Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] smitfraud


  • This topic is locked This topic is locked
6 replies to this topic

#1 cdarnell

cdarnell

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 28 December 2007 - 10:29 AM

Hello,

I am having the following problems with a computer: 1) a pop up saying somebody is trying to infect pc - click here to download spyware remover - says it is from Windows Security Alert. 2) Safenavweb pop up. 3) Spybot S&D shows 3 entries of smitfraud. 4)AVG shows 4 trojans that are unhealable - wmplayer.exe.tmp, Dc923.exe, NDNuninstall4_50.exe, and mseggo.gif, and 5) pop up saying the following worm.win32.netsky.

Following is the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 6:46:42 AM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: OFK System - {8CD31C2B-8F97-4938-ACBA-8C28D0099AFD} - C:\WINDOWS\blopenvsto.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Plus! Alarm Clock] "C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm369YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Little%20Shop%20of%20Treasures%202/Images/stg_drm.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E2B469B-7444-42C3-BE28-7A54E05AC049} (PrintCtrl Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPRTC.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Neptune's Secret\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: nopzet - {3FE3244B-6446-48CF-AD22-A0DF746497C4} - C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {CAAF37C1-65B2-486E-919F-A23057B9763A} - C:\WINDOWS\leorop.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thank you very much for your help.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 29 December 2007 - 12:47 PM

Hello and Welcome to the forum.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.


(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
  • Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
  • Please do not re-connect your machine back to the Internet until Combofix has completely finished.
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 cdarnell

cdarnell

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 29 December 2007 - 03:47 PM

Thank you for looking at this! Here is the ComboFix.txt and new Hijack This log...

ComboFix 07-12-21.4 - Natalie 2007-12-29 15:08:58.1 - NTFSx86
Running from: C:\Documents and Settings\Natalie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1066178.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1402004.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\164336.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\221540.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2885061.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\2896152.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\625696.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\890068.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\921771.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ASPL1.dat
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\10807
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1130
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13505
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1491
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\15040
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16204
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16211
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17025
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\18721
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\2021
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20299
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\20304
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\251438
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26664
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26927
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27505
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\30945
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34186
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34237
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\34637
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35047
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41999
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\45437
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\45833
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\54189
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\5535
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\580792
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61779
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\61837
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64414
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64517
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64521
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\65782
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66836
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66851
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\67226
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68094
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\68370
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\6915
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\72341
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\75013
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\7521
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80689
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83216
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\83743
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85062
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\86379
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87385
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87995
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90358
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93921
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95610
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95716
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95740
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97734
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\97741
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\99008
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar10.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar11.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar12.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar13.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar14.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar2.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar3.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar4.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar5.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar6.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar7.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar8.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar9.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_x.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar-premium.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\hotbar_promo.htm
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords_idx.idx
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords_sdf.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium-hotbar-premium.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar-premium.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\hotbar_promo.htm
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords_idx.idx
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords_sdf.sdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar10.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar11.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar12.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar13.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar14.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar2.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar3.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar4.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar5.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar6.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar7.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar8.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar9.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_x.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar-premium.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\hotbar_promo.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords_idx.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords_sdf.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\--Mollie--\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\--Mollie--\Application Data\Starware
C:\Documents and Settings\--Mollie--\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\--Mollie--\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\--Mollie--\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Favorites\.url
C:\Documents and Settings\MollieAlysonn\Application Data\FunWebProducts
C:\Documents and Settings\MollieAlysonn\Application Data\Starware
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Games\GamesOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Games\GamesOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Layouts\PreferencesLayout.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Layouts\ToolbarLayout.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Manager\ManagerOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Reference\ReferenceOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ScreenSavers\ScreenSaversOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\SmileyTown\SmileyTownOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\SmileyTown\SmileyTownOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\MollieAlysonn\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Natalie\Desktop\Error Cleaner.url
C:\Documents and Settings\Natalie\Desktop\Privacy Protector.url
C:\Documents and Settings\Natalie\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Natalie\Favorites\Error Cleaner.url
C:\Documents and Settings\Natalie\Favorites\Privacy Protector.url
C:\Documents and Settings\Natalie\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Favorites\.url
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\Downloaded Program Files\temp
C:\WINDOWS\NDNuninstall4_88.exe
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\NDNuninstall5_40.exe
C:\WINDOWS\NDNuninstall5_48.exe
C:\WINDOWS\NDNuninstall5_64.exe
C:\WINDOWS\NDNuninstall6_10.exe
C:\WINDOWS\NDNuninstall6_22.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\NTSVC.ocx
C:\WINDOWS\system32\osmim.dll
C:\WINDOWS\system32\pcs

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-29 )))))))))))))))))))))))))))))))
.

