wife d/l programs to fix probs like freezing,slow processing,like error nuker and ended up with 2 extra tool bars and extras in favorites...NOT happy.seem to have a search feature in min32 file "azesearch2.ocx"...will not let me remove and "google" has been hijacked by this..does not fuction like it should...did log file..please be patient with me as im not highly pc literate..
thanx in advance and feel free to email m personally
Cmor.....
<?xml version = "1.0"?>
<Session START = "07 Apr 05 06:21:31" END = "07 Apr 05 06:23:58">
<Information Version = "4.10" DatabaseVersion = "73" DataBaseDate = "07 April 2005"/>
<Information OS = "Win XP"/>
<Information ServicePack = ""/>
<Information WorkingDirectory = "C:\Program Files\XoftSpy\"/>
<Information Option = "AdvSpyware Scan" State = "ON"/>
<Information Option = "Scan IE Favorites" State = "ON"/>
<Information Option = "Scan Host Files" State = "ON"/>
<Information Option = "Scan Drives" State = "ON"/>
<Information Option = "Do Not Scan Executables" State = "OFF"/>
<Information Option = "Scan Registry" State = "ON"/>
<Information Option = "Scan Active Processes" State = "ON"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "MyWebSearch Email Plugin" Data = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"/>
<Information Value = "msnmsgr" Data = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background"/>
<Information Value = "IncrediMail" Data = "C:\Program Files\IncrediMail\bin\IncMail.exe /c"/>
<Information Value = "rwum" Data = "C:\PROGRA~1\COMMON~1\rwum\rwumm.exe"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "NoUpdateCheck" Data = ""/>
<Information Value = "NoJITSetup" Data = ""/>
<Information Value = "Disable Script Debugger" Data = "yes"/>
<Information Value = "Show_ChannelBand" Data = "No"/>
<Information Value = "Anchor Underline" Data = "yes"/>
<Information Value = "Cache_Update_Frequency" Data = "Once_Per_Session"/>
<Information Value = "Display Inline Images" Data = "yes"/>
<Information Value = "Do404Search" Data = ""/>
<Information Value = "Local Page" Data = "C:\WINDOWS\System32\blank.htm"/>
<Information Value = "Save_Session_History_On_Exit" Data = "no"/>
<Information Value = "Show_FullURL" Data = "no"/>
<Information Value = "Show_StatusBar" Data = "yes"/>
<Information Value = "Show_ToolBar" Data = "yes"/>
<Information Value = "Show_URLinStatusBar" Data = "yes"/>
<Information Value = "Show_URLToolBar" Data = "yes"/>
<Information Value = "Start Page" Data = "http://www.optusnet.com.au/"/>
<Information Value = "Use_DlgBox_Colors" Data = "yes"/>
<Information Value = "Search Page" Data = "http://www.microsoft...&ar=iesearch"/>
<Information Value = "Check_Associations" Data = "yes"/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "Window_Placement" Data = ","/>
<Information Value = "Expand Alt Text" Data = "no"/>
<Information Value = "Move System Caret" Data = "no"/>
<Information Value = "NscSingleExpand" Data = ""/>
<Information Value = "Error Dlg Displayed On Every Error" Data = "no"/>
<Information Value = "NoWebJITSetup" Data = ""/>
<Information Value = "Page_Transitions" Data = ""/>
<Information Value = "FavIntelliMenus" Data = "no"/>
<Information Value = "Enable Browser Extensions" Data = "yes"/>
<Information Value = "UseThemes" Data = ""/>
<Information Value = "Force Offscreen Composition" Data = ""/>
<Information Value = "NotifyDownloadComplete" Data = "yes"/>
<Information Value = "AllowWindowReuse" Data = ""/>
<Information Value = "Friendly http errors" Data = "no"/>
<Information Value = "ShowGoButton" Data = "yes"/>
<Information Value = "SmoothScroll" Data = ""/>
<Information Value = "Enable AutoImageResize" Data = "yes"/>
<Information Value = "Enable_MyPics_Hoverbar" Data = "yes"/>
<Information Value = "Play_Animations" Data = "yes"/>
<Information Value = "Play_Background_Sounds" Data = "yes"/>
<Information Value = "Display Inline Videos" Data = "yes"/>
<Information Value = "Show image placeholders" Data = ""/>
<Information Value = "Print_Background" Data = "yes"/>
<Information Value = "AutoSearch" Data = ""/>
<Information Value = "HistoryViewType" Data = ""/>
