360caa2_000c65d4 (ID = 0)
6:59 PM:   00001649_435d65a7_0004c4b4 (ID = 0)
6:59 PM:   00005422_43604d31_0008583b (ID = 0)
6:59 PM:   000022ee_43604bc1_00007a12 (ID = 0)
6:59 PM:   00004ae1_435eefb8_000bebc2 (ID = 0)
6:59 PM:   000013e9_435d8e23_0001312d (ID = 0)
6:59 PM:   00004b40_43604bc1_0000b71b (ID = 0)
6:59 PM:   00003b25_435eb1ef_00040d99 (ID = 0)
6:59 PM:   00005e73_436d17e9_000487ab (ID = 0)
6:59 PM:   00004080_435d8e5d_00066ff3 (ID = 0)
6:59 PM:   0000767d_436cfe38_000dd40a (ID = 0)
6:59 PM:   00005db2_435d8e5d_0006acfc (ID = 0)
6:59 PM:   00006df1_436cc2a3_0001ab3f (ID = 0)
6:59 PM:   000018be_435eb04e_0007a120 (ID = 0)
6:59 PM:   000026e9_435d93c9_00053ec6 (ID = 0)
6:59 PM:   000058c5_436d204b_0006acfc (ID = 0)
6:59 PM:   000018be_436cfaff_000d1cef (ID = 0)
6:59 PM:   0000773b_436d16d4_000e1113 (ID = 0)
6:59 PM:   00004dc8_436cfd0c_00090f56 (ID = 0)
6:59 PM:   0000074d_435f6d76_000f0537 (ID = 0)
6:59 PM:   00004d54_435ef7bd_0006ea05 (ID = 0)
6:59 PM:   000018be_436cc27e_00039387 (ID = 0)
6:59 PM:   00006784_435bf29a_0008583b (ID = 0)
6:59 PM:   00004dc8_436ccd22_000a4083 (ID = 0)
6:59 PM:   0000084d_436d23a5_00003d09 (ID = 0)
6:59 PM:   0000261e_4358198a_0007a120 (ID = 0)
6:59 PM:   00004823_435ea464_000a037a (ID = 0)
6:59 PM:   00002c49_43581967_000dd40a (ID = 0)
6:59 PM:   dns (ID = 0)
6:59 PM:   000049bb_436d1886_000b34a7 (ID = 0)
6:59 PM:   000022ee_4360423e_00000000 (ID = 0)
6:59 PM:   00004ae1_43601b94_000f0537 (ID = 0)
6:59 PM:   0000527f_436d23ec_0009c671 (ID = 0)
6:59 PM:   0000153c_435d6839_0003d090 (ID = 0)
6:59 PM:   00005f32_436cfffe_0001e848 (ID = 0)
6:59 PM:   000001eb_435d93d1_0007de29 (ID = 0)
6:59 PM:   00005d03_43602c89_0007a120 (ID = 0)
6:59 PM:   00002ea6_4360478f_00089544 (ID = 0)
6:59 PM:   000054be_436d23bf_00039387 (ID = 0)
7:00 PM:   000022ee_435d890d_00007a12 (ID = 0)
7:00 PM:   000072ae_435eefda_00066ff3 (ID = 0)
7:00 PM:   00000124_4360caa8_00044aa2 (ID = 0)
7:00 PM:   000023c9_435d8e6f_000ec82e (ID = 0)
7:00 PM:   00000bb3_435d93e1_000d1cef (ID = 0)
7:00 PM:   00004d06_435bf19d_0002625a (ID = 0)
7:00 PM:   00003ef6_43604d37_00003d09 (ID = 0)
7:00 PM:   000075c1_436d1b4c_000e8b25 (ID = 0)
7:00 PM:   00004823_435814dd_0008583b (ID = 0)
7:00 PM:   0000491c_43602009_000baeb9 (ID = 0)
7:00 PM:   000016c5_435ecf2b_0008d24d (ID = 0)
7:00 PM:   00005a70_436d23f0_000c65d4 (ID = 0)
7:00 PM:   00005af1_435ea626_000cdfe6 (ID = 0)
7:00 PM:   00006b36_43582553_000aba95 (ID = 0)
7:00 PM:   00002ea6_435d93e1_000ec82e (ID = 0)
7:00 PM:   000026ca_436d0659_00090f56 (ID = 0)
7:00 PM:   00006b89_4360052a_0002625a (ID = 0)
7:00 PM:   000048cc_435d8e70_0004c4b4 (ID = 0)
7:00 PM:   00004365_436d1e76_000dd40a (ID = 0)
7:00 PM:   00004cad_436d014d_00022551 (ID = 0)
7:00 PM:   0000767d_43582360_0004c4b4 (ID = 0)
7:00 PM:   0000759a_43581637_000cdfe6 (ID = 0)
7:00 PM:   00000822_43604d37_0000b71b (ID = 0)
7:00 PM:   index (ID = 0)
7:00 PM:   00006be8_435eda1a_000af79e (ID = 0)
7:00 PM:   000022cd_435ef4dc_00098968 (ID = 0)
7:00 PM:   00006952_436c0f2f_00081b32 (ID = 0)
7:00 PM:   00002a38_436d1d8e_000d9701 (ID = 0)
7:00 PM:   00004db7_435bf1ac_000a4083 (ID = 0)
7:00 PM:   000026e9_435d65bb_0008d24d (ID = 0)
7:00 PM:   0000701f_436ce2d4_0002625a (ID = 0)
7:00 PM:   00001547_435f6d57_000aba95 (ID = 0)
7:00 PM:   00005f90_435ea598_000ec82e (ID = 0)
7:00 PM:   00000124_435f6d52_000d9701 (ID = 0)
7:00 PM:   00004dc8_435f6d77_00022551 (ID = 0)
7:00 PM:   00001649_435ea5fa_0003d090 (ID = 0)
7:00 PM:   00004a80_435ecd63_0007a120 (ID = 0)
7:00 PM:   000066bb_435bf450_0006acfc (ID = 0)
7:00 PM:   00006899_435ecf33_00053ec6 (ID = 0)
7:00 PM:   000073d9_436d17ed_000b34a7 (ID = 0)
7:00 PM:   000026e9_435ea628_00094c5f (ID = 0)
7:00 PM:   00004e38_436d1e82_000b71b0 (ID = 0)
7:00 PM:   0000314f_435ef26c_0003567e (ID = 0)
7:00 PM:   000001eb_435ea629_00000000 (ID = 0)
7:00 PM:   0000767d_435bf24a_00022551 (ID = 0)
7:00 PM:   000001eb_435d65c6_000aba95 (ID = 0)
7:00 PM:   000012db_436047a6_00044aa2 (ID = 0)
7:00 PM:   00006be8_436d0d2d_00039387 (ID = 0)
7:00 PM:   00004ad4_436d17ee_000b71b0 (ID = 0)
7:00 PM:   00006df1_435d65ab_00090f56 (ID = 0)
7:00 PM:   00000124_43582262_0008583b (ID = 0)
7:00 PM:   00003d6c_436c0ef3_0009c671 (ID = 0)
7:00 PM:   00002213_436ce44f_0001312d (ID = 0)
7:00 PM:   000029d8_436d1976_000a4083 (ID = 0)
7:01 PM:   00003308_436d218e_0004c4b4 (ID = 0)
7:01 PM:   0000491c_435ef0b2_0001ab3f (ID = 0)
7:01 PM:   000066bb_436004af_0007270e (ID = 0)
7:01 PM:   00007dd1_435ef4e0_000dd40a (ID = 0)
7:01 PM:   00004944_43604cd5_000bebc2 (ID = 0)
7:01 PM:   00006172_435ed7b0_000baeb9 (ID = 0)
7:01 PM:   000026b1_436d1eb1_000cdfe6 (ID = 0)
7:01 PM:   0000153c_435ef078_0007270e (ID = 0)
7:01 PM:   0000323b_436cff04_000dd40a (ID = 0)
7:01 PM:   0000305e_4358226c_0004c4b4 (ID = 0)
7:01 PM:   00001289_436d1e86_000af79e (ID = 0)
7:01 PM:   00001547_435822a3_000a037a (ID = 0)
7:01 PM:   000058b0_436ce6ec_000c28cb (ID = 0)
7:01 PM:   00002ea6_435d6544_000bebc2 (ID = 0)
7:01 PM:   0000260d_436ce44f_0003d090 (ID = 0)
7:01 PM:   00006784_435821c4_00094c5f (ID = 0)
7:01 PM:   00003382_436d1e8b_00029f63 (ID = 0)
7:01 PM:   0000440d_4358226c_000b71b0 (ID = 0)
7:01 PM:   00002e40_43604cd5_000cdfe6 (ID = 0)
7:01 PM:   000041bb_4360ca58_00007a12 (ID = 0)
7:01 PM:   00004dc8_435d68b1_000d59f8 (ID = 0)
7:01 PM:   00006784_4360cc63_00040d99 (ID = 0)
7:01 PM:   00004ae1_435821c4_000c65d4 (ID = 0)
7:01 PM:   00005db2_436052b1_0005b8d8 (ID = 0)
7:01 PM:   00000bb3_435bf307_000c28cb (ID = 0)
7:01 PM:   00003699_435ec735_00022551 (ID = 0)
7:01 PM:   0000153c_435ea85a_00003d09 (ID = 0)
7:01 PM:   0000491c_4358226c_000e1113 (ID = 0)
7:01 PM:   000032e7_436d204b_00081b32 (ID = 0)
7:01 PM:   00002079_436d1e91_000a4083 (ID = 0)
7:01 PM:   00000120_435824ce_00053ec6 (ID = 0)
7:01 PM:   00003b25_436ce33a_0001ab3f (ID = 0)
7:01 PM:   00003087_436d1bb4_00016e36 (ID = 0)
7:01 PM:   00002cf7_436d17ee_000e1113 (ID = 0)
7:01 PM:   00000732_43604bbd_000ca2dd (ID = 0)
7:01 PM:   0000767d_435d69b4_0001e848 (ID = 0)
7:01 PM:   00001ad4_436cfeb5_0008583b (ID = 0)
7:01 PM:   0000117a_436d1e9a_00057bcf (ID = 0)
7:01 PM:   00001edc_436d218e_00076417 (ID = 0)
7:01 PM:   00001366_43604cdd_0008583b (ID = 0)
7:01 PM:   00005e14_43604cca_00003d09 (ID = 0)
7:01 PM:   000026e9_4360ca5b_000a7d8c (ID = 0)
7:01 PM:   00006172_436d0cbe_00016e36 (ID = 0)
7:01 PM:   00006b72_436d0cbe_0004c4b4 (ID = 0)
7:01 PM:   00004d06_435eb142_000d1cef (ID = 0)
7:01 PM:   00003e12_43604c05_0007de29 (ID = 0)
7:01 PM:   00005f49_436ce508_000a4083 (ID = 0)
7:01 PM:   00006784_436cfb00_0005f5e1 (ID = 0)
7:01 PM:   000026ca_436ce6ec_000ec82e (ID = 0)
7:01 PM:   00003699_436ce6ed_0000f424 (ID = 0)
7:01 PM:   00004ae1_435d9321_000a037a (ID = 0)
7:01 PM:   00004af3_436d218e_000a037a (ID = 0)
7:01 PM:   0000153c_436047a6_00089544 (ID = 0)
7:01 PM:   00000902_436ce6f2_0007270e (ID = 0)
7:01 PM:   00001a49_436cffdd_00029f63 (ID = 0)
7:01 PM:   00003d6c_435d9331_00094c5f (ID = 0)
7:01 PM:   00005f49_436d009a_0002625a (ID = 0)
7:01 PM:   000018be_435821c3_000a4083 (ID = 0)
7:01 PM:   0000030a_436ce44f_00090f56 (ID = 0)
7:01 PM:   00000ecc_435edd46_00098968 (ID = 0)
7:01 PM:   00004db7_435eb146_0000b71b (ID = 0)
7:01 PM:   0000187e_435ecd70_0002dc6c (ID = 0)
7:01 PM:   00007bb9_436ce6f3_00053ec6 (ID = 0)
7:01 PM:   00007282_436d16dd_0001312d (ID = 0)
7:01 PM:   00005772_436ce6f3_000632ea (ID = 0)
7:02 PM:   000054de_435822cf_0000b71b (ID = 0)
7:02 PM:   0000578d_436d2193_000d1cef (ID = 0)
7:02 PM:   000072ae_435821e1_0000b71b (ID = 0)
7:02 PM:   000078fe_436d2193_000e1113 (ID = 0)
7:02 PM:   00007049_436ce6fb_0002625a (ID = 0)
7:02 PM:   000032e6_436d0cbe_00094c5f (ID = 0)
7:02 PM:   000037be_436d2194_0000b71b (ID = 0)
7:02 PM:   00000633_436d16d9_00057bcf (ID = 0)
7:02 PM:   00004823_435e1cfc_00031975 (ID = 0)
7:02 PM:   000071f2_436d2199_000c28cb (ID = 0)
7:02 PM:   0000301c_436ce44f_000a4083 (ID = 0)
7:02 PM:   00005a9f_435edccf_0002dc6c (ID = 0)
7:02 PM:   000019d9_436d0f33_000d1cef (ID = 0)
7:02 PM:   00006bfc_436cfec7_000b34a7 (ID = 0)
7:02 PM:   00000029_436c0e9a_00016e36 (ID = 0)
7:02 PM:   000011f4_436d0dd7_000a7d8c (ID = 0)
7:02 PM:   00004cad_435d8958_000f0537 (ID = 0)
7:02 PM:   00007a5a_4358235e_0003567e (ID = 0)
7:02 PM:   000000eb_436d2199_000d9701 (ID = 0)
7:02 PM:   00002f14_435ef46a_000af79e (ID = 0)
7:02 PM:   0000401d_436d0cc1_0003567e (ID = 0)
7:02 PM:   00006ad6_435ed733_000632ea (ID = 0)
7:02 PM:   000071f0_436d0cc1_000e1113 (ID = 0)
7:02 PM:   000018be_435e1cfc_000aba95 (ID = 0)
7:02 PM:   00006b72_435ed7b1_0007de29 (ID = 0)
7:02 PM:   00003ef6_435ef333_00029f63 (ID = 0)
7:02 PM:   00007871_436d219a_00022551 (ID = 0)
