Author Topic: Spam Blocker Utility Please HELP!! (Read 2069 times)

Karen · « **on:** April 18, 2007, 02:45:21 PM »

My kids did something and this is now downloaded into my computer. I can't get rid of it I can't delete or uninstall. I ran Nortons and then adaware and even AVG, they don't pick it up.

I am in need of some serious help or this computer is going to go out the window

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />
I honestly don't know where to go from here.

Thanks,
Karen

Logfile of HijackThis v1.99.1
Scan saved at 3:51:38 PM, on 4/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\aim6\anotify.exe
C:\Program Files\Samsung\Digimax Master\DigimaxMaster.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {158F1EF3-E49C-F12E-505B-20F4F84588B7} - ___.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {B0279FA8-5A4E-20E7-4493-21C0DC57019E} - C:\WINDOWS\System32\tonme.dll (file missing)
O2 - BHO: (no name) - {B4FABB59-2FEF-0C36-9584-7622518F7BC0} - C:\WINDOWS\System32\zoklp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [fkh] C:\WINDOWS\fkh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SetupExeDll] _ctcp.exe
O4 - HKLM\..\Run: [AppMasterCenter] TemplateDongle.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [JAguAr] srbho.exe
O4 - HKLM\..\Run: [DTOURS] xwiz.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [dmgqq.exe] C:\WINDOWS\System32\dmgqq.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swintodv.exe GID003
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [{82-20-02-2B-ZN}] C:\windows\system32\nsdsregq.exe GID003
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [ookk] C:\PROGRA~1\COMMON~1\ookk\ookkm.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [nmdllw] trycrt.exe
O4 - HKCU\..\Run: [killall] control64.exe
O4 - HKCU\..\Run: [RtlFindVal] teqq32.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Karen\Local Settings\Temp\{A7FD5ADB-FEDF-4BF8-8AE9-C19C9C06BE71}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swintodv.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins1.progressivedirect.com/ptt/cv/CVALAX.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{35045A3F-19BD-4E4C-939A-582147EBEDB8}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB1C57D-5C46-4C09-9700-B7CF2241D8E3}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BB3FF3-E4E6-41B7-8195-F84A95ECA6B9}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{788CC061-E4B5-4C76-B7B0-67AF4E439B8D}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73DDBC4-CB7E-4E71-ACD3-58BDCFF97738}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\winmp32.dll (file missing)
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

Everlasting Death · « **Reply #1 on:** April 18, 2007, 08:23:59 PM »

can u possibly describe more of the symptoms?

Karen · « **Reply #2 on:** April 18, 2007, 09:35:32 PM »

[quote name=\'Everlasting Death\' post=\'316331\' date=\'Apr 18 2007, 08:23 PM\']can u possibly describe more of the symptoms?[/quote]

I checks all my emails for "spam"
It puts its "ad" at the bottom of all my outgoing email.
It doesn't let me go to 80% of the sites I want it jumps me to different sites.
It gives me a tool bar and a weather service.

All junk that I don't want and can't get rid of. Plus its always running no matter what I do and I can't delete or uninstall it.

Hope that helps.
Karen

guestolo · « **Reply #3 on:** April 18, 2007, 09:49:33 PM »

Hi Karen, can you do the following please, then we'll run some fixes on your computer
Decide which AntiVirus software you are happiest with, either Norton's or AVG
Uninstall one or the other, having more than one can cause conflicts and decrease system performance

Reboot after the removal of one or the other

Afterwards
Can you do the following
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

ALLOW this script to run if prompted by your AntiVirus

Karen · « **Reply #4 on:** April 20, 2007, 11:32:22 AM »

I tried to uninstall Nortons but it wouldn't let me some kind of error, so I uninstalled AVG even though I like it better, anyways here is the log. Thanks for all your help.
Karen