2007-12-27 06:31 . 2007-12-27 06:48 <DIR> d-------- C:\HJT
2007-12-27 05:41 . 2007-12-27 05:41 <DIR> d-------- C:\Program Files\CCleaner
2007-12-27 04:30 . 2007-12-27 04:30 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-26 17:19 . 2007-12-26 17:20 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\AVG7
2007-12-26 17:03 . 2007-12-26 17:03 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Lavasoft
2007-12-26 16:38 . 2003-06-12 21:00 234,176 --a------ C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\GDIPFONTCACHEV1.DAT
2007-12-26 16:38 . 2004-09-30 20:37 81,408 -rahs---- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\eber.exe
2007-12-26 16:37 . 2004-07-15 11:20 82,880 --a------ C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\tvmknwrd.dll
2007-12-26 16:36 . 2004-07-05 19:33 95,920 --a------ C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\ilss.exe
2007-12-26 16:22 . 2002-07-26 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\WINDOWS
2007-12-26 16:22 . 2003-07-30 09:10 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\UserData
2007-12-26 16:22 . 2004-07-24 08:18 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Yahoo! Messenger
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\VERITAS
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Symantec
2007-12-26 16:22 . 2004-03-04 21:13 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Sonic
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Share-to-Web Upload Folder
2007-12-26 16:22 . 2004-09-30 20:37 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\rawh
2007-12-26 16:22 . 2004-07-27 11:16 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\PhotoParade
2007-12-26 16:22 . 2004-09-11 15:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\NeroVision
2007-12-26 16:22 . 2003-10-23 18:19 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\MSN6
2007-12-26 16:22 . 2002-12-29 17:10 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Motive
2007-12-26 16:22 . 2004-07-23 16:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Lycos
2007-12-26 16:22 . 2003-12-30 19:13 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\InterVideo
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\InterTrust
2007-12-26 16:22 . 2003-03-11 20:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Games
2007-12-26 16:22 . 2002-12-07 13:06 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\EPSON
2007-12-26 16:22 . 2003-05-03 19:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Corel
2007-12-26 16:22 . 2002-12-07 19:30 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\ArcSoft
2007-12-26 16:22 . 2004-08-25 16:50 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Aim
2007-12-26 16:05 . 2002-07-26 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV\WINDOWS
2007-12-26 16:05 . 2007-12-26 16:05 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV\UserData
2007-12-26 15:32 . 2007-12-26 15:32 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\Lavasoft
2007-12-26 14:25 . 2007-12-26 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-26 10:45 . 2007-12-29 14:47 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\AVG7
2007-12-26 10:45 . 2007-12-26 10:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-26 10:44 . 2007-12-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-26 09:56 . 2007-12-26 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-26 09:20 . 2007-12-26 09:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 09:20 . 2007-12-26 09:20 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 18:26 . 2007-12-18 18:27 <DIR> d-------- C:\Program Files\Mystery in London
2007-12-15 16:32 . 2007-12-15 16:44 <DIR> d-------- C:\Program Files\XP Antivirus
2007-12-13 14:24 . 2007-12-13 11:49 278,528 --a------ C:\WINDOWS\blopenvsto.dll
2007-12-13 14:24 . 2007-12-13 11:48 208,896 --a------ C:\WINDOWS\leorop.dll
2007-12-13 14:24 . 2007-12-13 11:49 196,608 --a------ C:\WINDOWS\retnsrp.dll
2007-12-13 14:24 . 2007-12-13 11:48 192,512 --a------ C:\WINDOWS\nopzet.dll
2007-12-13 14:24 . 2007-12-13 11:49 77,824 --a------ C:\WINDOWS\jokvip.exe
2007-12-13 14:23 . 2007-12-13 14:23 <DIR> d-------- C:\Program Files\SmartVideoCodec
2007-12-09 23:11 . 2007-12-09 23:11 10,920 --a------ C:\aolconnfix.exe
2007-12-06 18:54 . 2007-12-06 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
2007-12-06 18:52 . 2007-12-06 18:53 <DIR> d-------- C:\Program Files\Fairway Solitaire
2007-12-02 20:51 . 2007-12-05 18:40 <DIR> d-------- C:\Program Files\Mystery Case Files Madame Fate Strategy Guide
2007-12-01 18:49 . 2007-12-01 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 21:27 --------- d-----w C:\Program Files\Lavasoft
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\ºmOlLiEº\NTUSER.DAT
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\ºmOlLiEº\NTUSER.DAT
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\º((mOlLiE))º\NTUSER.DAT
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\º((mOlLiE))º\NTUSER.DAT
2007-12-26 16:45 3,940,352 ----a-w C:\Documents and Settings\--Mollie--\NTUSER.DAT
2007-12-26 16:40 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2007-12-26 16:40 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 16:37 --------- d-----w C:\Program Files\QuickTime
2007-12-26 16:37 --------- d-----w C:\Program Files\QUICKENW
2007-12-26 16:36 --------- d-----w C:\Program Files\OfficeUpdate11
2007-12-26 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 16:35 --------- d-----w C:\Program Files\LeapFrog
2007-12-26 16:35 --------- d-----w C:\Program Files\iTunes
2007-12-26 16:35 --------- d-----w C:\Program Files\HP