7:02 PM:   00006048_436d0efe_00057bcf (ID = 0)
7:02 PM:   00007a5a_435eb1d2_00022551 (ID = 0)
7:02 PM:   00001cd0_43604cdd_000a037a (ID = 0)
7:02 PM:   00000f3e_435eb0dc_000dd40a (ID = 0)
7:02 PM:   0000692c_436ce6fc_00003d09 (ID = 0)
7:02 PM:   000032e6_435ed7b1_00098968 (ID = 0)
7:02 PM:   00000ecc_436d0ecc_0008d24d (ID = 0)
7:02 PM:   0000030a_436cff15_0003567e (ID = 0)
7:02 PM:   00003f4a_436d17fd_00057bcf (ID = 0)
7:02 PM:   00006952_435d659a_0008d24d (ID = 0)
7:02 PM:   00006d76_436d1e9e_0001e848 (ID = 0)
7:02 PM:   00006df1_435f6d2c_000c28cb (ID = 0)
7:02 PM:   00005a9f_436d0dfc_0000b71b (ID = 0)
7:02 PM:   00006f11_436d188c_000a4083 (ID = 0)
7:02 PM:   00007bb9_436d0703_000dd40a (ID = 0)
7:02 PM:   00000a4a_436d1811_000a037a (ID = 0)
7:02 PM:   00007f96_436cfed1_000bebc2 (ID = 0)
7:02 PM:   00005cfd_43582555_000af79e (ID = 0)
7:02 PM:   0000305e_435f6d52_000e8b25 (ID = 0)
7:02 PM:   000066c4_435d8ae3_000cdfe6 (ID = 0)
7:02 PM:   00004a80_436ce6fc_0001ab3f (ID = 0)
7:02 PM:   000046cf_436d0ed0_000b34a7 (ID = 0)
7:03 PM:   00004cd4_435edccf_00057bcf (ID = 0)
7:03 PM:   00007e87_436c0f87_000c28cb (ID = 0)
7:03 PM:   00003b25_435815a5_00029f63 (ID = 0)
7:03 PM:   0000301c_43604bb7_0007270e (ID = 0)
7:03 PM:   00000af0_436d23f1_0001312d (ID = 0)
7:03 PM:   000026e9_43601d16_00076417 (ID = 0)
7:03 PM:   00003cd5_435ed696_000bebc2 (ID = 0)
7:03 PM:   00007f96_436ce3ed_00081b32 (ID = 0)
7:03 PM:   00000bdb_43604bb7_00090f56 (ID = 0)
7:03 PM:   00005f90_435d936f_000a4083 (ID = 0)
7:03 PM:   0000468c_436d1b4e_000af79e (ID = 0)
7:03 PM:   00005ed0_436d1816_0007a120 (ID = 0)
7:03 PM:   mspotmdm.sys (ID = 0)
7:03 PM:   00004b40_43581651_000487ab (ID = 0)
7:03 PM:   00000029_43604565_0007270e (ID = 0)
7:03 PM:   00007e87_435ea863_0003d090 (ID = 0)
7:03 PM:   00003699_435d8cdd_0003567e (ID = 0)
7:03 PM:   000013e9_435ed697_00003d09 (ID = 0)
7:03 PM:   00000bb3_43600308_000dd40a (ID = 0)
7:03 PM:   00003a9e_43582558_000af79e (ID = 0)
7:03 PM:   00004e57_436d181f_00003d09 (ID = 0)
7:03 PM:   0000187e_436ce6fc_00031975 (ID = 0)
7:03 PM:   000000c1_436d1c4c_0001ab3f (ID = 0)
7:03 PM:   00000bb3_435d65cc_0002dc6c (ID = 0)
7:03 PM:   000010d9_436d1dea_000c28cb (ID = 0)
7:03 PM:   00004823_435eef6c_0002dc6c (ID = 0)
7:03 PM:   00003807_435ee909_0005b8d8 (ID = 0)
7:03 PM:   0000074d_435eb181_000487ab (ID = 0)
7:03 PM:   0000401d_435ed881_0009c671 (ID = 0)
7:03 PM:   000033ea_436052b1_0006ea05 (ID = 0)
7:03 PM:   000016c5_436ce6fd_000baeb9 (ID = 0)
7:03 PM:   00006443_435d68bc_000d9701 (ID = 0)
7:03 PM:   00000bdb_436cff32_0003d090 (ID = 0)
7:03 PM:   00004df2_435eb3a1_000c65d4 (ID = 0)
7:03 PM:   00003a61_43581972_0001312d (ID = 0)
7:03 PM:   000071f0_435ed881_000a7d8c (ID = 0)
7:03 PM:   0000366b_43604cde_0000b71b (ID = 0)
7:03 PM:   00004230_435ef2ff_000501bd (ID = 0)
7:03 PM:   00000c7b_435ee8be_0009c671 (ID = 0)
7:03 PM:   00000384_436d0cc1_000e8b25 (ID = 0)
7:03 PM:   00000384_435ed881_000b71b0 (ID = 0)
7:03 PM:   000012db_435d6820_00040d99 (ID = 0)
7:03 PM:   000066bb_435d68c3_000b71b0 (ID = 0)
7:03 PM:   00005878_43600560_00044aa2 (ID = 0)
7:03 PM:   0000323b_43600519_0001e848 (ID = 0)
7:03 PM:   00005dd5_436d0de2_0008d24d (ID = 0)
7:03 PM:   00002350_43581640_000cdfe6 (ID = 0)
7:03 PM:   00006899_436ce6fe_00022551 (ID = 0)
7:03 PM:   00006952_435821e1_000af79e (ID = 0)
7:03 PM:   00004ae1_436cfb03_00094c5f (ID = 0)
7:03 PM:   0000428b_43581585_00031975 (ID = 0)
7:03 PM:   00003cd5_436ce6fe_0003567e (ID = 0)
7:03 PM:   00005882_436d23c5_00039387 (ID = 0)
7:03 PM:   000013e9_436ce70b_0005f5e1 (ID = 0)
7:03 PM:   0000440d_435f6d53_0007270e (ID = 0)
7:03 PM:   00006784_436cc27f_0003d090 (ID = 0)
7:03 PM:   000056ae_43604bb7_000d1cef (ID = 0)
7:03 PM:   00007f4f_435ed886_000487ab (ID = 0)
7:03 PM:   00005e14_435ef26e_00098968 (ID = 0)
7:03 PM:   000041bb_436cc2d5_000aba95 (ID = 0)
7:03 PM:   00005fa4_435edccf_000bebc2 (ID = 0)
7:03 PM:   00004080_436ce70b_000a4083 (ID = 0)
7:04 PM:   000041bb_43581546_0008583b (ID = 0)
7:04 PM:   000066be_436d23cc_00094c5f (ID = 0)
7:04 PM:   0000494a_435ed886_0008d24d (ID = 0)
7:04 PM:   0000314f_436ce51f_00000000 (ID = 0)
7:04 PM:   00006952_435d936d_000af79e (ID = 0)
7:04 PM:   000056ae_436041a7_00098968 (ID = 0)
7:04 PM:   00003d6c_436cfb04_0002625a (ID = 0)
7:04 PM:   0000252a_435ee768_0001312d (ID = 0)
7:04 PM:   00002f14_43581922_000bebc2 (ID = 0)
7:04 PM:   00004cad_4360064e_0006ea05 (ID = 0)
7:04 PM:   000043db_436d23cc_000d59f8 (ID = 0)
7:04 PM:   00000a28_436d197e_000487ab (ID = 0)
7:04 PM:   00000d6a_436d1a68_0009c671 (ID = 0)
7:04 PM:   000041bb_435bf162_0004c4b4 (ID = 0)
7:04 PM:   0000422d_435ed739_000d1cef (ID = 0)
7:04 PM:   000057d3_436d0f0a_00007a12 (ID = 0)
7:04 PM:   000066c4_43604ce0_000a037a (ID = 0)
7:04 PM:   00001953_436d0d3e_00076417 (ID = 0)
7:04 PM:   00004df2_436ce526_000632ea (ID = 0)
7:04 PM:   00004230_43604ce0_000a7d8c (ID = 0)
7:04 PM:   000057c2_436d23d2_0002625a (ID = 0)
7:04 PM:   0000428b_435d68c6_000d9701 (ID = 0)
7:04 PM:   000018be_436c0ed0_0007a120 (ID = 0)
7:04 PM:   00005cfd_435d8927_00076417 (ID = 0)
7:04 PM:   00004509_436cfe4b_00040d99 (ID = 0)
7:04 PM:   00000de5_436d1928_000e1113 (ID = 0)
7:04 PM:   00003a61_435ef4d8_00081b32 (ID = 0)
7:04 PM:   000023c9_436052b1_000ec82e (ID = 0)
7:04 PM:   00003e12_435d8927_00081b32 (ID = 0)
7:04 PM:   00001a49_435d8927_000af79e (ID = 0)
7:04 PM:   00000732_435824c0_000632ea (ID = 0)
7:04 PM:   00000677_435ed886_00094c5f (ID = 0)
7:04 PM:   0000159f_436d1e4b_000501bd (ID = 0)
7:04 PM:   00007bb9_435d8db6_0002dc6c (ID = 0)
7:04 PM:   00003b25_435d6a2f_0001ab3f (ID = 0)
7:04 PM:   000012db_435eb0ce_0001e848 (ID = 0)
7:04 PM:   00001246_436d23e3_000501bd (ID = 0)
7:04 PM:   0000676d_436d1ed1_0005f5e1 (ID = 0)
7:04 PM:   00005841_436d23e3_0007a120 (ID = 0)
7:04 PM:   00005991_43604db3_0008d24d (ID = 0)
7:04 PM:   00006899_435ef418_0004c4b4 (ID = 0)
7:04 PM:   00000822_436ce5db_000e1113 (ID = 0)
7:04 PM:   00003a2d_436d0ed6_00007a12 (ID = 0)
7:04 PM:   00005af1_435c0d36_000bebc2 (ID = 0)
7:04 PM:   00002ea6_43601d39_0001e848 (ID = 0)
7:04 PM:   00003d6c_43601b95_00016e36 (ID = 0)
7:04 PM:   00001649_435d9376_000487ab (ID = 0)
7:04 PM:   00003d6c_435bf109_00094c5f (ID = 0)
7:04 PM:   00000029_435ea14c_000ec82e (ID = 0)
7:04 PM:   00000029_435c0d2e_0009c671 (ID = 0)
7:04 PM:   00002cd6_43601b95_00098968 (ID = 0)
7:04 PM:   00005078_436d1027_000c65d4 (ID = 0)
7:04 PM:   0000491c_435f6d56_000d9701 (ID = 0)
7:04 PM:   00002e40_435ef2b2_00003d09 (ID = 0)
7:05 PM:   00001649_435f6ca2_00007a12 (ID = 0)
7:05 PM:   00007874_436d0d8b_000d59f8 (ID = 0)
7:05 PM:   00004d06_435f6d57_0005f5e1 (ID = 0)
7:05 PM:   00002059_435edce2_0002625a (ID = 0)
7:05 PM:   00004823_435ea14d_0000f424 (ID = 0)
7:05 PM:   00002cd6_436cfb04_00039387 (ID = 0)
7:05 PM:   000012db_43601d39_0003d090 (ID = 0)
7:05 PM:   000054de_43581568_0002dc6c (ID = 0)
7:05 PM:   00003d6c_435eefbd_00016e36 (ID = 0)
7:05 PM:   00004b40_436cff82_00098968 (ID = 0)
7:05 PM:   00006c6c_436d1ded_000e8b25 (ID = 0)
7:05 PM:   00000f3e_435d6840_0005f5e1 (ID = 0)
7:05 PM:   00000099_436c0f89_000dd40a (ID = 0)
7:05 PM:   0000127e_435edce2_0005f5e1 (ID = 0)
7:05 PM:   00000e90_435ef609_0000f424 (ID = 0)
7:05 PM:   00005005_435ee8be_000c65d4 (ID = 0)
7:05 PM:   00000035_435edce2_0007de29 (ID = 0)
7:05 PM:   00005f1e_436d0d86_0001ab3f (ID = 0)
7:05 PM:   00003a9e_436d0042_0007a120 (ID = 0)
7:05 PM:   000026e9_436c0f7a_00044aa2 (ID = 0)
7:05 PM:   00006512_436d1ee8_0003d090 (ID = 0)
7:05 PM:   00005e73_435eebce_000c28cb (ID = 0)
7:05 PM:   00006443_435eb18c_0003d090 (ID = 0)
7:05 PM:   00002cd6_435bf29e_0003d090 (ID = 0)
7:05 PM:   00002b0f_436d1fc9_0001ab3f (ID = 0)
7:05 PM:   0000491c_43600477_000cdfe6 (ID = 0)
7:05 PM:   0000261e_435ef4ef_0007de29 (ID = 0)
7:05 PM:   000046cf_435ee3a8_0000f424 (ID = 0)
7:05 PM:   000064e0_436d1ee4_00053ec6 (ID = 0)
7:05 PM:   000048cc_436052bc_000cdfe6 (ID = 0)
7:05 PM:   0000428b_435eb19d_0003d090 (ID = 0)
7:05 PM:   0000212c_436d2050_000baeb9 (ID = 0)
7:05 PM:   000018be_4360cc62_0007270e (ID = 0)
7:05 PM:   00000e29_436d1ecc_000cdfe6 (ID = 0)
7:05 PM:   00001547_435eb148_0000b71b (ID = 0)
7:05 PM:   00002833_435ef52d_0005f5e1 (ID = 0)
7:05 PM:   000001d3_435ee3a8_00031975 (ID = 0)
7:05 PM:   00006ad4_435ef54d_00089544 (ID = 0)
7:05 PM:   000007cf_435edcf3_000a037a (ID = 0)
7:05 PM:   00001a49_43604c06_000cdfe6 (ID = 0)
7:05 PM:   00000732_435ef1ee_00081b32 (ID = 0)
7:05 PM:   00002d12_43581569_00057bcf (ID = 0)
7:05 PM:   00004823_43604565_0009c671 (ID = 0)
7:05 PM:   00006732_435edcf3_000af79e (ID = 0)
7:05 PM:   00000e90_435ee3a8_000b34a7 (ID = 0)
7:05 PM:   00005f32_435d8928_0002dc6c (ID = 0)