INSTALLED SOFTWARE (235) - KING-3XHR54VMD0 - 4/20/2007 12:27:46 PM

1400 Ver: 50.0.206.000 Installed: 4/24/2006
1400_Help Ver: 50.0.206.000 Installed: 4/24/2006
1400Trb Ver: 50.0.206.000 Installed: 4/24/2006
3D Groove Playback Engine
Ad-Aware SE Personal Ver: 1.06
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX Ver: 9
Adobe Reader 6.0.1 Ver: 006.000.001 Installed: 3/14/2004
Advanced Networking Pack for Windows XP
Advanced WMA Workshop version 2.2 Ver: 2.2
AIM 6
AiO_Scan Ver: 50.0.206.000 Installed: 4/24/2006
AiOSoftware Ver: 50.0.206.000 Installed: 4/24/2006
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update Ver: 1.0.2.1 Installed: 12/26/2006
ArcSoft PhotoStudio 5.5
ASPI Rip
ATI - Software Uninstall Utility Ver: 6.14.10.1014
ATI Catalyst Control Center Ver: 1.2.2217.17271 Installed: 2/17/2006
ATI Control Panel Ver: 6.14.10.5103
ATI Display Driver Ver: 8.221-060124a1-030152C-ATI
ATI DVD Decoder 2.2.0.0 Ver: 2.0.0.0 Installed: 4/24/2004
ATI HYDRAVISION Ver: 3.25.9006
ATI Multimedia Center 8.7.0.0 Ver: 8.7.0.0 Installed: 4/24/2004
BarbieÂ® Super Sports(tm)
Battlefield Vietnam(tm)
Blue's Room
BufferChm Ver: 53.0.13.000 Installed: 4/23/2006
Canon CanoScan Toolbox 4.1
Carnival Cruise Lines Tycoon 2005 - Island Hopping
Cda Product Service - shared component
CloneCD
CP_AtenaShokunin1Config Ver: 53.0.13.000 Installed: 4/23/2006
CP_CalendarTemplates1 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Basic1 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Variety1 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Variety2 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Package_Variety3 Ver: 53.0.13.000 Installed: 4/23/2006
CP_Panorama1Config Ver: 53.0.13.000 Installed: 4/23/2006
CueTour Ver: 53.0.13.000 Installed: 4/23/2006
CustomerResearchQFolder Ver: 1.00.0000 Installed: 4/23/2006
DAO Ver: 3.5 Installed: 4/24/2004
DAO Ver: 3.5 Installed: 4/24/2004
DDD Pool Free Trial
Destinations Ver: 53.0.13.000 Installed: 4/23/2006
DeviceManagementQFolder Ver: 1.00.0000 Installed: 4/23/2006
Digimax Master Ver: 1.0.10 Installed: 12/27/2006
Disney's Toontown Online
DocProc Ver: 5.2.0.0 Installed: 4/23/2006
DocumentViewer Ver: 53.0.13.000 Installed: 4/23/2006
DocumentViewerQFolder Ver: 1.00.0000 Installed: 4/23/2006
DVDDec Ver: 2.0.0.0 Installed: 4/24/2004
Easy CD & DVD Creator 6 Ver: 6.0.0.171 Installed: 3/14/2004
Enhanced Ads by Think-Adz removal
EPSON Printer Software
eSupportQFolder Ver: 1.00.0000 Installed: 4/23/2006
Fax Ver: 50.0.206.000 Installed: 4/24/2006
Fisher-PriceÂ® - Toddler
Forethought
FullDPAppQFolder Ver: 1.00.0000 Installed: 4/23/2006
Google Toolbar for Internet Explorer
GSIM
HighMAT Extension to Microsoft Windows XP CD Writing Wizard Ver: 1.1.1905.1 Installed: 3/13/2004
HijackThis 1.99.1 Ver: 1.99.1
HP Document Viewer 5.3 Ver: 5.3
HP Extended Capabilities 5.3 Ver: 5.3
HP Image Zone 5.3 Ver: 5.3
HP Image Zone Express Ver: 1.5.1.29 Installed: 4/23/2006
HP Imaging Device Functions 5.3 Ver: 5.3
HP Make Photos Perform CD
HP PSC & OfficeJet 5.3.B
HP Software Update Ver: 3.0.5.001 Installed: 4/23/2006
HP Solution Center & Imaging Support Tools 5.3 Ver: 5.3
HPProductAssistant Ver: 53.0.13.000 Installed: 4/23/2006
IE Protector And Tracks Eraser 1.4
InstantShareDevices Ver: 53.0.13.000 Installed: 4/23/2006
Internet Explorer Exception pack
Internet Update
IpWins
iTunes Ver: 7.0.2.16 Installed: 12/26/2006
J2SE Runtime Environment 5.0 Update 8 Ver: 1.5.0.80 Installed: 12/29/2006
Jasc Paint Shop Pro 8 Ver: 8.10.0000 Installed: 3/16/2004
LimeWire 4.12.6 Ver: 4.12.6
LiveUpdate 1.7 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.78
Macromedia Shockwave Player Ver: 10.1.0.11
Mall Of America Tycoon
MapSource Ver: 6.0
MapSource - Trip & Waypoint Manager v2 Ver: 2.00 Installed: 2/12/2005
MapSource - Trip & Waypoint Manager v2 Ver: 2.00 Installed: 2/12/2005
MarketResearch Ver: 53.0.13.000 Installed: 4/23/2006
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 3/13/2004
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium Ver: 9.00.2720 Installed: 3/14/2004
Microsoft Visual C++ 2005 Redistributable Ver: 8.0.50727.42 Installed: 7/6/2006
MMC87 Ver: 8.7.0.0 Installed: 4/24/2004
MySpaceIM
NewCopy Ver: 50.0.206.000 Installed: 4/24/2006
NVIDIA Display Driver
NVIDIA Logo Screensaver
PhotoGallery Ver: 53.0.13.000 Installed: 4/23/2006
Pivot Stickfigure Animator Ver: 2.2.5 Installed: 5/31/2006
PrintMaster Gold 4.00
ProductContext Ver: 50.0.206.000 Installed: 4/24/2006
Putt-Putt: Pep's Birthday Surprise Ver: 1 Installed: 11/28/2004
Putt-Putt: Pep's Birthday Surprise Ver: 1 Installed: 11/28/2004
Quicklinks
QuickTime Ver: 7.1.3.170 Installed: 12/26/2006
RandMap Ver: 53.0.13.000 Installed: 4/23/2006
Readme Ver: 50.0.206.000 Installed: 4/24/2006
RealPlayer
S500/S600 USB Driver
SanDisk ImageMate/SecureMate
Scan Ver: 5.2.0.0 Installed: 4/24/2006
ScannerCopy Ver: 5.2.0.0 Installed: 4/23/2006
SeaWorld Adventure Park Tycoon
Security Update for Windows Media Player (KB911564) Installed: 8/27/2006
Security Update for Windows Media Player 9 (KB917734) Installed: 8/27/2006
Security Update for Windows XP (KB890046) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB893756) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896358) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896423) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896424) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB896428) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB899587) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB899589) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB899591) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB900725) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB901017) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB901214) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB902400) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB904706) Installed: 8/27/2006
Security Update for Windows XP (KB905414) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB905495) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB905749) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB908519) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB911562) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB911927) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB912919) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB913580) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB914388) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB914389) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB914798) Ver: 2 Installed: 8/27/2006
Security Update for Windows XP (KB917159) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB917344) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB917422) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB917953) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB919007) Ver: 1 Installed: 9/17/2006
Security Update for Windows XP (KB920670) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB920683) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB920685) Ver: 1 Installed: 9/17/2006
Security Update for Windows XP (KB921398) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB921883) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB922616) Ver: 1 Installed: 8/27/2006
Security Update for Windows XP (KB922819) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB923191) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB923414) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB924191) Ver: 1 Installed: 10/15/2006
Security Update for Windows XP (KB924496) Ver: 1 Installed: 10/15/2006
Serif 3DPlus 2.0
Shockwave
Shrine Circus Tycoon
SkinsHP1 Ver: 53.0.13.000 Installed: 4/23/2006
SolutionCenter Ver: 50.0.152.000 Installed: 4/23/2006
Sonic_PrimoSDK Ver: 53.0.13.000 Installed: 4/23/2006
SpamBlockerUtility Browser, Weather and Wowpapers Tools
SpamBlockerUtility Email Toolbar
Status Ver: 53.0.13.000 Installed: 4/23/2006
Steam(tm) Ver: 1.0.0.0 Installed: 2/17/2006
Think-Adz Search Assistant removal
Time to Play Dollhouse
TrayApp Ver: 53.0.13.000 Installed: 4/23/2006
Unload Ver: 5.0.0 Installed: 4/23/2006
Unreal Tournament
Update for Windows XP (KB835409) Ver: 1 Installed: 8/27/2006
Update for Windows XP (KB898461) Ver: 1 Installed: 3/12/2006
Update for Windows XP (KB908531) Ver: 2 Installed: 8/27/2006
Update for Windows XP (KB910437) Ver: 1 Installed: 8/27/2006
Update for Windows XP (KB911280) Ver: 2 Installed: 8/27/2006
Viewpoint Media Player
WeatherBug Ver: v3.0
WebFldrs XP Ver: 9.50.6513 Installed: 3/13/2004
WebReg Ver: 53.0.13.000 Installed: 4/23/2006
Windows Installer 3.1 (KB893803) Ver: 3.1
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series Ver: 9.00.2980 Installed: 4/24/2004
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix (SP2) [See KB810243 for more information]
Windows XP Hotfix (SP2) Q322011 Ver: 20021111.164241
Windows XP Hotfix (SP2) Q327979 Ver: 20021114.125755
Windows XP Hotfix (SP2) Q814995 Ver: 20030219.141525
Windows XP Hotfix (SP2) Q819696 Ver: 20030513.102848
Windows XP Hotfix - KB810217 Ver: 20030806.140405
Windows XP Hotfix - KB820291 Ver: 20030523.143400
Windows XP Hotfix - KB821253 Ver: 20030609.161053
Windows XP Hotfix - KB822603 Ver: 20030703.195209
Windows XP Hotfix - KB823182 Ver: 20030724.164017
Windows XP Hotfix - KB824105 Ver: 20030724.164839
Windows XP Hotfix - KB824141 Ver: 20030925.103600
Windows XP Hotfix - KB824146 Ver: 20030825.150526
Windows XP Hotfix - KB825119 Ver: 20030828.113916
Windows XP Hotfix - KB826939 Ver: 20030902.222348
Windows XP Hotfix - KB826942 Ver: 20031007.111255
Windows XP Hotfix - KB828028 Ver: 20030919.121052
Windows XP Hotfix - KB828035 Ver: 20031021.165228
Windows XP Hotfix - KB828741 Ver: 20040305.182309
Windows XP Hotfix - KB833987 Ver: 20040308.224628
Windows XP Hotfix - KB835732 Ver: 20040329.175541
Windows XP Hotfix - KB837001 Ver: 20040317.230926
Windows XP Hotfix - KB839645 Ver: 20040630.164542
Windows XP Hotfix - KB840315 Ver: 20040622.172631
Windows XP Hotfix - KB840374 Ver: 20040416.100205
Windows XP Hotfix - KB840987 Ver: 20040927.095912
Windows XP Hotfix - KB841356 Ver: 20040929.102221
Windows XP Hotfix - KB841533 Ver: 20040927.100142
Windows XP Hotfix - KB841873 Ver: 20040608.144346
Windows XP Hotfix - KB842773 Ver: 20040701.144218
Windows XP Hotfix - KB873339 Ver: 20041117.094106
Windows XP Hotfix - KB873376 Ver: 20040923.181029
Windows XP Hotfix - KB885835 Ver: 20041027.181751
Windows XP Hotfix - KB885836 Ver: 20041028.161024
Windows XP Hotfix - KB888302 Ver: 20041207.112156
Windows XP Hotfix - KB889293 Ver: 20041111.235619
Windows XP Hotfix - KB890859 Ver: 1 Installed: 8/27/2006
Windows XP Hotfix - KB891781 Ver: 20050110.171604
Windows XP Hotfix - KB892944 Ver: 1 Installed: 8/27/2006
Windows XP Hotfix - KB911567 Ver: 20060316.165634 Installed: 8/27/2006
Windows XP Hotfix - KB918439 Ver: 20060530.145346 Installed: 8/27/2006
Windows XP Hotfix - KB918899 Ver: 20060725.123917 Installed: 8/27/2006
Windows XP Hotfix - KB925486 Ver: 20060918.120000 Installed: 10/1/2006
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Toolbar

[indent][quote name=\'guestolo\' post=\'316364\' date=\'Apr 18 2007, 09:49 PM\']Hi Karen, can you do the following please, then we'll run some fixes on your computer
Decide which AntiVirus software you are happiest with, either Norton's or AVG
Uninstall one or the other, having more than one can cause conflicts and decrease system performance

Reboot after the removal of one or the other

Afterwards
Can you do the following
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents

ALLOW this script to run if prompted by your AntiVirus[/quote]

[/indent]

guestolo · « **Reply #5 on:** April 20, 2007, 12:17:24 PM »

Hi again Karen

Quote

I tried to uninstall Nortons but it wouldn't let me some kind of error, so I uninstalled AVG even though I like it better

We'll work out the issues with Norton's later, and get you back AVG AV later also

But for now, can you do the following please
I suggest that you print the below instructions or save them to a text file on desktop

Can you do the following
Close down all browser windows
Access your add/remove programs via control panel and remove(uninstall) all the following
IF you can't remove something, carry on, we'll deal with it later

Let's remove your older version of Java, it is out of date and vulnerable to malware
J2SE Runtime Environment 5.0 Update 8

Still in Add/remove, try and remove all the following
Enhanced Ads by Think-Adz removal
Think-Adz Search Assistant removal
Forethought
GSIM
Internet Update
IpWins
Quicklinks
SpamBlockerUtility Browser, Weather and Wowpapers Tools
SpamBlockerUtility Email Toolbar
Viewpoint Media Player
WeatherBug

Reboot the computer after the removal of ANY of the above

Continue with the following instructions
Back in Windows

Download FixwareOut from one of the following sites:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe
Save it too desktop, we'll need it later

Do a "System scan only" with Hijackthis and put a check next to these entries:
Not all may be found, but tick ONLY the ones below if found

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {158F1EF3-E49C-F12E-505B-20F4F84588B7} - ___.dll (file missing)

O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll

O2 - BHO: (no name) - {B0279FA8-5A4E-20E7-4493-21C0DC57019E} - C:\WINDOWS\System32\tonme.dll (file missing)
O2 - BHO: (no name) - {B4FABB59-2FEF-0C36-9584-7622518F7BC0} - C:\WINDOWS\System32\zoklp.dll

O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [fkh] C:\WINDOWS\fkh.exe

O4 - HKLM\..\Run: [SetupExeDll] _ctcp.exe
O4 - HKLM\..\Run: [AppMasterCenter] TemplateDongle.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [JAguAr] srbho.exe
O4 - HKLM\..\Run: [DTOURS] xwiz.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [dmgqq.exe] C:\WINDOWS\System32\dmgqq.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swintodv.exe GID003
O4 - HKLM\..\Run: [{82-20-02-2B-ZN}] C:\windows\system32\nsdsregq.exe GID003

O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [ookk] C:\PROGRA~1\COMMON~1\ookk\ookkm.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - HKCU\..\Run: [nmdllw] trycrt.exe
O4 - HKCU\..\Run: [killall] control64.exe
O4 - HKCU\..\Run: [RtlFindVal] teqq32.exe

O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Karen\Local Settings\Temp\{A7FD5ADB-FEDF-4BF8-8AE9-C19C9C06BE71}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swintodv.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins1.progressivedirect.com/ptt/cv/CVALAX.CAB

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{35045A3F-19BD-4E4C-939A-582147EBEDB8}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB1C57D-5C46-4C09-9700-B7CF2241D8E3}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BB3FF3-E4E6-41B7-8195-F84A95ECA6B9}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{788CC061-E4B5-4C76-B7B0-67AF4E439B8D}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73DDBC4-CB7E-4E71-ACD3-58BDCFF97738}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\winmp32.dll (file missing)
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Double click on FixWareout.exe
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads, it will open a textfile. Save that log, because I need it later.