<Information Value = "AddToFavoritesExpanded" Data = ""/>
<Information Value = "Use FormSuggest" Data = "yes"/>
<Information Value = "Use Search Asst" Data = "no"/>
<Information Value = "FormSuggest PW Ask" Data = "no"/>
<Information Value = "FormSuggest Passwords" Data = "yes"/>
<Information Value = "Window Title" Data = "Microsoft Internet Explorer provided by OptusNet"/>
<Information Value = "Search Bar" Data = "http://search.optusn...ODSL&panel=1"/>
<Information Value = "Use Custom Search URL" Data = ""/>
<Information Value = "LastCheckedHi" Data = "1Ĺ://search.optusnet.com.au/?brand=ODSL&panel=1"/>
<Information Value = "BandRest" Data = "Never"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Main"/>
<Information Value = "Default_Page_URL" Data = "http://dsl.optusnet.com.au/"/>
<Information Value = "Default_Search_URL" Data = "http://www.microsoft...&ar=iesearch"/>
<Information Value = "Search Page" Data = "http://www.microsoft...&ar=iesearch"/>
<Information Value = "Enable_Disk_Cache" Data = "yes"/>
<Information Value = "Cache_Percent_of_Disk" Data = "
"/>
<Information Value = "Delete_Temp_Files_On_Exit" Data = "yes"/>
<Information Value = "Local Page" Data = "%SystemRoot%\system32\blank.htm"/>
<Information Value = "Anchor_Visitation_Horizon" Data = ""/>
<Information Value = "Use_Async_DNS" Data = "yes"/>
<Information Value = "Placeholder_Width" Data = ""/>
<Information Value = "Placeholder_Height" Data = ""/>
<Information Value = "Start Page" Data = "http://www.microsoft...VER}&ar=home"/>
<Information Value = "Wizard_Version" Data = "6.00.2800.1106"/>
<Information Value = "FullScreen" Data = "no"/>
<Information Value = "BandRest" Data = "Never"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Internet Explorer\Search"/>
<Information Value = "SearchAssistant" Data = "http://ie.search.msn...srchasst.htm"/>
<Information Value = "CustomizeSearch" Data = "http://ie.search.msn...srchcust.htm"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows\CurrentVersion\Run"/>
<Information Value = "Lexmark X1100 Series" Data = ""C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe""/>
<Information Value = "QuickTime Task" Data = ""C:\Program Files\QuickTime\qttask.exe" -atboottime"/>
<Information Value = "iKeyWorks" Data = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe"/>
<Information Value = "WheelMouse" Data = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe"/>
<Information Value = "Desktop Service Centre" Data = "C:\Program Files\OptusNet DSL Internet\DSC.exe"/>
<Information Value = "TkBellExe" Data = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot"/>
<Information Value = "NeroFilterCheck" Data = "C:\WINDOWS\system32\NeroCheck.exe"/>
<Information Value = "MyWebSearch Email Plugin" Data = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe"/>
<Information Value = "Zone Labs Client" Data = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe""/>
<Information Value = "SunJavaUpdateSched" Data = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"/>
<Information Value = "Error Nuker" Data = "C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart"/>
<Information Value = "AWMON" Data = ""C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe""/>
<Information Value = "NAV Agent" Data = "C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe"/>
<Information Value = "SSC_UserPrompt" Data = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "SYSTEM\ControlSet001\Services\Winsock2\Parameters\Protocol_Catalog9"/>
<Information Value = "Num_Catalog_Entries" Data = ""/>
<Information Value = "Next_Catalog_Entry_ID" Data = "%"/>
<Information Value = "Serial_Access_Num" Data = "0"/>
<Information RootKey = "HKEY_LOCAL_MACHINE" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "AppInit_DLLs" Data = ""/>
<Information Value = "DeviceNotSelectedTimeout" Data = "15"/>
<Information Value = "GDIProcessHandleQuota" Data = "'"/>
<Information Value = "Spooler" Data = "yes"/>
<Information Value = "swapdisk" Data = ""/>
<Information Value = "TransmissionRetryTimeout" Data = "90"/>
<Information Value = "USERProcessHandleQuota" Data = "'"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Windows NT\CurrentVersion\Windows"/>
<Information Value = "DebugOptions" Data = "2048"/>
<Information Value = "Documents" Data = ""/>
<Information Value = "DosPrint" Data = "no"/>
<Information Value = "load" Data = ""/>
<Information Value = "NetMessage" Data = "no"/>
<Information Value = "NullPort" Data = "None"/>
<Information Value = "Programs" Data = "com exe bat pif cmd"/>
<Information Value = "Device" Data = "Canon Bubble-Jet BJC-265SP,winspool,LPT1:"/>
<Information RootKey = "HKEY_CURRENT_USER" KeyPath = "Software\Microsoft\Internet Explorer\URLSearchHooks"/>
<Information Value = "{00A6FAF6-072E-44cf-8957-5838F569A31D}" Data = ""/>
<Scanning TIME = "07 Apr 05 06:21:31">
<PROCESS NAME = "-" MD5 = "(null)"/>
<PROCESS NAME = "\SystemRoot\System32\smss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\csrss.exe" MD5 = "(null)"/>
<PROCESS NAME = "\??\C:\WINDOWS\system32\winlogon.exe" MD5 = "(null)"/>
<PROCESS NAME = "C:\WINDOWS\system32\services.exe" MD5 = "e3df4a0252d287c44606ee55355e1623"/>
<PROCESS NAME = "C:\WINDOWS\system32\lsass.exe" MD5 = "8a590ea109b5e0c7629e022f8a6b17c5"/>
<PROCESS NAME = "C:\WINDOWS\system32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\system32\LEXBCES.EXE" MD5 = "027d03d9d8ab95194a115a999e960ac0"/>
<PROCESS NAME = "C:\WINDOWS\Explorer.EXE" MD5 = "5a26fc6010886d25b3e412493dd95ed8"/>
<PROCESS NAME = "C:\WINDOWS\system32\spoolsv.exe" MD5 = "9b4155ba58192d4073082b8fc5d42612"/>
<PROCESS NAME = "C:\WINDOWS\system32\LEXPPS.EXE" MD5 = "8d836e60877ed79c409712b9be2dfc3b"/>
<PROCESS NAME = "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" MD5 = "8e7939d19e49d071110d780bf1edec21"/>
<PROCESS NAME = "C:\Program Files\QuickTime\qttask.exe" MD5 = "f8dbb32041336a94c676e6b70f759993"/>
<PROCESS NAME = "C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" MD5 = "60011add999a600b442206efc3090675"/>
<PROCESS NAME = "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" MD5 = "96e8f767e0942f4f0d8d660c1c2badbe"/>
<PROCESS NAME = "C:\Program Files\OptusNet DSL Internet\DSC.exe" MD5 = "3ea7ebe57443d2614b3b3faec2771280"/>
<PROCESS NAME = "C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe" MD5 = "9c2991d06e1f40adbded988b013828c8"/>
<PROCESS NAME = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" MD5 = "b8e684df9a97497edd2f87444a6307fb"/>
<PROCESS NAME = "C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" MD5 = "a1f69bdc00f9e7b58b4b7ad885d7990f"/>
<PROCESS NAME = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" MD5 = "073f29e364b0d66dc267b38676824f88"/>
<PROCESS NAME = "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" MD5 = "70de314a16e5a486a0ef2425014685b2"/>
<PROCESS NAME = "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" MD5 = "ed7f4140bc9f05781355c2a36d0ad37c"/>
<PROCESS NAME = "C:\Program Files\MSN Messenger\msnmsgr.exe" MD5 = "0825fb5b6294e751ffa3d90bbf641cdb"/>
<PROCESS NAME = "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" MD5 = "da20d44b388c078ff37207e53cac4a7d"/>
<PROCESS NAME = "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" MD5 = "d90569304779c0d6bf39ede0be230c41"/>
<PROCESS NAME = "C:\WINDOWS\System32\svchost.exe" MD5 = "0f7d9c87b0ce1fa520473119752c6f79"/>
<PROCESS NAME = "C:\WINDOWS\System32\wdfmgr.exe" MD5 = "ab0a7ca90d9e3d6a193905dc1715ded0"/>
<PROCESS NAME = "C:\PROGRA~1\INCRED~1\bin\IMApp.exe" MD5 = "33c04c8fcab233105d1a9a4eee2ddc4a"/>
<PROCESS NAME = "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" MD5 = "1a18e4f7f1d29462c026611036abba36"/>
<PROCESS NAME = "C:\WINDOWS\System32\wuauclt.exe" MD5 = "4fe41a819f5a1ff0923f12b34830a6ca"/>
<PROCESS NAME = "C:\Program Files\Internet Explorer\iexplore.exe" MD5 = "92b1834f54eab14b0b7137e6cef5e1b2"/>
<PROCESS NAME = "C:\PROGRA~1\INCRED~1\bin\IncMail.exe" MD5 = "d9dc16e2137e641abbb7a6afb8283bc9"/>
<PROCESS NAME = "C:\Program Files\XoftSpy\XoftSpy.exe" MD5 = "a32b6df132bcab46d04ba3d273a61cba"/>
<Information Message = "Scan Aborted by User"/>
<ScanningRegKeys>
</ScanningRegKeys>
<ScanningRegValues>
</ScanningRegValues>
<ScanningRegValuesChanged>
</ScanningRegValuesChanged>
</Scanning>
</Session>