7:05 PM:   00003b25_43604b57_000e4e1c (ID = 0)
7:05 PM:   00005991_436ce5dc_000a7d8c (ID = 0)
7:05 PM:   0000773b_435ee909_000632ea (ID = 0)
7:05 PM:   000072ae_43601b9a_0003d090 (ID = 0)
7:05 PM:   0000008e_436d205b_0003567e (ID = 0)
7:05 PM:   00005af1_4358153f_00044aa2 (ID = 0)
7:05 PM:   00006f3c_436d1950_000aba95 (ID = 0)
7:05 PM:   00006952_43601b9a_000501bd (ID = 0)
7:05 PM:   00003a2d_435ee3af_0001ab3f (ID = 0)
7:05 PM:   00003bf6_436005dd_000bebc2 (ID = 0)
7:05 PM:   0000390c_435c1081_00000000 (ID = 0)
7:05 PM:   00005753_436052bd_0008d24d (ID = 0)
7:05 PM:   000039b3_435f6d5f_00053ec6 (ID = 0)
7:06 PM:   0000692c_43604eb9_0009c671 (ID = 0)
7:06 PM:   00006048_435ee3af_0008583b (ID = 0)
7:06 PM:   000018be_43604566_0002625a (ID = 0)
7:06 PM:   00000633_435ee935_000c65d4 (ID = 0)
7:06 PM:   0000486a_435eeb2b_0005f5e1 (ID = 0)
7:06 PM:   00007282_435ee936_00031975 (ID = 0)
7:06 PM:   00000099_435eb0e1_000dd40a (ID = 0)
7:06 PM:   000057d3_435ee3b8_00098968 (ID = 0)
7:06 PM:   00003cd5_436d0745_0000b71b (ID = 0)
7:06 PM:   00006443_436cfd12_000c65d4 (ID = 0)
7:06 PM:   0000121f_436d05db_000e8b25 (ID = 0)
7:06 PM:   00003cd5_435ef423_000ec82e (ID = 0)
7:06 PM:   00006e5d_435bf4dc_00081b32 (ID = 0)
7:06 PM:   0000323b_435eb24e_00029f63 (ID = 0)
7:06 PM:   000060bf_436052bd_000b34a7 (ID = 0)
7:06 PM:   00002d12_435f6d5f_000632ea (ID = 0)
7:06 PM:   0000458f_435ee3b8_000d9701 (ID = 0)
7:06 PM:   0000797d_435d8928_000baeb9 (ID = 0)
7:06 PM:   00006952_436cfb10_00022551 (ID = 0)
7:06 PM:   00005f90_435821e1_000b34a7 (ID = 0)
7:06 PM:   000066bb_436cfd12_000ec82e (ID = 0)
7:06 PM:   000039b3_435822cf_0000f424 (ID = 0)
7:06 PM:   00004509_435ef142_00089544 (ID = 0)
7:06 PM:   00005f90_436cfb10_000487ab (ID = 0)
7:06 PM:   000026e9_436cc2d7_000501bd (ID = 0)
7:06 PM:   00007a61_436d1a29_0006ea05 (ID = 0)
7:06 PM:   00001649_436cfb14_0000b71b (ID = 0)
7:06 PM:   000054dc_435ed745_000a037a (ID = 0)
7:06 PM:   00005039_436d0d32_000b71b0 (ID = 0)
7:06 PM:   00000975_435ee3b9_0001e848 (ID = 0)
7:06 PM:   00006cf4_436d1956_00076417 (ID = 0)
7:06 PM:   00006bfc_435823e3_000d59f8 (ID = 0)
7:06 PM:   0000368e_435ed745_000b34a7 (ID = 0)
7:06 PM:   00007e87_43601d4a_00081b32 (ID = 0)
7:06 PM:   00000099_435c1084_0005b8d8 (ID = 0)
7:06 PM:   00001953_435edc63_0004c4b4 (ID = 0)
7:06 PM:   00005af1_436cfb14_00076417 (ID = 0)
7:06 PM:   00005c67_436052bd_000d59f8 (ID = 0)
7:06 PM:   00006bfc_436ce39f_00066ff3 (ID = 0)
7:06 PM:   00006784_4360456d_0001ab3f (ID = 0)
7:06 PM:   000012db_435c0d75_0005f5e1 (ID = 0)
7:06 PM:   00005f49_435817be_000a4083 (ID = 0)
7:06 PM:   0000187e_435818cc_000c28cb (ID = 0)
7:06 PM:   00004ae1_4360cc63_0005f5e1 (ID = 0)
7:06 PM:   00005af1_435d64c7_0001ab3f (ID = 0)
7:06 PM:   0000767d_436ce307_0000f424 (ID = 0)
7:06 PM:   0000440d_435bf3d5_000b34a7 (ID = 0)
7:06 PM:   00003d6c_4360cc63_000af79e (ID = 0)
7:06 PM:   00000bdb_4360052c_000632ea (ID = 0)
7:06 PM:   000041bb_436cfb1b_000e4e1c (ID = 0)
7:06 PM:   00005f90_4358153c_000baeb9 (ID = 0)
7:06 PM:   000037e5_435ee76a_0003567e (ID = 0)
7:06 PM:   0000366b_436ce58a_00000000 (ID = 0)
7:06 PM:   00000d66_435ed74b_000501bd (ID = 0)
7:07 PM:   0000251f_435ee936_00040d99 (ID = 0)
7:07 PM:   000026e9_436cfb1c_00007a12 (ID = 0)
7:07 PM:   00006bcb_435edc63_0007a120 (ID = 0)
7:07 PM:   00007983_435ed74b_000632ea (ID = 0)
7:07 PM:   00004080_436d0751_0003d090 (ID = 0)
7:07 PM:   000075ef_435ed74b_000b71b0 (ID = 0)
7:07 PM:   00000822_43581836_000e4e1c (ID = 0)
7:07 PM:   00003004_435eeb30_00007a12 (ID = 0)
7:07 PM:   00001e1f_43604b58_0001ab3f (ID = 0)
7:07 PM:   00001dc0_435ee76a_00044aa2 (ID = 0)
7:07 PM:   00000fc9_435edc63_000a4083 (ID = 0)
7:07 PM:   0000701f_435d6909_000d9701 (ID = 0)
7:07 PM:   0000767d_435ef13c_000d59f8 (ID = 0)
7:07 PM:   00000ce1_436d1c4d_000aba95 (ID = 0)
7:07 PM:   000066c4_436ce58a_00094c5f (ID = 0)
7:07 PM:   00004ae1_4360456d_00039387 (ID = 0)
7:07 PM:   000037e6_435ee406_0008d24d (ID = 0)
7:07 PM:   00004657_435ed74f_000501bd (ID = 0)
7:07 PM:   00006784_436c0edc_000a037a (ID = 0)
7:07 PM:   00007dd1_43581975_000c28cb (ID = 0)
7:07 PM:   00002c49_435ed74f_00081b32 (ID = 0)
7:07 PM:   0000030a_435eb2b4_00098968 (ID = 0)
7:07 PM:   0000030a_435d8226_000b34a7 (ID = 0)
7:07 PM:   00001547_435bf1cf_000bebc2 (ID = 0)
7:07 PM:   00004f68_436d1848_00039387 (ID = 0)
7:07 PM:   00007cfe_435eeee7_00081b32 (ID = 0)
7:07 PM:   00003c61_435ed74f_000a7d8c (ID = 0)
7:07 PM:   00005878_43604bf1_00029f63 (ID = 0)
7:07 PM:   000026a6_436049d6_0007de29 (ID = 0)
7:07 PM:   00006df1_435821e8_0007270e (ID = 0)
7:07 PM:   00002cd6_435d6435_0002dc6c (ID = 0)
7:07 PM:   0000422d_436d078c_000e4e1c (ID = 0)
7:07 PM:   000058b0_43604eb5_00089544 (ID = 0)
7:07 PM:   00005f1e_435edc6a_00031975 (ID = 0)
7:07 PM:   00002d12_435822d0_0008d24d (ID = 0)
7:07 PM:   00005af1_435821e8_00081b32 (ID = 0)
7:07 PM:   000048cc_435ed729_0001e848 (ID = 0)
7:07 PM:   00007f96_435823e3_000d9701 (ID = 0)
7:07 PM:   000022ee_43581643_00000000 (ID = 0)
7:07 PM:   000019d9_435ee406_000e4e1c (ID = 0)
7:07 PM:   00002fff_435ed753_000a7d8c (ID = 0)
7:07 PM:   00000ddc_435817c2_0008d24d (ID = 0)
7:07 PM:   00000bb3_436cfb20_0002625a (ID = 0)
7:07 PM:   00006784_43581534_00089544 (ID = 0)
7:07 PM:   00005db2_436d0752_0001e848 (ID = 0)
7:07 PM:   00001238_435ef154_00098968 (ID = 0)
7:07 PM:   0000494a_436d0cd0_000ec82e (ID = 0)
7:07 PM:   00005f45_436d1963_000bebc2 (ID = 0)
7:07 PM:   000001eb_435eb0a4_00031975 (ID = 0)
7:07 PM:   00004823_435d638c_00031975 (ID = 0)
7:07 PM:   00006c69_435ed753_000b34a7 (ID = 0)
7:07 PM:   00004626_436d1ebb_0002dc6c (ID = 0)
7:07 PM:   00003699_435ef3c5_00040d99 (ID = 0)
7:07 PM:   00005f32_43604c07_0003d090 (ID = 0)
7:07 PM:   00005f90_43601bac_00003d09 (ID = 0)
7:08 PM:   00004230_436d02c6_0003d090 (ID = 0)
7:08 PM:   00006e5d_43604b58_00029f63 (ID = 0)
7:08 PM:   00006b36_436cff95_00066ff3 (ID = 0)
7:08 PM:   000001d3_436d0ed1_000501bd (ID = 0)
7:08 PM:   00005878_4358165b_000ec82e (ID = 0)
7:08 PM:   00002833_435edc6a_000501bd (ID = 0)
7:08 PM:   00001d3f_436d1f08_0006ea05 (ID = 0)
7:08 PM:   00004dc8_435822d0_000d9701 (ID = 0)
7:08 PM:   00001a49_436005c8_0002dc6c (ID = 0)
7:08 PM:   0000182f_435eec47_000c65d4 (ID = 0)
7:08 PM:   000026e9_435821f2_00076417 (ID = 0)
7:08 PM:   00001d18_436d1728_00081b32 (ID = 0)
7:08 PM:   000001eb_435821f2_0008d24d (ID = 0)
7:08 PM:   00007874_435edc6a_0008583b (ID = 0)
7:08 PM:   000072ae_435d6435_00094c5f (ID = 0)
7:08 PM:   0000390c_43601d4a_0009c671 (ID = 0)
7:08 PM:   00004d67_435eec48_00000000 (ID = 0)
7:08 PM:   0000249e_435edc6f_00094c5f (ID = 0)
7:08 PM:   0000797d_43582558_000e4e1c (ID = 0)
7:08 PM:   00006952_435c0d36_0005b8d8 (ID = 0)
7:08 PM:   00004dc8_435bf1e3_000e1113 (ID = 0)
7:08 PM:   00006270_436d1728_000ec82e (ID = 0)
7:08 PM:   000023c9_436d0752_00098968 (ID = 0)
7:08 PM:   00004e45_435d81da_000487ab (ID = 0)
7:08 PM:   00000878_436d1ea1_000e8b25 (ID = 0)
7:08 PM:   000056ae_436ce450_0007de29 (ID = 0)
7:08 PM:   00000bb3_4360ca62_00039387 (ID = 0)
7:08 PM:   0000767d_435bf49e_000aba95 (ID = 0)
7:08 PM:   0000658c_436d1bc4_00029f63 (ID = 0)
7:08 PM:   00006bfc_435d81d6_00016e36 (ID = 0)
7:08 PM:   00002b0c_435edc6f_000c65d4 (ID = 0)
7:08 PM:   00005d03_435d6922_00000000 (ID = 0)
7:08 PM:   00001796_435eeb3b_00040d99 (ID = 0)
7:08 PM:   00006443_435ef11a_00016e36 (ID = 0)
7:08 PM:   00002e40_435817e2_0002625a (ID = 0)
7:08 PM:   00005e14_436d0190_0002dc6c (ID = 0)
7:08 PM:   00000bb3_436c0f80_0006acfc (ID = 0)
7:08 PM:   00006270_435eeab1_000e4e1c (ID = 0)
7:08 PM:   00002f0c_436d1e68_000a037a (ID = 0)
7:08 PM:   00003492_436d1729_00076417 (ID = 0)
7:08 PM:   00003a9e_43604c10_000632ea (ID = 0)
7:08 PM:   00002c3b_436ce599_0002625a (ID = 0)
7:08 PM:   00004fe2_436d1e52_000f0537 (ID = 0)
7:08 PM:   00007eb7_436ce590_0006ea05 (ID = 0)
7:08 PM:   000015a1_436ce599_0005b8d8 (ID = 0)
7:08 PM:   0000301c_435eb2ce_0005b8d8 (ID = 0)
7:08 PM:   0000260d_435ef1e1_000487ab (ID = 0)
7:08 PM:   00004df2_435ef276_0008583b (ID = 0)
7:08 PM:   00003b25_435ef158_0001e848 (ID = 0)
7:08 PM:   00006ad6_43581927_000c28cb (ID = 0)
7:08 PM:   00000124_436c0f98_00040d99 (ID = 0)
7:08 PM:   00004d06_435ef0b5_00003d09 (ID = 0)
7:08 PM:   00005d03_435eb1be_0007270e (ID = 0)
7:08 PM:   000041bb_435821f2_000632ea (ID = 0)
7:08 PM:   0000121f_435ef367_0005f5e1 (ID = 0)
7:08 PM:   00000e90_436d0ed1_0005b8d8 (ID = 0)
7:08 PM:   000056ae_436cff39_000d1cef (ID = 0)
7:09 PM:   00007983_43581955_000632ea (ID = 0)
7:09 PM:   0000366b_435ef2c1_00040d99 (ID = 0)
7:09 PM:   00001ad4_435bf4f4_0006acfc (ID = 0)
7:09 PM:   000022ee_43600548_0005b8d8 (ID = 0)
7:09 PM:   000056ae_43600533_00016e36 (ID = 0)
7:09 PM:   0000249e_435ef531_0009c671 (ID = 0)
7:09 PM:   00001316_435eed5c_0003d090 (ID = 0)
7:09 PM:   00005e9d_4358198d_0000b71b (ID = 0)
7:09 PM:   00001e1f_436004e4_00039387 (ID = 0)
7:09 PM:   00000a6c_436d1f3e_00016e36 (ID = 0)
7:09 PM:   000018d7_43581a38_00003d09 (ID = 0)
7:09 PM:   00000bdb_435eb2d1_0008583b (ID = 0)
7:09 PM:   00006b36_43600560_00089544 (ID = 0)
7:09 PM:   00004944_435eb3aa_000bebc2 (ID = 0)
7:09 PM:   00002b0c_435ef533_0007270e (ID = 0)
7:09 PM:   00000ecc_435ef5c7_00007a12 (ID = 0)
7:09 PM:   0000591d_435ef659_000e1113 (ID = 0)
7:09 PM:   00005968_435eec48_0003d090 (ID = 0)
7:09 PM:   0000305e_436c0f9b_0001312d (ID = 0)
7:09 PM:   00000732_436ce450_00089544 (ID = 0)
7:09 PM:   00005f90_435c0d36_0005f5e1 (ID = 0)
7:09 PM:   00006443_435822d6_0006acfc (ID = 0)
7:09 PM:   00000ddc_435d892c_00066ff3 (ID = 0)
7:09 PM:   00001481_435ee88e_00044aa2 (ID = 0)
7:09 PM:   00004087_436d102d_0002625a (ID = 0)
7:09 PM:   00004c66_436d1dfe_000d9701 (ID = 0)
7:09 PM:   0000767d_435eb1d7_00090f56 (ID = 0)
7:09 PM:   00002fe7_436d1d48_000c65d4 (ID = 0)
7:09 PM:   00005cfd_435ef25d_0009c671 (ID = 0)
7:09 PM:   00004346_436d205f_0003567e (ID = 0)
7:09 PM:   00002852_435eeeed_0001e848 (ID = 0)
7:09 PM:   00006e5d_435ef15b_000e4e1c (ID = 0)
7:09 PM:   000054de_435bf1d3_00057bcf (ID = 0)
7:09 PM:   000066bb_435eb18f_000e8b25 (ID = 0)
7:09 PM:   00006ad6_435ef481_00040d99 (ID = 0)
7:09 PM:   0000591d_436d0f39_00031975 (ID = 0)
7:09 PM:   00000a41_436d1f80_000632ea (ID = 0)
7:09 PM:   00002e39_436d1efa_00076417 (ID = 0)
7:09 PM:   000072ae_435bf2b1_00053ec6 (ID = 0)
7:09 PM:   00002cd6_435eefc2_00039387 (ID = 0)
7:09 PM:   000066bb_435bf1e9_0000f424 (ID = 0)
7:09 PM:   00001e1f_435ef15a_000c28cb (ID = 0)
7:09 PM:   0000428b_435bf1ef_000c65d4 (ID = 0)
7:09 PM:   00004509_435eb1db_0000b71b (ID = 0)
7:09 PM:   000011f4_435ef537_000e8b25 (ID = 0)
7:09 PM:   00004087_435ee88e_0005b8d8 (ID = 0)
7:09 PM:   000001eb_4360ccb0_0006acfc (ID = 0)
7:09 PM:   000026e9_4360ccb0_000632ea (ID = 0)
7:09 PM:   00001366_435eb3b0_00081b32 (ID = 0)
7:09 PM:   00000bb3_4360ccb0_00076417 (ID = 0)
7:09 PM:   000013e9_435ef435_000e8b25 (ID = 0)
7:09 PM:   00005c67_435ef45b_000b34a7 (ID = 0)
7:09 PM:   00000822_435eb414_0007a120 (ID = 0)
7:09 PM:   00005a9f_435ef552_000aba95 (ID = 0)
7:09 PM:   00003699_43604eb6_00089544 (ID = 0)
7:09 PM:   000054d6_436d1b75_0008d24d (ID = 0)
7:09 PM:   0000773f_436d1f6b_000f0537 (ID = 0)
7:09 PM:   000056ae_435eb2e9_0001e848 (ID = 0)
7:10 PM:   000072ae_4360cc73_000c65d4 (ID = 0)
7:10 PM:   00004fc0_436d1c6a_0001312d (ID = 0)
7:10 PM:   0000314f_436d016e_0007a120 (ID = 0)
7:10 PM:   00000732_436cff3b_000b71b0 (ID = 0)
7:10 PM:   00006732_436d0e9f_0009c671 (ID = 0)
7:10 PM:   000032e6_43581999_000bebc2 (ID = 0)
7:10 PM:   00006952_4360cc73_000dd40a (ID = 0)
7:10 PM:   00007b44_435ee899_000a4083 (ID = 0)
7:10 PM:   00006a15_435eeade_000d9701 (ID = 0)
7:10 PM:   00003e12_435ef25d_000a7d8c (ID = 0)
7:10 PM:   000066c4_435ef2c7_00022551 (ID = 0)
7:10 PM:   0000590e_435ee899_000af79e (ID = 0)
7:10 PM:   00007e87_435ef07c_000c65d4 (ID = 0)
7:10 PM:   00002ea6_435821f8_000c28cb (ID = 0)
7:10 PM:   ace.dll (ID = 0)
7:10 PM:   00006952_435d6435_000e8b25 (ID = 0)
7:10 PM:   00001649_435c0d36_0007de29 (ID = 0)
7:10 PM:   00000029_435821b7_000501bd (ID = 0)
7:10 PM:   00005422_436ce5aa_00044aa2 (ID = 0)
7:10 PM:   00007ff5_435823f3_00031975 (ID = 0)
7:10 PM:   000066bb_435822d6_0007de29 (ID = 0)
7:10 PM:   000012db_435821f8_000e1113 (ID = 0)
7:10 PM:   00007eb7_436d02c8_00098968 (ID = 0)
7:10 PM:   000009ce_436d1986_00076417 (ID = 0)
7:10 PM:   0000428b_435822ed_0001312d (ID = 0)
7:10 PM:   000010d9_436d1d5f_00089544 (ID = 0)
7:10 PM:   00001e1f_436ce361_0008d24d (ID = 0)
7:10 PM:   000026a6_435822fc_0003567e (ID = 0)
7:10 PM:   00006df1_435c0d36_0009c671 (ID = 0)
7:10 PM:   0000440d_436ccca6_0000f424 (ID = 0)
7:10 PM:   000019da_436d1770_00039387 (ID = 0)
7:10 PM:   0000138a_436d19cd_0002625a (ID = 0)
7:10 PM:   00003ef6_43581836_000632ea (ID = 0)
7:10 PM:   00007e87_4360492d_00053ec6 (ID = 0)
7:10 PM:   000072ae_435bf11d_00094c5f (ID = 0)
7:10 PM:   00001649_43601bac_0001e848 (ID = 0)
7:10 PM:   000026a6_436cfdd1_0008d24d (ID = 0)
7:10 PM:   0000301c_435d8227_0002dc6c (ID = 0)
7:10 PM:   0000797d_43604c11_000dd40a (ID = 0)
7:10 PM:   000001eb_436c0f7d_000b71b0 (ID = 0)
7:10 PM:   00002cd6_4360456d_00076417 (ID = 0)
7:10 PM:   0000701f_435822fd_000632ea (ID = 0)
7:10 PM:   00002959_436d19d0_0007a120 (ID = 0)
7:10 PM:   00002ea6_436cfbcf_0004c4b4 (ID = 0)
7:10 PM:   00002ea6_435bf308_0005f5e1 (ID = 0)
7:10 PM:   00005e76_436d19e4_00003d09 (ID = 0)
7:10 PM:   00002833_436d0d8a_00003d09 (ID = 0)
7:10 PM:   00006032_436d02cd_000f0537 (ID = 0)
7:10 PM:   00001cdf_436d1ec0_000e1113 (ID = 0)
7:10 PM:   0000701f_435bf498_0005b8d8 (ID = 0)
7:10 PM:   00001cd0_436ce56c_0000f424 (ID = 0)
7:10 PM:   00005064_436d177f_0000f424 (ID = 0)
7:10 PM:   000007cf_436d0e8b_000bebc2 (ID = 0)
7:10 PM:   0000520b_436d1996_00016e36 (ID = 0)
7:10 PM:   000012db_436cfbcf_0007270e (ID = 0)
7:10 PM:   00000029_435d57d7_000d9701 (ID = 0)
7:11 PM:   000068f5_436d1996_0002dc6c (ID = 0)
7:11 PM:   0000153c_436cfbcf_000a037a (ID = 0)
7:11 PM:   00000677_436d0cd6_000a4083 (ID = 0)
7:11 PM:   00006df1_435d9382_00053ec6 (ID = 0)
7:11 PM:   00002c3b_436d02ce_00016e36 (ID = 0)
7:11 PM:   00001649_435d6439_0002dc6c (ID = 0)
7:11 PM:   00007e87_436cfbd2_00040d99 (ID = 0)
7:11 PM:   0000759a_436ce450_000b71b0 (ID = 0)
7:11 PM:   0000282d_436d19e5_000e4e1c (ID = 0)
7:11 PM:   000015a1_436d02ce_000487ab (ID = 0)
7:11 PM:   00002350_436ce450_000d1cef (ID = 0)
7:11 PM:   00005753_435d8ee3_0008583b (ID = 0)
7:11 PM:   000022ee_436ce450_000ec82e (ID = 0)
7:11 PM:   0000765f_435ee89a_00053ec6 (ID = 0)
7:11 PM:   00004d54_436d1793_000b71b0 (ID = 0)
7:11 PM:   0000301c_436cff27_000e4e1c (ID = 0)
7:11 PM:   0000701f_436cfde8_0007270e (ID = 0)
7:11 PM:   00005878_4360426b_000f0537 (ID = 0)
7:11 PM:   00005422_436d02d2_0006ea05 (ID = 0)
7:11 PM:   00001850_435ee8a3_0000b71b (ID = 0)
7:11 PM:   0000169a_436d1d36_000a4083 (ID = 0)
7:11 PM:   00000124_435d6858_00003d09 (ID = 0)
7:11 PM:   00001238_435eb1dd_0004c4b4 (ID = 0)
7:11 PM:   00004db7_4360047d_0007de29 (ID = 0)
7:11 PM:   00002213_435eb269_00076417 (ID = 0)
7:11 PM:   00006d22_436d0eac_000af79e (ID = 0)
7:11 PM:   000036c2_436d1ea7_000aba95 (ID = 0)
7:11 PM:   00003cd6_435ef45f_0001e848 (ID = 0)
7:11 PM:   00003ef6_436d02d3_0001e848 (ID = 0)
7:11 PM:   00002b00_435ee8a3_00022551 (ID = 0)
7:11 PM:   000048db_435eeeed_000487ab (ID = 0)
7:11 PM:   00004ad4_435eec4c_000dd40a (ID = 0)
7:11 PM:   00005c46_435eeae2_00039387 (ID = 0)
7:11 PM:   000016d4_435ee8a3_000b71b0 (ID = 0)
7:11 PM:   000026a6_43581589_00029f63 (ID = 0)
7:11 PM:   00006b36_43604bf4_0005b8d8 (ID = 0)
7:11 PM:   00003e12_4358168f_0005b8d8 (ID = 0)
7:11 PM:   00003cd6_436052c0_000a4083 (ID = 0)
7:11 PM:   00000822_436d02d3_0002625a (ID = 0)
7:11 PM:   0000390c_436cfbd3_00003d09 (ID = 0)
7:11 PM:   00000f3e_436cfbd3_00022551 (ID = 0)
7:11 PM:   00000029_436cc267_0009c671 (ID = 0)
7:11 PM:   00006df1_43601c7d_0008d24d (ID = 0)
7:11 PM:   00000bdb_435824b5_0001312d (ID = 0)
7:11 PM:   000026e9_435c0d38_00000000 (ID = 0)
7:11 PM:   00000029_435bf0aa_00039387 (ID = 0)
7:11 PM:   000066bb_435f6d83_0001ab3f (ID = 0)
7:11 PM:   00002cf7_435eec4d_00090f56 (ID = 0)
7:11 PM:   00000099_436cfbd3_00031975 (ID = 0)
7:11 PM:   00000732_435eb30f_00094c5f (ID = 0)
7:11 PM:   0000314f_435817cd_0002625a (ID = 0)
7:11 PM:   00003f4a_435eec4d_0009c671 (ID = 0)
7:11 PM:   00005991_436d02d3_00031975 (ID = 0)
7:11 PM:   00000d66_435ef49b_00031975 (ID = 0)
7:11 PM:   000066c4_435eb3ca_00089544 (ID = 0)
7:11 PM:   0000797d_436005e3_0001ab3f (ID = 0)
7:11 PM:   0000390c_435ef082_000dd40a (ID = 0)
7:11 PM:   0000252a_435ef65f_0007a120 (ID = 0)
7:11 PM:   00004b40_436ce452_00007a12 (ID = 0)
7:11 PM:   0000127e_436d0e5d_000501bd (ID = 0)
7:11 PM:   00000124_43600467_000d1cef (ID = 0)
7:12 PM:   00005f23_436d1d66_000a7d8c (ID = 0)
7:12 PM:   000048cc_436d075a_00007a12 (ID = 0)
7:12 PM:   00000029_43601b8f_000ec82e (ID = 0)
7:12 PM:   00004963_436d1eac_000a4083 (ID = 0)
7:12 PM:   00005fa8_436d1c6d_00098968 (ID = 0)
7:12 PM:   000079d1_436d1d69_0001312d (ID = 0)
7:12 PM:   00002ba5_436d1e5c_0003d090 (ID = 0)
7:12 PM:   00003305_436d1fe3_000bebc2 (ID = 0)
7:12 PM:   00003ef6_436ce5ae_0007270e (ID = 0)
7:12 PM:   00002725_435eeeed_0009c671 (ID = 0)
7:12 PM:   00001a49_43581693_000f0537 (ID = 0)
7:12 PM:   000045c5_436d1997_00007a12 (ID = 0)
7:12 PM:   0000288f_435ed778_0002dc6c (ID = 0)
7:12 PM:   00004230_435d8b16_00057bcf (ID = 0)
7:1