Note: [color=\"#FF0000\"]ONLY[/color] if you have connection problems after performing above steps - go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

==Download [color=\"#FF0000\"]AVG Anti-Spyware 7.5[/color] (Ewido)
This is a completely different program than it's Anti-Virus software, so there won't be any conflicts

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected

CLOSE AVG-Antispyware for now, as we will need it later
An AVG icon will be placed in your system tray next to your clock, can you right on it and uncheck
"Resident Shield" , "Automatic updates" and "Start with Windows"

Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

* Clean your Cache and Cookies in IE:

Go to Control Panel > Internet Options > General tab
Click the "Delete Cookies" button
Next to it, Click the "Delete Files" button
When prompted, place a check in: "Delete all offline content", click OK
Select the Programs tab >>Click "Reset Web Settings">>Allow to reset homepage if prompted

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

Go to Tools > Options.
Click Privacy in the menu on the left side of the Options window.
Click the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to close the Options window

Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bin

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Load AVG Anti-Spyware 7.5

Click on the Scanner tab at the top
Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I will need to see this log later

Restart the computer back to Normal windows

One more tool
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

I need to see back here all the following

1. Post the log from Combofix
2. Post the report you saved earlier from AVG-Antispyware
3. Post a fresh hijackthis log
4. Post the report from Fixwareout

If it takes more than one reply to post all the info, please do so, don't quote me as it will take up needed space

Karen · « **Reply #6 on:** April 22, 2007, 10:06:05 AM »

Tried to post this yesterday but it wouldn't go through.

"Karen" - 07-04-21 19:53:11 Service Pack 1
ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\Karen\Desktop\

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\newname.dat
C:\WINDOWS\system32\dlh9jkdq2.exe
C:\WINDOWS\system32\dlh9jkdq8.exe
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\Version.txt
C:\Program Files\inetget2\direct3.exe
C:\Program Files\windows\WinUpdate.fld
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\dinerdash.exe
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\playfirst_logo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\cup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\customer_cup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\heart.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\plates.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\accessories\tray.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\credits.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\help1.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\help2.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\highscores.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelover.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\levelover_mask.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\popup_mask.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\upgradegrid.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\upgradetitle.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\backgrounds\upsell.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowleft_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowright_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\arrowright_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backchalk.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backchalkup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backtomenu_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\back_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\back_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\cancel.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\cancelup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\career.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\career_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\close.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\closeup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\continue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\continueover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\credits_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\credits_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\download_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\download_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\easy.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\easy_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\endlessshift.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\endlessshift_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\hard.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\hard_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\help.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\help_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\highscores.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\highscores_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\instructions_blue.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\instructions_yellow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\letsplay.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\letsplayover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\medium.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\medium_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\moreinfo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\moreinfoup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\off.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\off_on.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\on.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\on_on.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\pause.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\pauseover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quit.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quitgame.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quitgameover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\quitover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\resumegame.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\resumegameover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\submit.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\submitup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\tryagain.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\tryagainover.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewglobal.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewglobalup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewhighscore.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewhighscoreon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewlocal.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\buttons\viewlocalup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\comics\webcomic.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\career.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\customer.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\endless.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\global.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\config\powerups.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cook\cook.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cook\cook.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\green\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\red\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\blue\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\green\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\green\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\purple\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\red\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\red\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\idle.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\lower.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\flo\upper.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\fonts\arial.mvec
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\fonts\komikaaxis.mvec
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\chair.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\dishcart.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\drinkstation_off.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\drinkstation_on1.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\drinkstation_on2.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\furniture\ticketstation.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowdown.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowdownon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowleft.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowlefton.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowright.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowrighton.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\arrowupon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\textedit.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\hiscore\title.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\first_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\layouts\second_level_diner.txt
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\background.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food1.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food2.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food3.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\chooseplayer.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\chooserestaurant.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\credits.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\gothighscore.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\help.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\tutorialintro.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\webcomic.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\splash\gamelabsplash.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\angersmoke.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\chairflags.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\clock.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\closingtime.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\coinflip.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\expertscore.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\foodpoof.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\fork_timer.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\goalcompleted.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\heartgrow.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\jar.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\level.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\level_career.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\score.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\sound.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\staroff.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\staron.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tablenumber.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tablenumberup.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\tutorial_character.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgradeanim.xml
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\doodles\coffee.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\doodles\tables.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\doodles\wallpaper.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\drinks.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\maitred.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\oven.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\select.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\shoes.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\stereo.png
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92\assets\ui\upgrades\table.png
C:\DOCUME~1\Karen\Desktop.\internet explorer.lnk
C:\DOCUME~1\Karen\Desktop\internet.lnk
C:\install.log
C:\Program Files\Common Files\inetget
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Program Files\dialers
C:\Program Files\inetget2
C:\Program Files\windows
C:\WINDOWS\DOWNLO~1.\DDSonic.1.0.0.92
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\ASEMBL~1
C:\qoobox\purity\C\Program Files\FNTS~1
C:\qoobox\purity\C\Program Files\PPATCH~1
C:\qoobox\purity\C\Program Files\RACLE~1
C:\qoobox\purity\C\Program Files\SCURIT~1
C:\qoobox\purity\C\Program Files\SEMBLY~1
C:\qoobox\purity\C\Program Files\WNSXS~1
C:\qoobox\purity\C\Program Files\YSTEM3~1
C:\qoobox\purity\C\Program Files\Common Files\ASEMBL~1
C:\qoobox\purity\C\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\C\Program Files\Common Files\FNTS~1
C:\qoobox\purity\C\Program Files\Common Files\MCROSO~1.NET
C:\qoobox\purity\C\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\C\WINDOWS\ASKS~1
C:\qoobox\purity\C\WINDOWS\ICROSO~1
C:\qoobox\purity\C\WINDOWS\system32\DOBE~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1
C:\qoobox\purity\C\WINDOWS\system32\MCROSO~1.NET
C:\qoobox\purity\C\WINDOWS\system32\PPATCH~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1
C:\qoobox\purity\C\WINDOWS\system32\SCURIT~1
C:\qoobox\purity\C\WINDOWS\system32\YMBOLS~1
C:\qoobox\purity\C\WINDOWS\system32\RACLE~1\RACLE~1

((((((((((((((((((((((((((((((( Files Created from 2007-03-21 to 2007-04-21 ))))))))))))))))))))))))))))))))))

2007-04-21 17:23 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-04-21 16:48 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-21 16:08 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-04-19 12:50 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\acccore
2007-04-19 12:40 <DIR> d-------- C:\Program Files\AIM6
2007-04-18 15:46 <DIR> d-------- C:\HJT
2007-04-18 14:09 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-18 01:13 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-17 23:12 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\SpamBlockerUtility_Icons
2007-04-17 23:04 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\MySpace
2007-04-17 23:04 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\AIMPro
2007-04-17 23:03 <DIR> d-------- C:\DOCUME~1\Ed\APPLIC~1\SpamBlockerUtility
2007-04-17 17:52 <DIR> d-------- C:\Program Files\SpamBlockerUtility
2007-04-17 17:52 <DIR> d-------- C:\Program Files\IE Protector And Tracks Eraser
2007-04-17 17:52 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\SpamBlockerUtility_Icons
2007-04-17 17:52 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\SpamBlockerUtility
2007-04-17 17:52 <DIR> d-------- C:\DOCUME~1\Karen\APPLIC~1\SpamBlocker
2007-04-16 09:27 4,636,672 --a------ C:\DOCUME~1\Karen\ntuser.dat
2007-04-03 13:00 <DIR> d-------- C:\Temp\HP_WebRelease
2007-04-02 20:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Incomplete
2007-03-31 17:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
2007-03-31 17:42 <DIR> d-------- C:\DOCUME~1\Karen\AIMPro

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-21 16:08 2560 --a------ C:\WINDOWS\_msrstrt.exe
2007-04-21 16:08 -------- d-------- C:\Program Files\viewpoint
2007-04-20 11:36 -------- d-------- C:\Program Files\navnt
2007-04-20 11:35 -------- d-------- C:\Program Files\symantec
2007-04-18 18:49 1082 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-04-18 14:09 -------- d--h----- C:\Program Files\windowsupdate
2007-04-02 20:05 -------- d-------- C:\DOCUME~1\Karen\APPLIC~1\yahoo!
2007-04-01 16:31 -------- d-------- C:\DOCUME~1\Karen\APPLIC~1\viewpoint
2007-03-19 18:07 -------- d-------- C:\DOCUME~1\Karen\APPLIC~1\hp
2007-03-19 17:59 112886 --a------ C:\WINDOWS\hpoins07.dat
2007-02-27 09:57 184435 --a------ C:\WINDOWS\system32\swintodx.exe
2007-02-12 07:55 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140711823\\ee\\AOLSoftware.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /auto:TivoServer"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ookk"="C:\\Program Files\\Common Files\\ookk\\ookkm.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
Source REG_SZ C:\WINDOWS\warnhp.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest
Notification Packages REG_MULTI_SZ scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070421-163055-787
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
backup-20070421-163054-495
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\winmp32.dll (file missing)
backup-20070421-163054-260
O17 - HKLM\System\CS1\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-676
O17 - HKLM\System\CCS\Services\Tcpip\..\{B73DDBC4-CB7E-4E71-ACD3-58BDCFF97738}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-509
O17 - HKLM\System\CS2\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-537
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-287
O17 - HKLM\System\CCS\Services\Tcpip\..\{66BB3FF3-E4E6-41B7-8195-F84A95ECA6B9}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-164
O17 - HKLM\System\CCS\Services\Tcpip\..\{788CC061-E4B5-4C76-B7B0-67AF4E439B8D}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-876
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-309
O17 - HKLM\System\CCS\Services\Tcpip\..\{35045A3F-19BD-4E4C-939A-582147EBEDB8}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-319
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FB1C57D-5C46-4C09-9700-B7CF2241D8E3}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-339
O17 - HKLM\System\CCS\Services\Tcpip\..\{0025578F-2414-49C8-84A8-C5144345F71B}: NameServer = 85.255.116.89,85.255.112.204
backup-20070421-163054-304
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://locator1.cdn.imagesrvr.com/sites/wi...nnerInstall.cab
backup-20070421-163054-470
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
backup-20070421-163054-793
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
backup-20070421-163053-988
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1112
backup-20070421-163053-487
O16 - DPF: {5EB6A98B-F75B-4AC7-821D-BAD2C29D18C2} (CVALAXObj Class) - https://autoins1.progressivedirect.com/ptt/cv/CVALAX.CAB
backup-20070421-163053-431
O16 - DPF: {2A510DC8-C9B5-4269-B9BA-E5B04D47D981} (CPlayFirstDDSonicControl Object) - http://www.shockwave.com/content/dinerdash...ic.1.0.0.92.cab
backup-20070421-163052-505
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...tup1.0.0.15.cab
backup-20070421-163052-765
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c8.cab
backup-20070421-163052-215
O16 - DPF: {03A0F84E-3E69-4B3E-B4D3-019CB73B57B3} - http://www3.authentium.com/cssrelease/bin/WizMain.exe
backup-20070421-163052-884
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20070421-163051-485
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20070421-163051-660
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\swintodv.exe
backup-20070421-163051-169
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Karen\Local Settings\Temp\{A7FD5ADB-FEDF-4BF8-8AE9-C19C9C06BE71}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
backup-20070421-163051-977
O4 - Startup: PowerReg Scheduler V3.exe
backup-20070421-163051-409
O4 - HKCU\..\Run: [killall] control64.exe
backup-20070421-163051-915
O4 - HKCU\..\Run: [RtlFindVal] teqq32.exe
backup-20070421-163051-370
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
backup-20070421-163051-484
O4 - HKCU\..\Run: [nmdllw] trycrt.exe
backup-20070421-163051-101
O4 - HKCU\..\Run: [ookk] C:\PROGRA~1\COMMON~1\ookk\ookkm.exe
backup-20070421-163051-884
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\484~1.0\SBInst.exe
backup-20070421-163051-665
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbOEAddOn.exe
backup-20070421-163051-926
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbWeatherOnTray.exe
backup-20070421-163051-944
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20070421-163051-691
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
backup-20070421-163051-574
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\swintodv.exe GID003
backup-20070421-163051-172
O4 - HKLM\..\Run: [dmgqq.exe] C:\WINDOWS\System32\dmgqq.exe
backup-20070421-163051-313
O4 - HKLM\..\Run: [JAguAr] srbho.exe
backup-20070421-163051-674
O4 - HKLM\..\Run: [DTOURS] xwiz.exe
backup-20070421-163051-453
O4 - HKLM\..\Run: [AppMasterCenter] TemplateDongle.exe
backup-20070421-163051-584
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
backup-20070421-163051-534
O4 - HKLM\..\Run: [fkh] C:\WINDOWS\fkh.exe
backup-20070421-163051-862
O3 - Toolbar: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
backup-20070421-163051-808
O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
backup-20070421-163051-809
O4 - HKLM\..\Run: [SetupExeDll] _ctcp.exe
backup-20070421-163051-292
O4 - HKLM\..\Run: [links] links.exe
backup-20070421-163051-861
O2 - BHO: (no name) - {B4FABB59-2FEF-0C36-9584-7622518F7BC0} - C:\WINDOWS\System32\zoklp.dll
backup-20070421-163051-418
O2 - BHO: SpamBlockerUtility - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SbHostIE.dll
backup-20070421-163051-868
O2 - BHO: (no name) - {B0279FA8-5A4E-20E7-4493-21C0DC57019E} - C:\WINDOWS\System32\tonme.dll (file missing)
backup-20070421-163051-421
R3 - URLSearchHook: (no name) - {158F1EF3-E49C-F12E-505B-20F4F84588B7} - ___.dll (file missing)
backup-20070421-163051-220
O2 - BHO: (no name) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - (no file)
backup-20070421-163051-785
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm
backup-20070421-163051-389
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070421-163051-644
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070421-163051-610
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
backup-20070421-163051-599
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-21 20:03:44
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-21 20:05:00
C:\ComboFix-quarantined-files.txt ... 07-04-21 20:05

Karen · « **Reply #7 on:** April 22, 2007, 10:08:04 AM »

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:44:46 PM 4/21/2007

+ Scan result:

C:\Program Files\SpamBlockerUtility\SBTV\SBTV.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\SBTV\uninstaller.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\josh\games\kazaa_setup.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temporary Internet Files\Content.IE5\32S3VHOT\mm[1].js -> Adware.Chitika : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\My Documents\WÑ–nSxS\lÑ•ass.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C7CF1142-0785-4B12-A280-B64681E4D45E} -> Adware.Generic : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070421-163051-418.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\SBTV\SBTVHelper.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\Cml.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbCoreSrv.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbHostIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbHostOL.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbOEAddOn.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SbWeatherOnTray.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP458\A0194413.exe -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\WeatherOnTray.EXE -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Hotbar\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Hotbar\Hotbar\SF -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\WINDOWS\system32\g004ladq1d0e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195804.exe -> Adware.MaxFiles : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195856.exe -> Adware.Minibug : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070421-163051-861.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195875.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hlmjzo.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smss.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ymnqrmu.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\D4A159.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\jokesearch.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\pranks.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smiley.bmp -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\buttons\smileyxp.png -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch\JokeSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\JokeSearch\JokeSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks\PranksOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Pranks\PranksOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\Options -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalSearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\OriginalURLSearchHooks -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Starware\SearchAssistant -> Adware.Starware : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{E7902608-37A7-423C-835E-F401C5D8FAFF}\RP463\A0195883.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\D4A159.tmp/nr1rnqm8.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\D4A159.tmp/ssn6tuu.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Downloads\CruiseTycoonSetup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\DeepSeaTycoon_Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\LemonadeTycoon2Setup-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\MallTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RCT2_TT-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\SeaWorldTycoon-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Downloads\SkateTycoon2004-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\PlugIns\RADIO -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1960408961-1563985344-1708537768-1006\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\HJT\backups\backup-20070421-163052-765.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WinHound.com -> Adware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound -> Adware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound\WinHound -> Adware.WinHound : Error during cleaning.
HKLM\SOFTWARE\WinHound.com\WinHound\WinHound\License -> Adware.WinHound : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\nseE5.tmp\TagDLL.dll -> Adware.Yazzle : Error during cleaning.
C:\WINDOWS\Temp\nsx149.tmp\TagDLL.dll -> Adware.Yazzle : Error during cleaning.
C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pndsregp.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swinoqez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintodv.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintodw.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintoea.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintoed.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\system32\swintoem.exe -> Downloader.Agent.dz : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{826B2228-BC09-49F2-B5F8-42CE26B1B712} -> Downloader.Delf : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\1.dlb -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dlh9jkdq1.exe -> Downloader.Tibs.hh : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Local Settings\Temp\tsinstall_4_0_3_7.exe -> Downloader.TSUpdate.i : Cleaned with backup (quarantined).
C:\Program Files\Common Files\ookk\ookkd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\ICD1.tmp\UERSNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UERSNetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.d : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56M0311NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Karen\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y15UBAH0\WinAntiVirusPro2006ScannerInstall[1].cab/UWA6P_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup (quarantined).
C:\Documents and Settings\Kids\Cookies\kids@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@bestoffersnetworks[2].txt -> TrackingCookie.Bestoffersnetworks : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\ed@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\WINDOWS\Temp\Cookies\karen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@cliks[2].txt -> TrackingCookie.Cliks : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\karen@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\karen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Ed\Cookies\ed@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Ed\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Ed\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Ed\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Karen\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kids\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Kids\Cookies\kids@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\karen@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Ed\Local Settings\Temp\amhjopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\dpiodcjd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\eaefjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\ephhcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\hbnjacjd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\hkgcjmnd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\hokgopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\iacfjpmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\iggkjmnd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\jiekopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\mgbaopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\nekeopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Documents and Settings\Ed\Local Settings\Temp\nkalopmd.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\bin\4.8.4.0\SBInst.exe -> Trojan.Holax.E : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wtstr.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

Karen · « **Reply #8 on:** April 22, 2007, 10:09:52 AM »

Logfile of HijackThis v1.99.1
Scan saved at 11:09:29 AM, on 4/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O23 - Service: Windows Alerter (ALT) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

Karen · « **Reply #9 on:** April 22, 2007, 10:11:19 AM »

Fixwareout Last edited 4/5/2007
Post this report in the forums please
...
Â»Â»Â»Â»Â»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdoky.exe"

Â»Â»Â»Â»Â» System restarted

Â»Â»Â»Â»Â» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "nlcalik" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ruins "heymd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nlcalik" Deleted
....
Â»Â»Â»Â»Â» Misc files.
C:\Documents and Settings\Karen\Application Data\kc.tmp Deleted
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\kilacln.exe Deleted
....
Â»Â»Â»Â»Â» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

Â»Â»Â»Â»Â» Other
C:\WINDOWS\Temp\kdoky.ren 66176 05/11/2003

Â»Â»Â»Â»Â» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe /install"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140711823\\ee\\AOLSoftware.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TivoServer"="\"C:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe\" /service /auto:TivoServer"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\System32\AUTOEXEC.NT missing
Â»Â»Â»Â»Â» End report Â»Â»Â»Â»Â»

Karen · « **Reply #10 on:** April 22, 2007, 10:14:30 AM »

I think I posted everything you wanted, I really appreciate everything you've done, the computer is running so much better, and the spam blocker is GONE!!!!!!! Thank you, thank you, thank you!!!

BTW, I just wanted to let you know that the only thing I couldn't get to run was the "cleanmgr". Not sure why but it just kept stopping.

Thanks again,
Karen

guestolo · « **Reply #11 on:** April 22, 2007, 02:27:31 PM »

We still have a bit more work to do
I would like to run some more tools on your computer to ensure you are clean please
Again, i would print these instructions or save them too a text file

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Next:
Download some small tools please
Download [color=\"red\"]SDFix[/color] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Navigate to the SDFix folder>>START>>MyComputer>>Local Disk C:>>SDFix folder
In the SDFix folder open the apps folder, then open the Replace folder
Double click on XP.exe
Click the Unzip button, allowing files to extract to default location of C:\Windows\System32
Exit out of SDFix, we will need it later

Go to this link
http://www.ccleaner.com/download/builds.aspx
Download and Install the Slim edition of CCleaner
When installing, uncheck most options when prompted
EXCEPT for "Create a Desktop shortcut"
We will need this later also, don't run it yet

Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We will need this later

Download [color=\"#FF0000\"]The Avenger.zip[/color] by Swandog46 to your Desktop.

* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
Again, we will need this tool later

One last tool
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.
It will create a log I will need to see later>>c:\windelf.txt

Next:
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window
Click the Extended tab at the bottom
Look on the right hand side for this Exact service
name---- Windows Alerter

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Google toolbar appears to be corrupt, we should remove it for now
Access your Add/remove programs and remove Google Toolbar for Internet Explorer if present

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
Make sure you include "Folders to delete:"
=============================================================
[color=\"#0000FF\"]
Folders to delete:
C:\Program Files\ipwins
C:\Program Files\Common Files\ookk
C:\Program Files\SpamBlockerUtility
C:\Program Files\SearchRelevant
C:\Documents and Settings\Ed\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Ed\Application Data\SpamBlockerUtility
C:\Documents and Settings\Karen\Application Data\SpamBlockerUtility
C:\Documents and Settings\Karen\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Karen\Application Data\SpamBlocker

files to delete:
C:\WINDOWS\warnhp.html
C:\WINDOWS\Temp\kdoky.ren
C:\Program Files\Windows\WinUpdate.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\swintodx.exe

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files

Registry values to delete:
HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run | WinUpdate.exe
HKEY_USERS\.default\software\microsoft\windows\currentversion\run | ookk
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler | {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler | {C7CF1142-0785-4B12-A280-B64681E4D45E}
[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

* Under "Script file to execute" choose"Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.

Avenger should now Reboot your computer
After reboot, avenger will finish cleaning, it will produce a log I will need to see later>>C:Avenger.txt
Afterwards:

Reboot your computer into safe mode please
Sign in with your normal account
In safe mode
Open CCleaner from the icon on the Desktop or from START>>All Programs>>CCleaner folder
Leave all defaults selected, in addition put a tick in Old Prefetch data under Advanced
Then click the Run Cleaner button on the bottom right
OK the prompt that you get
Let this finish then Exit CCleaner

Remain in safe mode
==Open the SmitfraudFix folder you extracted to desktop earlier

Double-click smitfraudfix.cmd
Press any key to continue
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

Note:Smitfraudfix invokes Disk Cleanup(cleanmgr) to run, it may not stall this time, let it try and finish
If it won't finish completely, after 5 minutes or so, just exit disk cleanup

The tool may need to restart your computer to finish the cleaning process; if it doesn't, remain in safe mode please
If it does, after reboot please return back to Safe mode
A text file will appear onscreen, with results from the cleaning process, I'll need to see these later, by default a log is saved to C:\Rapport.txt

SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

I'll need to see that log later also

Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
[color=\"green\"]NOTE:running option #2 in Smitfraudfix will remove your Desktop background, you will have to replace it in the Display options found in Control panel[/color].

Update Java

Download the latest version of Java Runtime Environment (JRE) 6u1.
Scroll down to where it says "Java Runtime Environment (JRE) 6u1, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.16 MB).

Double click on the Installer, follow the prompts
After Java is installed, go ahead and delete the installer from desktop

I need to see all the following back here please
1. Post one more fresh hijackthis log
2. Post the log from win32delfkil.exe>>c:\windelf.txt
3. Post the log from Smitfraudfix>>>C:\Rapport.txt
4. Post the log from SDFix>>>Report.txt in the SDFix folder
5. Post the log from Avenger>>C:\Avenger.txt

Also, I would like one double check on something, then you should be clear
Then we'll worry about Norton's AV, by the way, do you know the Exact version of Norton's you have/had installed?

Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color]
(F-Secure Blacklight)
Double click to run fsbl.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
Can you post this log too
I hope that is not all too confusing, I know it's a lot of logs, but if you can post them all that would be great

Karen · « **Reply #12 on:** April 23, 2007, 04:30:09 PM »

ok, whew...first thing, the cleanmgr didn't work again, it got almost to the end and stopped. Also the fsbl.exe, when I clicked to install it, it just said F-secure blacklight could not acquire necessary privileges (sedebugprivilege), you computer settings may prevent these privileges, a malicious program might have disabled these privileges.
Ok, as for nortons, I'm using nortons antivirus corporate edition. Now for the logs........

Logfile of HijackThis v1.99.1
Scan saved at 5:18:59 PM, on 4/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

WIN32DELFKIL LOGFILE - by Marckie

version 3.125
Mon 04/23/2007 14:33:50.17
running from: "C:\Documents and Settings\Karen\Desktop"

--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3"
"{C7CF1142-0785-4B12-A280-B64681E4D45E}"="z"

--- sharedtaskkey (1): 1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5 ---
no keys found

--- sharedtaskkey (2): C7CF1142-0785-4B12-A280-B64681E4D45E ---
no keys found

--- Notify key ---

--- rebooting the computer ---

--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

--- Notify key ---

Finished!

Karen · « **Reply #13 on:** April 23, 2007, 04:34:06 PM »

SmitFraudFix v2.171

Scan done at 15:07:20.28, Mon 04/23/2007
Run from C:\Documents and Settings\Karen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing process

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts

127.0.0.1 localhost

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Generic Renos Fix

GenericRenosFix by S!Ri

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting infected files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7BBF9A52-DD77-45B9-B2C2-180657B67B9D}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A92CA0B8-00FE-46AD-B21E-D69487D4EC51}: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.9.16.25 68.9.16.30 68.100.16.30

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Deleting Temp Files

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Registry Cleaning

Registry Cleaning done.

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» End

SDFix: Version 1.79

Run by Karen - Mon 04/23/2007 - 16:42:39.72

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\GAD2PT~1.HTM - Deleted
C:\WINDOWS\SYSTEM32\SLX~1.EXE - Deleted
C:\Documents and Settings\Karen\Desktop\Click to Find and Fix Errors.lnk - Deleted

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Ed\NetHood\newenglandlinen.com\Desktop.ini
C:\Documents and Settings\Karen\My Documents\My Music\Yakuzi\www.webelez.com\Thumbs.db
C:\WINDOWS\CdaC14BA.DLL
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\CdaC13BA.EXE
C:\NTBOOTDD.SYS
C:\Documents and Settings\Ed\Application Data\Microsoft\Templates\~WRL2823.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL1885.tmp
C:\Documents and Settings\Ed\Application Data\Microsoft\Word\~WRL2791.tmp
C:\Documents and Settings\Ed\Local Settings\Temp\~3C.tmp
C:\Documents and Settings\Ed\My Documents\~WRL0001.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0075.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0163.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0224.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL0540.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL1551.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL1696.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2041.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2124.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2716.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2769.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL2837.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3012.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3245.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3439.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3596.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3880.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3892.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3899.tmp
C:\Documents and Settings\Karen\Application Data\Microsoft\Word\~WRL3982.tmp
C:\Documents and Settings\Karen\My Documents\~WRL0001.tmp
C:\Documents and Settings\Karen\My Documents\~WRL0002.tmp
C:\Documents and Settings\Kids\My Documents\~WRL0001.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\BIT18E.tmp

Finished

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kevdtkqu

*******************

Script file located at: \??\C:\celbttap.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\ipwins not found!
Deletion of folder C:\Program Files\ipwins failed!

Could not process line:
C:\Program Files\ipwins
Status: 0xc0000034

Folder C:\Program Files\Common Files\ookk deleted successfully.
Folder C:\Program Files\SpamBlockerUtility deleted successfully.
Folder C:\Program Files\SearchRelevant deleted successfully.
Folder C:\Documents and Settings\Ed\Application Data\SpamBlockerUtility_Icons deleted successfully.
Folder C:\Documents and Settings\Ed\Application Data\SpamBlockerUtility deleted successfully.
Folder C:\Documents and Settings\Karen\Application Data\SpamBlockerUtility deleted successfully.
Folder C:\Documents and Settings\Karen\Application Data\SpamBlockerUtility_Icons deleted successfully.
Folder C:\Documents and Settings\Karen\Application Data\SpamBlocker deleted successfully.
File C:\WINDOWS\warnhp.html deleted successfully.

File C:\WINDOWS\Temp\kdoky.ren not found!
Deletion of file C:\WINDOWS\Temp\kdoky.ren failed!

Could not process line:
C:\WINDOWS\Temp\kdoky.ren
Status: 0xc0000034

Could not open file C:\Program Files\Windows\WinUpdate.exe for deletion
Deletion of file C:\Program Files\Windows\WinUpdate.exe failed!

Could not process line:
C:\Program Files\Windows\WinUpdate.exe
Status: 0xc000003a

File C:\WINDOWS\system32\winpfz32.sys deleted successfully.
File C:\WINDOWS\system32\swintodx.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Compress old files deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run|WinUpdate.exe deleted successfully.
Registry value HKEY_USERS\.default\software\microsoft\windows\currentversion\run|ookk deleted successfully.

Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} failed!
Status: 0xc0000034

Could not delete registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{C7CF1142-0785-4B12-A280-B64681E4D45E}
Deletion of registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{C7CF1142-0785-4B12-A280-B64681E4D45E} failed!
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

guestolo · « **Reply #14 on:** April 23, 2007, 10:21:14 PM »

Good work Karen, thanks for sticking in there
Go ahead and rehide system files and folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Do Not Show hidden files and folders.
* Check the Hide protected operating system files (recommended) option.
* Click OK.

I'm a little concerned about this

Quote

Also the fsbl.exe, when I clicked to install it, it just said F-secure blacklight could not acquire necessary privileges (sedebugprivilege), you computer settings may prevent these privileges, a malicious program might have disabled these privileges.

Can you try the following please
Download and save too desktop
VX2Finder.exe

click the button that says "Click to find VX2 BetterInternet"
Let it do a quick scan
Click the button that says "Restore Policy"
OK the prompt
Restart the computer

Back in Windows
Can you try fsbl.exe on desktop again and post the log
Hopefully this time it allows you to produce one

Karen · « **Reply #15 on:** April 24, 2007, 01:49:29 PM »

ok, it worked!!!

Here's the log
04/24/07 14:31:12 [Info]: BlackLight Engine 1.0.61 initialized
04/24/07 14:31:12 [Info]: OS: 5.1 build 2600 (Service Pack 1)
04/24/07 14:31:12 [Note]: 7019 4
04/24/07 14:31:12 [Note]: 7005 0
04/24/07 14:31:14 [Note]: 7006 0
04/24/07 14:31:14 [Note]: 7011 112
04/24/07 14:31:14 [Note]: 7026 0
04/24/07 14:31:15 [Note]: 7026 0
04/24/07 14:31:22 [Note]: FSRAW library version 1.7.1021
04/24/07 14:44:13 [Note]: 2000 1012
04/24/07 14:47:15 [Note]: 7007 0

guestolo · « **Reply #16 on:** April 28, 2007, 09:49:22 AM »

Sorry for the delay Karen
Glad to hear you got fsbl.exe running, it looks clear

Do you still want to try and clear yourself of Norton's corporate edition?
Can I see one last hijackthis log to ensure it's clean please

Karen · « **Reply #17 on:** May 04, 2007, 01:18:19 PM »

I hope this looks good, I've allowed the kids back on the computer and already she has gmail and my google page looks different. I keep telling her not to download stuff but she never seems to listen.
As for the nortons, if you have the time I would like to get rid of it, also how do I check if I have a firewall?

Thanks,
Karen

Logfile of HijackThis v1.99.1
Scan saved at 2:14:24 PM, on 5/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140711823\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /auto:TivoServer
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\System32\Macromed\Shockwave 10\PostUpdate.exe" 1011016
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: DigiChat Applet - http://216.54.221.236/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176872296437
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.19/ttinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TivoBeacon.exe

MadHatter · « **Reply #18 on:** May 04, 2007, 05:55:53 PM »

I noticed in your log it showed that the google toolbar had a "(file missing)" I dont know if it helps but something could be wrong with that... and i also noticed your running windows SP1 and have a old version of IE.

guestolo · « **Reply #19 on:** May 06, 2007, 10:00:37 AM »

Quote

I noticed in your log it showed that the google toolbar had a "(file missing)" I dont know if it helps but something could be wrong with that.

Karen uninstalled it earlier, it's just a leftover at this point

Do a "System scan only" with Hijackthis and put a check next to these entries:

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Let's see if we can rid you of Norton's
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name (any name will do) and click Create
It should prompt that it was created successfully after a few seconds
When that's done
Exit out of there

Download and save to desktop the AVG installer if you don't have it anymore
It is located at this link
http://free.grisoft.com/doc/5390/lng/us/tp...anti-virus-free

Scroll down to the download link that will look something like the following
AVG Free for Windows installation files
File   Version
avg75free_467a1008.exe   7.5.467
After you save too desktop, DO NOT install it yet

Let's try and remove Norton's
Download and save to desktop
Symantec Corporate Products Clean Up Tool

Right click on SCSCleanWipe.zip and EXTRACT the contents to it's own folder on the desktop
We'll need this in a bit

If the Norton's icon is by the clock
Can you see if "Tamper Protection" is enabled
If it is, we want to disable it
# Double-click the Symantec shield in the system tray.
# From the main menu, select Configure > Tamper Protection.
# The Tamper Protection window appears.

* Uncheck Enable Tamper Protection and OK out of there

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- DefWatch

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Do the same for this service name
Norton AntiVirus Client

Open the windows Task Manager and end process on vptray.exe
If still running

Close down all other windows, including this browser window
Open the folder you extracted SCSCleanWipe.zip too
Double click on SCS_CleanWipe.bat
Click YES at the prompt, a dos window will open and scan
When it's done exit it and then reboot your computer

Back in Windows
Ensure the XP firewall is enabled
1.   Click Start>> Run, type control.exe netconnections, and then click OK.
2.   Right-click the connection on which you would like to enable ICF (typically this will be Local Area Connection), and then click Properties.
3.   On the Advanced tab, click the box to select the option to Protect my computer or network.

Run CCleaner again with the instructions I posted earlier
install the latest version of AVG from the installer on the desktop
Ensure it's updated and run a full scan on the computer
When it's done, reboot the computer again

Come back here and post a fresh hijackthis log

News:

Author Topic: Spam Blocker Utility Please HELP!! (Read 2069 times)