Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware remve

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malware remve

Unread postby dallas5555 » March 9th, 2008, 3:50 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:41 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0704787781
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10474 bytes
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am
Advertisement
Register to Remove

Re: malware remve

Unread postby DFW » March 10th, 2008, 7:09 pm

Hello and wecome, My name is DFW and I will be assisting you with your malware issues .

Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: malware remve

Unread postby DFW » March 11th, 2008, 4:47 am

Hi dallas5555


One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.





If you decide you would like to have a go at cleaning please follow the instructions below and post back the log,
along with a new HJT Log



Please Uninstall your current Highjackthis and download and install the one below


Download HJTInstall.exe to your Desktop.

  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
  • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
  • Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.





1.Download and Run combofix

For information regarding Combofix, please visit this webpage:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you install the Recovery Console

Download this file from one of the three below listed places and place it at your DESKTOP

Link 1
Link 2
Link 3

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note: Combofix should not be used without supervision


Please post back with

Combofix Log and a new HJT Log
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: malware remve

Unread postby dallas5555 » March 11th, 2008, 6:42 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:21 AM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Explorer] C:\WINDOWS\system32\explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0704787781
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10458 bytes
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby dallas5555 » March 11th, 2008, 8:08 am

combofix quarantined files is that the who log my helper said for me to post hj log an combo log im dallas2001-10-16 06:08 840 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip.vir
2002-06-10 08:13 269 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip.vir
2002-06-10 08:13 269 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip.vir
2002-07-29 08:54 7873 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip.vir
2002-10-24 08:55 51 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip.vir
2002-10-24 08:55 51 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip.vir
2002-10-24 08:56 51 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip.vir
2002-10-24 08:56 51 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip.vir
2002-10-24 08:56 51 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip.vir
2002-10-24 08:56 51 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip.vir
2003-07-17 09:46 3432 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip.vir
2003-07-17 09:46 3432 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip.vir
2003-09-14 06:17 188 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip.vir
2003-09-14 06:17 188 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip.vir
2003-09-17 09:37 1232 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip.vir
2003-09-17 09:37 1232 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip.vir
2003-09-17 11:11 65 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip.vir
2004-02-10 08:49 335547 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\Wallpaper\100204Domestic0026_wp.jpg.vir
2004-04-30 06:01 53 --a------ C:\Qoobox\Quarantine\D\Autorun.inf.vir
2004-05-30 10:27 6240 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip.vir
2004-05-30 10:27 6240 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip.vir
2005-05-31 05:12 25358 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico.vir
2005-05-31 05:12 25358 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico.vir
2005-07-11 08:26 23444 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip.vir
2005-07-11 08:26 23444 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip.vir
2005-07-11 08:26 61095 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip.vir
2005-07-11 08:26 61095 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip.vir
2005-07-11 08:26 83545 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip.vir
2005-07-11 08:26 83545 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip.vir
2005-09-18 10:27 2338 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip.vir
2005-09-18 10:27 7319 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip.vir
2005-12-01 06:27 29571 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip.vir
2006-01-10 05:16 3262 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico.vir
2006-01-10 05:16 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico.vir
2006-02-07 09:18 3262 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico.vir
2006-02-07 09:18 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico.vir
2006-02-09 05:50 267 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip.vir
2006-12-05 04:01 4093 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip.vir
2007-01-03 05:14 7554 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip.vir
2007-01-04 04:09 1271 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip.vir
2007-02-06 10:42 71707 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip.vir
2007-02-13 09:27 3645 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip.vir
2007-02-19 05:31 113123 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip.vir
2007-02-19 05:31 113123 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip.vir
2007-02-19 05:31 487532 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip.vir
2007-02-25 08:48 2494 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip.vir
2007-03-08 04:28 126 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip.vir
2007-03-08 06:15 1467 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip.vir
2007-03-10 09:25 10358 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.res.vir
2007-03-10 09:25 12151 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.res.vir
2007-03-10 09:25 129735 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.res.vir
2007-03-10 09:25 12986 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.cdf.vir
2007-03-10 09:25 164777 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.res.vir
2007-03-10 09:25 19096 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.res.vir
2007-03-10 09:25 2075 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.res.vir
2007-03-10 09:25 209637 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.res.vir
2007-03-10 09:25 2585 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.res.vir
2007-03-10 09:25 328 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.txt.vir
2007-03-10 09:25 35442 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.res.vir
2007-03-10 09:25 445728 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.idx.vir
2007-03-10 09:25 480 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt.vir
2007-03-10 09:25 492 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.htm.vir
2007-03-10 09:25 5168 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.txt.vir
2007-03-10 09:25 554463 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.res.vir
2007-03-10 09:25 6110 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\SpamBlockerUtility.log.vir
2007-03-10 09:25 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.res.vir
2007-03-10 09:25 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.res.vir
2007-03-10 09:25 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.res.vir
2007-03-10 09:25 95919 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.res.vir
2007-03-14 19:45 1524 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Desktop\Free PC Wallpapers.lnk.vir
2007-03-14 19:46 1877 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85712.vir
2007-03-14 19:46 1895 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16087.vir
2007-03-14 19:46 1897 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13524.vir
2007-03-14 19:46 1901 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\84876.vir
2007-03-14 19:46 1918 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\561893.vir
2007-03-14 19:46 1918 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59289.vir
2007-03-14 19:46 1928 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32137.vir
2007-03-14 19:46 1949 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44306.vir
2007-03-14 19:46 1957 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\427075.vir
2007-03-14 19:46 2136 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17923.vir
2007-03-14 19:46 2721 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1056012.sdf.vir
2007-03-14 19:46 5423 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1055998.sdf.vir
2007-03-14 19:51 160442 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\600583.sdf.vir
2007-03-14 19:52 1873 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745992.vir
2007-03-14 19:52 1901 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\24643.vir
2007-03-14 19:52 1905 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1000030595.vir
2007-03-14 19:52 1910 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66625.vir
2007-03-14 19:52 1946 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41499.vir
2007-03-14 19:52 1981 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\89673.vir
2007-03-14 19:52 2104 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\91925.vir
2007-03-14 19:53 1903 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\336176.vir
2007-03-14 19:53 1929 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\516057.vir
2007-03-14 19:53 1995 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\519651.vir
2007-03-14 19:53 2011 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90088.vir
2007-03-14 19:53 2052 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95732.vir