2007-12-26 16:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-26 16:35 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-26 16:34 --------- d-----w C:\Program Files\Click'N Design 3D
2007-12-26 16:34 --------- d-----w C:\Program Files\Astraware
2007-12-26 16:34 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 16:34 --------- d-----w C:\Program Files\America Online 9.0
2007-12-26 16:30 --------- d-----w C:\Program Files\PartyGaming.Net
2007-12-26 16:28 --------- d-----w C:\Program Files\Symantec
2007-12-26 16:25 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-26 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-26 16:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-26 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 02:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 01:19 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Big Fish Games
2007-12-19 00:00 --------- d-----w C:\Program Files\LimeWire
2007-12-10 01:11 --------- d-----w C:\Program Files\Mystery Case Files - Madame Fate
2007-12-06 00:28 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-12-02 01:18 --------- d-----w C:\Program Files\Riddle of the Sphinx Strategy Guide
2007-11-28 03:28 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Flood Light Games
2007-11-28 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-11-28 02:55 --------- d-----w C:\Program Files\Agatha Christie - Peril at End House
2007-11-26 05:38 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Yahoo!
2007-11-26 05:31 --------- d-----w C:\Documents and Settings\Natalie\Application Data\ForgottenRiddles
2007-11-26 02:30 --------- d-----w C:\Program Files\Lucky Clover
2007-11-25 21:33 --------- d-----w C:\Program Files\The Blackwell Legacy
2007-11-24 21:31 --------- d-----w C:\Program Files\Amazing Adventures The Lost Tomb
2007-11-22 07:02 --------- d-----w C:\Documents and Settings\Natalie\Application Data\AdobeUM
2007-11-21 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFish
2007-11-21 02:44 --------- d-----w C:\Program Files\Amazing Adventures - The Lost Tomb
2007-11-21 00:13 --------- d-----w C:\Program Files\Atlantis
2007-11-21 00:12 --------- d-----w C:\Program Files\bfgclient
2007-11-20 23:53 --------- d-----w C:\Program Files\PrintMaster Platinum 18
2007-11-20 23:40 --------- d-----w C:\Program Files\Web Publish
2007-11-20 23:37 --------- d-----w C:\Program Files\Common Files\Broderbund
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 19:27 --------- d-----w C:\Program Files\Riddle of the Sphinx
2007-11-10 02:24 --------- d-----w C:\Program Files\Neptune's Secret
2007-11-10 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-11-10 01:08 --------- d-----w C:\Documents and Settings\Natalie\Application Data\SpinTop
2007-11-09 02:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-09 02:30 --------- d-----w C:\Program Files\Hawaiian Explorer - Pearl Harbor
2007-11-06 22:02 --------- d-----w C:\Documents and Settings\MollieAlysonn\Application Data\FaxCtr
2007-11-04 00:50 --------- d-----w C:\Program Files\Jewel Quest Solitaire II
2007-11-04 00:45 --------- d-----w C:\Documents and Settings\Natalie\Application Data\iWin
2007-11-03 23:45 --------- d-----w C:\Program Files\Hidden Relics
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-29 23:52 --------- d-----w C:\Documents and Settings\Natalie\Application Data\FaxCtr
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-01 01:53 733,696 ----a-w C:\WINDOWS\GPInstall.exe
2006-07-12 19:01 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2005-11-09 03:10 5,632 --sha-w C:\Program Files\Thumbs.db
2005-09-12 00:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-10-01 02:37 81,408 --sha-r C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
2004-07-24 23:08 477,339 ----a-w C:\Program Files\SymKBFix.EXE
2004-07-24 14:42 127,238 ----a-w C:\Program Files\setup.exe
2004-07-15 17:20 82,880 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\tvmknwrd.dll
2004-07-15 17:20 82,880 ----a-w C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
2004-07-06 01:33 95,920 ----a-w C:\WINDOWS\system32\config\systemprofile\ilss.exe
2004-07-06 01:33 95,920 ----a-w C:\Documents and Settings\Owner\ilss.exe
2004-07-06 01:33 95,920 ----a-w C:\Documents and Settings\Default User\ilss.exe
2004-06-29 01:16 25,456 ----a-w C:\Program Files\adupdmanager.xml
2004-03-05 03:21 352,918 ----a-w C:\Program Files\puzz0309.exe
2003-09-01 00:19 3,120,360 ----a-w C:\Program Files\Install_AIM.exe
2003-08-21 02:12 821,864 ----a-w C:\Program Files\AFAFilter.exe
2003-07-30 23:32 53,768 ----a-w C:\Program Files\uninstall ilook up.exe
2003-06-22 00:54 22,757 ----a-w C:\Program Files\malddefault.htm
2003-06-13 03:00 234,176 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2003-06-13 03:00 234,176 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-06-06 03:21 47,616 ----a-w C:\Program Files\Weather-Install.exe
2003-06-05 18:43 2,327,596 ----a-w C:\Program Files\WinDom358.exe
2003-06-05 18:05 22 ----a-w C:\Program Files\launchme.dgl
2003-01-23 00:19 10,793 ----a-w C:\WINDOWS\Fonts\creamandsugar.zip
2002-12-29 23:43 7,370,435 ----a-w C:\Program Files\Funhouse_07_23.exe
2002-12-22 14:57 5,315,208 ----a-w C:\Program Files\IncrediMailSetup.exe
2004-10-01 02:37 81,408 --sha-r C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
2007-06-08 16:59 1909760 --a------ C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CD31C2B-8F97-4938-ACBA-8C28D0099AFD}]
2007-12-13 11:49 278528 --a------ C:\WINDOWS\blopenvsto.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
{40D41A8B-D79B-43D7-99A7-9EE0F344C385}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{1017A80C-6F09-4548-A84D-EDD6AC9525F0}
{941FB260-9D22-480E-84D6-10DB7849180E}

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a}]
[HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

[HKEY_CLASSES_ROOT\clsid\{941fb260-9d22-480e-84d6-10db7849180e}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{A0AEBF0A-F3F0-417C-A8AE-162361E6425F}]
[HKEY_CLASSES_ROOT\retnsrp.ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"= C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL [2007-06-08 16:59 1909760]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a}]
[HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"AIM"="C:\Program Files\AIM95\aim.exe" [2005-08-05 14:08]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-06-01 17:44]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
"Plus! Alarm Clock"="C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe" [2003-07-24 01:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 07:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 15:54]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-03-18 22:30]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-03-18 22:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"HostManager"="C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe" [2006-05-09 18:24]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 12:07]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 06:40]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 12:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-26 10:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-26 10:44]

C:\Documents and Settings\--Mollie--\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 15:55:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nopzet"= {3FE3244B-6446-48CF-AD22-A0DF746497C4} - C:\WINDOWS\nopzet.dll [2007-12-13 11:48 192512]
"leorop"= {CAAF37C1-65B2-486E-919F-A23057B9763A} - C:\WINDOWS\leorop.dll [2007-12-13 11:48 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Natalie^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\Natalie\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-06-18 00:11 69632 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe -Background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2002-07-16 09:03 106549 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Sync]
2007-07-13 20:10 1060864 --a------ C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2002-05-15 04:20 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2002-05-15 04:29 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 10:59 124520 --a------ C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-07-10 08:18 270648 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2001-07-06 22:56 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plus! Alarm Clock]
C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-06-14 17:39 81920 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2001-12-19 00:39 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender]
C:\Program Files\SpySpotter3\Defender.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-15 07:44 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
VTPreset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Antivirus]
2007-12-15 16:32 464384 --a------ C:\Program Files\XP Antivirus\xpa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe -service []
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 09:38]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2004-08-30 22:23]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 00:06:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 20:47:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 15:23:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-29 15:24:45
.
2007-12-12 18:56:08 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 3:35:12 PM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: OFK System - {8CD31C2B-8F97-4938-ACBA-8C28D0099AFD} - C:\WINDOWS\blopenvsto.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: Big Fish Games Toolbar - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Plus! Alarm Clock] "C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm369YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Little%20Shop%20of%20Treasures%202/Images/stg_drm.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E2B469B-7444-42C3-BE28-7A54E05AC049} (PrintCtrl Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPRTC.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Neptune's Secret\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: nopzet - {3FE3244B-6446-48CF-AD22-A0DF746497C4} - C:\WINDOWS\nopzet.dll
O21 - SSODL: leorop - {CAAF37C1-65B2-486E-919F-A23057B9763A} - C:\WINDOWS\leorop.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Thanks again...

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 29 December 2007 - 04:33 PM

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\eber.exe
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\tvmknwrd.dll
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\ilss.exe
C:\WINDOWS\blopenvsto.dll
C:\WINDOWS\leorop.dll
C:\WINDOWS\retnsrp.dll
C:\WINDOWS\nopzet.dll
C:\WINDOWS\jokvip.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
C:\Program Files\setup.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\tvmknwrd.dll
C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
C:\WINDOWS\system32\config\systemprofile\ilss.exe
C:\Documents and Settings\Owner\ilss.exe
C:\Documents and Settings\Default User\ilss.exe
C:\Program Files\adupdmanager.xml
C:\Program Files\WinDom358.exe
C:\Program Files\launchme.dgl
C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
C:\WINDOWS\blopenvsto.dll
C:\Program Files\SpySpotter3\Defender.exe
C:\Program Files\XP Antivirus\xpa.exe

Folder::
C:\Program Files\SmartVideoCodec
C:\PROGRA~1\BFGTOO~1
C:\Program Files\WildTangent
C:\Program Files\SpySpotter3
C:\Program Files\XP Antivirus

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CD31C2B-8F97-4938-ACBA-8C28D0099AFD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{941FB260-9D22-480E-84D6-10DB7849180E}]
[-HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a}]
[-HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]
[-HKEY_CLASSES_ROOT\clsid\{941fb260-9d22-480e-84d6-10db7849180e}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{A0AEBF0A-F3F0-417C-A8AE-162361E6425F}]
[-HKEY_CLASSES_ROOT\retnsrp.ToolBar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A}"=-
[-HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a}]
[-HKEY_CLASSES_ROOT\bfgtoolbar.BFGTOOLBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"nopzet"=-
"leorop"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySpotter System Defender]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP Antivirus]


Save this as Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

Then post the results log and a new HijackThis log.


Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 cdarnell

cdarnell

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 30 December 2007 - 11:11 AM

I followed your instructions and everything seems to be back to normal. Here are the ComboFix log and Hijack This log:

ComboFix 07-12-21.4 - Natalie 2007-12-30 5:03:28.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT -6:00]Running from: C:\Documents and Settings\Natalie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Natalie\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\eber.exe
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\tvmknwrd.dll
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\ilss.exe
C:\Documents and Settings\Default User\ilss.exe
C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
C:\Documents and Settings\Owner\ilss.exe
C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
C:\Program Files\adupdmanager.xml
C:\Program Files\launchme.dgl
C:\Program Files\setup.exe
C:\Program Files\SpySpotter3\Defender.exe
C:\Program Files\WinDom358.exe
C:\Program Files\XP Antivirus\xpa.exe
C:\WINDOWS\blopenvsto.dll
C:\WINDOWS\jokvip.exe
C:\WINDOWS\leorop.dll
C:\WINDOWS\nopzet.dll
C:\WINDOWS\retnsrp.dll
C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\tvmknwrd.dll
C:\WINDOWS\system32\config\systemprofile\ilss.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\eber.exe
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\tvmknwrd.dll
C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\ilss.exe
C:\Documents and Settings\Default User\ilss.exe
C:\Documents and Settings\Natalie\Desktop\Error Cleaner.url
C:\Documents and Settings\Natalie\Desktop\Privacy Protector.url
C:\Documents and Settings\Natalie\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Natalie\Favorites\Error Cleaner.url
C:\Documents and Settings\Natalie\Favorites\Privacy Protector.url
C:\Documents and Settings\Natalie\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Application Data\tvmknwrd.dll
C:\Documents and Settings\Owner\ilss.exe
C:\PROGRA~1\BFGTOO~1
C:\PROGRA~1\BFGTOO~1\BFGTOO~1.DLL
C:\PROGRA~1\BFGTOO~1\bfgtoolbar.dll
C:\PROGRA~1\BFGTOO~1\Cache\a.bmp
C:\PROGRA~1\BFGTOO~1\Cache\bfgtoolbartb0401.cfg
C:\PROGRA~1\BFGTOO~1\Cache\COMBOSEARCH.acs
C:\PROGRA~1\BFGTOO~1\Cache\ErrorLog.txt
C:\PROGRA~1\BFGTOO~1\Cache\fgh.bmp
C:\PROGRA~1\BFGTOO~1\Cache\ivillage.bmp
C:\PROGRA~1\BFGTOO~1\Cache\logo.bmp
C:\PROGRA~1\BFGTOO~1\Cache\mygames.bmp
C:\PROGRA~1\BFGTOO~1\Cache\newgames3.bmp
C:\PROGRA~1\BFGTOO~1\Cache\nick.bmp
C:\PROGRA~1\BFGTOO~1\Cache\nickjr.bmp
C:\PROGRA~1\BFGTOO~1\Cache\search.bmp
C:\PROGRA~1\BFGTOO~1\Cache\thelagoon.bmp
C:\PROGRA~1\BFGTOO~1\Cache\thereef.bmp
C:\PROGRA~1\BFGTOO~1\Cache\topten2.bmp
C:\PROGRA~1\BFGTOO~1\Cache\topten3.bmp
C:\PROGRA~1\BFGTOO~1\Cache\topten4.bmp
C:\PROGRA~1\BFGTOO~1\Cache\topten5.bmp
C:\PROGRA~1\BFGTOO~1\Cache\y.bmp
C:\PROGRA~1\BFGTOO~1\install.ico
C:\PROGRA~1\BFGTOO~1\toolbar.ini
C:\PROGRA~1\BFGTOO~1\uninstall.exe
C:\Program Files\adupdmanager.xml
C:\Program Files\launchme.dgl
C:\Program Files\setup.exe
C:\Program Files\SmartVideoCodec
C:\Program Files\SmartVideoCodec\install.ico
C:\Program Files\SmartVideoCodec\SmartVideoCodec.ocx
C:\Program Files\SmartVideoCodec\Uninstall.exe
C:\Program Files\WinDom358.exe
C:\Program Files\XP Antivirus
C:\Program Files\XP Antivirus\xpa.exe
C:\Program Files\XP Antivirus\xpa.exe.tmp
C:\WINDOWS\blopenvsto.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\jokvip.exe
C:\WINDOWS\leorop.dll
C:\WINDOWS\nopzet.dll
C:\WINDOWS\retnsrp.dll
C:\WINDOWS\system32\config\systemprofile\Application Data\eber.exe
C:\WINDOWS\system32\config\systemprofile\Application Data\tvmknwrd.dll
C:\WINDOWS\system32\config\systemprofile\ilss.exe

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-27 06:31 . 2007-12-29 15:36 <DIR> d-------- C:\HJT
2007-12-27 05:41 . 2007-12-27 05:41 <DIR> d-------- C:\Program Files\CCleaner
2007-12-27 04:30 . 2007-12-27 04:30 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-26 17:19 . 2007-12-26 17:20 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\AVG7
2007-12-26 17:03 . 2007-12-26 17:03 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Lavasoft
2007-12-26 16:38 . 2003-06-12 21:00 234,176 --a------ C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\GDIPFONTCACHEV1.DAT
2007-12-26 16:22 . 2002-07-26 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\WINDOWS
2007-12-26 16:22 . 2003-07-30 09:10 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\UserData
2007-12-26 16:22 . 2004-07-24 08:18 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Yahoo! Messenger
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\VERITAS
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Symantec
2007-12-26 16:22 . 2004-03-04 21:13 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Sonic
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Share-to-Web Upload Folder
2007-12-26 16:22 . 2004-09-30 20:37 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\rawh
2007-12-26 16:22 . 2004-07-27 11:16 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\PhotoParade
2007-12-26 16:22 . 2004-09-11 15:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\NeroVision
2007-12-26 16:22 . 2003-10-23 18:19 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\MSN6
2007-12-26 16:22 . 2002-12-29 17:10 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Motive
2007-12-26 16:22 . 2004-07-23 16:25 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Lycos
2007-12-26 16:22 . 2003-12-30 19:13 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\InterVideo
2007-12-26 16:22 . 2002-07-26 22:23 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\InterTrust
2007-12-26 16:22 . 2003-03-11 20:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Games
2007-12-26 16:22 . 2002-12-07 13:06 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\EPSON
2007-12-26 16:22 . 2003-05-03 19:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Corel
2007-12-26 16:22 . 2002-12-07 19:30 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\ArcSoft
2007-12-26 16:22 . 2004-08-25 16:50 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV.000\Application Data\Aim
2007-12-26 16:05 . 2002-07-26 22:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV\WINDOWS
2007-12-26 16:05 . 2007-12-26 16:05 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-US67PI6LUV\UserData
2007-12-26 15:32 . 2007-12-26 15:32 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\Lavasoft
2007-12-26 14:25 . 2007-12-26 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-26 10:45 . 2007-12-29 14:47 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\AVG7
2007-12-26 10:45 . 2007-12-26 10:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-26 10:44 . 2007-12-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-26 09:56 . 2007-12-26 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-26 09:20 . 2007-12-26 09:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-26 09:20 . 2007-12-26 09:20 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-18 18:26 . 2007-12-18 18:27 <DIR> d-------- C:\Program Files\Mystery in London
2007-12-09 23:11 . 2007-12-09 23:11 10,920 --a------ C:\aolconnfix.exe
2007-12-06 18:54 . 2007-12-06 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
2007-12-06 18:52 . 2007-12-06 18:53 <DIR> d-------- C:\Program Files\Fairway Solitaire
2007-12-02 20:51 . 2007-12-05 18:40 <DIR> d-------- C:\Program Files\Mystery Case Files Madame Fate Strategy Guide
2007-12-01 18:49 . 2007-12-01 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Christmasville
2007-11-27 21:28 . 2007-11-27 21:28 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\Flood Light Games
2007-11-27 21:28 . 2007-11-27 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2007-11-27 20:54 . 2007-11-27 20:55 <DIR> d-------- C:\Program Files\Agatha Christie - Peril at End House
2007-11-26 18:30 . 2007-10-10 17:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-26 18:30 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-26 18:30 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-26 18:30 . 2007-10-10 17:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-26 18:30 . 2007-10-10 17:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-26 18:30 . 2007-10-10 17:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-26 18:30 . 2007-10-10 17:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-26 18:30 . 2007-10-10 17:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-26 18:30 . 2007-10-10 04:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-26 18:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-11-25 23:38 . 2007-11-25 23:38 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\Yahoo!
2007-11-25 21:44 . 2007-12-26 10:40 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-11-25 20:30 . 2007-11-25 20:30 <DIR> d-------- C:\Program Files\Lucky Clover
2007-11-24 15:30 . 2007-11-24 15:31 <DIR> d-------- C:\Program Files\Amazing Adventures The Lost Tomb
2007-11-20 20:52 . 2007-11-20 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFish
2007-11-20 20:44 . 2007-11-20 20:44 <DIR> d-------- C:\Program Files\Amazing Adventures - The Lost Tomb
2007-11-20 18:12 . 2007-11-20 18:13 <DIR> d-------- C:\Program Files\Atlantis
2007-11-20 17:39 . 2007-07-19 13:07 3,186,688 --a------ C:\WINDOWS\system32\cdintf300.dll
2007-11-20 17:39 . 2007-07-19 13:07 3,186,688 --a------ C:\WINDOWS\system32\acXMLParser.dll
2007-11-20 17:35 . 2007-11-20 17:53 <DIR> d-------- C:\Program Files\PrintMaster Platinum 18
2007-11-11 17:05 . 2007-12-01 19:18 <DIR> d-------- C:\Program Files\Riddle of the Sphinx Strategy Guide
