Computer is booting terrible slow

bheinz24 · 12-22-2004, 09:49 AM

I did everything that was directed in the first thread of this forum from the Moderators and what not.

I checked my computer with the Adaware and then ran a virus scan. It detected a trojan and deleted it or at least it said it did.

I then ran Hijackthis and save the log file. I ran highjackthis Analyzer then and am copying the txt file here for help.

My problem is that when I boot my computer it takes an incredibly long time for my toolbar to become active...this just started recently. I can't access anything and it takes about two minutes before my pop-up blocker software starts as well as the toolbar and object dock I have. Nothing has changed on my computer for over 6 months. Anyway, let me know if there is anything I can fix from the HJT. Here's the log. Thanks,

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 9:43:37 AM, on 12/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Gaim\gaim.exe
C:\Documents and Settings\bheinz\Desktop\shortcuts\EXE\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://compass.corp.covad.com/bin/si...h.asp?NC=5032X
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compass.corp.covad.com/bin/si...h.asp?NC=5032X
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Covad Communications, Inc.
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O15 - Trusted Zone: *.covad.com
O16 - DPF: Extensity Client - http://tes.covad.com/ext40.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8C28EFD7-767B-11D1-8400-000000000000} - http://query.oss.covad.com/component...Insight.en.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cc-ntd1.covad.com
O17 - HKLM\Software\..\Telephony: DomainName = cc-ntd1.covad.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cc-ntd1.covad.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = CC-NTD1.covad.com,corp.covad.com,mgmt.covad.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cc-ntd1.covad.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = CC-NTD1.covad.com,corp.covad.com,mgmt.covad.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = CC-NTD1.covad.com,corp.covad.com,mgmt.covad.com
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Listener - Unknown - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

End of HijackThis Analyzer Log.
===========================================================================================================================

CTSNKY · 12-22-2004, 12:03 PM

Your log is clean.

Not knowing your system specs.......considering the combination of network configurations, Trend Micro apps and GAIM, I would not be surprised to hear it takes awhile to boot.

I will recommend a couple tools to try, to see if anything is hiding there. If they are unsuccessful in resolving your issue, we will have to move this thread over to the XP forum for further follow-up.

Thanks...........

==========

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top).

bheinz24 · 12-23-2004, 02:43 PM

Sorry if it isn't.

13:13:35 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
13:13:35 [Init] Started 23-12-04 13:13:35 Mountain Standard Time (UTC: 7), Internet Time @884.43
13:13:35 [Init] Loading TDS-3 Systems ...
13:13:35 [Init] Token successfully adjusted.
13:13:35 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
13:13:35 [Init] • Plugins : OK. Loaded 13
13:13:35 [Init] • Exec Protection : Not Installed
13:13:35 [Init] WARNING: Your Radius.TD3 database needs to be updated!
13:13:35 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
13:13:35 [Init] Licensed users can use the Update facility from the TDS menu
13:13:35 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
13:13:40 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
13:13:40 [Init] • Systems Initialised [44175 references - 20354 primaries/11687 traces/12134 variants/other]
13:13:40 [Init] Radius Systems loaded. <Databases updated 23-12-2004>
13:13:40 [Init] TDS-3 Ready. <Bheinz@172.19.144.87, 127.0.0.1 - United States>
13:13:40 [Tip Of The Day] When using the TCP Connect or UDP Broadcast utilities, you can access the full ASCII character set by typing $$char$$, for example: Hello$$13$$$$10$$ <- The $$13$$$$10$$ bit would be replaced with Chr$(13) and Chr$(10) (carriage return & line-feed respectively)
13:13:40 [TDS] Good afternoon Bheinz.
13:13:45 [Mutex Memory Scan] Started...
13:13:47 [Mutex Memory Scan] Finished (no trojan mutexes found).
13:13:47 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
13:14:05 [CRC32] Started - verifying 29 files ...
13:14:06 [CRC32] File doesn't exist: C:\autoexec.bat
13:14:10 [CRC32] Test finished.
13:15:43 [Memory Scan] Memory scan started, please wait a moment ...
13:15:44 [Memory Scan] Memory scan complete.
13:15:44 [Mutex Memory Scan] Started...
13:15:45 [Mutex Memory Scan] Finished (no trojan mutexes found).
13:15:45 [Trace Scan] Started...
13:15:50 [Trace Scan] Finished.
13:15:50 [ServiceScan] Scanning for services and drivers ...
13:15:55 [ServiceScan] Scanned 287 services and drivers.
13:15:55 [File Scan] Scanning in C:\ ...
13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\accwiz.exe for read access, file is locked
13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\hh.exe for read access, file is locked
13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\locator.exe for read access, file is locked
13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\magnify.exe for read access, file is locked
13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\migwiz.exe for read access, file is locked
13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\narrator.exe for read access, file is locked
13:38:05 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntkrnlpa.exe for read access, file is locked
13:38:05 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntoskrnl.exe for read access, file is locked
13:38:05 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\osk.exe for read access, file is locked
13:52:45 [File Scan] Scanned 36365 files: 4 alarms in 2209.891 seconds (Avg 17.46 files/sec)
13:52:45 [File Scan] Scanning in D:\ ...
13:52:45 [File Scan] Scanned 18 files: 4 alarms in 0.1132813 seconds (Avg 159.9 files/sec)
13:52:45 [File Scan] Scanning in I:\ ...
14:35:55 [File Scan] Scanned 7330 files: 5 alarms in 2589.648 seconds (Avg 3.83 files/sec)
14:35:55 [File Scan] Scanning in S:\ ...
14:38:12 [Locked File] Couldn't open s:\bbt\lattis.pro\lattis.exe for read access, file is locked
14:38:31 [File Scan] Scanned 1203 files: 5 alarms in 156.3438 seconds (Avg 8.69 files/sec)
14:38:31 [Scan] Finished.

AND THE SCAN DUMP:
Scan Control Dumped @ 14:40:40 23-12-04
Suspicious Filename: Dual extensions
File: c:\documents and settings\bheinz\desktop\shortcuts\exe\gaim-1.1.0.exe

Suspicious Filename: Dual extensions
File: c:\documents and settings\bheinz\desktop\shortcuts\exe\uxtheme multi-patcher 2.5.1.exe

Positive identification (DLL): Adware.PopCap (dll)
File: c:\documents and settings\bheinz\desktop\shortcuts\exe\backups\backup-20040715-114203-314.dll

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

Positive identification <Adv>: Possible keylogger
File: i:\admin\program files\hummingbird\connectivity\9.00\accessories\keylogin.exe

MicroBell · 12-23-2004, 09:08 PM

These 2 entrys can be deleted in TDS-3.. Uninstall WeatherBug first via add/remove programs.

Positive identification (DLL): Adware.PopCap (dll)
File: c:\documents and settings\bheinz\desktop\shortcuts\exe\backups\back up-20040715-114203-314.dll

Positive identification (DLL): Adware.MiniBug (dll)
File: c:\program files\aws\weatherbug\minibugtransporter.dll

Other then those...the system looks clean of spyware/adware. Your issue may be elsewere. If you installed any new programs lately disable them and see if one is causing your issue. It sounds like windows is having trouble loading one or more of your componets at startup and is slowing the boot time down.

Also do a sfc /scannow from the run box and check for corrupt or missing system files.

12-22-2004, 09:49 AM	#1 (permalink)
bheinz24 Registered User Join Date: Jul 2004 Posts: 30 OS: windows XP	Computer is booting terrible slow I did everything that was directed in the first thread of this forum from the Moderators and what not. I checked my computer with the Adaware and then ran a virus scan. It detected a trojan and deleted it or at least it said it did. I then ran Hijackthis and save the log file. I ran highjackthis Analyzer then and am copying the txt file here for help. My problem is that when I boot my computer it takes an incredibly long time for my toolbar to become active...this just started recently. I can't access anything and it takes about two minutes before my pop-up blocker software starts as well as the toolbar and object dock I have. Nothing has changed on my computer for over 6 months. Anyway, let me know if there is anything I can fix from the HJT. Here's the log. Thanks, =========================================================================================================================== Log was analyzed using HijackThis Analyzer - Updated on 12/17/04 Get updates at http://www.greyknight17.com/download.htm#programs *Security Programs Detected* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.0 Scan saved at 9:43:37 AM, on 12/22/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Gaim\gaim.exe C:\Documents and Settings\bheinz\Desktop\shortcuts\EXE\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://compass.corp.covad.com/bin/si...h.asp?NC=5032X R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://compass.corp.covad.com/bin/si...h.asp?NC=5032X R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Covad Communications, Inc. O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O15 - Trusted Zone: *.covad.com O16 - DPF: Extensity Client - http://tes.covad.com/ext40.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8C28EFD7-767B-11D1-8400-000000000000} - http://query.oss.covad.com/component...Insight.en.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cc-ntd1.covad.com O17 - HKLM\Software\..\Telephony: DomainName = cc-ntd1.covad.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cc-ntd1.covad.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = CC-NTD1.covad.com,corp.covad.com,mgmt.covad.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cc-ntd1.covad.com O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = CC-NTD1.covad.com,corp.covad.com,mgmt.covad.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = CC-NTD1.covad.com,corp.covad.com,mgmt.covad.com O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Listener - Unknown - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe End of HijackThis Analyzer Log. ===========================================================================================================================

12-22-2004, 12:03 PM	#2 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Your log is clean. Not knowing your system specs.......considering the combination of network configurations, Trend Micro apps and GAIM, I would not be surprised to hear it takes awhile to boot. I will recommend a couple tools to try, to see if anything is hiding there. If they are unsuccessful in resolving your issue, we will have to move this thread over to the XP forum for further follow-up. Thanks........... ========== The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). __________________ GO BIG BLUE!!

12-23-2004, 02:43 PM	#3 (permalink)
bheinz24 Registered User Join Date: Jul 2004 Posts: 30 OS: windows XP	I hope this is what you wanted. Sorry if it isn't. 13:13:35 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 13:13:35 [Init] Started 23-12-04 13:13:35 Mountain Standard Time (UTC: 7), Internet Time @884.43 13:13:35 [Init] Loading TDS-3 Systems ... 13:13:35 [Init] Token successfully adjusted. 13:13:35 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 13:13:35 [Init] • Plugins : OK. Loaded 13 13:13:35 [Init] • Exec Protection : Not Installed 13:13:35 [Init] WARNING: Your Radius.TD3 database needs to be updated! 13:13:35 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 13:13:35 [Init] Licensed users can use the Update facility from the TDS menu 13:13:35 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 13:13:40 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 13:13:40 [Init] • Systems Initialised [44175 references - 20354 primaries/11687 traces/12134 variants/other] 13:13:40 [Init] Radius Systems loaded. <Databases updated 23-12-2004> 13:13:40 [Init] TDS-3 Ready. <Bheinz@172.19.144.87, 127.0.0.1 - United States> 13:13:40 [Tip Of The Day] When using the TCP Connect or UDP Broadcast utilities, you can access the full ASCII character set by typing $$char$$, for example: Hello$$13$$$$10$$ <- The $$13$$$$10$$ bit would be replaced with Chr$(13) and Chr$(10) (carriage return & line-feed respectively) 13:13:40 [TDS] Good afternoon Bheinz. 13:13:45 [Mutex Memory Scan] Started... 13:13:47 [Mutex Memory Scan] Finished (no trojan mutexes found). 13:13:47 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 13:14:05 [CRC32] Started - verifying 29 files ... 13:14:06 [CRC32] File doesn't exist: C:\autoexec.bat 13:14:10 [CRC32] Test finished. 13:15:43 [Memory Scan] Memory scan started, please wait a moment ... 13:15:44 [Memory Scan] Memory scan complete. 13:15:44 [Mutex Memory Scan] Started... 13:15:45 [Mutex Memory Scan] Finished (no trojan mutexes found). 13:15:45 [Trace Scan] Started... 13:15:50 [Trace Scan] Finished. 13:15:50 [ServiceScan] Scanning for services and drivers ... 13:15:55 [ServiceScan] Scanned 287 services and drivers. 13:15:55 [File Scan] Scanning in C:\ ... 13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\accwiz.exe for read access, file is locked 13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\hh.exe for read access, file is locked 13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\locator.exe for read access, file is locked 13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\magnify.exe for read access, file is locked 13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\migwiz.exe for read access, file is locked 13:38:04 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\narrator.exe for read access, file is locked 13:38:05 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntkrnlpa.exe for read access, file is locked 13:38:05 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\ntoskrnl.exe for read access, file is locked 13:38:05 [Locked File] Couldn't open c:\windows\$ntuninstallkb826939$\osk.exe for read access, file is locked 13:52:45 [File Scan] Scanned 36365 files: 4 alarms in 2209.891 seconds (Avg 17.46 files/sec) 13:52:45 [File Scan] Scanning in D:\ ... 13:52:45 [File Scan] Scanned 18 files: 4 alarms in 0.1132813 seconds (Avg 159.9 files/sec) 13:52:45 [File Scan] Scanning in I:\ ... 14:35:55 [File Scan] Scanned 7330 files: 5 alarms in 2589.648 seconds (Avg 3.83 files/sec) 14:35:55 [File Scan] Scanning in S:\ ... 14:38:12 [Locked File] Couldn't open s:\bbt\lattis.pro\lattis.exe for read access, file is locked 14:38:31 [File Scan] Scanned 1203 files: 5 alarms in 156.3438 seconds (Avg 8.69 files/sec) 14:38:31 [Scan] Finished. AND THE SCAN DUMP: Scan Control Dumped @ 14:40:40 23-12-04 Suspicious Filename: Dual extensions File: c:\documents and settings\bheinz\desktop\shortcuts\exe\gaim-1.1.0.exe Suspicious Filename: Dual extensions File: c:\documents and settings\bheinz\desktop\shortcuts\exe\uxtheme multi-patcher 2.5.1.exe Positive identification (DLL): Adware.PopCap (dll) File: c:\documents and settings\bheinz\desktop\shortcuts\exe\backups\backup-20040715-114203-314.dll Positive identification (DLL): Adware.MiniBug (dll) File: c:\program files\aws\weatherbug\minibugtransporter.dll Positive identification <Adv>: Possible keylogger File: i:\admin\program files\hummingbird\connectivity\9.00\accessories\keylogin.exe

12-23-2004, 09:08 PM	#4 (permalink)
MicroBell Manager Emeritus - Security Center, Expert Analyst, Moderator - Security Team; Rangemaster, TSF Academy & Supporter Join Date: Sep 2004 Location: Carmichaels, PA-USA Posts: 6,961 OS: Windows XP-Pro SP2	These 2 entrys can be deleted in TDS-3.. Uninstall WeatherBug first via add/remove programs. Positive identification (DLL): Adware.PopCap (dll) File: c:\documents and settings\bheinz\desktop\shortcuts\exe\backups\back up-20040715-114203-314.dll Positive identification (DLL): Adware.MiniBug (dll) File: c:\program files\aws\weatherbug\minibugtransporter.dll Other then those...the system looks clean of spyware/adware. Your issue may be elsewere. If you installed any new programs lately disable them and see if one is causing your issue. It sounds like windows is having trouble loading one or more of your componets at startup and is slowing the boot time down. Also do a sfc /scannow from the run box and check for corrupt or missing system files. __________________ We Are The BORG Spyware KILLER and Adware Destroyer! Spyware/Adware Removal Tools Hijackthis Ad-aware SE Spybot Search&Destroy SpywareBlaster CWShredder