2007-03-14 19:53 441 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1066422.sdf.vir
2007-03-14 19:54 1879 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\57347.vir
2007-03-14 19:54 1897 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\89200.vir
2007-03-14 19:54 1957 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26335.vir
2007-03-14 19:55 15794 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\625696.sdf.vir
2007-03-14 19:58 1907 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\53481.vir
2007-03-14 19:58 1926 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29095.vir
2007-03-14 19:58 1932 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70650.vir
2007-03-14 19:58 1933 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80670.vir
2007-03-14 19:59 1889 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70375.vir
2007-03-14 21:34 1879 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\531510.vir
2007-03-14 21:34 1893 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59844.vir
2007-03-14 21:34 1899 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\15596.vir
2007-03-14 21:34 1903 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\46705.vir
2007-03-14 21:34 1914 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578140.vir
2007-03-14 21:34 1917 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\63806.vir
2007-03-14 21:34 1918 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503.vir
2007-03-14 21:34 1922 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578081.vir
2007-03-14 21:34 1929 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\74398.vir
2007-03-14 21:34 1935 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87594.vir
2007-03-14 21:34 1943 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\99857.vir
2007-03-14 21:34 1966 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85062.vir
2007-03-14 21:34 1967 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745387.vir
2007-03-14 21:34 1978 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13546.vir
2007-03-14 21:34 1989 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93899.vir
2007-03-14 21:34 2012 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85587.vir
2007-03-14 21:34 2057 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\468327.vir
2007-03-14 21:34 99383 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\952211.sdf.vir
2007-03-14 21:40 1879 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64517.vir
2007-03-14 21:40 1884 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25469.vir
2007-03-14 21:40 1899 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35047.vir
2007-03-14 21:40 1945 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\4382.vir
2007-03-14 21:40 1945 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\94407.vir
2007-03-14 21:40 2049 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90358.vir
2007-03-14 21:40 208 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ASPL1.dat.vir
2007-03-15 05:24 79402 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip.vir
2007-03-15 09:31 3864 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip.vir
2007-03-15 09:31 5069 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu.vir
2007-03-17 15:36 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu.vir
2007-03-17 15:36 10358 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res.vir
2007-03-17 15:36 12151 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res.vir
2007-03-17 15:36 12541 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu.vir
2007-03-17 15:36 129735 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res.vir
2007-03-17 15:36 13450 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf.vir
2007-03-17 15:36 137 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf.vir
2007-03-17 15:36 147 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1418656.sdf.vir
2007-03-17 15:36 164777 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res.vir
2007-03-17 15:36 18 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\3515.dat.vir
2007-03-17 15:36 1897 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\99795.vir
2007-03-17 15:36 19096 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res.vir
2007-03-17 15:36 2075 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res.vir
2007-03-17 15:36 209637 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res.vir
2007-03-17 15:36 24138 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat.vir
2007-03-17 15:36 24484 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf.vir
2007-03-17 15:36 2585 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res.vir
2007-03-17 15:36 328 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt.vir
2007-03-17 15:36 35442 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res.vir
2007-03-17 15:36 379 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu.vir
2007-03-17 15:36 391 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu.vir
2007-03-17 15:36 42 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu.vir
2007-03-17 15:36 445728 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx.vir
2007-03-17 15:36 487 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu.vir
2007-03-17 15:36 491 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf.vir
2007-03-17 15:36 492 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm.vir
2007-03-17 15:36 5168 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt.vir
2007-03-17 15:36 5525 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf.vir
2007-03-17 15:36 605879 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res.vir
2007-03-17 15:36 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res.vir
2007-03-17 15:36 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res.vir
2007-03-17 15:36 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res.vir
2007-03-17 15:36 7453628 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat.vir
2007-03-17 15:36 8735 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx.vir
2007-03-17 15:36 92601 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res.vir
2007-03-17 15:36 95919 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res.vir
2007-03-18 09:31 71 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip.vir
2007-03-19 07:36 1465 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip.vir
2007-03-22 07:28 285 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf.vir
2007-03-22 07:28 32209 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu.vir
2007-03-22 07:29 0 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu.vir
2007-03-22 07:29 120 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt.vir
2007-03-22 07:29 12151 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res.vir
2007-03-22 07:29 12541 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu.vir
2007-03-22 07:29 13570 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf.vir
2007-03-22 07:29 137 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf.vir
2007-03-22 07:29 164777 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res.vir
2007-03-22 07:29 19096 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res.vir
2007-03-22 07:29 209637 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res.vir
2007-03-22 07:29 24138 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat.vir
2007-03-22 07:29 24657 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf.vir
2007-03-22 07:29 2585 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res.vir
2007-03-22 07:29 2675 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res.vir
2007-03-22 07:29 328 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt.vir
2007-03-22 07:29 35442 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res.vir
2007-03-22 07:29 37491 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\SpamBlockerUtility.log.vir
2007-03-22 07:29 379 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu.vir
2007-03-22 07:29 391 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu.vir
2007-03-22 07:29 42 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu.vir
2007-03-22 07:29 445728 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx.vir
2007-03-22 07:29 44684 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res.vir
2007-03-22 07:29 487 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu.vir
2007-03-22 07:29 491 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf.vir
2007-03-22 07:29 492 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm.vir
2007-03-22 07:29 5168 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt.vir
2007-03-22 07:29 5647 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf.vir
2007-03-22 07:29 6 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\351a.dat.vir
2007-03-22 07:29 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res.vir
2007-03-22 07:29 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res.vir
2007-03-22 07:29 62 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res.vir
2007-03-22 07:29 629265 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res.vir
2007-03-22 07:29 6590 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res.vir
2007-03-22 07:29 7453628 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat.vir
2007-03-22 07:29 8735 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx.vir
2007-03-22 07:29 92601 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res.vir
2007-03-22 07:29 95919 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res.vir
2007-03-27 14:18 122813 --a--c--- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html.vir
2007-03-27 14:18 422447 --a--c--- C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html.vir
2007-05-25 07:17 22 --a--c--- C:\Qoobox\Quarantine\C\Program Files\outlook\p.zip.vir
2007-06-05 19:07 506749 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
2007-06-24 10:53 9066 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility\SpamBlockerUtility.log.vir
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:49 AM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0704787781
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9831 bytes
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby DFW » March 11th, 2008, 11:21 am