[guestolo]

You cut out the bottom part of the SpySweeper log

Can you do the following, I suspect some things are still lurking

Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.

Reboot into safe mode
Once in safe mode

Double-click aproposfix.exe and unzip it to the desktop.  Open the aproposfix folder on your desktop and run RunThis.bat.  Follow the prompts.

When the tool is finished, please reboot back into normal mode

Post the entire contents of the log.txt file in the aproposfix folder.
Could I see another hijackthis log too, thanks

[nunya53]

Here is the rest of the Spysweeper log starting with the first instance of the time 7:12 PM.

7:12 PM:   00005f23_436d1d66_000a7d8c (ID = 0)
7:12 PM:   000048cc_436d075a_00007a12 (ID = 0)
7:12 PM:   00000029_43601b8f_000ec82e (ID = 0)
7:12 PM:   00004963_436d1eac_000a4083 (ID = 0)
7:12 PM:   00005fa8_436d1c6d_00098968 (ID = 0)
7:12 PM:   000079d1_436d1d69_0001312d (ID = 0)
7:12 PM:   00002ba5_436d1e5c_0003d090 (ID = 0)
7:12 PM:   00003305_436d1fe3_000bebc2 (ID = 0)
7:12 PM:   00003ef6_436ce5ae_0007270e (ID = 0)
7:12 PM:   00002725_435eeeed_0009c671 (ID = 0)
7:12 PM:   00001a49_43581693_000f0537 (ID = 0)
7:12 PM:   000045c5_436d1997_00007a12 (ID = 0)
7:12 PM:   0000288f_435ed778_0002dc6c (ID = 0)
7:12 PM:   00004230_435d8b16_00057bcf (ID = 0)
7:12 PM:   00006b89_43603eb2_000a7d8c (ID = 0)
7:12 PM:   00004823_435f64ab_000501bd (ID = 0)
7:12 PM:   0000401d_435819b0_00057bcf (ID = 0)
7:12 PM:   00001a49_435ef25e_00031975 (ID = 0)
7:12 PM:   00004823_43601b90_00003d09 (ID = 0)
7:12 PM:   000001eb_435d6519_00016e36 (ID = 0)
7:12 PM:   00005772_436d070d_000f0537 (ID = 0)
7:12 PM:   00000124_436cfbda_0001312d (ID = 0)
7:12 PM:   00000732_435d8231_0006ea05 (ID = 0)
7:12 PM:   00005ed0_435eec56_000cdfe6 (ID = 0)
7:12 PM:   00005f32_43581695_000cdfe6 (ID = 0)
7:12 PM:   00003a9e_435eb378_000501bd (ID = 0)
7:12 PM:   0000442b_436d0f65_000e1113 (ID = 0)
7:12 PM:   00006b89_436cff0e_000c28cb (ID = 0)
7:12 PM:   00004e57_435eec56_000d1cef (ID = 0)
7:12 PM:   00001a49_435eb36e_000dd40a (ID = 0)
7:12 PM:   00002350_435eb314_00000000 (ID = 0)
7:12 PM:   0000121f_436ce613_00094c5f (ID = 0)
7:12 PM:   00001366_435ef2ba_00081b32 (ID = 0)
7:12 PM:   00003a2d_435ef60a_0007de29 (ID = 0)
7:12 PM:   00004cd4_435ef554_00039387 (ID = 0)
7:12 PM:   0000440d_436cfbdb_000ca2dd (ID = 0)
7:12 PM:   00001af4_436d0eb1_000bebc2 (ID = 0)
7:12 PM:   00000fbf_436052c0_000baeb9 (ID = 0)
7:12 PM:   00004ae1_43581536_000f0537 (ID = 0)
7:12 PM:   0000428b_435f6d83_00040d99 (ID = 0)
7:12 PM:   00004509_4358236a_0001312d (ID = 0)
7:12 PM:   0000701f_4358158a_0000f424 (ID = 0)
7:12 PM:   00003bf6_435816a1_0007a120 (ID = 0)
7:12 PM:   00000124_4358155e_00022551 (ID = 0)
7:12 PM:   00004ae1_435eb064_0002625a (ID = 0)
7:12 PM:   0000701f_436049d8_00090f56 (ID = 0)
7:12 PM:   000018be_43601b90_000c65d4 (ID = 0)
7:12 PM:   0000139d_436d070e_0000f424 (ID = 0)
7:12 PM:   00000124_435ea87c_000501bd (ID = 0)
7:12 PM:   0000767d_43604ab5_000632ea (ID = 0)
7:12 PM:   0000797d_435eb383_00098968 (ID = 0)
7:12 PM:   00006e89_436d1f1d_000d59f8 (ID = 0)
7:12 PM:   000056ae_435824b9_000dd40a (ID = 0)
7:12 PM:   00005af1_435f6d2e_0002dc6c (ID = 0)
7:12 PM:   00007049_436d070e_00029f63 (ID = 0)
7:12 PM:   00006784_43601b94_00031975 (ID = 0)
7:12 PM:   00007eb7_435d8b16_0008d24d (ID = 0)
7:13 PM:   00000902_435d8cdd_00040d99 (ID = 0)
7:13 PM:   00006032_435d8b16_000a037a (ID = 0)
7:13 PM:   000048cc_435818fd_000af79e (ID = 0)
7:13 PM:   0000692c_436d070e_0003d090 (ID = 0)
7:13 PM:   00002fff_436d07d6_00031975 (ID = 0)
7:13 PM:   00006c69_436d07d6_000487ab (ID = 0)
7:13 PM:   0000305e_435ea88c_0003567e (ID = 0)
7:13 PM:   00004d06_436cfbe6_0005b8d8 (ID = 0)
7:13 PM:   00006048_435ef60a_000c65d4 (ID = 0)
7:13 PM:   00005815_436d1c0c_0007de29 (ID = 0)
7:13 PM:   000018be_435eef87_00044aa2 (ID = 0)
7:13 PM:   000018be_435f64ab_00081b32 (ID = 0)
7:13 PM:   000026a6_435f6d8e_000a037a (ID = 0)
7:13 PM:   0000428b_43602b23_00003d09 (ID = 0)
7:13 PM:   00005e9d_435ef4f3_00031975 (ID = 0)
7:13 PM:   000073da_436ce630_00007a12 (ID = 0)
7:13 PM:   00006784_435f64ad_00000000 (ID = 0)
7:13 PM:   0000288f_436d07d6_0009c671 (ID = 0)
7:13 PM:   00007f96_436004f2_000e1113 (ID = 0)
7:13 PM:   00001238_4358238c_0008d24d (ID = 0)
7:13 PM:   00005af1_43601c7e_0003d090 (ID = 0)
7:13 PM:   000054dc_436d078e_000b71b0 (ID = 0)
7:13 PM:   00001547_4360047f_000632ea (ID = 0)
7:13 PM:   00005f32_43582558_0000b71b (ID = 0)
7:13 PM:   000041bb_43601c7e_0007a120 (ID = 0)
7:13 PM:   00006ad4_436d0de8_0002625a (ID = 0)
7:13 PM:   00004ae1_435f64b0_00089544 (ID = 0)
7:13 PM:   00002c3b_435d8b1c_00040d99 (ID = 0)
7:13 PM:   00007014_436d1a43_0006ea05 (ID = 0)
7:13 PM:   00003d6c_435f64b1_0008583b (ID = 0)
7:13 PM:   000028e2_436d1e62_0004c4b4 (ID = 0)
7:13 PM:   0000701f_435f6d8f_00039387 (ID = 0)
7:13 PM:   00001d5e_436d1f20_00031975 (ID = 0)
7:13 PM:   00001ff1_436d1f29_000aba95 (ID = 0)
7:13 PM:   0000456d_436d1f2a_0001312d (ID = 0)
7:13 PM:   0000263d_436d19a3_000f0537 (ID = 0)
7:13 PM:   000071f0_435819b3_0003567e (ID = 0)
7:13 PM:   00002cd6_435f64b1_00090f56 (ID = 0)
7:13 PM:   00004cad_43604c16_00066ff3 (ID = 0)
7:13 PM:   00002ea6_43600341_0000b71b (ID = 0)
7:13 PM:   000015a1_435d8b1c_00044aa2 (ID = 0)
7:13 PM:   000018be_435d63b5_0002dc6c (ID = 0)
7:13 PM:   000018be_435bf0cf_000a7d8c (ID = 0)
7:13 PM:   00005772_435d8db6_0008583b (ID = 0)
7:13 PM:   000072ae_435f64b1_000f0537 (ID = 0)
7:13 PM:   000019da_435eeab4_000501bd (ID = 0)
7:13 PM:   0000139d_435d8db6_0008d24d (ID = 0)
7:13 PM:   00006952_435eb06e_00098968 (ID = 0)
7:13 PM:   00004df2_436d01df_000ca2dd (ID = 0)
7:13 PM:   0000441d_436d1c1b_0006ea05 (ID = 0)
7:13 PM:   000057d3_435ef610_000d9701 (ID = 0)
7:13 PM:   00000120_43604bbe_00094c5f (ID = 0)
7:13 PM:   0000305e_43601ff4_0003d090 (ID = 0)
7:14 PM:   00005f49_435eb384_00016e36 (ID = 0)
7:14 PM:   0000074d_435ef113_00081b32 (ID = 0)
7:14 PM:   00004db7_436cfbe6_0008583b (ID = 0)
7:14 PM:   00005991_435ef35b_000c65d4 (ID = 0)
7:14 PM:   00005d03_435f6d8f_0005f5e1 (ID = 0)
7:14 PM:   0000323b_435d81db_0003d090 (ID = 0)
7:14 PM:   00003d6c_43581537_0001e848 (ID = 0)
7:14 PM:   00002cd6_43581537_0002625a (ID = 0)
7:14 PM:   00002e40_435d8a61_000f0537 (ID = 0)
7:14 PM:   0000390c_4360492d_0007de29 (ID = 0)
7:14 PM:   00000bdb_43603eb5_0004c4b4 (ID = 0)
7:14 PM:   000012db_435bf309_000a037a (ID = 0)
7:14 PM:   000073da_435ef3b1_0003d090 (ID = 0)
7:14 PM:   00007ff5_436ce3fd_0001ab3f (ID = 0)
7:14 PM:   000041bb_436c0f64_000e1113 (ID = 0)
7:14 PM:   00004f68_435eed56_00081b32 (ID = 0)
7:14 PM:   00007ff5_436cfee0_00000000 (ID = 0)
7:14 PM:   00006b36_4358166c_000d59f8 (ID = 0)
7:14 PM:   00003b97_436d19ac_00094c5f (ID = 0)
7:14 PM:   00005878_436ce45e_000c28cb (ID = 0)
7:14 PM:   00006899_43604ec0_0000f424 (ID = 0)
7:14 PM:   00007e0e_436d1f2c_000d9701 (ID = 0)
7:14 PM:   0000409d_436ce5e3_000e1113 (ID = 0)
7:14 PM:   000006e3_436d1f33_000dd40a (ID = 0)
7:14 PM:   000058b0_435ef3b5_000c65d4 (ID = 0)
7:14 PM:   0000260d_436cff0c_000f0537 (ID = 0)
7:14 PM:   00005876_435eed56_0009c671 (ID = 0)
7:14 PM:   00001366_435d8a62_000d59f8 (ID = 0)
7:14 PM:   00004df2_435817cf_00094c5f (ID = 0)
7:14 PM:   00004b40_435eb343_000c28cb (ID = 0)
7:14 PM:   00004ae1_435bf0f3_00053ec6 (ID = 0)
7:14 PM:   000041bb_435f6d2e_0006acfc (ID = 0)
7:14 PM:   00005422_435d8b4c_0007de29 (ID = 0)
7:14 PM:   000066fa_435eed57_0001e848 (ID = 0)
7:14 PM:   00004823_435d59ac_000a037a (ID = 0)
7:14 PM:   00006784_435ea470_000aba95 (ID = 0)
7:14 PM:   00004ae1_436cc280_0003d090 (ID = 0)
7:14 PM:   00007049_435d8db6_0009c671 (ID = 0)
7:14 PM:   00007a5a_435f6d92_00081b32 (ID = 0)
7:14 PM:   000018be_435d59b3_0001ab3f (ID = 0)
7:14 PM:   00002213_43582424_00089544 (ID = 0)
7:14 PM:   00003cd5_43604ec0_000a037a (ID = 0)
7:14 PM:   0000314f_435d895b_0003d090 (ID = 0)
7:14 PM:   00000099_435d6845_000e8b25 (ID = 0)
7:14 PM:   00003a61_436d07dc_000aba95 (ID = 0)
7:14 PM:   00000f3e_435bf33a_00057bcf (ID = 0)
7:14 PM:   000026a6_436004b3_0005f5e1 (ID = 0)
7:14 PM:   00001238_4360395d_00053ec6 (ID = 0)
7:14 PM:   000001eb_435ef033_000a7d8c (ID = 0)
7:14 PM:   000022cd_436d07dd_0005f5e1 (ID = 0)
7:14 PM:   00006172_435ef4f4_00022551 (ID = 0)
7:14 PM:   00000fbf_435ef464_00022551 (ID = 0)
7:14 PM:   00004027_436d19b1_000e1113 (ID = 0)
7:14 PM:   0000767d_435f6d92_00090f56 (ID = 0)
7:15 PM:   00003b25_43582393_0000f424 (ID = 0)
7:15 PM:   00000f3e_4360492d_000b34a7 (ID = 0)
7:15 PM:   0000759a_43604bbe_000b71b0 (ID = 0)
7:15 PM:   00000099_436ccca5_000bebc2 (ID = 0)
7:15 PM:   000049bb_435eed5d_0002dc6c (ID = 0)
7:15 PM:   0000260d_4358242b_00029f63 (ID = 0)
7:15 PM:   00004509_435f6d92_000aba95 (ID = 0)
7:15 PM:   pstatl.exe (ID = 0)
7:15 PM:   0000153c_436cca3c_00076417 (ID = 0)
7:15 PM:   00003b25_4360395d_0008d24d (ID = 0)
7:15 PM:   00007dd1_436d07dd_0006ea05 (ID = 0)
7:15 PM:   000026e9_435f6d2e_000a4083 (ID = 0)
7:15 PM:   000069d0_436d19e9_0003567e (ID = 0)
7:15 PM:   0000261e_436d07dd_00081b32 (ID = 0)
7:15 PM:   00006f11_435eed5d_00040d99 (ID = 0)
7:15 PM:   0000759a_435d8234_00003d09 (ID = 0)
7:15 PM:   000046c2_436d1c72_000cdfe6 (ID = 0)
7:15 PM:   00001649_436c0f61_0006acfc (ID = 0)
7:15 PM:   00006b89_435815d3_00040d99 (ID = 0)
7:15 PM:   0000412f_436d1bc9_00066ff3 (ID = 0)
7:15 PM:   00006b72_435ef4f4_00029f63 (ID = 0)
7:15 PM:   00005f90_435bf2c2_00003d09 (ID = 0)
7:15 PM:   00000bb3_435c0d3d_00057bcf (ID = 0)
7:15 PM:   0000798b_43581859_0004c4b4 (ID = 0)
7:15 PM:   00003ef6_435d8b4c_00089544 (ID = 0)
7:15 PM:   00002db5_436d1c72_000dd40a (ID = 0)
7:15 PM:   00001ad4_435ef15d_0000f424 (ID = 0)
7:15 PM:   00002cd6_436cc28b_000ec82e (ID = 0)
7:15 PM:   00000902_435ef3db_00094c5f (ID = 0)
7:15 PM:   00007a54_436d1c72_000e8b25 (ID = 0)
7:15 PM:   00000124_436ccca5_000d1cef (ID = 0)
7:15 PM:   00006784_435d6427_000a4083 (ID = 0)
7:15 PM:   00005e9d_436d07e4_000d9701 (ID = 0)
7:15 PM:   00000bb3_435ef053_0005b8d8 (ID = 0)
7:15 PM:   00001643_435eef05_000dd40a (ID = 0)
7:15 PM:   00002ea6_435c0d3e_0001e848 (ID = 0)
7:15 PM:   00006032_4358182c_0003567e (ID = 0)
7:15 PM:   00007eb7_435ef302_00090f56 (ID = 0)
7:15 PM:   00000099_435bf33a_00098968 (ID = 0)
7:15 PM:   00004d06_436cccc0_000aba95 (ID = 0)
7:15 PM:   0000489c_436d07e5_0004c4b4 (ID = 0)
7:15 PM:   00003a9e_435816c1_00090f56 (ID = 0)
7:15 PM:   00001916_436d07e5_0006ea05 (ID = 0)
7:15 PM:   000013e9_43604ec1_000d9701 (ID = 0)
7:15 PM:   00004080_43604ec1_000e4e1c (ID = 0)
7:15 PM:   00006b89_4358242d_00029f63 (ID = 0)
7:15 PM:   000074ad_435eed5d_0005f5e1 (ID = 0)
7:15 PM:   0000759a_43582514_0001e848 (ID = 0)
7:15 PM:   00001e1f_4358239a_00022551 (ID = 0)
7:15 PM:   00002d12_435ef110_0009c671 (ID = 0)
7:15 PM:   00004db7_436cccc1_00057bcf (ID = 0)
7:15 PM:   0000030a_4358242d_00057bcf (ID = 0)
7:15 PM:   000066bb_436ce27c_000a4083 (ID = 0)
7:15 PM:   00000975_436d0f14_000e1113 (ID = 0)
7:15 PM:   00004eae_435eed66_000a4083 (ID = 0)
7:15 PM:   000039ce_436d179a_0008d24d (ID = 0)
7:15 PM:   00005991_435d8b60_00040d99 (ID = 0)
7:15 PM:   0000368e_436d0793_000c28cb (ID = 0)
7:15 PM:   00004944_436d0203_000d9701 (ID = 0)
7:15 PM:   000053b1_436d1a54_0003d090 (ID = 0)
7:15 PM:   00002350_43582518_000632ea (ID = 0)
7:15 PM:   000072ae_436cc29b_0005b8d8 (ID = 0)
7:15 PM:   0000366b_435817f9_000b34a7 (ID = 0)
7:16 PM:   00000607_436d1f8d_000dd40a (ID = 0)
7:16 PM:   00001cd0_435d8ae2_000b71b0 (ID = 0)
7:16 PM:   00007e87_435eb0d3_000a4083 (ID = 0)
7:16 PM:   00006df1_435eb091_0006acfc (ID = 0)
7:16 PM:   000001eb_4358154a_0008583b (ID = 0)
7:16 PM:   00005d24_435eed66_000bebc2 (ID = 0)
7:16 PM:   00004dc8_435ef115_000f0537 (ID = 0)
7:16 PM:   000050bf_436d1c73_00016e36 (ID = 0)
7:16 PM:   000001e1_436d1e14_000e1113 (ID = 0)
7:16 PM:   0000153c_435bf16d_00053ec6 (ID = 0)
7:16 PM:   00004080_435818ee_0002625a (ID = 0)
7:16 PM:   000058b0_4358187c_00094c5f (ID = 0)
7:16 PM:   00001e1f_4360395d_000baeb9 (ID = 0)
7:16 PM:   00000099_43604930_000c28cb (ID = 0)
7:16 PM:   00001547_43602b12_00031975 (ID = 0)
7:16 PM:   0000428b_436cfdc2_0007a120 (ID = 0)
7:16 PM:   000022ee_43582520_00044aa2 (ID = 0)
7:16 PM:   00001649_435bf14b_000c65d4 (ID = 0)
7:16 PM:   00006df1_436c0f61_000a4083 (ID = 0)
7:16 PM:   0000440d_435d685a_0006ea05 (ID = 0)
7:16 PM:   00003492_435eeab4_00016e36 (ID = 0)
7:16 PM:   00002e40_436d0210_00081b32 (ID = 0)
7:16 PM:   0000440d_435ef0af_0002dc6c (ID = 0)
7:16 PM:   00002d12_435d686e_0003d090 (ID = 0)
7:16 PM:   00004509_435d69dc_000e1113 (ID = 0)
7:16 PM:   00000124_435bf33a_000ca2dd (ID = 0)
7:16 PM:   000041bb_435eb09b_000a4083 (ID = 0)
7:16 PM:   00002213_43600525_000aba95 (ID = 0)
7:16 PM:   00006e5d_4358239b_000cdfe6 (ID = 0)
7:16 PM:   000054de_43602b12_0005f5e1 (ID = 0)
7:16 PM:   00005d03_436ce2e7_000d9701 (ID = 0)
7:16 PM:   000039b3_43602b12_000aba95 (ID = 0)
7:16 PM:   00005d03_436004b6_000cdfe6 (ID = 0)
7:16 PM:   000026a6_435ef134_00031975 (ID = 0)
7:16 PM:   00004ae1_436c0ee2_000c28cb (ID = 0)
7:16 PM:   00000ddc_436005fc_000d1cef (ID = 0)
7:16 PM:   00007a5a_435bf49d_000d9701 (ID = 0)
7:16 PM:   00004cad_435eb391_0008583b (ID = 0)
7:16 PM:   0000293b_436d1a64_00066ff3 (ID = 0)
7:16 PM:   00003bf6_436d003f_000aba95 (ID = 0)
7:16 PM:   00005f90_435d65a0_000b71b0 (ID = 0)
7:16 PM:   00007049_435818b1_0008583b (ID = 0)
7:16 PM:   00006e5d_436004e7_0005f5e1 (ID = 0)
7:16 PM:   0000047e_435ef482_0001e848 (ID = 0)
7:16 PM:   00000677_43581a28_000f0537 (ID = 0)
7:16 PM:   0000305e_435bf33d_00007a12 (ID = 0)
7:16 PM:   00007e87_435bf16d_000d1cef (ID = 0)
7:16 PM:   00003e12_43600575_00044aa2 (ID = 0)
7:16 PM:   00001366_436d0218_000f0537 (ID = 0)
7:16 PM:   00004823_435eb047_000bebc2 (ID = 0)
7:16 PM:   00005f49_436005f3_000d9701 (ID = 0)
7:16 PM:   0000692c_435818be_0000b71b (ID = 0)
7:16 PM:   000039b3_43600499_000501bd (ID = 0)
7:16 PM:   00004d06_435bf3ed_00066ff3 (ID = 0)
7:16 PM:   00005f90_435ef009_00076417 (ID = 0)
7:16 PM:   00007ac2_436d19ec_00057bcf (ID = 0)
7:16 PM:   00000029_435bf25d_00076417 (ID = 0)
7:17 PM:   000030f1_436d1be2_00053ec6 (ID = 0)
7:17 PM:   00000099_43600463_00040d99 (ID = 0)
7:17 PM:   000060bf_435818fe_000a7d8c (ID = 0)
7:17 PM:   0000489c_43581991_00016e36 (ID = 0)
7:17 PM:   00005fa4_435ef55d_000501bd (ID = 0)
7:17 PM:   00004823_435bf25d_00081b32 (ID = 0)
7:17 PM:   000015a1_435ef31c_00089544 (ID = 0)
7:17 PM:   0000030a_435ef1eb_0002625a (ID = 0)
7:17 PM:   0000422d_43581938_0006acfc (ID = 0)
7:17 PM:   000026ca_43581891_0002dc6c (ID = 0)
7:17 PM:   000054de_435bf422_000a4083 (ID = 0)
7:17 PM:   00004328_436d1f3e_000af79e (ID = 0)
7:17 PM:   00005af1_436c0f61_000b34a7 (ID = 0)
7:17 PM:   0000458f_436d0f0d_00022551 (ID = 0)
7:17 PM:   00003bb1_436d17a1_000ca2dd (ID = 0)
7:17 PM:   00006e5d_435eb204_00044aa2 (ID = 0)
7:17 PM:   00005c67_43581908_000a037a (ID = 0)
7:17 PM:   00006bfc_436004ed_000baeb9 (ID = 0)
7:17 PM:   00002c3b_435ef318_0002dc6c (ID = 0)
7:17 PM:   00003cd6_4358190d_0002625a (ID = 0)
7:17 PM:   00004dc8_4360049b_000e8b25 (ID = 0)
7:17 PM:   00000c1e_436d1f3f_000e8b25 (ID = 0)
7:17 PM:   0000491c_435bf3d9_0003d090 (ID = 0)
7:17 PM:   00001cd0_436d0228_000d1cef (ID = 0)
7:17 PM:   00001ad4_436004e8_000e1113 (ID = 0)
7:17 PM:   00001ad4_435eb206_0001312d (ID = 0)
7:17 PM:   0000797d_435ef264_0001ab3f (ID = 0)
7:17 PM:   00006443_4360049c_000632ea (ID = 0)
7:17 PM:   00002ea6_435eb0c9_00081b32 (ID = 0)
7:17 PM:   000022ee_435eb33f_0000b71b (ID = 0)
7:17 PM:   00002120_436d1f40_0000f424 (ID = 0)
7:17 PM:   0000422d_435ef488_0008583b (ID = 0)
7:17 PM:   00003c61_435ef4bd_000af79e (ID = 0)
7:17 PM:   00005db2_435ef439_00057bcf (ID = 0)
7:17 PM:   00000732_43600536_0006acfc (ID = 0)
7:17 PM:   00001238_435bf4a1_0005b8d8 (ID = 0)
7:17 PM:   00006172_43581996_000b34a7 (ID = 0)
7:17 PM:   000026e9_435ef01c_0007a120 (ID = 0)
7:17 PM:   00001796_436d17da_00016e36 (ID = 0)
7:17 PM:   00004e55_436d1d6a_00031975 (ID = 0)
7:17 PM:   00004402_43581a2d_0007de29 (ID = 0)
7:17 PM:   00006032_435ef305_0001ab3f (ID = 0)
7:17 PM:   0000458f_435ef61a_000d1cef (ID = 0)
7:17 PM:   00000784_436d1fb5_000487ab (ID = 0)
7:17 PM:   00001030_436d1e19_000af79e (ID = 0)
7:17 PM:   00006b36_435eb352_0004c4b4 (ID = 0)
7:17 PM:   00000975_435ef639_0007270e (ID = 0)
7:17 PM:   0000721d_436d1f40_0003567e (ID = 0)
7:17 PM:   00002ea6_435ef074_000c65d4 (ID = 0)
7:17 PM:   00003e12_435eb36b_000b34a7 (ID = 0)
7:17 PM:   00005991_435eb41a_00081b32 (ID = 0)
7:18 PM:   00007eb7_435eb3ce_00007a12 (ID = 0)
7:18 PM:   00003f97_436d1bc3_00000000 (ID = 0)
7:18 PM:   0000798b_435ef35f_000a7d8c (ID = 0)
7:18 PM:   0000305e_4358155f_000b34a7 (ID = 0)
7:18 PM:   00007bb9_435818b0_0001e848 (ID = 0)
7:18 PM:   00001d11_436d1b18_000a7d8c (ID = 0)
7:18 PM:   000001eb_435f6d3b_0001ab3f (ID = 0)
7:18 PM:   00004c85_436d17a3_000ca2dd (ID = 0)
7:18 PM:   0000513e_436d17a3_000ec82e (ID = 0)
7:18 PM:   00000120_43600538_000aba95 (ID = 0)
7:18 PM:   00000de5_435eef21_00053ec6 (ID = 0)
7:18 PM:   00006b89_435eb2b1_000501bd (ID = 0)
7:18 PM:   00006b28_436d2038_0001e848 (ID = 0)
7:18 PM:   00006b36_436ce461_00003d09 (ID = 0)
7:18 PM:   000012db_436c0f83_000c28cb (ID = 0)
7:18 PM:   000066c4_43581800_000f0537 (ID = 0)
7:18 PM:   00002d12_43602b18_00031975 (ID = 0)
7:18 PM:   0000759a_43600538_000f0537 (ID = 0)
7:18 PM:   00007b44_435ef66d_0004c4b4 (ID = 0)
7:18 PM:   00007bb9_435ef3df_000dd40a (ID = 0)
7:18 PM:   00005cfd_4358166e_000cdfe6 (ID = 0)
7:18 PM:   00007049_435ef3fd_00090f56 (ID = 0)
7:18 PM:   0000513e_435ef7e3_00000000 (ID = 0)
7:18 PM:   00006e5d_435815a6_00066ff3 (ID = 0)
7:18 PM:   0000409d_435d8b60_0006ea05 (ID = 0)
7:18 PM:   00006fc9_436d19ed_000e4e1c (ID = 0)
7:18 PM:   00005cfd_436cffd4_00081b32 (ID = 0)
7:18 PM:   00001ad4_4358239e_000f0537 (ID = 0)
7:18 PM:   00000d66_436d0795_0008583b (ID = 0)
7:18 PM:   00004db7_435ef0b8_00003d09 (ID = 0)
7:18 PM:   00004b40_43582525_000f0537 (ID = 0)
7:18 PM:   000015a1_435eb3f8_0003d090 (ID = 0)
7:18 PM:   00004a80_435d8e05_0001312d (ID = 0)
7:18 PM:   00002059_436d0e53_0009c671 (ID = 0)
7:18 PM:   0000409d_43604dbd_0000b71b (ID = 0)
7:18 PM:   0000187e_435d8e05_0002dc6c (ID = 0)
7:18 PM:   000012e1_43604dbd_0001312d (ID = 0)
7:18 PM:   00007e87_435bf32c_00057bcf (ID = 0)
7:18 PM:   00001ad4_43603964_00003d09 (ID = 0)
7:18 PM:   0000368e_43581943_00040d99 (ID = 0)
7:18 PM:   0000074d_43602b19_00007a12 (ID = 0)
7:18 PM:   00006899_435818d4_000ca2dd (ID = 0)
7:18 PM:   00005ccd_436d19f2_000c65d4 (ID = 0)
7:18 PM:   000071f0_435ef4fe_0005f5e1 (ID = 0)
7:18 PM:   00004a80_435ef40f_00039387 (ID = 0)
7:18 PM:   000054dc_435ef491_0006ea05 (ID = 0)
7:18 PM:   0000368e_435ef491_000c28cb (ID = 0)
7:18 PM:   00002c49_435ef4b7_000aba95 (ID = 0)
7:18 PM:   00002fff_435ef4bd_000e4e1c (ID = 0)
7:18 PM:   000032e6_435ef4fa_000e4e1c (ID = 0)
7:18 PM:   00006c69_435ef4c2_00040d99 (ID = 0)
7:18 PM:   00006df1_435bf151_00016e36 (ID = 0)
7:18 PM:   0000314f_435eb393_000d1cef (ID = 0)
7:18 PM:   00001649_435bf2c4_0008583b (ID = 0)
7:18 PM:   00006df1_435ef00e_00098968 (ID = 0)
7:19 PM:   00004461_436d203d_0009c671 (ID = 0)
7:19 PM:   00004509_435bf4a0_0006acfc (ID = 0)
7:19 PM:   000063cb_4358239f_00000000 (ID = 0)
7:19 PM:   data.bin (ID = 0)
7:19 PM:   wifmmc.exe (ID = 0)
7:19 PM:   pxdtedit.exe (ID = 0)
7:19 PM:   00007983_435ef4a8_0007a120 (ID = 0)
7:19 PM:   00000822_435ef338_00022551 (ID = 0)
7:19 PM:   000056ae_435ef1eb_000b34a7 (ID = 0)
7:19 PM:   0000491c_435d685b_0001312d (ID = 0)
7:19 PM:   00004230_436ce590_000501bd (ID = 0)
7:19 PM:   0000798b_43604dbd_0001e848 (ID = 0)
7:19 PM:   00004dc8_43602b19_0001e848 (ID = 0)
7:19 PM:   0000798b_435d8b69_0001312d (ID = 0)
7:19 PM:   00002213_435d81db_0009c671 (ID = 0)
7:19 PM:   00004df2_435d8969_0006acfc (ID = 0)
7:19 PM:   00005878_43582552_00031975 (ID = 0)
7:19 PM:   0000121f_435d8b75_0000b71b (ID = 0)
7:19 PM:   00000029_435eef3d_0005b8d8 (ID = 0)
7:19 PM:   00001649_435eb08d_00089544 (ID = 0)
7:19 PM:   000060bf_435ef457_000bebc2 (ID = 0)
7:19 PM:   000012db_4360035f_000ca2dd (ID = 0)
7:19 PM:   0000305e_4360caa8_000cdfe6 (ID = 0)
7:19 PM:   00007983_436d079a_00000000 (ID = 0)
7:19 PM:   00007e87_436ccca1_0007270e (ID = 0)
7:19 PM:   00006e5d_436ce36b_000d1cef (ID = 0)
7:19 PM:   00005af1_435bf162_0001ab3f (ID = 0)
7:19 PM:   0000121f_43604dbd_00090f56 (ID = 0)
7:19 PM:   00003e12_436cffdd_00007a12 (ID = 0)
7:19 PM:   00006df1_4358153f_00003d09 (ID = 0)
7:19 PM:   0000252a_436d0f4a_000bebc2 (ID = 0)
7:19 PM:   0000767d_436004cd_000501bd (ID = 0)
7:19 PM:   00005991_4358183b_00039387 (ID = 0)
7:19 PM:   00002528_436d1b4a_0002625a (ID = 0)
7:19 PM:   00000f3e_435ef085_0001ab3f (ID = 0)
7:19 PM:   0000153c_436c0f84_00081b32 (ID = 0)
7:19 PM:   0000494a_435ef50f_00031975 (ID = 0)
7:19 PM:   00000677_435ef511_000b71b0 (ID = 0)
7:19 PM:   00006be8_435ef518_000c65d4 (ID = 0)
7:19 PM:   0000542c_435ef51b_00066ff3 (ID = 0)
7:19 PM:   00002059_435ef581_000d1cef (ID = 0)
7:19 PM:   000037e6_435ef64a_0006acfc (ID = 0)
7:19 PM:   000023c9_435ef44e_00039387 (ID = 0)
7:19 PM:   000007cf_435ef59b_00039387 (ID = 0)
7:19 PM:   000019d9_435ef653_0008583b (ID = 0)
7:19 PM:   00006bcb_435ef526_00089544 (ID = 0)
7:19 PM:   0000390c_435eb0d8_00089544 (ID = 0)
7:19 PM:   00005422_435eb3fa_00057bcf (ID = 0)
7:19 PM:   000049f7_436d0f4f_0007de29 (ID = 0)
7:19 PM:   00001238_436004e2_00000000 (ID = 0)
7:19 PM:   00005af1_435ef011_00076417 (ID = 0)
7:19 PM:   0000494a_43581a24_000c28cb (ID = 0)
7:19 PM:   00005af1_435d65ae_000e1113 (ID = 0)
7:19 PM:   000075ef_435ef4ad_0009c671 (ID = 0)
7:19 PM:   00005753_435ef451_000d9701 (ID = 0)
7:19 PM:   00004823_435d656d_0003d090 (ID = 0)
7:19 PM:   00005cfd_43600563_0007270e (ID = 0)
7:19 PM:   0000366b_436d022f_0000f424 (ID = 0)
7:19 PM:   000041bb_435ef014_0002dc6c (ID = 0)
7:20 PM:   000026a6_435eb1a3_00094c5f (ID = 0)
7:20 PM:   00007f96_435eb231_00053ec6 (ID = 0)
7:20 PM:   000039b3_435bf425_000aba95 (ID = 0)
7:20 PM:   0000187e_435ef412_000d59f8 (ID = 0)
7:20 PM:   00005fa4_436d0e40_0003d090 (ID = 0)
7:20 PM:   00002668_436d19fe_00000000 (ID = 0)
7:20 PM:   0000153c_435eb0d0_000b34a7 (ID = 0)
7:20 PM:   000066bb_435ef120_000e8b25 (ID = 0)
7:20 PM:   00007ff5_435eb23e_0001ab3f (ID = 0)
7:20 PM:   0000390c_435bf338_00090f56 (ID = 0)
7:20 PM:   00003b25_435bf4a6_00031975 (ID = 0)
7:20 PM:   000063cb_43603964_0001312d (ID = 0)
7:20 PM:   000037e6_436d0f17_0004c4b4 (ID = 0)
7:20 PM:   000016c5_435d8e05_00066ff3 (ID = 0)
7:20 PM:   0000701f_435eb1a5_0007270e (ID = 0)
7:20 PM:   00002d12_435bf1da_000aba95 (ID = 0)
7:20 PM:   000073da_435d8b75_0006ea05 (ID = 0)
7:20 PM:   000026e9_435bf165_000d1cef (ID = 0)
7:20 PM:   000078d4_436d1a00_00031975 (ID = 0)
7:20 PM:   00006443_43602b19_00081b32 (ID = 0)
7:20 PM:   00003cd5_435818e7_0007de29 (ID = 0)
7:20 PM:   00000124_435ef08c_0000b71b (ID = 0)
7:20 PM:   00004e45_435eb246_000d1cef (ID = 0)
7:20 PM:   00006df1_435bf2dd_000632ea (ID = 0)
7:20 PM:   0000440d_435bf18b_0006acfc (ID = 0)
7:20 PM:   00005db2_435818f5_0007270e (ID = 0)
7:20 PM:   00002d12_435bf444_000e4e1c (ID = 0)
7:20 PM:   000041bb_435bf2de_00029f63 (ID = 0)
7:20 PM:   00005af1_435bf2dd_0006acfc (ID = 0)
7:20 PM:   0000428b_436ce2a3_0002625a (ID = 0)
7:20 PM:   00005753_436d075c_00089544 (ID = 0)
7:20 PM:   00001547_436cccc2_0007de29 (ID = 0)
7:20 PM:   000054de_436cccc2_0009c671 (ID = 0)
7:20 PM:   000039b3_436cccc2_000baeb9 (ID = 0)
7:20 PM:   00006a15_436d17aa_00016e36 (ID = 0)
7:20 PM:   00001049_436d1a04_000aba95 (ID = 0)
7:20 PM:   00004e45_435815b8_0002dc6c (ID = 0)
7:20 PM:   0000086a_436d1a08_00031975 (ID = 0)
7:20 PM:   000018d7_436d0d07_000dd40a (ID = 0)
7:20 PM:   00006d69_436d17a4_000c28cb (ID = 0)
7:20 PM:   00006032_436ce590_00098968 (ID = 0)
7:20 PM:   00006479_436d1a1f_0001312d (ID = 0)
7:20 PM:   00002d12_436cccc2_000c28cb (ID = 0)
7:20 PM:   00007a5a_436cfe25_0007270e (ID = 0)
7:20 PM:   00004ff8_436d17b2_0008d24d (ID = 0)
7:20 PM:   00003b25_436cfe76_00094c5f (ID = 0)
7:20 PM:   00004325_436d1a26_0008583b (ID = 0)
7:20 PM:   00005c46_436d17b9_0000f424 (ID = 0)
7:20 PM:   000026e9_435bf2e0_00039387 (ID = 0)
7:20 PM:   00003295_436d1c47_000dd40a (ID = 0)
7:20 PM:   00004e45_436004f5_000f0537 (ID = 0)
7:20 PM:   00005878_435ef24d_000632ea (ID = 0)
7:20 PM:   00000f3e_435bf17b_000a7d8c (ID = 0)
7:20 PM:   00001e1f_435bf4bf_00003d09 (ID = 0)
7:20 PM:   00006b89_435d81e1_0005f5e1 (ID = 0)
7:20 PM:   00002b00_436d14f1_00081b32 (ID = 0)
7:20 PM:   00005f90_4360cc73_000e4e1c (ID = 0)
7:20 PM:   0000139d_436ce6f3_00094c5f (ID = 0)
7:20 PM:   ai_05-11-2005.log (ID = 0)
7:20 PM:   00004823_435c0d2f_000cdfe6 (ID = 0)
7:20 PM:   000018be_435c0d32_00040d99 (ID = 0)
7:20 PM:   00003d6c_435c0d34_0007de29 (ID = 0)
7:20 PM:   00002cd6_435c0d34_000a7d8c (ID = 0)
7:21 PM:   000072ae_435c0d35_000487ab (ID = 0)
7:21 PM:   00003d6c_436cc280_000487ab (ID = 0)
7:21 PM:   00006952_436cc29d_00031975 (ID = 0)
7:21 PM:   00000902_436d06dc_0005f5e1 (ID = 0)
7:21 PM:   00005af1_436cc2a6_0005b8d8 (ID = 0)
7:21 PM:   0000323b_4360cf5e_00057bcf (ID = 0)
7:21 PM:   000041bb_435c0d37_0002625a (ID = 0)
7:21 PM:   ai_30-10-2005.log (ID = 0)
7:21 PM:   00004a80_436d0725_0002625a (ID = 0)
7:21 PM:   0000187e_436d0725_0009c671 (ID = 0)
7:21 PM:   000016c5_436d073a_00000000 (ID = 0)
7:21 PM:   00006899_436d073f_000d59f8 (ID = 0)
7:21 PM:   000013e9_436d0746_00003d09 (ID = 0)
7:21 PM:   0000470e_436d17ec_000d1cef (ID = 0)
7:21 PM:   000033ea_436d0752_000487ab (ID = 0)
7:21 PM:   000001eb_435c0d39_0008d24d (ID = 0)
7:21 PM:   0000314f_436007fd_000501bd (ID = 0)
7:21 PM:   00005e14_436007fd_000632ea (ID = 0)
7:21 PM:   00004df2_436007fd_0006acfc (ID = 0)
7:21 PM:   00004944_436007fd_00081b32 (ID = 0)
7:21 PM:   00001cd0_436007fd_000d9701 (ID = 0)
7:21 PM:   0000366b_436007fd_000e1113 (ID = 0)
7:21 PM:   000066c4_436007fd_000e8b25 (ID = 0)
7:21 PM:   00003d6c_435821cf_000aba95 (ID = 0)
7:21 PM:   00002cd6_435821d0_00000000 (ID = 0)
7:21 PM:   00000f3e_436ccca5_0003d090 (ID = 0)
7:21 PM:   00001649_435821e6_00057bcf (ID = 0)
7:21 PM:   0000074d_436cccc3_00053ec6 (ID = 0)
7:21 PM:   00007f4f_436d0cc2_00031975 (ID = 0)
7:21 PM:   00004402_436d0cfc_00090f56 (ID = 0)
7:21 PM:   00007e87_43582256_00022551 (ID = 0)
7:21 PM:   00000099_43582262_0002dc6c (ID = 0)
7:21 PM:   00003960_436d1997_000a7d8c (ID = 0)
7:21 PM:   00003459_436d1997_000b71b0 (ID = 0)
7:21 PM:   0000074d_435822d0_000d59f8 (ID = 0)
7:21 PM:   ai_31-10-2005.log (ID = 0)
7:21 PM:   00006784_4366cbb7_000b71b0 (ID = 0)
7:21 PM:   ai_04-11-2005.log (ID = 0)
7:21 PM:   0000409d_435ec70f_0008d24d (ID = 0)
7:21 PM:   00004e45_436ce3fd_00044aa2 (ID = 0)
7:21 PM:   00006b89_436ce44f_0005b8d8 (ID = 0)
7:21 PM:   0000798b_435ec71b_000487ab (ID = 0)
7:21 PM:   00004e45_435823f3_0003567e (ID = 0)
7:21 PM:   0000323b_435823f3_00039387 (ID = 0)
7:21 PM:   0000301c_4358242d_0007a120 (ID = 0)
7:21 PM:   0000121f_435ec71b_00057bcf (ID = 0)
7:21 PM:   000073da_435ec71b_000632ea (ID = 0)
7:21 PM:   00000bdb_436ce450_00057bcf (ID = 0)
7:21 PM:   000058b0_435ec71b_0006acfc (ID = 0)
7:21 PM:   00000120_436ce450_000a4083 (ID = 0)
7:23 PM: File Sweep Complete, Elapsed Time: 00:41:39
7:23 PM: Full Sweep has completed.  Elapsed time 00:44:46
7:23 PM: Traces Found: 1802
7:25 PM: Removal process initiated
7:25 PM:   Quarantining All Traces: cws-aboutblank
7:25 PM:   Quarantining All Traces: apropos
7:25 PM:   apropos is in use.  It will be removed on reboot.
7:25 PM:     wingenerics.dll is in use.  It will be removed on reboot.
7:25 PM:   Quarantining All Traces: internetoptimizer
7:25 PM:   Quarantining All Traces: dealhelper
7:25 PM:   Quarantining All Traces: ezula ilookup
7:25 PM:   Quarantining All Traces: ist yoursitebar
7:25 PM:   Quarantining All Traces: powerscan
7:25 PM:   Quarantining All Traces: quicklink search toolbar
7:25 PM:   Quarantining All Traces: surf accuracy
7:25 PM:   Quarantining All Traces: reliablestats cookie
7:26 PM: Removal process completed.  Elapsed time 00:00:53
********

[guestolo]

I'll post this again in case you missed it  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe
Save it to your desktop but do NOT run it yet.

Reboot into safe mode
Once in safe mode

Double-click aproposfix.exe and unzip it to the desktop.  Open the aproposfix folder on your desktop and run RunThis.bat.  Follow the prompts.

When the tool is finished, please reboot back into normal mode

Post the entire contents of the log.txt file in the aproposfix folder.
Could I see another hijackthis log too, thanks

[nunya53]

Thanks.

Actually, I had to run out for a few minutes...getting ready to do it now.

Jerry

[nunya53]

I think I am up to speed.

Here is the Aproposfix log:


Log of AproposFix v1
 
************
 
Running from directory:  
C:\Documents and Settings\user\Desktop\Spyware Software\aproposfix\aproposfix
 
************
 
Registry entries found:
 
[HKEY_LOCAL_MACHINE\Software\CtiS6A25Zg5m]
@="9NILgpSWXXWXXYX6 S5D_L1WXXWmZX2sxny2.XOUOPAIdcX9NERANOXIOLKPI9IYOUO"
"Device"="\\\\.\\aQwZh_pV"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\mspotmdm.sys"
"DriverName"="drmp6Fw"
"HideUninstallerName"="C:\\Program Files\\Musffice\\wifmmc.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\netclr40.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{7AA7033B-47BA-4244-A688-EE8A465B114B}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\odperfos.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xccbb153-4fe1-16a9-e1b9-297dd8f6ad09}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Musffice\\pstatl.exe"
 
************
 
Removing hidden service:
Service drmp6Fw removed.
 
Removing hidden folder:
Deletion of folder Musffice succeeded!
 
Deleting files:
 
Deletion of file C:\WINDOWS\system32\drivers\mspotmdm.sys succeeded!
Deletion of file C:\WINDOWS\system32\pxdtedit.exe succeeded!
Deletion of file C:\WINDOWS\system32\odperfos.dll succeeded!
Deletion of file C:\WINDOWS\system32\netclr40.exe succeeded!
 
Backing up files:
Done!
 
Removing registry entries:
 
REGEDIT4
 
[-HKEY_CURRENT_USER\Software\CtiS6A25Zg5m]
[-HKEY_LOCAL_MACHINE\Software\CtiS6A25Zg5m]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7AA7033B-47BA-4244-A688-EE8A465B114B}]
 
Done!
 
Finished!


And here is the Hijackthis log I ran after Aproposfix:



Logfile of HijackThis v1.99.1
Scan saved at 7:19:08 PM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/check/netset/install/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



I hope this does the trick.

Guestolo,

Many thanks for this help.  I'm sure you have a life and I appreciate your taking the time to help an idiot like me.

Jerry

[guestolo]

Your definitely no idiot, you stuck in there and did good  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Can you do the following for some final cleanup

If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2

Hold onto SpySweeper till the expiration if your running the trial version
Afterwards, if you want to uninstall it shut it down by right clicking the icon and then uninstall it

I hope your running Spybot 1.4
Also use the immunize feature, Click on Immunize>>OK>>Immunize in the top bar
Do this after every update

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />