Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Karen

Pages: [1]
1
Tech Clinic / Outerinfo & Internet speed monitor popups
« on: September 22, 2007, 06:47:34 PM »
I keep getting Outerinfo and internet speed monitor popups, I can't figure out how to get rid of them.
Thanks,
Karen



Logfile of HijackThis v1.99.1
Scan saved at 7:46:45 PM, on 9/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ASEMBL~1\logonui.exe
C:\Documents and Settings\Karen\My Documents\W?nSxS\?explore.exe
C:\Program Files\ISM\ISMModule4.exe
C:\Program Files\ISM2\ISMPack5.exe
C:\Program Files\WinAble\winable.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {026E89F2-4610-36C0-652D-4C71C572929D} - C:\WINDOWS\System32\ijjilgov.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\Karen\Desktop\alexas camera\picasa\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Noes] "C:\PROGRA~1\ASEMBL~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Seykgn] "C:\Program Files\Common Files\?ystem\?xplorer.exe"
O4 - HKCU\..\Run: [Ffrib] "C:\Documents and Settings\Karen\Application Data\S?mantec\d?dplay.exe"
O4 - HKCU\..\Run: [Inb] C:\WINDOWS\system32\s?stem\s?rvices.exe
O4 - HKCU\..\Run: [Tov] "C:\Program Files\Common Files\s?stem32\??erinit.exe"
O4 - HKCU\..\Run: [Xpersrab] "C:\Documents and Settings\Karen\My Documents\W?nSxS\?explore.exe"
O4 - HKCU\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe"
O4 - HKCU\..\Run: [ISMPack5] "C:\Program Files\ISM2\ISMPack5.exe"
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB1C57D-5C46-4C09-9700-B7CF2241D8E3}: NameServer = 85.255.114.28,85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.28 85.255.112.99
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.28 85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.28 85.255.112.99
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

2
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: May 04, 2007, 01:18:19 PM »
I hope this looks good, I've allowed the kids back on the computer and already she has gmail and my google page looks different. I keep telling her not to download stuff but she never seems to listen.
As for the nortons, if you have the time I would like to get rid of it, also how do I check if I have a firewall?

Thanks,
Karen


Logfile of HijackThis v1.99.1
Scan saved at 2:14:24 PM, on 5/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

3
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 24, 2007, 01:49:29 PM »
ok, it worked!!!

Here's the log
04/24/07 14:31:12 [Info]: BlackLight Engine 1.0.61 initialized
04/24/07 14:31:12 [Info]: OS: 5.1 build 2600 (Service Pack 1)
04/24/07 14:31:12 [Note]: 7019 4
04/24/07 14:31:12 [Note]: 7005 0
04/24/07 14:31:14 [Note]: 7006 0
04/24/07 14:31:14 [Note]: 7011 112
04/24/07 14:31:14 [Note]: 7026 0
04/24/07 14:31:15 [Note]: 7026 0
04/24/07 14:31:22 [Note]: FSRAW library version 1.7.1021
04/24/07 14:44:13 [Note]: 2000 1012
04/24/07 14:47:15 [Note]: 7007 0

4
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 23, 2007, 04:34:06 PM »
SmitFraudFix v2.171

Scan done at 15:07:20.28, Mon 04/23/2007
Run from C:\Documents and Settings\Karen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1  localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


  SDFix: Version 1.79

Run by Karen - Mon 04/23/2007 - 16:42:39.72

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

 

 


Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\GAD2PT~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\SLX~1.EXE - Deleted
C:\Documents and Settings\Karen\Desktop\Click to Find and Fix Errors.lnk - Deleted

 

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

 

                                 Final Check:

Remaining Services:
------------------

 

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Ed\NetHood\newenglandlinen.com\Desktop.ini
C:\Documents and Settings\Karen\My Documents\My Music\Yakuzi\www.webelez.com\Thumbs.db
C:\WINDOWS\CdaC14BA.DLL
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\CdaC13BA.EXE
C:\NTBOOTDD.SYS
C:\Documents and Settings\Ed\Application Data\Microsoft\Templates\~WRL2823.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL1885.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL2791.tmp
C:\Documents and Settings\Ed\Local Settings\Temp\~3C.tmp
C:\Documents and Settings\Ed\My Documents\~WRL0001.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0075.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0163.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0224.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0540.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL1551.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL1696.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2041.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2124.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2716.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2769.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2837.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3012.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3245.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3439.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3596.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3880.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3892.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3899.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3982.tmp
C:\Documents and Settings\Karen\My Documents\~WRL0001.tmp
C:\Documents and Settings\Karen\My Documents\~WRL0002.tmp
C:\Documents and Settings\Kids\My Documents\~WRL0001.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\BIT18E.tmp

                                 Finished





Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kevdtkqu

*******************

Script file located at: \??\C:\celbttap.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

 

Folder C:\Program Files\ipwins not found!
Deletion of folder C:\Program Files\ipwins failed!

Could not process line:
C:\Program Files\ipwins
Status: 0xc0000034

Folder C:\Program Files\Common Files\ookk deleted successfully.
Folder C:\Program Files\SpamBlockerUtility deleted successfully.
Folder C:\Program Files\SearchRelevant deleted successfully.
Folder C:\Documents and Settings\Ed\Application Data\SpamBlockerUtility_Icons deleted successfully.
Folder C:\Documents and Settings\Ed\Application Data\SpamBlockerUtility deleted successfully.
Folder C:\Documents and Settings\Karen\Application Data\SpamBlockerUtility deleted successfully.
Folder C:\Documents and Settings\Karen\Application Data\SpamBlockerUtility_Icons deleted successfully.
Folder C:\Documents and Settings\Karen\Application Data\SpamBlocker deleted successfully.
File C:\WINDOWS\warnhp.html deleted successfully.


File C:\WINDOWS\Temp\kdoky.ren not found!
Deletion of file C:\WINDOWS\Temp\kdoky.ren failed!

Could not process line:
C:\WINDOWS\Temp\kdoky.ren
Status: 0xc0000034

 

Could not open file C:\Program Files\Windows\WinUpdate.exe for deletion
Deletion of file C:\Program Files\Windows\WinUpdate.exe failed!

Could not process line:
C:\Program Files\Windows\WinUpdate.exe
Status: 0xc000003a

File C:\WINDOWS\system32\winpfz32.sys deleted successfully.
File C:\WINDOWS\system32\swintodx.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|WinUpdate.exe deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|ookk deleted successfully.


Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} failed!
Status: 0xc0000034

 

Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{C7CF1142-0785-4B12-A280-B64681E4D45E}
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{C7CF1142-0785-4B12-A280-B64681E4D45E} failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

5
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 23, 2007, 04:30:09 PM »
ok, whew...first thing, the cleanmgr didn't work again, it got almost to the end and stopped. Also the fsbl.exe, when I clicked to install it, it just said F-secure blacklight could not acquire necessary privileges (sedebugprivilege), you computer settings may prevent these privileges, a malicious program might have disabled these privileges.
Ok, as for nortons, I'm using nortons antivirus corporate edition.   Now for the logs........

Logfile of HijackThis v1.99.1
Scan saved at 5:18:59 PM, on 4/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe


 

WIN32DELFKIL LOGFILE - by Marckie
 
 
version 3.125
Mon 04/23/2007  14:33:50.17
running from: "C:\Documents and Settings\Karen\Desktop"
 
 
--- File(s) found in Windows directory ---
 
--- File(s) found in system32 folder ---
 
--- Services ---
 
--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"

 

--- sharedtaskkey (1): 1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5 ---
no keys found  


--- sharedtaskkey (2): C7CF1142-0785-4B12-A280-B64681E4D45E ---
no keys found  
 
--- Notify key ---
 
 
--- rebooting the computer ---
 
 
--- File(s) found in Windows directory ---
 
--- File(s) found in system32 folder ---
 
--- Services ---
 
--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


 
--- Notify key ---
 
Finished!

6
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 22, 2007, 10:14:30 AM »
I think I posted everything you wanted, I really appreciate everything you've done, the computer is running so much better, and the spam blocker is GONE!!!!!!!  Thank you, thank you, thank you!!!

BTW, I just wanted to let you know that the only thing I couldn't get to run was the "cleanmgr". Not sure why but it just kept stopping.

Thanks again,
Karen

7
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 22, 2007, 10:11:19 AM »
Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdoky.exe"

»»»»» System restarted
 
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nlcalik"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "heymd"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif"  Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nlcalik"  Deleted
....
»»»»» Misc files.
C:\Documents and Settings\Karen\Application Data\kc.tmp Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\kilacln.exe Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

 

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdoky.ren 66176 05/11/2003

 

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140711823\\ee\\AOLSoftware.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /auto:TivoServer"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\System32\AUTOEXEC.NT  missing
»»»»» End report »»»»»

8
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 22, 2007, 10:09:52 AM »
Logfile of HijackThis v1.99.1
Scan saved at 11:09:29 AM, on 4/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

9
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 22, 2007, 10:08:04 AM »
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at: 7:44:46 PM 4/21/2007

 + Scan result:

 

C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\josh\games\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\32S3VHOT\mm[1].js -> Adware.Chitika : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\My Documents\WіnSxS\lѕass.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C7CF1142-0785-4B12-A280-B64681E4D45E} -> Adware.Generic : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070421-163051-418.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\SBTV\SBTVHelper.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\Cml.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbCoreSrv.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbHostIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbHostOL.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbOEAddOn.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbWeatherOnTray.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP458\A0194413.exe -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\WeatherOnTray.EXE -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Hotbar\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Hotbar\Hotbar\SF -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\WINDOWS\system32\g004ladq1d0e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195804.exe -> Adware.MaxFiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195856.exe -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070421-163051-861.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195875.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hlmjzo.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smss.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ymnqrmu.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\D4A159.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195883.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\D4A159.tmp/nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\D4A159.tmp/ssn6tuu.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Downloads\CruiseTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\DeepSeaTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\LemonadeTycoon2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\MallTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RCT2_TT-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\SeaWorldTycoon-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\SkateTycoon2004-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\PlugIns\RADIO -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070421-163052-765.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinHound.com -> Adware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound -> Adware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound\WinHound -> Adware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound\WinHound\License -> Adware.WinHound : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\nseE5.tmp\TagDLL.dll -> Adware.Yazzle : Error during cleaning.
C:\WINDOWS\Temp\nsx149.tmp\TagDLL.dll -> Adware.Yazzle : Error during cleaning.
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pndsregp.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swinoqez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintodv.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintodw.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintoea.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintoed.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintoem.exe -> Downloader.Agent.dz : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{826B2228-BC09-49F2-B5F8-42CE26B1B712} -> Downloader.Delf : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\1.dlb -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq1.exe -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Local Settings\Temp\tsinstall_4_0_3_7.exe -> Downloader.TSUpdate.i : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ookk\ookkd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\ICD1.tmp\UERSNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERSNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y15UBAH0\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Kids\Cookies\kids@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\ed@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\WINDOWS\Temp\Cookies\karen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\karen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\karen@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ed\Local Settings\Temp\amhjopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\dpiodcjd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\eaefjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\ephhcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\hbnjacjd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\hkgcjmnd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\hokgopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\iacfjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\iggkjmnd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\jiekopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\mgbaopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\nekeopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\nkalopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SBInst.exe -> Trojan.Holax.E : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wtstr.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

10
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 22, 2007, 10:06:05 AM »
Tried to post this yesterday but it wouldn't go through.

"Karen" - 07-04-21 19:53:11    Service Pack 1  
ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\Karen\Desktop\


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\newname.dat
C:\WINDOWS\system32\dlh9jkdq2.exe
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\Version.txt
C:\Program Files\inetget2\direct3.exe
C:\Program Files\windows\WinUpdate.fld
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\dinerdash.exe
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\powerups.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\maitred.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\table.png
C:\DOCUME~1\Karen\Desktop.\internet explorer.lnk
C:\DOCUME~1\Karen\Desktop\internet.lnk
C:\install.log
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\dialers
C:\Program Files\inetget2
C:\Program Files\windows
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~    Purity    ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\ASEMBL~1
C:\qoobox\purity\C\Program Files\FNTS~1
C:\qoobox\purity\C\Program Files\PPATCH~1
C:\qoobox\purity\C\Program Files\RACLE~1
C:\qoobox\purity\C\Program Files\SCURIT~1
C:\qoobox\purity\C\Program Files\SEMBLY~1
C:\qoobox\purity\C\Program Files\WNSXS~1
C:\qoobox\purity\C\Program Files\YSTEM3~1
C:\qoobox\purity\C\Program Files\Common Files\ASEMBL~1
C:\qoobox\purity\C\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\C\Program Files\Common Files\FNTS~1
C:\qoobox\purity\C\Program Files\Common Files\MCROSO~1.NET
C:\qoobox\purity\C\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\C\WINDOWS\ASKS~1
C:\qoobox\purity\C\WINDOWS\ICROSO~1
C:\qoobox\purity\C\WINDOWS\system32\DOBE~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\C\WINDOWS\system32\PPATCH~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1
C:\qoobox\purity\C\WINDOWS\system32\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\YMBOLS~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1\RACLE~1


(((((((((((((((((((((((((((((((   Files Created from 2007-03-21 to 2007-04-21  ))))))))))))))))))))))))))))))))))


2007-04-21 17:23 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-21 16:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-21 16:08 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-04-19 12:50 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\acccore
2007-04-19 12:40 <DIR> d-------- C:\Program Files\AIM6
2007-04-18 15:46 <DIR> d-------- C:\HJT
2007-04-18 14:09 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-18 01:13 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-17 23:12 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\SpamBlockerUtility_Icons
2007-04-17 23:04 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\MySpace
2007-04-17 23:04 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\AIMPro
2007-04-17 23:03 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\SpamBlockerUtility
2007-04-17 17:52 <DIR> d-------- C:\Program Files\SpamBlockerUtility
2007-04-17 17:52 <DIR> d-------- C:\Program Files\IE Protector And Tracks Eraser
2007-04-17 17:52 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\SpamBlockerUtility_Icons
2007-04-17 17:52 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\SpamBlockerUtility
2007-04-17 17:52 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\SpamBlocker
2007-04-16 09:27 4,636,672 --a------ C:\DOCUME~1\Karen\ntuser.dat
2007-04-03 13:00 <DIR> d-------- C:\Temp\HP_WebRelease
2007-04-02 20:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Incomplete
2007-03-31 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-03-31 17:42 <DIR> d-------- C:\DOCUME~1\Karen\AIMPro


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-21 16:08 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-04-21 16:08 -------- d-------- C:\Program Files\viewpoint
2007-04-20 11:36 -------- d-------- C:\Program Files\navnt
2007-04-20 11:35 -------- d-------- C:\Program Files\symantec
2007-04-18 18:49 1082 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-04-18 14:09 -------- d--h----- C:\Program Files\windowsupdate
2007-04-02 20:05 -------- d-------- C:\DOCUME~1\Karen\APPLIC~1\yahoo!
2007-04-01 16:31 -------- d-------- C:\DOCUME~1\Karen\APPLIC~1\viewpoint
2007-03-19 18:07 -------- d-------- C:\DOCUME~1\Karen\APPLIC~1\hp
2007-03-19 17:59 112886 --a------ C:\WINDOWS\hpoins07.dat
2007-02-27 09:57 184435 --a------ C:\WINDOWS\system32\swintodx.exe
2007-02-12 07:55 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140711823\\ee\\AOLSoftware.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /auto:TivoServer"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ookk"="C:\\Program Files\\Common Files\\ookk\\ookkm.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
   Source REG_SZ          C:\WINDOWS\warnhp.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages REG_MULTI_SZ    msv1_0
   Security Packages REG_MULTI_SZ    kerberosmsv1_0schannelwdigest
   Notification Packages REG_MULTI_SZ    scecli


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ    AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ    DnsCache
rpcss REG_MULTI_SZ    RpcSs
imgsvc REG_MULTI_SZ    StiSvc
termsvcs REG_MULTI_SZ    TermService

 


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070421-163055-787
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
backup-20070421-163054-495
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\winmp32.dll (file missing)
backup-20070421-163054-260
O17 - HKLM\System\CS1\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-676
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73DDBC4-CB7E-4E71-ACD3-58BDCFF97738}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-509
O17 - HKLM\System\CS2\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-537
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-287
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BB3FF3-E4E6-41B7-8195-F84A95ECA6B9}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-164
O17 - HKLM\System\CCS\Services\Tcpip\..\{788CC061-E4B5-4C76-B7B0-67AF4E439B8D}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-876
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-309
O17 - HKLM\System\CCS\Services\Tcpip\..\{35045A3F-19BD-4E4C-939A-582147EBEDB8}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-319
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB1C57D-5C46-4C09-9700-B7CF2241D8E3}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-339
O17 - HKLM\System\CCS\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-304
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
backup-20070421-163054-470
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
backup-20070421-163054-793
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
backup-20070421-163053-988
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
backup-20070421-163053-487
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins1.progressivedirect.com/ptt/cv/CVALAX.CAB
backup-20070421-163053-431
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
backup-20070421-163052-505
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
backup-20070421-163052-765
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c8.cab
backup-20070421-163052-215
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
backup-20070421-163052-884
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070421-163051-485
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20070421-163051-660
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swintodv.exe
backup-20070421-163051-169
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Karen\Local Settings\Temp\{A7FD5ADB-FEDF-4BF8-8AE9-C19C9C06BE71}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
backup-20070421-163051-977
O4 - Startup: PowerReg Scheduler V3.exe
backup-20070421-163051-409
O4 - HKCU\..\Run: [killall] control64.exe
backup-20070421-163051-915
O4 - HKCU\..\Run: [RtlFindVal] teqq32.exe
backup-20070421-163051-370
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
backup-20070421-163051-484
O4 - HKCU\..\Run: [nmdllw] trycrt.exe
backup-20070421-163051-101
O4 - HKCU\..\Run: [ookk] C:\PROGRA~1\COMMON~1\ookk\ookkm.exe
backup-20070421-163051-884
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
backup-20070421-163051-665
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
backup-20070421-163051-926
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
backup-20070421-163051-944
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
backup-20070421-163051-691
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
backup-20070421-163051-574
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swintodv.exe GID003
backup-20070421-163051-172
O4 - HKLM\..\Run: [dmgqq.exe] C:\WINDOWS\System32\dmgqq.exe
backup-20070421-163051-313
O4 - HKLM\..\Run: [JAguAr] srbho.exe
backup-20070421-163051-674
O4 - HKLM\..\Run: [DTOURS] xwiz.exe
backup-20070421-163051-453
O4 - HKLM\..\Run: [AppMasterCenter] TemplateDongle.exe
backup-20070421-163051-584
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
backup-20070421-163051-534
O4 - HKLM\..\Run: [fkh] C:\WINDOWS\fkh.exe
backup-20070421-163051-862
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
backup-20070421-163051-808
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
backup-20070421-163051-809
O4 - HKLM\..\Run: [SetupExeDll] _ctcp.exe
backup-20070421-163051-292
O4 - HKLM\..\Run: [links] links.exe
backup-20070421-163051-861
O2 - BHO: (no name) - {B4FABB59-2FEF-0C36-9584-7622518F7BC0} - C:\WINDOWS\System32\zoklp.dll
backup-20070421-163051-418
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
backup-20070421-163051-868
O2 - BHO: (no name) - {B0279FA8-5A4E-20E7-4493-21C0DC57019E} - C:\WINDOWS\System32\tonme.dll (file missing)
backup-20070421-163051-421
R3 - URLSearchHook: (no name) - {158F1EF3-E49C-F12E-505B-20F4F84588B7} - ___.dll (file missing)
backup-20070421-163051-220
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
backup-20070421-163051-785
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm
backup-20070421-163051-389
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070421-163051-644
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070421-163051-610
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070421-163051-599
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-21 20:03:44
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-21 20:05:00
C:\ComboFix-quarantined-files.txt ... 07-04-21 20:05

11
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 20, 2007, 11:32:22 AM »
I tried to uninstall Nortons but it wouldn't let me some kind of error, so I uninstalled AVG even though I like it better, anyways here is the log. Thanks for all your help.
Karen


INSTALLED SOFTWARE (235) - KING-3XHR54VMD0 - 4/20/2007 12:27:46 PM

1400 Ver: 50.0.206.000 Installed: 4/24/2006
1400_Help Ver: 50.0.206.000 Installed: 4/24/2006
1400Trb Ver: 50.0.206.000 Installed: 4/24/2006
3D Groove Playback Engine
Ad-Aware SE Personal Ver: 1.06
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 3/14/2004
Advanced Networking Pack for Windows XP
Advanced WMA Workshop version 2.2 Ver: 2.2
AIM 6
AiO_Scan Ver: 50.0.206.000 Installed: 4/24/2006
AiOSoftware Ver: 50.0.206.000 Installed: 4/24/2006
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update Ver: 1.0.2.1 Installed: 12/26/2006
ArcSoft PhotoStudio 5.5
ASPI Rip
ATI - Software Uninstall Utility Ver: 6.14.10.1014
ATI Catalyst Control Center Ver: 1.2.2217.17271 Installed: 2/17/2006
ATI Control Panel Ver: 6.14.10.5103
ATI Display Driver Ver: 8.221-060124a1-030152C-ATI
ATI DVD Decoder 2.2.0.0 Ver: 2.0.0.0 Installed: 4/24/2004
ATI HYDRAVISION Ver: 3.25.9006
ATI Multimedia Center 8.7.0.0 Ver: 8.7.0.0 Installed: 4/24/2004
Barbie® Super Sports(tm)
Battlefield Vietnam(tm)
Blue's Room
BufferChm Ver: 53.0.13.000 Installed: 4/23/2006
Canon CanoScan Toolbox 4.1
Carnival Cruise Lines Tycoon 2005 - Island Hopping
Cda Product Service - shared component
CloneCD
CP_AtenaShokunin1Config Ver: 53.0.13.000 Installed: 4/23/2006
CP_CalendarTemplates1 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Basic1 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Variety1 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Variety2 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Variety3 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Panorama1Config Ver: 53.0.13.000 Installed: 4/23/2006
CueTour Ver: 53.0.13.000 Installed: 4/23/2006
CustomerResearchQFolder Ver: 1.00.0000 Installed: 4/23/2006
DAO Ver: 3.5 Installed: 4/24/2004
DAO Ver: 3.5 Installed: 4/24/2004
DDD Pool Free Trial
Destinations Ver: 53.0.13.000 Installed: 4/23/2006
DeviceManagementQFolder Ver: 1.00.0000 Installed: 4/23/2006
Digimax Master Ver: 1.0.10 Installed: 12/27/2006
Disney's Toontown Online
DocProc Ver: 5.2.0.0 Installed: 4/23/2006
DocumentViewer Ver: 53.0.13.000 Installed: 4/23/2006
DocumentViewerQFolder Ver: 1.00.0000 Installed: 4/23/2006
DVDDec Ver: 2.0.0.0 Installed: 4/24/2004
Easy CD & DVD Creator 6 Ver: 6.0.0.171 Installed: 3/14/2004
Enhanced Ads by Think-Adz removal
EPSON Printer Software
eSupportQFolder Ver: 1.00.0000 Installed: 4/23/2006
Fax Ver: 50.0.206.000 Installed: 4/24/2006
Fisher-Price® - Toddler
Forethought
FullDPAppQFolder Ver: 1.00.0000 Installed: 4/23/2006
Google Toolbar for Internet Explorer
GSIM
HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 3/13/2004
HijackThis 1.99.1 Ver: 1.99.1
HP Document Viewer 5.3 Ver: 5.3
HP Extended Capabilities 5.3 Ver: 5.3
HP Image Zone 5.3 Ver: 5.3
HP Image Zone Express Ver: 1.5.1.29 Installed: 4/23/2006
HP Imaging Device Functions 5.3 Ver: 5.3
HP Make Photos Perform CD
HP PSC & OfficeJet 5.3.B
HP Software Update Ver: 3.0.5.001 Installed: 4/23/2006
HP Solution Center & Imaging Support Tools 5.3 Ver: 5.3
HPProductAssistant Ver: 53.0.13.000 Installed: 4/23/2006
IE Protector And Tracks Eraser 1.4
InstantShareDevices Ver: 53.0.13.000 Installed: 4/23/2006
Internet Explorer Exception pack
Internet Update
IpWins
iTunes Ver: 7.0.2.16 Installed: 12/26/2006
J2SE Runtime Environment 5.0 Update 8 Ver: 1.5.0.80 Installed: 12/29/2006
Jasc Paint Shop Pro 8 Ver: 8.10.0000 Installed: 3/16/2004
LimeWire 4.12.6 Ver: 4.12.6
LiveUpdate 1.7 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.78  
Macromedia Shockwave Player Ver: 10.1.0.11
Mall Of America Tycoon
MapSource Ver: 6.0
MapSource - Trip & Waypoint Manager v2 Ver: 2.00 Installed: 2/12/2005
MapSource - Trip & Waypoint Manager v2 Ver: 2.00 Installed: 2/12/2005
MarketResearch Ver: 53.0.13.000 Installed: 4/23/2006
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 3/13/2004
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium Ver: 9.00.2720 Installed: 3/14/2004
Microsoft Visual C++ 2005 Redistributable Ver: 8.0.50727.42 Installed: 7/6/2006
MMC87 Ver: 8.7.0.0 Installed: 4/24/2004
MySpaceIM
NewCopy Ver: 50.0.206.000 Installed: 4/24/2006
NVIDIA Display Driver
NVIDIA Logo Screensaver
PhotoGallery Ver: 53.0.13.000 Installed: 4/23/2006
Pivot Stickfigure Animator Ver: 2.2.5 Installed: 5/31/2006
PrintMaster Gold 4.00
ProductContext Ver: 50.0.206.000 Installed: 4/24/2006
Putt-Putt: Pep's Birthday Surprise Ver: 1 Installed: 11/28/2004
Putt-Putt: Pep's Birthday Surprise Ver: 1 Installed: 11/28/2004
Quicklinks
QuickTime Ver: 7.1.3.170 Installed: 12/26/2006
RandMap Ver: 53.0.13.000 Installed: 4/23/2006
Readme Ver: 50.0.206.000 Installed: 4/24/2006
RealPlayer
S500/S600 USB Driver
SanDisk ImageMate/SecureMate
Scan Ver: 5.2.0.0 Installed: 4/24/2006
ScannerCopy Ver: 5.2.0.0 Installed: 4/23/2006
SeaWorld Adventure Park Tycoon
Security Update for Windows Media Player (KB911564)  Installed: 8/27/2006
Security Update for Windows Media Player 9 (KB917734)  Installed: 8/27/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB899589) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB902400) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB904706)  Installed: 8/27/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB905495) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB914798) Ver: 2 Installed: 8/27/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 9/17/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 9/17/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/15/2006
Serif 3DPlus 2.0
Shockwave
Shrine Circus Tycoon
SkinsHP1 Ver: 53.0.13.000 Installed: 4/23/2006
SolutionCenter Ver: 50.0.152.000 Installed: 4/23/2006
Sonic_PrimoSDK Ver: 53.0.13.000 Installed: 4/23/2006
SpamBlockerUtility Browser, Weather and Wowpapers Tools
SpamBlockerUtility Email Toolbar
Status Ver: 53.0.13.000 Installed: 4/23/2006
Steam(tm) Ver: 1.0.0.0 Installed: 2/17/2006
Think-Adz Search Assistant removal
Time to Play Dollhouse
TrayApp Ver: 53.0.13.000 Installed: 4/23/2006
Unload Ver: 5.0.0 Installed: 4/23/2006
Unreal Tournament
Update for Windows XP (KB835409) Ver: 1 Installed: 8/27/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 3/12/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 8/27/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 8/27/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 8/27/2006
Viewpoint Media Player
WeatherBug Ver: v3.0
WebFldrs XP Ver: 9.50.6513 Installed: 3/13/2004
WebReg Ver: 53.0.13.000 Installed: 4/23/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series Ver: 9.00.2980 Installed: 4/24/2004
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix (SP2) [See KB810243 for more information]
Windows XP Hotfix (SP2) Q322011 Ver: 20021111.164241
Windows XP Hotfix (SP2) Q327979 Ver: 20021114.125755
Windows XP Hotfix (SP2) Q814995 Ver: 20030219.141525
Windows XP Hotfix (SP2) Q819696 Ver: 20030513.102848
Windows XP Hotfix - KB810217 Ver: 20030806.140405
Windows XP Hotfix - KB820291 Ver: 20030523.143400
Windows XP Hotfix - KB821253 Ver: 20030609.161053
Windows XP Hotfix - KB822603 Ver: 20030703.195209
Windows XP Hotfix - KB823182 Ver: 20030724.164017
Windows XP Hotfix - KB824105 Ver: 20030724.164839
Windows XP Hotfix - KB824141 Ver: 20030925.103600
Windows XP Hotfix - KB824146 Ver: 20030825.150526
Windows XP Hotfix - KB825119 Ver: 20030828.113916
Windows XP Hotfix - KB826939 Ver: 20030902.222348
Windows XP Hotfix - KB826942 Ver: 20031007.111255
Windows XP Hotfix - KB828028 Ver: 20030919.121052
Windows XP Hotfix - KB828035 Ver: 20031021.165228
Windows XP Hotfix - KB828741 Ver: 20040305.182309
Windows XP Hotfix - KB833987 Ver: 20040308.224628
Windows XP Hotfix - KB835732 Ver: 20040329.175541
Windows XP Hotfix - KB837001 Ver: 20040317.230926
Windows XP Hotfix - KB839645 Ver: 20040630.164542
Windows XP Hotfix - KB840315 Ver: 20040622.172631
Windows XP Hotfix - KB840374 Ver: 20040416.100205
Windows XP Hotfix - KB840987 Ver: 20040927.095912
Windows XP Hotfix - KB841356 Ver: 20040929.102221
Windows XP Hotfix - KB841533 Ver: 20040927.100142
Windows XP Hotfix - KB841873 Ver: 20040608.144346
Windows XP Hotfix - KB842773 Ver: 20040701.144218
Windows XP Hotfix - KB873339 Ver: 20041117.094106
Windows XP Hotfix - KB873376 Ver: 20040923.181029
Windows XP Hotfix - KB885835 Ver: 20041027.181751
Windows XP Hotfix - KB885836 Ver: 20041028.161024
Windows XP Hotfix - KB888302 Ver: 20041207.112156
Windows XP Hotfix - KB889293 Ver: 20041111.235619
Windows XP Hotfix - KB890859 Ver: 1 Installed: 8/27/2006
Windows XP Hotfix - KB891781 Ver: 20050110.171604
Windows XP Hotfix - KB892944 Ver: 1 Installed: 8/27/2006
Windows XP Hotfix - KB911567 Ver: 20060316.165634 Installed: 8/27/2006
Windows XP Hotfix - KB918439 Ver: 20060530.145346 Installed: 8/27/2006
Windows XP Hotfix - KB918899 Ver: 20060725.123917 Installed: 8/27/2006
Windows XP Hotfix - KB925486 Ver: 20060918.120000 Installed: 10/1/2006
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Toolbar

 

[indent][quote name=\'guestolo\' post=\'316364\' date=\'Apr 18 2007, 09:49 PM\']Hi Karen, can you do the following please, then we'll run some fixes on your computer
Decide which AntiVirus software you are happiest with, either Norton's or AVG
Uninstall one or the other, having more than one can cause conflicts and decrease system performance

Reboot after the removal of one or the other

Afterwards
Can you do the following
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

ALLOW this script to run if prompted by your AntiVirus[/quote]


[/indent]

12
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 18, 2007, 09:35:32 PM »
[quote name=\'Everlasting Death\' post=\'316331\' date=\'Apr 18 2007, 08:23 PM\']can u possibly describe more of the symptoms?[/quote]


I checks all my emails for "spam"
It puts its "ad" at the bottom of all my outgoing email.
It doesn't let me go to 80% of the sites I want it jumps me to different sites.
It gives me a tool bar and a weather service.

All junk that I don't want and can't get rid of. Plus its always running no matter what I do and I can't delete or uninstall it.

Hope that helps.
Karen

13
Tech Clinic / Spam Blocker Utility Please HELP!!
« on: April 18, 2007, 02:45:21 PM »
My kids did something and this is now downloaded into my computer. I can't get rid of it I can't delete or uninstall. I ran Nortons and then adaware and even AVG, they don't pick it up.

I am in need of some serious help or this computer is going to go out the window http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
I honestly don't know where to go from here.

Thanks,
Karen

Logfile of HijackThis v1.99.1
Scan saved at 3:51:38 PM, on 4/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Samsung\Digimax Master\DigimaxMaster.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {158F1EF3-E49C-F12E-505B-20F4F84588B7} - ___.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {B0279FA8-5A4E-20E7-4493-21C0DC57019E} - C:\WINDOWS\System32\tonme.dll (file missing)
O2 - BHO: (no name) - {B4FABB59-2FEF-0C36-9584-7622518F7BC0} - C:\WINDOWS\System32\zoklp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [fkh] C:\WINDOWS\fkh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SetupExeDll] _ctcp.exe
O4 - HKLM\..\Run: [AppMasterCenter] TemplateDongle.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [JAguAr] srbho.exe
O4 - HKLM\..\Run: [DTOURS] xwiz.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [dmgqq.exe] C:\WINDOWS\System32\dmgqq.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swintodv.exe GID003
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [{82-20-02-2B-ZN}] C:\windows\system32\nsdsregq.exe GID003
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [ookk] C:\PROGRA~1\COMMON~1\ookk\ookkm.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [nmdllw] trycrt.exe
O4 - HKCU\..\Run: [killall] control64.exe
O4 - HKCU\..\Run: [RtlFindVal] teqq32.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Karen\Local Settings\Temp\{A7FD5ADB-FEDF-4BF8-8AE9-C19C9C06BE71}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swintodv.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins1.progressivedirect.com/ptt/cv/CVALAX.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{35045A3F-19BD-4E4C-939A-582147EBEDB8}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB1C57D-5C46-4C09-9700-B7CF2241D8E3}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BB3FF3-E4E6-41B7-8195-F84A95ECA6B9}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{788CC061-E4B5-4C76-B7B0-67AF4E439B8D}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73DDBC4-CB7E-4E71-ACD3-58BDCFF97738}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\winmp32.dll (file missing)
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

Pages: [1]