Hi dallas5555


There's need to PM me just post any questions into topic

Please post the entire contents of the latest combofix scan (it will be in your C:\ drive, probably named Combofix.txt.)
if there are more than one Combofix.txt or variants such as Combofix2.txt please should post them all
Double click it, When it is open, select the entire contents (Ctrl + A), copy them (Ctrl + C), and paste them (Ctrl + V) back here as a reply to this post.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: malware remve

Unread postby dallas5555 » March 11th, 2008, 1:59 pm

ComboFix 08-03-10.1 - HP_Administrator 2008-03-11 7:27:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.316 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.htm
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.idx
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.cdf
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\progress.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.res
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlocker
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\mommy.FAMILY\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\SpamBlockerUtility.log
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1055998.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1056012.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1066422.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\1418656.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\600583.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\625696.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\952211.sdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ASPL1.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\domains.txt
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\1000030595
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13524
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\13546
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\15596
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\16087
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\17923
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\24643
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\25469
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\26335
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\27503
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\29095
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\32137
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\336176
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\35047
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\41499
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\427075
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\4382
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\44306
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\46705
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\468327
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\516057
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\519651
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\531510
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\53481
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\561893
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\57347
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578081
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\578140
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59289
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\59844
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\63806
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\64517
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\66625
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70375
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\70650
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\74398
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745387
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\745992
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\80670
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\84876
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85062
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85587
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\85712
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\87594
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\89200
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\89673
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90088
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\90358
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\91925
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\93899
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\94407
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\95732
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\99795
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML\99857
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\3515.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat\351a.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\ads.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans1.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\business_promo.htm
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\buttondir.txt
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\components.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_buttons_other.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\d_icons_weather.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\default.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz1.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz10.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz11.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz12.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz13.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz14.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz15.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz16.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz17.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz18.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz19.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz2.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz20.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz3.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz4.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz5.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz6.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz7.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz8.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_bidz9.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_categorize.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_comparison.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_explorer-people.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_fastutilities.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_favorites.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Games.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hide.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Hotmail.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_hsskin.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemster.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsterie.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_jobsearch.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_Mails.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_new.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_premium.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_reun.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_ringtones.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchfor.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_searchgo.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_weather.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Default_yellowpages.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\email-t1-bg.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\icons2.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords.idx
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\keywords1.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\layout.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\linkpathlegal.txt
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\progress.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\s_icons_buttons.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\sales_buttons.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\t2_bg.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\theweb.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\top7.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\Top7_theweb.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\tsd_bg.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\ads.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans.idx
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\btntrans1.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\business_promo.htm
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\buttondir.txt
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\components.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_1000.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_2000.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_3000.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bar.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_bbar1.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_logos.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_buttons_other.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\d_icons_weather.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\default.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz1.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz10.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz11.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz12.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz13.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz14.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz15.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz16.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz17.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz18.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz19.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz2.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz20.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz3.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz4.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz5.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz6.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz7.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz8.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_bidz9.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_categorize.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_comparison.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-Mails.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_explorer-people.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_fastutilities.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_favorites.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Games.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hide.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hotbarcom.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Hotmail.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_hsskin.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemster.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsterie.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jemsteruk.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_jobsearch.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_Mails.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_new.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_premium.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_reun.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_ringtones.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchfor.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_searchgo.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_weather.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Default_yellowpages.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-def-511724-9595.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\email-t1-bg.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\icons2.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords.idx
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\keywords1.dat
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\layout.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\linkpathlegal.txt
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\progress.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\s_icons_buttons.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\sales_buttons.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\t2_bg.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\theweb.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\top7.cdf
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\Top7_theweb.mnu
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2\tsd_bg.res
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\ads.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\business_promo.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\default.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\icons2.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\keywords1.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\t2_bg.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\top7.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility\Wallpaper\100204Domestic0026_wp.jpg
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\mommy\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\mommy\Desktop\Free PC Wallpapers.lnk
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\Helper
C:\Program Files\MyWebSearch
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\WINDOWS\system32\AutoRun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-11 07:27 . 2008-03-11 07:27 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-10 13:25 . 2008-03-10 14:08 <DIR> d-------- C:\knocked_up1111
2008-03-09 10:35 . 2008-03-10 07:46 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\INAC
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\INAC
2008-03-09 10:29 . 2008-03-10 08:19 <DIR> d-------- C:\Program Files\INAC
2008-03-08 13:14 . 2008-03-08 13:24 <DIR> d-------- C:\Program Files\RegistryCleanFixer2008
2008-03-08 08:31 . 2008-03-08 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:30 . 2008-03-08 08:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 10:28 . 2008-03-06 10:35 4,681,674,752 --a------ C:\KNOCKED_UP1.ISO
2008-03-02 10:33 . 2008-03-08 08:20 <DIR> d-------- C:\Program Files\AdwareFilter
2008-03-01 14:20 . 2008-03-01 14:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-03-01 14:15 . 2008-03-01 14:30 141,199 --a------ C:\WINDOWS\hpoins14.dat
2008-03-01 14:15 . 2007-06-05 19:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-02-29 12:14 . 2008-02-29 12:14 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2008-02-29 12:12 . 2008-02-29 12:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-02-27 11:03 . 2008-03-10 12:27 <DIR> d-------- C:\knocked_up111
2008-02-26 20:59 . 2008-02-26 21:01 <DIR> d-------- C:\Program Files\Snood
2008-02-21 22:42 . 2008-02-21 22:42 <DIR> d-------- C:\Program Files\SonicWallES
2008-02-21 17:22 . 2008-03-07 17:39 7,223 --a------ C:\rollback.ini
2008-02-21 17:16 . 2008-02-21 22:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier
2008-02-21 17:11 . 2008-03-11 07:36 12,635,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-21 17:11 . 2008-03-10 20:51 169,532 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 17:03 . 2008-02-21 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-21 17:03 . 2008-03-08 20:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-21 17:02 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-21 17:01 . 2008-02-21 17:01 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-21 16:59 . 2008-03-11 07:20 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-21 16:54 . 2008-02-21 16:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-02-21 16:54 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-21 16:53 . 2008-02-21 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 09:02 . 2007-08-13 19:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-14 16:19 . 2008-02-15 11:36 <DIR> d-------- C:\knocked_up1
2008-02-14 13:03 . 2008-03-04 11:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-14 13:03 . 2008-03-04 11:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-13 08:16 . 2008-02-18 07:24 <DIR> d-------- C:\Program Files\Babylon
2008-02-12 13:12 . 2008-03-08 08:10 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Incomplete
2008-02-11 13:44 . 2008-03-11 06:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 11:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-10 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-09 14:10 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-03-08 17:30 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-08 12:12 299,520 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-08 12:12 1,568,256 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-08 03:29 940,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-07 20:52 2,657,792 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-07 20:52 1,539,072 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-06 02:48 2,876,928 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-05 21:36 --------- d-----w C:\Program Files\Yahoo! Games
2008-03-04 19:32 --------- d-----w C:\Program Files\One Million Recipes
2008-03-04 14:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-03 19:22 57,799 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_03_13_39_51_small.dmp.zip
2008-03-03 16:39 491,008 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-03 16:39 1,487,872 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-03 03:22 2,663,936 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-03 03:22 1,486,848 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 02:55 2,460,160 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-01 18:20 --------- d-----w C:\Program Files\HP
2008-03-01 18:07 4,075,008 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-01 18:07 1,459,200 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-29 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 16:14 --------- d-----w C:\Program Files\Kodak
2008-02-29 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-28 23:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 12:33 256,000 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-25 12:33 1,384,960 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-25 03:19 1,523,712 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-25 03:19 1,379,840 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-24 03:06 1,875,456 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-24 03:06 1,376,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-14 20:11 --------- d-----w C:\Program Files\TomTom HOME 2
2008-02-13 08:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-12 12:11 --------- d-----w C:\Program Files\Sotfone
2008-02-11 17:42 --------- d-----w C:\Program Files\STOPzilla!
2008-02-11 16:10 --------- d-----w C:\Program Files\bfgtoolbar
2008-02-09 21:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 14:05 --------- d-----w C:\Program Files\LimeWire
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TomTom
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-02-08 16:44 --------- d-----w C:\Program Files\TomTom DesktopSuite
2008-02-04 18:49 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-04 18:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 18:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 18:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 18:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 18:11 --------- d-----w C:\Program Files\Symantec
2008-02-04 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-04 17:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-04 17:22 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-02-03 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-03 14:53 --------- d-----w C:\Program Files\WM Converter
2008-02-02 22:04 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:36 229,376 ----a-r C:\WINDOWS\system32\SZBase5.dll
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-31 17:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-30 22:53 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-30 22:52 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2008-01-30 22:52 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2008-01-30 22:52 364,544 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2008-01-30 22:51 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2008-01-30 22:51 192,512 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2008-01-30 22:50 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2008-01-30 22:50 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2008-01-30 22:47 704,512 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2008-01-30 14:31 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-30 13:49 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 19:02 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-28 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-28 13:45 --------- d-----w C:\Program Files\FriendFinder
2008-01-28 13:44 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-01-28 13:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-28 13:43 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Closebash
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-01-28 13:42 --------- d-----w C:\Program Files\DivX
2008-01-28 13:42 --------- d-----w C:\Program Files\CyberDefender
2008-01-28 13:41 --------- d-----w C:\Program Files\Google
2008-01-28 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-28 13:37 --------- d-----w C:\Program Files\MySpace
2008-01-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft(2)
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 23:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-10-28 21:41 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-09-14 00:08 202 ----a-w C:\Documents and Settings\mommy.FAMILY\Application Data\wklnhst.dat
2007-08-23 23:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-10-14 13:49 334 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb1942.dat
2006-10-14 13:37 177,152 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb4889.dat
2006-10-14 13:37 13,046 -c--a-w C:\Documents and Settings\marleen\Application Data\internaldb5099.dat
2007-10-01 12:17 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-04 14:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\mommy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 17:32:57 147456]

C:\Documents and Settings\mommyrachel\Start Menu\Programs\Startup\
Intel Snapshot.Lnk [2007-07-23 09:13:14 848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Intel Snapshot.Lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Intel Snapshot.Lnk
backup=C:\WINDOWS\pss\Intel Snapshot.LnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 11:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-03 03:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-31 14:15 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2005-09-27 03:43 1060864 C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a------ 2005-09-27 03:42 61440 C:\Program Files\DISC\DiscUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 13:41 1605740 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 02:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 03:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 03:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 09:44 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 17:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 00:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 17:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-01-03 17:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-07 05:47 361832 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 17:46 709992 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 10:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-11-14 17:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-01-31 13:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 17:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 17:05]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0b45e9c-cf36-11dc-a346-0015f2983187}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 14:05:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-11 11:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 22:30:09 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-29 16:07:41 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-27 07:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-11 00:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-08 01:00:09 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - daddy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-03-08 01:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-02-27 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 07:36:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-11 7:38:13
ComboFix-quarantined-files.txt 2008-03-11 11:38:09
.
2008-03-08 19:27:28 --- E O F ---
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby dallas5555 » March 12th, 2008, 4:47 pm

ok / i hope ur able to assist me in fixing the comp / i been wondering how its going so far because i havent heard from u / can u let me know if ur getting anywhere
an if u got everything u needed from me please e mail me when u know something an to lewt me know where ur at with stuff ok is there a reason why its taking so long / thank u again
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby DFW » March 12th, 2008, 5:45 pm

Hi dallas5555

We are analyzing thje logs at present, this is a bit of a job and needs to be done carefully, be back asap
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: malware remve

Unread postby DFW » March 12th, 2008, 7:14 pm

Hi again dallas555



You are running a P2P filesharing programme.

LimeWire


  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.

Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them
http://forum.malwareremoval.com/viewtop ... e3e96420cc

My recommendation is you uninstall it.


I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\Internet Logs\xDB14.tmp
C:\WINDOWS\Internet Logs\xDB12.tmp
C:\WINDOWS\Internet Logs\xDB13.tmp
C:\WINDOWS\Internet Logs\xDB11.tmp
C:\Documents and Settings\marleen\Application Data\internaldb1942.dat
C:\Documents and Settings\marleen\Application Data\internaldb4889.dat
C:\Documents and Settings\marleen\Application Data\internaldb5099.dat[/b]

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please








    Open up Hijackthis
    Click on do a system scan only.
    Place a checkmark next to these lines(if still present)

    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - <http://www.freeietool.com/redirect.php> (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - <http://www.freeietool.com/redirect.php> (file missing)
    O15 - Trusted Zone: <http://*.trymedia.com> (HKLM)


    Then close all windows except Hijackthis and click Fix Checked




    COMBOFIX-Script


    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code: Select all
      Folder::
      C:\Program Files\RegistryCleanFixer2008
      C:\Program Files\AdwareFilter
      C:\Program Files\Sotfone
      
      
      DirLook:: 
      C:\Program Files\INAC
      C:\knocked_up1
      C:\knocked_up1111
      C:\knocked_up111
      C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
      C:\Documents and Settings\HP_Administrator\Incomplete
      
      
      

    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

      Image
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.





To start with Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

Image

Click on the Save list... button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.



Boot into each user account on you system and run HJT and post a log for each account


Please Post

A new HJT log for each account on your system.(after running above fix)
The combofix Log (new)
The uninstall list
Jotti Results


Also did you set the security center Monitoring to diabled??

.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: malware remve

Unread postby dallas5555 » March 13th, 2008, 8:33 am

the scan i ran for u on those few files / all results said found nothing /here is the combo fix log / i will send rest in a few /ComboFix 08-03-10.1 - HP_Administrator 2008-03-13 8:09:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.457 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

2008-03-12 18:05 . 2008-03-12 20:38 <DIR> d-------- C:\knocked_up111
2008-03-09 10:35 . 2008-03-10 07:46 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\INAC
2008-03-09 10:34 . 2008-03-09 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\INAC
2008-03-09 10:29 . 2008-03-10 08:19 <DIR> d-------- C:\Program Files\INAC
2008-03-08 13:14 . 2008-03-08 13:24 <DIR> d-------- C:\Program Files\RegistryCleanFixer2008
2008-03-08 08:31 . 2008-03-08 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-08 08:30 . 2008-03-08 08:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 10:28 . 2008-03-06 10:35 4,681,674,752 --a------ C:\KNOCKED_UP1.ISO
2008-03-02 10:33 . 2008-03-08 08:20 <DIR> d-------- C:\Program Files\AdwareFilter
2008-03-01 14:20 . 2008-03-01 14:20 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-03-01 14:15 . 2008-03-01 14:30 141,199 --a------ C:\WINDOWS\hpoins14.dat
2008-03-01 14:15 . 2007-06-05 19:07 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-02-29 12:14 . 2008-02-29 12:14 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2008-02-29 12:12 . 2008-02-29 12:12 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-02-26 20:59 . 2008-02-26 21:01 <DIR> d-------- C:\Program Files\Snood
2008-02-21 22:42 . 2008-02-21 22:42 <DIR> d-------- C:\Program Files\SonicWallES
2008-02-21 17:22 . 2008-03-07 17:39 7,223 --a------ C:\rollback.ini
2008-02-21 17:16 . 2008-02-21 22:42 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\MailFrontier
2008-02-21 17:11 . 2008-03-13 08:16 13,165,856 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-21 17:11 . 2008-03-12 23:08 176,804 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-21 17:03 . 2008-02-21 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-21 17:03 . 2008-03-08 20:44 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-21 17:02 . 2007-11-14 17:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-21 17:01 . 2008-02-21 17:01 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-21 16:59 . 2008-03-13 08:02 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-21 16:54 . 2008-02-21 16:54 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2008-02-21 16:54 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-21 16:53 . 2008-02-21 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 09:02 . 2007-08-13 19:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-14 16:19 . 2008-02-15 11:36 <DIR> d-------- C:\knocked_up1
2008-02-14 13:03 . 2008-03-04 11:00 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-14 13:03 . 2008-03-04 11:00 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-13 08:16 . 2008-02-18 07:24 <DIR> d-------- C:\Program Files\Babylon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-13 11:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-12 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-03-12 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 10:51 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-03-12 02:08 2,828,288 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-03-12 00:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-11 11:43 1,624,064 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-03-11 11:41 931,384 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-03-08 17:30 1,871,360 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-03-08 12:12 299,520 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-03-08 12:12 1,568,256 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-03-08 03:29 940,032 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-03-07 20:52 2,657,792 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-03-07 20:52 1,539,072 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-03-06 02:48 2,876,928 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-03-05 21:36 --------- d-----w C:\Program Files\Yahoo! Games
2008-03-04 19:32 --------- d-----w C:\Program Files\One Million Recipes
2008-03-04 14:59 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-03 19:22 57,799 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_03_03_13_39_51_small.dmp.zip
2008-03-03 16:39 491,008 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-03-03 16:39 1,487,872 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-03-03 03:22 2,663,936 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-03-03 03:22 1,486,848 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-03-02 02:55 2,460,160 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-03-01 18:20 --------- d-----w C:\Program Files\HP
2008-03-01 18:07 4,075,008 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-03-01 18:07 1,459,200 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-02-29 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-29 16:14 --------- d-----w C:\Program Files\Kodak
2008-02-29 16:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-25 12:33 256,000 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-25 12:33 1,384,960 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-25 03:19 1,523,712 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-25 03:19 1,379,840 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-24 03:06 1,875,456 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-02-24 03:06 1,376,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-14 20:11 --------- d-----w C:\Program Files\TomTom HOME 2
2008-02-12 12:11 --------- d-----w C:\Program Files\Sotfone
2008-02-11 17:42 --------- d-----w C:\Program Files\STOPzilla!
2008-02-11 16:10 --------- d-----w C:\Program Files\bfgtoolbar
2008-02-09 21:08 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 14:05 --------- d-----w C:\Program Files\LimeWire
2008-02-08 22:56 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\muvee Technologies
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TomTom
2008-02-08 16:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-02-08 16:44 --------- d-----w C:\Program Files\TomTom DesktopSuite
2008-02-04 18:49 --------- d-----w C:\Program Files\Norton AntiVirus
2008-02-04 18:11 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 18:11 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 18:11 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 18:11 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 18:11 --------- d-----w C:\Program Files\Symantec
2008-02-04 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-04 17:57 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-04 17:22 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-02-03 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-02-03 14:53 --------- d-----w C:\Program Files\WM Converter
2008-02-02 22:04 --------- d-----w C:\Program Files\Microsoft Works
2008-02-01 19:36 229,376 ----a-r C:\WINDOWS\system32\SZBase5.dll
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-02-01 11:16 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-31 17:16 34,944 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-01-30 22:53 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-01-30 22:52 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2008-01-30 22:52 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2008-01-30 22:52 364,544 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2008-01-30 22:51 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2008-01-30 22:51 192,512 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2008-01-30 22:50 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2008-01-30 22:50 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2008-01-30 22:47 704,512 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2008-01-30 14:31 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-30 13:49 --------- d-----w C:\Program Files\Alwil Software
2008-01-28 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-28 19:02 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-01-28 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-28 13:45 --------- d-----w C:\Program Files\FriendFinder
2008-01-28 13:44 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-01-28 13:43 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 13:43 --------- d-----w C:\Program Files\Windows Live Favorites
2008-01-28 13:43 --------- d-----w C:\Program Files\Lavasoft
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Closebash
2008-01-28 13:43 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-01-28 13:42 --------- d-----w C:\Program Files\DivX
2008-01-28 13:42 --------- d-----w C:\Program Files\CyberDefender
2008-01-28 13:41 --------- d-----w C:\Program Files\Google
2008-01-28 13:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-01-28 13:37 --------- d-----w C:\Program Files\MySpace
2008-01-28 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft(2)
2008-01-15 14:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 10:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-10-28 21:41 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-09-14 00:08 202 ----a-w C:\Documents and Settings\mommy.FAMILY\Application Data\wklnhst.dat
2007-08-23 23:26 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-10-01 12:17 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\HP_Administrator\Incomplete ----

2008-02-21 07:46 275 --a------ C:\Documents and Settings\HP_Administrator\Incomplete\downloads.dat
2008-02-20 07:46 275 --a------ C:\Documents and Settings\HP_Administrator\Incomplete\downloads.bak

---- Directory of C:\knocked_up1 ----

2008-02-15 11:36 790528 --a------ C:\knocked_up1\VTS_31_1.VOB
2008-02-15 11:36 6254592 --a------ C:\knocked_up1\VTS_30_1.VOB
2008-02-15 11:36 5296128 --a------ C:\knocked_up1\VTS_29_1.VOB
2008-02-15 11:36 47104 --a------ C:\knocked_up1\VIDEO_TS.IFO
2008-02-15 11:36 47104 --a------ C:\knocked_up1\VIDEO_TS.BUP
2008-02-15 11:36 3344384 --a------ C:\knocked_up1\VTS_25_1.VOB
2008-02-15 11:36 22528 --a------ C:\knocked_up1\VTS_31_0.VOB
2008-02-15 11:36 22528 --a------ C:\knocked_up1\VTS_30_0.VOB
2008-02-15 11:36 22528 --a------ C:\knocked_up1\VTS_29_0.VOB
2008-02-15 11:36 22528 --a------ C:\knocked_up1\VTS_28_0.VOB
2008-02-15 11:36 22528 --a------ C:\knocked_up1\VTS_27_0.VOB
2008-02-15 11:36 22528 --a------ C:\knocked_up1\VTS_26_0.VOB
2008-02-15 11:36 2195456 --a------ C:\knocked_up1\VTS_28_1.VOB
2008-02-15 11:36 2113536 --a------ C:\knocked_up1\VTS_26_1.VOB
2008-02-15 11:36 20834304 --a------ C:\knocked_up1\VTS_27_1.VOB
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_31_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_31_0.BUP
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_30_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_30_0.BUP
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_29_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_29_0.BUP
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_28_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_28_0.BUP
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_27_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_27_0.BUP
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_26_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_26_0.BUP
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_25_0.IFO
2008-02-15 11:36 18432 --a------ C:\knocked_up1\VTS_25_0.BUP
2008-02-15 11:35 8128512 --a------ C:\knocked_up1\VTS_18_1.VOB
2008-02-15 11:35 6252544 --a------ C:\knocked_up1\VTS_20_1.VOB
2008-02-15 11:35 5060608 --a------ C:\knocked_up1\VTS_16_1.VOB
2008-02-15 11:35 41994240 --a------ C:\knocked_up1\VTS_15_1.VOB
2008-02-15 11:35 3344384 --a------ C:\knocked_up1\VTS_23_1.VOB
2008-02-15 11:35 31186944 --a------ C:\knocked_up1\VTS_14_1.VOB
2008-02-15 11:35 2852864 --a------ C:\knocked_up1\VTS_21_1.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_25_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_24_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_23_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_22_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_21_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_20_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_19_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_18_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_17_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_16_0.VOB
2008-02-15 11:35 22528 --a------ C:\knocked_up1\VTS_15_0.VOB
2008-02-15 11:35 2048000 --a------ C:\knocked_up1\VTS_22_1.VOB
2008-02-15 11:35 1916928 --a------ C:\knocked_up1\VTS_24_1.VOB
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_24_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_24_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_23_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_23_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_22_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_22_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_21_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_21_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_20_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_20_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_19_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_19_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_18_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_18_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_17_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_17_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_16_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_16_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_15_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_15_0.BUP
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_14_0.IFO
2008-02-15 11:35 18432 --a------ C:\knocked_up1\VTS_14_0.BUP
2008-02-15 11:35 12746752 --a------ C:\knocked_up1\VTS_17_1.VOB
2008-02-15 11:35 10168320 --a------ C:\knocked_up1\VTS_19_1.VOB
2008-02-15 11:34 45703168 --a------ C:\knocked_up1\VTS_12_1.VOB
2008-02-15 11:34 39671808 --a------ C:\knocked_up1\VTS_13_1.VOB
2008-02-15 11:34 32161792 --a------ C:\knocked_up1\VTS_11_1.VOB
2008-02-15 11:34 22528 --a------ C:\knocked_up1\VTS_14_0.VOB
2008-02-15 11:34 22528 --a------ C:\knocked_up1\VTS_13_0.VOB
2008-02-15 11:34 22528 --a------ C:\knocked_up1\VTS_12_0.VOB
2008-02-15 11:34 18432 --a------ C:\knocked_up1\VTS_13_0.IFO
2008-02-15 11:34 18432 --a------ C:\knocked_up1\VTS_13_0.BUP
2008-02-15 11:34 18432 --a------ C:\knocked_up1\VTS_12_0.IFO
2008-02-15 11:34 18432 --a------ C:\knocked_up1\VTS_12_0.BUP
2008-02-15 11:34 18432 --a------ C:\knocked_up1\VTS_11_0.IFO
2008-02-15 11:34 18432 --a------ C:\knocked_up1\VTS_11_0.BUP
2008-02-15 11:33 48054272 --a------ C:\knocked_up1\VTS_10_1.VOB
2008-02-15 11:33 39499776 --a------ C:\knocked_up1\VTS_09_1.VOB
2008-02-15 11:33 22528 --a------ C:\knocked_up1\VTS_11_0.VOB
2008-02-15 11:33 22528 --a------ C:\knocked_up1\VTS_10_0.VOB
2008-02-15 11:33 18432 --a------ C:\knocked_up1\VTS_10_0.IFO
2008-02-15 11:33 18432 --a------ C:\knocked_up1\VTS_10_0.BUP
2008-02-15 11:33 18432 --a------ C:\knocked_up1\VTS_09_0.IFO
2008-02-15 11:33 18432 --a------ C:\knocked_up1\VTS_09_0.BUP
2008-02-15 11:32 51865600 --a------ C:\knocked_up1\VTS_07_1.VOB
2008-02-15 11:32 44355584 --a------ C:\knocked_up1\VTS_08_1.VOB
2008-02-15 11:32 22528 --a------ C:\knocked_up1\VTS_09_0.VOB
2008-02-15 11:32 22528 --a------ C:\knocked_up1\VTS_08_0.VOB
2008-02-15 11:32 18432 --a------ C:\knocked_up1\VTS_08_0.IFO
2008-02-15 11:32 18432 --a------ C:\knocked_up1\VTS_08_0.BUP
2008-02-15 11:32 18432 --a------ C:\knocked_up1\VTS_07_0.IFO
2008-02-15 11:32 18432 --a------ C:\knocked_up1\VTS_07_0.BUP
2008-02-15 11:31 60426240 --a------ C:\knocked_up1\VTS_05_1.VOB
2008-02-15 11:31 52725760 --a------ C:\knocked_up1\VTS_06_1.VOB
2008-02-15 11:31 22528 --a------ C:\knocked_up1\VTS_07_0.VOB
2008-02-15 11:31 22528 --a------ C:\knocked_up1\VTS_06_0.VOB
2008-02-15 11:31 18432 --a------ C:\knocked_up1\VTS_06_0.IFO
2008-02-15 11:31 18432 --a------ C:\knocked_up1\VTS_06_0.BUP
2008-02-15 11:31 18432 --a------ C:\knocked_up1\VTS_05_0.IFO
2008-02-15 11:31 18432 --a------ C:\knocked_up1\VTS_05_0.BUP
2008-02-15 11:30 22528 --a------ C:\knocked_up1\VTS_05_0.VOB
2008-02-15 11:30 22528 --a------ C:\knocked_up1\VTS_04_0.VOB
2008-02-15 11:30 22528 --a------ C:\knocked_up1\VTS_03_0.IFO
2008-02-15 11:30 22528 --a------ C:\knocked_up1\VTS_03_0.BUP
2008-02-15 11:30 18432 --a------ C:\knocked_up1\VTS_04_0.IFO
2008-02-15 11:30 18432 --a------ C:\knocked_up1\VTS_04_0.BUP
2008-02-15 11:30 134909952 --a------ C:\knocked_up1\VTS_03_1.VOB
2008-02-15 11:30 12636160 --a------ C:\knocked_up1\VTS_04_1.VOB
2008-02-15 11:29 22528 --a------ C:\knocked_up1\VTS_03_0.VOB
2008-02-15 11:29 18432 --a------ C:\knocked_up1\VTS_02_0.IFO
2008-02-15 11:29 18432 --a------ C:\knocked_up1\VTS_02_0.BUP
2008-02-15 11:29 12906496 --a------ C:\knocked_up1\VTS_02_1.VOB
2008-02-15 11:28 445089792 --a------ C:\knocked_up1\VTS_01_4.VOB
2008-02-15 11:28 292864 --a------ C:\knocked_up1\VTS_01_0.IFO
2008-02-15 11:28 292864 --a------ C:\knocked_up1\VTS_01_0.BUP
2008-02-15 11:28 22528 --a------ C:\knocked_up1\VTS_02_0.VOB
2008-02-15 11:26 1073739776 --a------ C:\knocked_up1\VTS_01_3.VOB
2008-02-15 11:19 1073739776 --a------ C:\knocked_up1\VTS_01_2.VOB
2008-02-15 11:13 1073739776 --a------ C:\knocked_up1\VTS_01_1.VOB
2008-02-15 11:06 389793792 --a------ C:\knocked_up1\VTS_01_0.VOB
2008-02-15 11:04 22528 --a------ C:\knocked_up1\VIDEO_TS.VOB

---- Directory of C:\knocked_up111 ----


---- Directory of C:\knocked_up1111 ----

C:\knocked_up1111\

---- Directory of C:\Program Files\INAC ----


---- Directory of C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData ----

2007-03-02 14:10 65536 --a------ C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData\RegClean.dll


((((((((((((((((((((((((((((( snapshot@2008-03-11_ 7.37.33.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-06 01:37:38 17,927,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\EXCEL.EXE
+ 2007-10-03 01:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\XL12CNV.EXE
+ 2007-08-24 10:14:14 13,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6215\XLCALL32.DLL
+ 2007-03-22 23:07:56 91,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL
+ 2007-03-22 23:07:54 80,224 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL
+ 2007-04-19 17:53:52 137,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL
+ 2007-05-31 17:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE
+ 2007-04-19 17:53:52 127,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL
+ 2007-04-19 17:54:04 183,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL
+ 2007-06-18 21:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\MSO.DLL
+ 2007-05-31 17:43:46 7,613,280 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL
+ 2007-04-19 17:53:44 106,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL
+ 2007-05-31 17:42:14 200,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE
+ 2007-04-19 17:53:56 149,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL
+ 2007-04-19 17:53:24 69,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL
+ 2007-03-22 23:07:10 41,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RECALL.DLL
+ 2007-03-22 23:07:54 78,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\RM.DLL
+ 2007-03-22 23:22:02 103,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL
- 2008-02-13 08:04:13 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-12 16:04:43 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-02-13 08:04:14 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-12 16:04:44 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-02-13 08:04:14 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-12 16:04:43 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-02-13 08:04:14 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-12 16:04:44 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-02-13 08:04:14 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-12 16:04:44 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-02-13 08:04:13 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-12 16:04:43 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-02-13 08:04:14 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-12 16:04:43 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2008-02-13 08:04:14 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-12 16:04:44 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-02-13 08:04:14 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-03-12 16:04:44 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-02-13 08:04:13 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-12 16:04:43 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-02-13 08:04:59 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-03-12 16:00:29 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-02-13 08:04:59 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-03-12 16:00:28 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-02-13 08:04:59 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-03-12 16:00:29 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-02-13 08:04:59 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-03-12 16:00:30 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-13 08:04:59 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-03-12 16:00:30 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-02-13 08:04:59 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-03-12 16:00:30 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-02-13 08:04:59 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-03-12 16:00:29 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-13 08:04:59 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-03-12 16:00:31 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-02-13 08:04:59 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-03-12 16:00:28 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-02-13 08:04:59 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-12 16:00:26 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-10 11:50:20 4,836 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{C0EBFC74-2F21-4361-89C0-821C43D433BA}.bin
+ 2008-03-13 03:08:48 6,184 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{C0EBFC74-2F21-4361-89C0-821C43D433BA}.bin
- 2007-08-13 23:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-11 10:27:21 882,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-03-13 10:59:04 882,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-02-04 14:12 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 17:41 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

