Webroot. Genius! ok here are my spysweeper (which wouldn't let me update) and silent runners. my computer had seemed to be better for a few days, but started getting the redirects again today.
"Silent Runners.vbs", revision 52,
http://www.silentrunners.org/Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" [file not found]
"swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"EPSON Stylus Photo R220 Series" = ""C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE" /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"" ["SEIKO EPSON CORPORATION"]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"SigmatelSysTrayApp" = "stsystra.exe" ["SigmaTel, Inc."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe" [empty string]
"MSKDetectorExe" = "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall" [file not found]
"MimBoot" = "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [file not found]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["InstallShield Software Corporation"]
"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["InstallShield Software Corporation"]
"IPHSend" = ""C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"" ["America Online, Inc."]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS]
"DMXLauncher" = ""C:\Program Files\Dell\Media Experience\DMXLauncher.exe"" [null data]
"DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"]
"Corel Photo Downloader" = ""C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"" ["Corel, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" [file not found]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" [file not found]
"ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray" ["Webroot Software, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CBrowserHelperObject Object"
\InProcServer32\(Default) = "c:\Program Files\BAE\BAE.dll" ["Dell Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}" = "CopyToCD shell extension"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Wireless Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Wheel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Activities Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Buttons Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CopyToCD\(Default) = "{2AA59FC0-31E8-42DA-9D3C-E9A52953853B}"
-> {HKLM...CLSID} = "CopyToCD shell extension"
\InProcServer32\(Default) = "C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL" ["VSO Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoCDBurning" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
{unrecognized setting}
"InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\MIchelle\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "MIchelle" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"WG111v2 Smart Wizard Wireless Setting" -> shortcut to: "C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe" [empty string]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]
_________________________________________________________
12:08 AM: Removal process completed. Elapsed time 00:00:02
12:08 AM: Quarantining All Traces: zedo cookie
12:08 AM: Quarantining All Traces: adbureau cookie
12:08 AM: Quarantining All Traces: tripod cookie
12:08 AM: Quarantining All Traces: tribalfusion cookie
12:08 AM: Quarantining All Traces: trafficmp cookie
12:08 AM: Quarantining All Traces: tacoda cookie
12:08 AM: Quarantining All Traces: webtrendslive cookie
12:08 AM: Quarantining All Traces: statcounter cookie
12:08 AM: Quarantining All Traces: serving-sys cookie
12:08 AM: Quarantining All Traces: server.iad.liveperson cookie
12:08 AM: Quarantining All Traces: questionmarket cookie
12:08 AM: Quarantining All Traces: overture cookie
12:08 AM: Quarantining All Traces: realmedia cookie
12:08 AM: Quarantining All Traces: mediaplex cookie
12:08 AM: Quarantining All Traces: imrworldwide.com cookie
12:08 AM: Quarantining All Traces: go.com cookie
12:08 AM: Quarantining All Traces: bs.serving-sys cookie
12:08 AM: Quarantining All Traces: atlas dmt cookie
12:08 AM: Quarantining All Traces: atwola cookie
12:08 AM: Quarantining All Traces: advertising cookie
12:08 AM: Quarantining All Traces: pointroll cookie
12:08 AM: Quarantining All Traces: addynamix cookie
12:08 AM: Quarantining All Traces: adrevolver cookie
12:08 AM: Quarantining All Traces: specificclick.com cookie
12:08 AM: Quarantining All Traces: adlegend cookie
12:08 AM: Quarantining All Traces: yieldmanager cookie
12:08 AM: Quarantining All Traces: 2o7.net cookie
12:08 AM: Removal process initiated
12:07 AM: Traces Found: 38
12:07 AM: Full Sweep has completed. Elapsed time 00:09:55
12:07 AM: File Sweep Complete, Elapsed Time: 00:06:50
12:07 AM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
12:07 AM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
12:07 AM: Warning: Failed to open file "c:\documents and settings\michelle\local settings\temporary internet files\content.ie5\od3cdfv1\aol[1].htm". The operation completed successfully
12:06 AM: Warning: Failed to open file "c:\documents and settings\michelle\application data\mozilla\firefox\profiles\at3tfslt.default\parent.lock". The operation completed successfully
12:00 AM: Starting File Sweep
12:00 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:00 AM: c:\documents and settings\michelle\cookies\michelle@zedo[1].txt (ID = 3762)
12:00 AM: Found Spy Cookie: zedo cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][2].txt (ID = 2060)
12:00 AM: Found Spy Cookie: adbureau cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@tripod[1].txt (ID = 3591)
12:00 AM: Found Spy Cookie: tripod cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@tribalfusion[2].txt (ID = 3589)
12:00 AM: Found Spy Cookie: tribalfusion cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@trafficmp[1].txt (ID = 3581)
12:00 AM: Found Spy Cookie: trafficmp cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@tacoda[2].txt (ID = 6444)
12:00 AM: Found Spy Cookie: tacoda cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 3667)
12:00 AM: Found Spy Cookie: webtrendslive cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@statcounter[2].txt (ID = 3447)
12:00 AM: Found Spy Cookie: statcounter cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 2729)
12:00 AM: c:\documents and settings\michelle\cookies\michelle@specificclick[2].txt (ID = 3399)
12:00 AM: c:\documents and settings\michelle\cookies\michelle@serving-sys[1].txt (ID = 3343)
12:00 AM: Found Spy Cookie: serving-sys cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][3].txt (ID = 3341)
12:00 AM: Found Spy Cookie: server.iad.liveperson cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 2729)
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 2729)
12:00 AM: c:\documents and settings\michelle\cookies\michelle@realmedia[1].txt (ID = 3235)
12:00 AM: c:\documents and settings\michelle\cookies\michelle@questionmarket[1].txt (ID = 3217)
12:00 AM: Found Spy Cookie: questionmarket cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 3106)
12:00 AM: Found Spy Cookie: overture cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 1958)
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 3236)
12:00 AM: Found Spy Cookie: realmedia cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@mediaplex[2].txt (ID = 6442)
12:00 AM: Found Spy Cookie: mediaplex cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][3].txt (ID = 2089)
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][2].txt (ID = 2089)
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 2729)
12:00 AM: c:\documents and settings\michelle\cookies\michelle@imrworldwide[2].txt (ID = 2845)
12:00 AM: Found Spy Cookie: imrworldwide.com cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@go[1].txt (ID = 2728)
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 2729)
12:00 AM: Found Spy Cookie: go.com cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 2330)
12:00 AM: Found Spy Cookie: bs.serving-sys cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@atwola[1].txt (ID = 2255)
12:00 AM: c:\documents and settings\michelle\cookies\michelle@atdmt[2].txt (ID = 2253)
12:00 AM: Found Spy Cookie: atlas dmt cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][2].txt (ID = 2256)
12:00 AM: Found Spy Cookie: atwola cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@advertising[1].txt (ID = 2175)
12:00 AM: Found Spy Cookie: advertising cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 3148)
12:00 AM: Found Spy Cookie: pointroll cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][2].txt (ID = 2062)
12:00 AM: Found Spy Cookie: addynamix cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@adrevolver[1].txt (ID = 2088)
12:00 AM: Found Spy Cookie: adrevolver cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 3400)
12:00 AM: Found Spy Cookie: specificclick.com cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@adlegend[1].txt (ID = 2074)
12:00 AM: Found Spy Cookie: adlegend cookie
12:00 AM: c:\documents and settings\michelle\cookies\
[email protected][1].txt (ID = 3751)
12:00 AM: Found Spy Cookie: yieldmanager cookie
12:00 AM: c:\documents and settings\michelle\cookies\michelle@2o7[2].txt (ID = 1957)
12:00 AM: Found Spy Cookie: 2o7.net cookie
12:00 AM: Starting Cookie Sweep
12:00 AM: Registry Sweep Complete, Elapsed Time:00:00:16
12:00 AM: Starting Registry Sweep
12:00 AM: Memory Sweep Complete, Elapsed Time: 00:02:42
11:57 PM: Starting Memory Sweep
11:57 PM: Start Full Sweep
11:57 PM: Sweep initiated using definitions version 866
11:57 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
11:56 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:56 PM: Shield States
11:56 PM: Spyware Definitions: 866
11:56 PM: Spy Sweeper 5.3.2.2361 started
11:56 PM: Spy Sweeper 5.3.2.2361 started
11:56 PM: | Start of Session, Sunday, September 23, 2007 |
***************
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
8:52 AM: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
8:49 AM: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:22 AM: Shield States
8:22 AM: Spyware Definitions: 866
8:21 AM: Spy Sweeper 5.3.2.2361 started
8:21 AM: Spy Sweeper 5.3.2.2361 started
8:21 AM: | Start of Session, Wednesday, September 19, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:34 AM: Shield States
10:34 AM: Spyware Definitions: 866
10:34 AM: Spy Sweeper 5.3.2.2361 started
10:34 AM: Spy Sweeper 5.3.2.2361 started
10:34 AM: | Start of Session, Wednesday, September 19, 2007 |
***************
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
8:54 PM: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
9:56 AM: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:39 AM: Shield States
9:39 AM: Spyware Definitions: 866
9:39 AM: Spy Sweeper 5.3.2.2361 started
9:39 AM: Spy Sweeper 5.3.2.2361 started
9:39 AM: | Start of Session, Tuesday, September 18, 2007 |
***************
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
11:11 PM: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
12:22 PM: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:18 PM: Shield States
12:18 PM: Spyware Definitions: 866
12:17 PM: Spy Sweeper 5.3.2.2361 started
12:17 PM: Spy Sweeper 5.3.2.2361 started
12:17 PM: | Start of Session, Monday, September 17, 2007 |
***************
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
6:36 AM: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:36 AM: Shield States
6:36 AM: Spyware Definitions: 866
6:36 AM: Spy Sweeper 5.3.2.2361 started
6:36 AM: Spy Sweeper 5.3.2.2361 started
6:36 AM: | Start of Session, Sunday, September 16, 2007 |
***************
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
9:10 PM: Tamper Detection
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:14 PM: Shield States
6:14 PM: Spyware Definitions: 866
6:14 PM: Spy Sweeper 5.3.2.2361 started
6:14 PM: Spy Sweeper 5.3.2.2361 started
6:14 PM: | Start of Session, Saturday, September 15, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:42 AM: Shield States
9:42 AM: Spyware Definitions: 866
9:42 AM: Spy Sweeper 5.3.2.2361 started
9:42 AM: Spy Sweeper 5.3.2.2361 started
9:42 AM: | Start of Session, Friday, September 14, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:56 PM: Shield States
2:56 PM: Spyware Definitions: 866
2:56 PM: Spy Sweeper 5.3.2.2361 started
2:56 PM: Spy Sweeper 5.3.2.2361 started
2:56 PM: | Start of Session, Friday, September 14, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:10 PM: Shield States
12:10 PM: Spyware Definitions: 866
12:10 PM: Spy Sweeper 5.3.2.2361 started
12:10 PM: Spy Sweeper 5.3.2.2361 started
12:10 PM: | Start of Session, Thursday, September 13, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:30 PM: Shield States
9:30 PM: Spyware Definitions: 866
9:29 PM: Spy Sweeper 5.3.2.2361 started
9:29 PM: Spy Sweeper 5.3.2.2361 started
9:29 PM: | Start of Session, Thursday, September 13, 2007 |
***************
10:52 PM: ApplicationMinimized - EXIT
10:52 PM: ApplicationMinimized - ENTER
10:52 PM: Access to Hosts file allowed for C:\DOCUME~1\MICHELLE\LOCALS~1\TEMP\RAR$EX00.672\HOSTSXPERT\HOSTSXPERT.EXE
10:51 PM: ApplicationMinimized - EXIT
10:51 PM: ApplicationMinimized - ENTER
10:51 PM: Access to Hosts file allowed for C:\DOCUME~1\MICHELLE\LOCALS~1\TEMP\RAR$EX00.672\HOSTSXPERT\HOSTSXPERT.EXE
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
10:48 PM: Shield States
10:48 PM: Spyware Definitions: 866
10:48 PM: Spy Sweeper 5.3.2.2361 started
10:48 PM: Spy Sweeper 5.3.2.2361 started
10:48 PM: | Start of Session, Wednesday, September 12, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:38 PM: Shield States
11:38 PM: Spyware Definitions: 866
11:38 PM: Spy Sweeper 5.3.2.2361 started
11:38 PM: Spy Sweeper 5.3.2.2361 started
11:38 PM: | Start of Session, Wednesday, September 12, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:09 AM: Shield States
11:09 AM: Spyware Definitions: 866
11:09 AM: Spy Sweeper 5.3.2.2361 started
11:09 AM: Spy Sweeper 5.3.2.2361 started
11:09 AM: | Start of Session, Monday, September 03, 2007 |
***************
11:15 AM: Error: Access violation at address 00000000. Read of address 00000000.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:14 AM: Shield States
11:14 AM: Spyware Definitions: 866
11:14 AM: Spy Sweeper 5.3.2.2361 started
11:14 AM: Spy Sweeper 5.3.2.2361 started
11:14 AM: | Start of Session, Monday, September 03, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:47 PM: Shield States
4:47 PM: Spyware Definitions: 866
4:47 PM: Spy Sweeper 5.3.2.2361 started
4:47 PM: Spy Sweeper 5.3.2.2361 started
4:47 PM: | Start of Session, Sunday, September 02, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:39 PM: Shield States
9:39 PM: Spyware Definitions: 866
9:38 PM: Spy Sweeper 5.3.2.2361 started
9:38 PM: Spy Sweeper 5.3.2.2361 started
9:38 PM: | Start of Session, Sunday, September 02, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:24 AM: Shield States
12:24 AM: Spyware Definitions: 866
12:24 AM: Spy Sweeper 5.3.2.2361 started
12:24 AM: Spy Sweeper 5.3.2.2361 started
12:24 AM: | Start of Session, Saturday, September 01, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:31 AM: Shield States
9:31 AM: Spyware Definitions: 866
9:31 AM: Spy Sweeper 5.3.2.2361 started
9:31 AM: Spy Sweeper 5.3.2.2361 started
9:31 AM: | Start of Session, Saturday, September 01, 2007 |
***************
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:17 PM: Shield States
7:17 PM: Spyware Definitions: 866
7:16 PM: Spy Sweeper 5.3.2.2361 started
7:16 PM: Spy Sweeper 5.3.2.2361 started
7:16 PM: | Start of Session, Saturday, September 01, 2007 |
***************