2007-11-10 20:32 . 2007-11-25 15:33 <DIR> d-------- C:\Program Files\The Blackwell Legacy
2007-11-09 19:35 . 2007-11-09 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
2007-11-09 19:08 . 2007-11-09 20:24 <DIR> d-------- C:\Program Files\Neptune's Secret
2007-11-09 19:08 . 2007-11-09 19:08 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\SpinTop
2007-11-08 18:41 . 2007-11-08 20:30 <DIR> d-------- C:\Program Files\Hawaiian Explorer - Pearl Harbor
2007-11-08 18:37 . 2007-12-09 19:11 <DIR> d-------- C:\Program Files\Mystery Case Files - Madame Fate
2007-11-06 16:02 . 2007-11-06 16:02 <DIR> d-------- C:\Documents and Settings\MollieAlysonn\Application Data\FaxCtr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 21:27 --------- d-----w C:\Program Files\Lavasoft
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\ºmOlLiEº\NTUSER.DAT
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\ºmOlLiEº\NTUSER.DAT
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\º((mOlLiE))º\NTUSER.DAT
2007-12-26 16:45 692,224 ----a-w C:\Documents and Settings\º((mOlLiE))º\NTUSER.DAT
2007-12-26 16:45 3,940,352 ----a-w C:\Documents and Settings\--Mollie--\NTUSER.DAT
2007-12-26 16:40 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 16:37 --------- d-----w C:\Program Files\QuickTime
2007-12-26 16:37 --------- d-----w C:\Program Files\QUICKENW
2007-12-26 16:36 --------- d-----w C:\Program Files\OfficeUpdate11
2007-12-26 16:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-26 16:35 --------- d-----w C:\Program Files\LeapFrog
2007-12-26 16:35 --------- d-----w C:\Program Files\iTunes
2007-12-26 16:35 --------- d-----w C:\Program Files\HP
2007-12-26 16:35 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-26 16:35 --------- d-----w C:\Program Files\Common Files\aolshare
2007-12-26 16:34 --------- d-----w C:\Program Files\Click'N Design 3D
2007-12-26 16:34 --------- d-----w C:\Program Files\Astraware
2007-12-26 16:34 --------- d-----w C:\Program Files\Apple Software Update
2007-12-26 16:34 --------- d-----w C:\Program Files\America Online 9.0
2007-12-26 16:30 --------- d-----w C:\Program Files\PartyGaming.Net
2007-12-26 16:28 --------- d-----w C:\Program Files\Symantec
2007-12-26 16:25 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-26 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-26 16:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-26 16:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-19 02:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-19 01:19 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Big Fish Games
2007-12-19 00:00 --------- d-----w C:\Program Files\LimeWire
2007-12-06 00:28 --------- d-----w C:\Program Files\Hidden Expedition Titanic
2007-11-26 05:31 --------- d-----w C:\Documents and Settings\Natalie\Application Data\ForgottenRiddles
2007-11-22 07:02 --------- d-----w C:\Documents and Settings\Natalie\Application Data\AdobeUM
2007-11-21 00:12 --------- d-----w C:\Program Files\bfgclient
2007-11-20 23:40 --------- d-----w C:\Program Files\Web Publish
2007-11-20 23:37 --------- d-----w C:\Program Files\Common Files\Broderbund
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 19:27 --------- d-----w C:\Program Files\Riddle of the Sphinx
2007-11-09 02:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-04 00:50 --------- d-----w C:\Program Files\Jewel Quest Solitaire II
2007-11-04 00:45 --------- d-----w C:\Documents and Settings\Natalie\Application Data\iWin
2007-11-03 23:45 --------- d-----w C:\Program Files\Hidden Relics
2007-10-31 19:03 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
2007-10-29 23:52 --------- d-----w C:\Documents and Settings\Natalie\Application Data\FaxCtr
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-01 01:53 733,696 ----a-w C:\WINDOWS\GPInstall.exe
2006-07-12 19:01 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2005-11-09 03:10 5,632 --sha-w C:\Program Files\Thumbs.db
2005-09-12 00:43 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-07-24 23:08 477,339 ----a-w C:\Program Files\SymKBFix.EXE
2004-03-05 03:21 352,918 ----a-w C:\Program Files\puzz0309.exe
2003-09-01 00:19 3,120,360 ----a-w C:\Program Files\Install_AIM.exe
2003-08-21 02:12 821,864 ----a-w C:\Program Files\AFAFilter.exe
2003-07-30 23:32 53,768 ----a-w C:\Program Files\uninstall ilook up.exe
2003-06-22 00:54 22,757 ----a-w C:\Program Files\malddefault.htm
2003-06-13 03:00 234,176 ----a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2003-06-13 03:00 234,176 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-06-06 03:21 47,616 ----a-w C:\Program Files\Weather-Install.exe
2003-01-23 00:19 10,793 ----a-w C:\WINDOWS\Fonts\creamandsugar.zip
2002-12-29 23:43 7,370,435 ----a-w C:\Program Files\Funhouse_07_23.exe
2002-12-22 14:57 5,315,208 ----a-w C:\Program Files\IncrediMailSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"AIM"="C:\Program Files\AIM95\aim.exe" [2005-08-05 14:08]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-06-01 17:44]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13]
"Plus! Alarm Clock"="C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe" [2003-07-24 01:05]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 07:44]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 15:54]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-03-18 22:30]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-03-18 22:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"HostManager"="C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe" [2006-05-09 18:24]
"lxdimon.exe"="C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 12:07]
"lxdiamon"="C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 06:40]
"FaxCenterServer"="C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 12:10]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-26 10:44]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-26 10:44]

C:\Documents and Settings\--Mollie--\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-02-16 15:55:37]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
backup=C:\WINDOWS\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Natalie^Start Menu^Programs^Startup^.protected]
path=C:\Documents and Settings\Natalie\Start Menu\Programs\Startup\.protected
backup=C:\WINDOWS\pss\.protectedStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
2002-06-18 00:11 69632 --a------ c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2002-07-16 09:03 106549 --a------ C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Sync]
2007-07-13 20:10 1060864 --a------ C:\Program Files\Pocket Wizards\Easy Sync\Easy Sync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2002-05-15 04:20 114688 --a------ C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2002-05-15 04:29 155648 --a------ C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-02-17 10:59 124520 --a------ C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-07-10 08:18 270648 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2001-07-06 22:56 61440 --a------ C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Plus! Alarm Clock]
C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-06-14 17:39 81920 --a------ C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2001-12-19 00:39 212992 --a------ C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-15 07:44 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTPreset]
VTPreset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

R2 lxdi_device;lxdi_device;C:\WINDOWS\system32\lxdicoms.exe -service []
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-04-26 09:38]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2004-08-30 22:23]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 00:06:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-29 22:56:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 05:17:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-30 5:20:00
C:\ComboFix2.txt ... 2007-12-29 15:24
.
2007-12-12 18:56:08 --- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 5:25:01 AM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154305348\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe"
O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Plus! Alarm Clock] "C:\Program Files\Microsoft Plus! Digital Media Edition\Alarm Clock\AlarmClock.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZCxdm369YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Little%20Shop%20of%20Treasures%202/Images/stg_drm.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {8E2B469B-7444-42C3-BE28-7A54E05AC049} (PrintCtrl Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPRTC.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://F:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Neptune's Secret\Images\armhelper.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Unknown owner - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Everything looks good. Let me know if I need to do anything else. Thanks SO much for your help!

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 30 December 2007 - 05:55 PM

Good job :thumbup:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image
  • If shown the disclaimer, Select "2"


Here's my usual all clean post

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.
    You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer
    settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

    Using IE-SPYAD to help block unwanted sites and activities

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
    Without regular updates you WILL NOT be protected when new malicious programs are released.

Only run one Anti-Virus and Firewall program.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 31 December 2007 - 09:50 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users