C:\Documents and Settings\mommy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 17:32:57 147456]

C:\Documents and Settings\mommyrachel\Start Menu\Programs\Startup\
Intel Snapshot.Lnk [2007-07-23 09:13:14 848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Intel Snapshot.Lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Intel Snapshot.Lnk
backup=C:\WINDOWS\pss\Intel Snapshot.LnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2006-08-01 16:35 67112 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 11:20 50528 C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--a------ 2005-08-03 03:19 77312 C:\WINDOWS\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-31 14:15 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2005-09-27 03:43 1060864 C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
--a------ 2005-09-27 03:42 61440 C:\Program Files\DISC\DiscUpdateMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-06 00:56 64512 C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 13:41 1605740 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-02 02:35 49152 c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2007-02-05 19:52 849280 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-28 03:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-28 03:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 21:08 813912 C:\Program Files\Microsoft IntelliType Pro\itype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2005-02-02 09:44 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 17:45 279912 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2007-08-25 00:53 714608 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-27 17:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-01-03 17:48 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-02-07 05:47 361832 C:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
--a------ 2007-04-10 17:46 709992 C:\WINDOWS\vVX1000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
--a------ 2007-06-08 10:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-11-14 17:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\DISC\\myFTP.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Documents and Settings\\HP_Administrator\\My Documents\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\LimeWire\\Incomplete\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-01-31 13:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 17:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 17:46]
S0 TfFsMon;TfFsMon;C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon;C:\WINDOWS\system32\drivers\TfSysMon.sys []
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 19:32]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 17:05]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 20:27]
S3 TfNetMon;TfNetMon;C:\WINDOWS\system32\drivers\TfNetMon.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0b45e9c-cf36-11dc-a346-0015f2983187}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 14:05:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-13 11:35:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 22:30:09 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-02-29 16:07:41 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-27 07:00:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-11 00:50:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
"2008-03-08 01:00:09 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - daddy.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-03-08 01:00:12 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2008-02-27 08:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 08:16:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-13 8:17:35
ComboFix-quarantined-files.txt 2008-03-13 12:17:30
ComboFix2.txt 2008-03-11 11:38:14
.
2008-03-12 16:04:47 --- E O F ---
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby dallas5555 » March 13th, 2008, 8:36 am

here is the uninsta2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
5 Card Slingo from HP Media Center (remove only)
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AIM 6
AppCore
Apple Mobile Device Support
Apple Software Update
AstroPop Deluxe from HP Media Center (remove only)
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
Barnyard Invasion from HP Media Center (remove only)
Bejeweled 2 Deluxe from HP Media Center (remove only)
Blackhawk Striker 2 from HP Media Center (remove only)
Blasterball 2 from HP Media Center (remove only)
Blasterball 2 Remix from HP Media Center (remove only)
Boggle Supreme from HP Media Center (remove only)
Bookworm Deluxe from HP Media Center (remove only)
Bounce Symphony from HP Media Center (remove only)
ccCommon
CCScore
Chuzzle Deluxe from HP Media Center (remove only)
Component Framework
Cosmic Stacker
Crystal Maze from HP Media Center (remove only)
Customer Experience Enhancement
DISCover
DVD Shrink 3.1.7
Easy Internet Sign-up
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Family Feud
FATE from HP Media Center (remove only)
fflink
GemMaster Mystic
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP DigitalMedia Archive
HP Document Viewer 5.3
HP Game Console and games
HP Image Zone 5.3
HP Image Zone for Media Center PC
HP Imaging Device Functions 9.0
HP Multimedia Keyboard Software
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 5.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Insaniquarium Deluxe from HP Media Center (remove only)
Intel A/V Codecs V2.0
Intel(R) Create & Share(TM) Software
InterActual Player
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 5
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Jewel Quest 2 (remove only)
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Lemonade Tycoon 2 from HP Media Center (remove only)
Lexibox Deluxe from HP Media Center (remove only)
LimeWire 4.16.6
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
Mah Jong Quest from HP Media Center (remove only)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.5
muvee autoProducer unPlugged 1.2
Nero Suite
netbrdg
Netscape Browser (remove only)
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Protection Center
Notifier
OfotoXMI
One Million Recipes 6.00
Otto
PC-Doctor 5 for Windows
Polar Bowler from HP Media Center (remove only)
Polar Golfer from HP Media Center (remove only)
PS2
Puzzle Express from HP Media Center (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RealPlayer
RegistryCleanFixer2008
Remove IntelliMover Demo
Ricochet Lost Worlds from HP Media Center (remove only)
Scrabble (remove only)
SCRABBLE from HP Media Center (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SFR
SHASTA
Shooting Stars Pool from HP Media Center (remove only)
Shrek 2 Ogre Bowler from HP Media Center (remove only)
skin0001
SKINXSDK
Slingo Deluxe from HP Media Center (remove only)
Snood 4
Snowboard SuperJam from HP Media Center (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC 32bit
staticcr
STOPzilla
Super Granny from HP Media Center (remove only)
Symantec Technical Support Web Controls
SymNet
The Sims Complete Collection
tooltips
Tradewinds from HP Media Center (remove only)
Update for Outlook 2007 Junk Email Filter (kb947945)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP (remove only)
VC_MergeModuleToMSI
Viewpoint Media Player
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Support Tools
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB925766
WIRELESS
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
ZoneAlarm
Zuma Deluxe from HP Media Center (remove only)

lllist
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby dallas5555 » March 13th, 2008, 8:49 am

here is hj log # 1 of 3 u will getLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:38 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2024783193-2532111020-3818900297-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-2024783193-2532111020-3818900297-1008\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'HP_Administrator')
O4 - HKUS\S-1-5-21-2024783193-2532111020-3818900297-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'HP_Administrator')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0704787781
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10639 bytes
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby dallas5555 » March 13th, 2008, 9:01 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:53 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0704787781
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9167 bytes
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am

Re: malware remve

Unread postby dallas5555 » March 13th, 2008, 9:03 am

this is tLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:47 AM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn11\yt.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2024783193-2532111020-3818900297-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'daddy')
O4 - HKUS\S-1-5-21-2024783193-2532111020-3818900297-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'jengreg')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0704787781
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9992 bytes
he third log / i think i did everything u said now
dallas5555
Regular Member
 
Posts: 46
Joined: March 9th, 2008, 9:47 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware