Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan.vundo, trojan.agent [RESOLVED]


  • This topic is locked This topic is locked

#1
arlenelg

arlenelg

    Member

  • Member
  • PipPip
  • 33 posts
malwarebytes detects trojan.vundo, trojan.agent, and something keeps trying to install antivirus xp2008 (which was installed but i was able to remove it with (i think) malwarebytes.) malwarebytes doesnt eliminate it, it just keeps coming back, even after i reboot, as instructs.

Help!

Vubdo fix and VirtumundoBegone both did not detect.

malwarebtes log:

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 5.1.2600 Service Pack 2

10:58:38 PM 7/29/2008
mbam-log-7-29-2008 (22-58-38).txt

Scan type: Quick Scan
Objects scanned: 43831
Time elapsed: 35 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\ljJBrRki.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33100f38-fbed-4ea3-be8f-8dd6e9b8d8a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{33100f38-fbed-4ea3-be8f-8dd6e9b8d8a9} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f0eb7d2-7c02-42a1-b02b-19b15d6925dc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f0eb7d2-7c02-42a1-b02b-19b15d6925dc} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmf7a5cb9a (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjbrrki -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ljjbrrki -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\ljJBrRki.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\ikRrBJjl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ikRrBJjl.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmqdno.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xybdaguf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BMf7a5cb9a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:25 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Arlene Giardiello\Desktop\hijackthis\VundoFix\FixVundo.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [BMf7a5cb9a] Rundll32.exe "C:\WINDOWS\system32\xybdaguf.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: www.ncogroup.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...ibaba-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.co...hlinx-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.co...hess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.co...inner-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game3.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.co...taire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game3.pogo.co...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...igsaw-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.co...h/jth-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...hjong-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game3.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co.../ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...rbo21-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.co...class-en_US.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.8.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120304937890
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.4.0.2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....ta/SymAData.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....tupv2.0.0.9.cab?
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ARLENE~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 18995 bytes



virtumondobegone log:

[07/29/2008, 22:28:30] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Arlene Giardiello\Local Settings\Temporary Internet Files\Content.IE5\WZ4FK1J6\VirtumundoBeGone[1].exe" )
[07/29/2008, 22:28:36] - Detected System Information:
[07/29/2008, 22:28:36] - Windows Version: 5.1.2600, Service Pack 2
[07/29/2008, 22:28:36] - Current Username: Arlene Giardiello (Admin)
[07/29/2008, 22:28:36] - Windows is in NORMAL mode.
[07/29/2008, 22:28:36] - Searching for Browser Helper Objects:
[07/29/2008, 22:28:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/29/2008, 22:28:36] - BHO 2: {0F00FBF1-5C0C-4D20-8996-7B6077F92215} ()
[07/29/2008, 22:28:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:36] - No filename found. Continuing.
[07/29/2008, 22:28:36] - BHO 3: {33100F38-FBED-4EA3-BE8F-8DD6E9B8D8A9} ()
[07/29/2008, 22:28:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:36] - Checking for HKLM\...\Winlogon\Notify\ljJBrRki
[07/29/2008, 22:28:36] - Key not found: HKLM\...\Winlogon\Notify\ljJBrRki, continuing.
[07/29/2008, 22:28:36] - BHO 4: {3B317595-AC1D-4D98-A86C-7806995AF296} ()
[07/29/2008, 22:28:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:36] - No filename found. Continuing.
[07/29/2008, 22:28:36] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/29/2008, 22:28:36] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/29/2008, 22:28:36] - BHO 7: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[07/29/2008, 22:28:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:37] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[07/29/2008, 22:28:37] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[07/29/2008, 22:28:37] - BHO 8: {60C582F6-7733-4975-8CD6-9B8A97D352A3} ()
[07/29/2008, 22:28:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:37] - No filename found. Continuing.
[07/29/2008, 22:28:37] - BHO 9: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[07/29/2008, 22:28:37] - BHO 10: {7619671C-334F-4BCC-9C11-F27B740D7B6D} ()
[07/29/2008, 22:28:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:37] - No filename found. Continuing.
[07/29/2008, 22:28:37] - BHO 11: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[07/29/2008, 22:28:37] - BHO 12: {8f0eb7d2-7c02-42a1-b02b-19b15d6925dc} ()
[07/29/2008, 22:28:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:37] - Checking for HKLM\...\Winlogon\Notify\nmqdno
[07/29/2008, 22:28:37] - Key not found: HKLM\...\Winlogon\Notify\nmqdno, continuing.
[07/29/2008, 22:28:37] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/29/2008, 22:28:37] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/29/2008, 22:28:37] - BHO 15: {D6A660F1-BEE3-42C1-A12C-483ECDB6783A} ()
[07/29/2008, 22:28:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:28:37] - No filename found. Continuing.
[07/29/2008, 22:28:37] - Finished Searching Browser Helper Objects
[07/29/2008, 22:28:37] - Finishing up...
[07/29/2008, 22:28:37] - Nothing found! Exiting...

[07/29/2008, 22:29:34] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Arlene Giardiello\Local Settings\Temporary Internet Files\Content.IE5\WZ4FK1J6\VirtumundoBeGone[1].exe" )
[07/29/2008, 22:29:36] - Detected System Information:
[07/29/2008, 22:29:36] - Windows Version: 5.1.2600, Service Pack 2
[07/29/2008, 22:29:36] - Current Username: Arlene Giardiello (Admin)
[07/29/2008, 22:29:36] - Windows is in NORMAL mode.
[07/29/2008, 22:29:36] - Searching for Browser Helper Objects:
[07/29/2008, 22:29:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/29/2008, 22:29:36] - BHO 2: {0F00FBF1-5C0C-4D20-8996-7B6077F92215} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - No filename found. Continuing.
[07/29/2008, 22:29:36] - BHO 3: {33100F38-FBED-4EA3-BE8F-8DD6E9B8D8A9} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - Checking for HKLM\...\Winlogon\Notify\ljJBrRki
[07/29/2008, 22:29:36] - Key not found: HKLM\...\Winlogon\Notify\ljJBrRki, continuing.
[07/29/2008, 22:29:36] - BHO 4: {3B317595-AC1D-4D98-A86C-7806995AF296} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - No filename found. Continuing.
[07/29/2008, 22:29:36] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/29/2008, 22:29:36] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/29/2008, 22:29:36] - BHO 7: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[07/29/2008, 22:29:36] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[07/29/2008, 22:29:36] - BHO 8: {60C582F6-7733-4975-8CD6-9B8A97D352A3} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - No filename found. Continuing.
[07/29/2008, 22:29:36] - BHO 9: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[07/29/2008, 22:29:36] - BHO 10: {7619671C-334F-4BCC-9C11-F27B740D7B6D} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - No filename found. Continuing.
[07/29/2008, 22:29:36] - BHO 11: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[07/29/2008, 22:29:36] - BHO 12: {8f0eb7d2-7c02-42a1-b02b-19b15d6925dc} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - Checking for HKLM\...\Winlogon\Notify\nmqdno
[07/29/2008, 22:29:36] - Key not found: HKLM\...\Winlogon\Notify\nmqdno, continuing.
[07/29/2008, 22:29:36] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/29/2008, 22:29:36] - BHO 14: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/29/2008, 22:29:36] - BHO 15: {D6A660F1-BEE3-42C1-A12C-483ECDB6783A} ()
[07/29/2008, 22:29:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 22:29:36] - No filename found. Continuing.
[07/29/2008, 22:29:36] - Finished Searching Browser Helper Objects
[07/29/2008, 22:29:36] - Finishing up...
[07/29/2008, 22:29:36] - Nothing found! Exiting...

[07/29/2008, 23:02:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Arlene Giardiello\Local Settings\Temporary Internet Files\Content.IE5\WZ4FK1J6\VirtumundoBeGone[1].exe" )
[07/29/2008, 23:02:41] - Detected System Information:
[07/29/2008, 23:02:41] - Windows Version: 5.1.2600, Service Pack 2
[07/29/2008, 23:02:41] - Current Username: Arlene Giardiello (Admin)
[07/29/2008, 23:02:41] - Windows is in NORMAL mode.
[07/29/2008, 23:02:41] - Searching for Browser Helper Objects:
[07/29/2008, 23:02:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[07/29/2008, 23:02:41] - BHO 2: {0F00FBF1-5C0C-4D20-8996-7B6077F92215} ()
[07/29/2008, 23:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:41] - No filename found. Continuing.
[07/29/2008, 23:02:41] - BHO 3: {33100F38-FBED-4EA3-BE8F-8DD6E9B8D8A9} ()
[07/29/2008, 23:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:41] - Checking for HKLM\...\Winlogon\Notify\ljJBrRki
[07/29/2008, 23:02:41] - Key not found: HKLM\...\Winlogon\Notify\ljJBrRki, continuing.
[07/29/2008, 23:02:41] - BHO 4: {3B317595-AC1D-4D98-A86C-7806995AF296} ()
[07/29/2008, 23:02:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:41] - No filename found. Continuing.
[07/29/2008, 23:02:41] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[07/29/2008, 23:02:42] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/29/2008, 23:02:42] - BHO 7: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[07/29/2008, 23:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:42] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
[07/29/2008, 23:02:42] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
[07/29/2008, 23:02:42] - BHO 8: {60C582F6-7733-4975-8CD6-9B8A97D352A3} ()
[07/29/2008, 23:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:42] - No filename found. Continuing.
[07/29/2008, 23:02:42] - BHO 9: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
[07/29/2008, 23:02:42] - BHO 10: {7619671C-334F-4BCC-9C11-F27B740D7B6D} ()
[07/29/2008, 23:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:42] - No filename found. Continuing.
[07/29/2008, 23:02:42] - BHO 11: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[07/29/2008, 23:02:42] - BHO 12: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/29/2008, 23:02:42] - BHO 13: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/29/2008, 23:02:42] - BHO 14: {D6A660F1-BEE3-42C1-A12C-483ECDB6783A} ()
[07/29/2008, 23:02:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/29/2008, 23:02:42] - No filename found. Continuing.
[07/29/2008, 23:02:42] - Finished Searching Browser Helper Objects
[07/29/2008, 23:02:42] - Finishing up...
[07/29/2008, 23:02:42] - Nothing found! Exiting...


thanks!

arlene
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Thanks for the help.

Here are the logs requested:

ComboFix 08-07-29.1 - Arlene Giardiello 2008-07-30 18:51:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.481 [GMT -4:00]
Running from: C:\Documents and Settings\Arlene Giardiello\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7a5cb9a.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
C:\WINDOWS\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\SYSTEM32\ccbeg.bak1
C:\WINDOWS\SYSTEM32\ccbeg.bak2
C:\WINDOWS\SYSTEM32\ccbeg.tmp
C:\WINDOWS\SYSTEM32\gsbshiwr.ini
C:\WINDOWS\SYSTEM32\ikRrBJjl.ini
C:\WINDOWS\SYSTEM32\ikRrBJjl.ini2
C:\WINDOWS\system32\kdcvbqlj.dll
C:\WINDOWS\system32\ljJBrRki.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pupgoo.dll
C:\WINDOWS\system32\xybdaguf.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-30 18:51 . 2008-07-30 18:51 6,736 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\PROCEXP90.SYS
2008-07-29 22:15 . 2008-07-29 22:15 <DIR> d----c--- C:\PollManager
2008-07-29 21:03 . 2008-07-29 21:03 <DIR> d----c--- C:\Program Files\Windows Sidebar
2008-07-29 21:01 . 2008-07-29 21:06 <DIR> d----c--- C:\Program Files\Norton Internet Security
2008-07-29 20:57 . 2008-07-29 21:06 123,952 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2008-07-29 20:57 . 2008-07-29 21:06 60,800 --a--c--- C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2008-07-29 20:57 . 2008-07-29 21:06 10,563 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT
2008-07-29 20:57 . 2008-07-29 21:06 805 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF
2008-07-29 20:33 . 2008-07-30 05:04 <DIR> d----c--- C:\Program Files\Spyware Doctor
2008-07-29 20:33 . 2008-07-29 20:33 <DIR> d----c--- C:\Documents and Settings\Arlene Giardiello\Application Data\PC Tools
2008-07-29 20:33 . 2007-12-10 14:53 81,288 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2008-07-29 20:33 . 2007-12-10 14:53 66,952 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2008-07-29 20:33 . 2008-02-01 12:55 42,376 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2008-07-29 20:33 . 2007-12-10 14:53 29,576 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2008-07-29 20:14 . 2008-07-29 20:14 <DIR> d----c--- C:\VundoFix Backups
2008-07-29 19:43 . 2008-07-29 19:43 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-07-29 19:43 . 2008-07-29 19:43 <DIR> d----c--- C:\Documents and Settings\Arlene Giardiello\Application Data\SUPERAntiSpyware.com
2008-07-29 19:43 . 2008-07-29 19:43 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-29 19:42 . 2008-07-29 19:42 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 18:35 . 2008-07-29 18:35 <DIR> d----c--- C:\Documents and Settings\Arlene Giardiello\Application Data\Malwarebytes
2008-07-29 18:34 . 2008-07-29 18:59 <DIR> d----c--- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:34 . 2008-07-29 18:34 <DIR> d----c--- C:\Program Files\Common Files\Download Manager
2008-07-29 18:34 . 2008-07-29 18:34 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 18:34 . 2008-07-23 20:09 38,472 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-07-29 18:34 . 2008-07-23 20:09 17,144 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-07-28 22:45 . 2008-07-28 22:45 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-07-28 22:45 . 2008-07-28 22:45 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-07-28 22:37 . 2008-07-29 18:22 <DIR> d----c--- C:\Documents and Settings\Arlene Giardiello\Application Data\HouseCall 6.6
2008-07-28 21:27 . 2008-07-28 21:27 102,664 --a--c--- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-07-28 21:26 . 2008-07-28 21:28 <DIR> d----c--- C:\Documents and Settings\Arlene Giardiello\.housecall6.6
2008-07-28 21:24 . 2008-06-10 02:32 73,728 --a--c--- C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-28 19:17 . 2008-07-28 22:28 <DIR> d----c--- C:\Program Files\Panda Security
2008-07-28 19:09 . 2008-07-29 20:42 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-28 19:01 . 2008-07-28 19:01 0 --a--c--- C:\WINDOWS\SYSTEM32\REN97.tmp
2008-07-28 19:01 . 2008-07-28 19:01 0 --a--c--- C:\WINDOWS\SYSTEM32\REN96.tmp
2008-07-27 23:05 . 2008-07-27 23:05 <DIR> d----c--- C:\Program Files\CCleaner
2008-07-25 18:19 . 2008-07-25 18:48 <DIR> d----c--- C:\Program Files\ZAR
2008-07-25 18:06 . 2008-01-16 21:42 44,544 --a--c--- C:\WINDOWS\SYSTEM32\msxml4a.dll
2008-07-24 22:00 . 2008-07-24 22:00 <DIR> d----c--- C:\Program Files\The Undelete Company
2008-07-15 19:45 . 2008-07-15 19:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-20 13:41 . 2008-06-20 13:41 245,248 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-10 17:59 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 23:20 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 23:11 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-07-30 02:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-30 01:10 --------- dc----w C:\Documents and Settings\Arlene Giardiello\Application Data\Symantec
2008-07-30 01:06 --------- dc----w C:\Program Files\Symantec
2008-07-29 23:13 --------- dc----w C:\Program Files\Trend Micro
2008-07-29 12:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 01:24 --------- dc----w C:\Program Files\Java
2008-07-29 00:12 --------- dc----w C:\Program Files\Picasa2
2008-07-28 23:09 --------- dc----w C:\Program Files\Google
2008-07-28 04:08 --------- dc----w C:\Program Files\Norton AntiVirus
2008-07-27 02:46 --------- dc----w C:\Program Files\Oberon Media
2008-07-23 01:00 --------- dc----w C:\Documents and Settings\Arlene Giardiello\Application Data\AdobeUM
2008-07-21 16:23 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-07-17 17:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-21 01:25 --------- dc----w C:\Program Files\RadarSync
2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 -c--a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:52 0 -c--a-w C:\asdf.exe
2008-04-08 01:11 0 -c--a-w C:\Program Files\temp01
2004-08-04 07:56 50,688 -csh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 413,696 -csha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2007-12-04 18:38 550,912 -csha-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2004-08-04 07:56 83,456 -csha-w C:\WINDOWS\SYSTEM32\olepro32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 20:13 68856]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\Stickies.exe" [2007-03-14 13:35 335872]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 07:03 221184]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 16:30 188416]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 03:04 114741]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-30 02:17 151597]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 02:49 718704]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 122880 C:\WINDOWS\BCMSMMSG.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 16:05:56 65588]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-06-13 21:17:26 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Arlene Giardiello^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Arlene Giardiello\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Arlene Giardiello^Start Menu^Programs^Startup^Picaboo.lnk]
path=C:\Documents and Settings\Arlene Giardiello\Start Menu\Programs\Startup\Picaboo.lnk
backup=C:\WINDOWS\pss\Picaboo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a--c--- 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2002-12-02 21:56 40960 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-09-13 16:49 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a--c--- 2006-01-17 14:03 53248 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 21:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a--c--- 2008-02-25 21:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a--c--- 2001-07-03 10:11 57344 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a--c--- 2003-02-13 03:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2003-12-30 02:17 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 21:47]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-07-30 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Arlene Giardiello.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 10:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Sonic RecordNow! - (no file)

Edited by arlenelg, 30 July 2008 - 05:51 PM.

  • 0

#4
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
combo fix log continued


------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Start Page = about:blank
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O15 -: Trusted Zone: www.ncogroup.com

O16 -: 6th Street Omaha Poker by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/omaha/omaha-en_US.cab
C:\WINDOWS\Downloaded Program Files\6th Street Omaha Poker by pogo.osd

O16 -: Aces Up! by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/aces/aces-en_US.cab
C:\WINDOWS\Downloaded Program Files\Aces Up! by pogo.osd

O16 -: Ali Baba Slots TM by pogo - hxxp://game1.pogo.com/applet-6.9.1.38/slots/alibaba-en_US.cab
C:\WINDOWS\Downloaded Program Files\Ali Baba Slots TM by pogo.osd

O16 -: Backgammon by pogo - hxxp://game1.pogo.com/applet-6.8.1.38/backgammon/backgammon-en_US.cab
C:\WINDOWS\Downloaded Program Files\Backgammon by pogo.osd

O16 -: Battle Phlinx by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/battlephlinx/battlephlinx-en_US.cab
C:\WINDOWS\Downloaded Program Files\Battle Phlinx by pogo.osd

O16 -: Bingo Luau by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/freebingo/freebingo-en_US.cab
C:\WINDOWS\Downloaded Program Files\Bingo Luau by pogo.osd

O16 -: Blackjack by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/blackjack/blackjack-en_US.cab
C:\WINDOWS\Downloaded Program Files\Blackjack by pogo.osd

O16 -: Blackjack Carnival by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/vbjack2/vbjack2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Blackjack Carnival by pogo.osd

O16 -: Blooop by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/cascade/cascade-en_US.cab
C:\WINDOWS\Downloaded Program Files\Blooop by pogo.osd

O16 -: Bowling by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/bowling/bowling-en_US.cab
C:\WINDOWS\Downloaded Program Files\Bowling by pogo.osd

O16 -: Canasta by pogo - hxxp://game1.pogo.com/applet-6.9.0.61/canasta/canasta-en_US.cab
C:\WINDOWS\Downloaded Program Files\Canasta by pogo.osd

O16 -: Checkers by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/checkers2/checkers-en_US.cab
C:\WINDOWS\Downloaded Program Files\Checkers by pogo.osd

O16 -: Chess by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/chess2/chess2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Chess by pogo.osd

O16 -: Crazy Cakes by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/platespinner/platespinner-en_US.cab
C:\WINDOWS\Downloaded Program Files\Crazy Cakes by pogo.osd

O16 -: Cribbage by pogo - hxxp://game1.pogo.com/applet-6.9.1.38/cribbage/cribbage-en_US.cab
C:\WINDOWS\Downloaded Program Files\Cribbage by pogo.osd

O16 -: Dice City Roller by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/ytz/ytz-en_US.cab
C:\WINDOWS\Downloaded Program Files\Dice City Roller by pogo.osd

O16 -: Dice Derby by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/checkeredflag/checkeredflag-en_US.cab
C:\WINDOWS\Downloaded Program Files\Dice Derby by pogo.osd

O16 -: Dominoes by pogo - hxxp://game1.pogo.com/applet-6.7.2.33/domino/domino-en_US.cab
C:\WINDOWS\Downloaded Program Files\Dominoes by pogo.osd

O16 -: Euchre by pogo - hxxp://game3.pogo.com/v/9.0.6.39/applet/euchre/euchre-en_US.cab
C:\WINDOWS\Downloaded Program Files\Euchre by pogo.osd

O16 -: First Class Solitaire by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/firstclass2/firstclass2-en_US.cab
C:\WINDOWS\Downloaded Program Files\First Class Solitaire by pogo.osd

O16 -: Fortune Bingo by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/superbingo/superbingo-en_US.cab
C:\WINDOWS\Downloaded Program Files\Fortune Bingo by pogo.osd

O16 -: Golf Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/golfsolitaire/golfsolitaire-en_US.cab
C:\WINDOWS\Downloaded Program Files\Golf Solitaire by pogo.osd

O16 -: Greenback Bayou by pogo - hxxp://game1.pogo.com/applet-6.6.0.34/greenback/greenback-en_US.cab
C:\WINDOWS\Downloaded Program Files\Greenback Bayou by pogo.osd

O16 -: Hangman Hijinks by pogo - hxxp://game1.pogo.com/applet-6.9.3.39/hangman/hangman-en_US.cab
C:\WINDOWS\Downloaded Program Files\Hangman Hijinks by pogo.osd

O16 -: Harvest Mania by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/harvest/harvest-en_US.cab
C:\WINDOWS\Downloaded Program Files\Harvest Mania by pogo.osd

O16 -: Hearts by pogo - hxxp://game3.pogo.com/v/9.0.7.21/applet/hearts/hearts-en_US.cab
C:\WINDOWS\Downloaded Program Files\Hearts by pogo.osd

O16 -: High Stakes Poker by pogo - hxxp://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
C:\WINDOWS\Downloaded Program Files\High Stakes Poker by pogo.osd

O16 -: High Stakes Pool by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/pool2/pool-en_US.cab
C:\WINDOWS\Downloaded Program Files\High Stakes Pool by pogo.osd

O16 -: Jigsaw Detective by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/jigsaw/jigsaw-en_US.cab
C:\WINDOWS\Downloaded Program Files\Jigsaw Detective by pogo.osd

O16 -: Jigsaw Treasure Hunter - hxxp://game3.pogo.com/v/9.0.8.29/applet/jth/jth-en_US.cab
C:\WINDOWS\Downloaded Program Files\Jigsaw Treasure Hunter.osd

O16 -: Jokers Wild Poker by pogo - hxxp://game1.pogo.com/applet-6.5.0.45/videopoker2/jokerswild-ob-assets.cab
C:\WINDOWS\Downloaded Program Files\Jokers Wild Poker by pogo.osd

O16 -: Jungle Gin by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Jungle Gin by pogo.osd

O16 -: Lost Temple Poker by pogo - hxxp://game1.pogo.com/applet-6.7.5.28/mhpoker/mhpoker-en_US.cab
C:\WINDOWS\Downloaded Program Files\Lost Temple Poker by pogo.osd

O16 -: Lottso by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/lottso/lottso-en_US.cab
C:\WINDOWS\Downloaded Program Files\Lottso by pogo.osd

O16 -: Mah Jong Garden by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/mahjong/mahjong-en_US.cab
C:\WINDOWS\Downloaded Program Files\Mah Jong Garden by pogo.osd

O16 -: Mahjong Safari by Pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/safari/safari-en_US.cab
C:\WINDOWS\Downloaded Program Files\Mahjong Safari by Pogo.osd

O16 -: Makeover Madness by pogo - hxxp://game1.pogo.com/applet-6.9.4.41/shoes/shoes-en_US.cab
C:\WINDOWS\Downloaded Program Files\Makeover Madness by pogo.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: Multiline Slots by pogo - hxxp://game1.pogo.com/applet-6.7.5.28/mlslots/mlslots-en_US.cab
C:\WINDOWS\Downloaded Program Files\Multiline Slots by pogo.osd

O16 -: Pai Gow by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/paigow/paigow-en_US.cab
C:\WINDOWS\Downloaded Program Files\Pai Gow by pogo.osd

O16 -: Payday FreeCell by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
C:\WINDOWS\Downloaded Program Files\Payday FreeCell by pogo.osd

O16 -: Payday Freecell Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.6.14/applet/freecell2/freecell2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Payday Freecell Solitaire by pogo.osd

O16 -: Penguin Blocks by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
C:\WINDOWS\Downloaded Program Files\Penguin Blocks by pogo.osd

O16 -: Perfect Pair Solitaire by pogo - hxxp://game1.pogo.com/applet-6.9.3.49/waterwheel/waterwheel-en_US.cab
C:\WINDOWS\Downloaded Program Files\Perfect Pair Solitaire by pogo.osd

O16 -: Phlinx by pogo - hxxp://game1.pogo.com/applet-6.8.3.22/flinger/flinger-en_US.cab
C:\WINDOWS\Downloaded Program Files\Phlinx by pogo.osd

O16 -: Pinochle by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/pinochle/pinochle-en_US.cab
C:\WINDOWS\Downloaded Program Files\Pinochle by pogo.osd

O16 -: Pop Fu by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/popfu/popfu-en_US.cab
C:\WINDOWS\Downloaded Program Files\Pop Fu by pogo.osd

O16 -: PoppaZoppa by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/poppazoppa/poppazoppa-en_US.cab
C:\WINDOWS\Downloaded Program Files\PoppaZoppa by pogo.osd

O16 -: Poppit by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/poppit2/poppit2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Poppit by pogo.osd

O16 -: Quick Quack by pogo - hxxp://game1.pogo.com/applet-6.7.4.35/hotstreak/hotstreak-en_US.cab
C:\WINDOWS\Downloaded Program Files\Quick Quack by pogo.osd

O16 -: QWERTY by pogo - hxxp://game1.pogo.com/applet-6.9.2.33/squares/squares-en_US.cab
C:\WINDOWS\Downloaded Program Files\QWERTY by pogo.osd

O16 -: Ride The Tide by pogo - hxxp://game1.pogo.com/applet-6.6.1.29/ride/ride-en_US.cab
C:\WINDOWS\Downloaded Program Files\Ride The Tide by pogo.osd

O16 -: Showbiz Slots 2 by pogo - hxxp://game1.pogo.com/applet-6.6.0.27/slots/showbiz2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Showbiz Slots 2 by pogo.osd

O16 -: Showbiz Slots by pogo - hxxp://game1.pogo.com/applet-6.8.0.25/slots/showbiz-en_US.cab
C:\WINDOWS\Downloaded Program Files\Showbiz Slots by pogo.osd

O16 -: Shuffle Bump by pogo - hxxp://game1.pogo.com/applet-6.8.3.22/puck/puck-en_US.cab
C:\WINDOWS\Downloaded Program Files\Shuffle Bump by pogo.osd

O16 -: Spades 2 by pogo - hxxp://game1.pogo.com/applet-6.6.4.21/spades2/spades2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Spades 2 by pogo.osd

O16 -: Spider Solitaire by pogo - hxxp://game1.pogo.com/applet-6.9.3.29/spider/spider-en_US.cab
C:\WINDOWS\Downloaded Program Files\Spider Solitaire by pogo.osd

O16 -: Squelchies by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/squelchies/squelchies-en_US.cab
C:\WINDOWS\Downloaded Program Files\Squelchies by pogo.osd

O16 -: Stax by pogo - hxxp://game1.pogo.com/applet-6.9.2.33/stax/stax-en_US.cab
C:\WINDOWS\Downloaded Program Files\Stax by pogo.osd

O16 -: Stellar Sweeper by pogo - hxxp://game3.pogo.com/v/9.0.7.14/applet/sweeper/sweeper-en_US.cab
C:\WINDOWS\Downloaded Program Files\Stellar Sweeper by pogo.osd

O16 -: Sweet Tooth TM by pogo - hxxp://game1.pogo.com/applet-6.8.3.35/sweettooth/sweettooth-en_US.cab
C:\WINDOWS\Downloaded Program Files\Sweet Tooth TM by pogo.osd

O16 -: Texas Hold'em Poker by pogo - hxxp://game1.pogo.com/applet-6.8.1.30/holdem/holdem-en_US.cab
C:\WINDOWS\Downloaded Program Files\Texas Hold'em Poker by pogo.osd

O16 -: Tri-Peaks by pogo - hxxp://game1.pogo.com/applet-6.9.3.39/peaks/peaks-en_US.cab
C:\WINDOWS\Downloaded Program Files\Tri-Peaks by pogo.osd

O16 -: Tumble Bees by pogo - hxxp://game1.pogo.com/applet-6.7.4.28/jumbee/jumbee-en_US.cab
C:\WINDOWS\Downloaded Program Files\Tumble Bees by pogo.osd

O16 -: Turbo 21 TM by pogo - hxxp://game1.pogo.com/applet-6.5.3.37/turbo21/turbo21-en_US.cab
C:\WINDOWS\Downloaded Program Files\Turbo 21 TM by pogo.osd

O16 -: Turbo 21 v2 by pogo - hxxp://game1.pogo.com/applet-6.9.0.43/turbo22/turbo22-en_US.cab
C:\WINDOWS\Downloaded Program Files\Turbo 21 v2 by pogo.osd

O16 -: Vaults of Atlantis Slots by pogo - hxxp://game3.pogo.com/v/9.0.1.7/applet/mlslots/mlslots-en_US.cab
C:\WINDOWS\Downloaded Program Files\Vaults of Atlantis Slots by pogo.osd

O16 -: Wonderland Memories by pogo - hxxp://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab
C:\WINDOWS\Downloaded Program Files\Wonderland Memories by pogo.osd

O16 -: Word Craft by pogo - hxxp://game1.pogo.com/applet-6.9.4.34/babble/babble-en_US.cab
C:\WINDOWS\Downloaded Program Files\Word Craft by pogo.osd

O16 -: Word Search Daily by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/wordsearch/wordsearch-en_US.cab
C:\WINDOWS\Downloaded Program Files\Word Search Daily by pogo.osd

O16 -: Word Whomp by pogo - hxxp://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-en_US.cab
C:\WINDOWS\Downloaded Program Files\Word Whomp by pogo.osd

O16 -: Word Whomp Whackdown by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/whackdown/whackdown-en_US.cab
C:\WINDOWS\Downloaded Program Files\Word Whomp Whackdown by pogo.osd

O16 -: WordJong by pogo - hxxp://game3.pogo.com/v/9.0.5.4/applet/wordjong/wordjong-en_US.cab
C:\WINDOWS\Downloaded Program Files\WordJong by pogo.osd

O16 -: World Class Solitaire by pogo - hxxp://game3.pogo.com/v/9.0.8.20/applet/worldclass/worldclass-en_US.cab
C:\WINDOWS\Downloaded Program Files\World Class Solitaire by pogo.osd

O16 -: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.2.0.51g/cab/aolpPlugins.10.4.0.2.cab
C:\WINDOWS\Downloaded Program Files\aolpPlugins.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 19:19:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\SYSTEM32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-07-30 19:35:55 - machine was rebooted [Arlene Giardiello]
ComboFix-quarantined-files.txt 2008-07-30 23:35:46

Pre-Run: 15,268,003,840 bytes free
Post-Run: 15,561,457,664 bytes free

675 --- E O F --- 2008-07-09 07:52:34
  • 0

#5
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
new Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:50 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: www.ncogroup.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...ibaba-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.co...hlinx-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.co...hess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.co...inner-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game3.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.co...taire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game3.pogo.co...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...igsaw-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.co...h/jth-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...hjong-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game3.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co.../ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...rbo21-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.co...class-en_US.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.8.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120304937890
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.4.0.2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....ta/SymAData.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....tupv2.0.0.9.cab?
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ARLENE~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 19106 bytes
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Navigate to and delete the following files:

C:\WINDOWS\SYSTEM32\REN97.tmp
C:\WINDOWS\SYSTEM32\REN96.tmp
C:\asdf.exe
C:\Program Files\temp01

Next entries are not required since they are activex of games you played previously. If you want to play the games again, if you go to the site, it will ask again to install the Activex. So check and fix next entries in HijackThis:

O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...omaha-en_US.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...ibaba-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.co...hlinx-en_US.cab
O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.co...jack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
O16 - DPF: Chess by pogo - http://game3.pogo.co...hess2-en_US.cab
O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.co...inner-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game3.pogo.co...uchre-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.co...taire-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game3.pogo.co...earts-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...igsaw-en_US.cab
O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.co...h/jth-en_US.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game3.pogo.co...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...hjong-en_US.cab
O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game3.pogo.co...aigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.co...cell2-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game3.pogo.co...ochle-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game3.pogo.co...popfu-en_US.cab
O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co.../ride-en_US.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...owbiz-en_US.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.co...ades2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game3.pogo.co...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.co...eeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...rbo21-en_US.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.co...slots-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.co...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game3.pogo.co...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.co...class-en_US.cab

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ARLENE~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

Also, check and fix next entries in case you didn't add them yourself to the trusted zone:

O15 - Trusted Zone: www.ncogroup.com
O15 - Trusted Zone: http://*.turbotax.com

Then, * Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
  • 0

#7
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Things seem to be better now, no more pop-ups, but i seem to be crashing / freezing still. Did you want to review new logs? i wasnt sure.
How do you feel about registry cleaners? and if they are good, can you reccommend a good one that will scan and clean/repair for free? i downloaded one from here, and it found 575+ errors, but would only repair 15 unless i paid.. i didnt look at how much it costs, but is it worth it to pay for it if there are no good free ones?

thanks again
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

How do you feel about registry cleaners? and if they are good, can you reccommend a good one that will scan and clean/repair for free? i downloaded one from here, and it found 575+ errors, but would only repair 15 unless i paid.. i didnt look at how much it costs, but is it worth it to pay for it if there are no good free ones?

It's useless and certainly not worth to pay for, unless you want to damage your computer.
I do not recommend Registry Cleaners at all! It's not the first time that someone had to format and reinstall Windows, because they used a Registry cleaner previously and it broke more than it fixed. Also see here: http://miekiemoes.bl...weaking_13.html

The freezing/crashing issue is most probably caused by Norton as many are having similar issues with it. But to make sure no malware is still present, do next.. * Download Deckard System Scanner to your Desktop.
  • Close all applications and windows.
  • Double-click on dds.exe to run it, and follow the prompts.
  • The scan may take a minute. When the scan is complete, a text file will open - main.txt
  • A folder (C:\Deckard\System Scanner) will also open which contains the main.txt and an extra.txt.
  • Copy and paste the contents of main.txt and extra.txt in your next reply

  • 0

#9
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
thanks for the advise, i'm glad i asked, and will definitley not pursue the registry cleaner.
Norton may very well be the culprit now, this is actually a new one that i just installed a few days ago, as my last subscription had expired, so i don't have experience with it yet.

Here are the logs requested:

main.txt

Deckard's System Scanner v20071014.68
Run by Arlene Giardiello on 2008-08-02 11:28:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-08-02 15:28:17 UTC - RP1096 - Deckard's System Scanner Restore Point
3: 2008-08-01 21:55:59 UTC - RP1095 - Uniblue RegistryBooster
2: 2008-07-31 22:10:30 UTC - RP1094 - Spyware Doctor: Cleaning Threats
1: 2008-07-31 21:57:41 UTC - RP1093 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Arlene Giardiello.exe) -----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:28 AM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Arlene Giardiello\Desktop\dss.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arlene Giardiello.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\Stickies.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Backgammon by pogo - http://game3.pogo.co...ammon-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game3.pogo.co...homp2-en_US.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.8.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120304937890
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.4.0.2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.su...ows-i586-jc.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcopho...ostcoUpload.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akama...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....ta/SymAData.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia....tupv2.0.0.9.cab?
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11762 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080731-175513-155 O16 - DPF: Aces Up! by pogo - http://game1.pogo.co.../aces-en_US.cab
backup-20080731-175513-504 O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.co...omaha-en_US.cab
backup-20080731-175513-787 O15 - Trusted Zone: http://*.turbotax.com
backup-20080731-175513-870 O15 - Trusted Zone: www.ncogroup.com
backup-20080731-175514-245 O16 - DPF: Backgammon by pogo - http://game1.pogo.co...ammon-en_US.cab
backup-20080731-175514-250 O16 - DPF: Blackjack by pogo - http://game1.pogo.co...kjack-en_US.cab
backup-20080731-175514-266 O16 - DPF: Bingo Luau by pogo - http://game3.pogo.co...bingo-en_US.cab
backup-20080731-175514-358 O16 - DPF: Ali Baba Slots TM by pogo - http://game1.pogo.co...ibaba-en_US.cab
backup-20080731-175514-815 O16 - DPF: Battle Phlinx by pogo - http://game3.pogo.co...hlinx-en_US.cab
backup-20080731-175515-315 O16 - DPF: Checkers by pogo - http://game1.pogo.co...ckers-en_US.cab
backup-20080731-175515-451 O16 - DPF: Blooop by pogo - http://game1.pogo.co...scade-en_US.cab
backup-20080731-175515-453 O16 - DPF: Canasta by pogo - http://game1.pogo.co...nasta-en_US.cab
backup-20080731-175515-627 O16 - DPF: Bowling by pogo - http://game1.pogo.co...wling-en_US.cab
backup-20080731-175515-632 O16 - DPF: Blackjack Carnival by pogo - http://game3.pogo.co...jack2-en_US.cab
backup-20080731-175515-673 O16 - DPF: Chess by pogo - http://game3.pogo.co...hess2-en_US.cab
backup-20080731-175516-172 O16 - DPF: Euchre by pogo - http://game3.pogo.co...uchre-en_US.cab
backup-20080731-175516-459 O16 - DPF: Crazy Cakes by pogo - http://game3.pogo.co...inner-en_US.cab
backup-20080731-175516-502 O16 - DPF: Cribbage by pogo - http://game1.pogo.co...bbage-en_US.cab
backup-20080731-175516-696 O16 - DPF: Dice Derby by pogo - http://game1.pogo.co...dflag-en_US.cab
backup-20080731-175516-958 O16 - DPF: Dice City Roller by pogo - http://game1.pogo.co...z/ytz-en_US.cab
backup-20080731-175516-969 O16 - DPF: Dominoes by pogo - http://game1.pogo.co...omino-en_US.cab
backup-20080731-175517-235 O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.co...bingo-en_US.cab
backup-20080731-175517-357 O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.co...nback-en_US.cab
backup-20080731-175517-565 O16 - DPF: Hangman Hijinks by pogo - http://game1.pogo.co...ngman-en_US.cab
backup-20080731-175517-568 O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.co...lass2-en_US.cab
backup-20080731-175517-616 O16 - DPF: Golf Solitaire by pogo - http://game3.pogo.co...taire-en_US.cab
backup-20080731-175517-931 O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...rvest-en_US.cab
backup-20080731-175518-284 O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.co.../pool-en_US.cab
backup-20080731-175518-307 O16 - DPF: Hearts by pogo - http://game3.pogo.co...earts-en_US.cab
backup-20080731-175518-309 O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.co...d-ob-assets.cab
backup-20080731-175518-482 O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.co...igsaw-en_US.cab
backup-20080731-175518-626 O16 - DPF: Jigsaw Treasure Hunter - http://game3.pogo.co...h/jth-en_US.cab
backup-20080731-175518-938 O16 - DPF: Jungle Gin by pogo - http://game1.pogo.co.../gin2-en_US.cab
backup-20080731-175518-970 O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.co...poker-en_US.cab
backup-20080731-175519-107 O16 - DPF: Lottso by pogo - http://game3.pogo.co...ottso-en_US.cab
backup-20080731-175519-209 O16 - DPF: Multiline Slots by pogo - http://game1.pogo.co...slots-en_US.cab
backup-20080731-175519-289 O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.co...poker-en_US.cab
backup-20080731-175519-400 O16 - DPF: Makeover Madness by pogo - http://game1.pogo.co...shoes-en_US.cab
backup-20080731-175519-760 O16 - DPF: Mahjong Safari by Pogo - http://game3.pogo.co...afari-en_US.cab
backup-20080731-175519-910 O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...hjong-en_US.cab
backup-20080731-175520-105 O16 - DPF: Phlinx by pogo - http://game1.pogo.co...inger-en_US.cab
backup-20080731-175520-259 O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.co...guins-en_US.cab
backup-20080731-175520-300 O16 - DPF: Pai Gow by pogo - http://game3.pogo.co...aigow-en_US.cab
backup-20080731-175520-522 O16 - DPF: Payday Freecell Solitaire by pogo - http://game3.pogo.co...cell2-en_US.cab
backup-20080731-175520-599 O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.co...ecell-en_US.cab
backup-20080731-175520-702 O16 - DPF: Pinochle by pogo - http://game3.pogo.co...ochle-en_US.cab
backup-20080731-175520-822 O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.co...wheel-en_US.cab
backup-20080731-175521-259 O16 - DPF: Quick Quack by pogo - http://game1.pogo.co...treak-en_US.cab
backup-20080731-175521-373 O16 - DPF: Poppit by pogo - http://game1.pogo.co...ppit2-en_US.cab
backup-20080731-175521-428 O16 - DPF: Pop Fu by pogo - http://game3.pogo.co...popfu-en_US.cab
backup-20080731-175521-435 O16 - DPF: Ride The Tide by pogo - http://game1.pogo.co.../ride-en_US.cab
backup-20080731-175521-733 O16 - DPF: PoppaZoppa by pogo - http://game3.pogo.co...zoppa-en_US.cab
backup-20080731-175521-948 O16 - DPF: QWERTY by pogo - http://game1.pogo.co...uares-en_US.cab
backup-20080731-175522-366 O16 - DPF: Spades 2 by pogo - http://game1.pogo.co...ades2-en_US.cab
backup-20080731-175522-600 O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.co...pider-en_US.cab
backup-20080731-175522-733 O16 - DPF: Squelchies by pogo - http://game3.pogo.co...chies-en_US.cab
backup-20080731-175522-822 O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.co...wbiz2-en_US.cab
backup-20080731-175522-895 O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.co.../puck-en_US.cab
backup-20080731-175522-913 O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.co...owbiz-en_US.cab
backup-20080731-175523-133 O16 - DPF: Stax by pogo - http://game1.pogo.co.../stax-en_US.cab
backup-20080731-175523-284 O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...oldem-en_US.cab
backup-20080731-175523-628 O16 - DPF: Tumble Bees by pogo - http://game1.pogo.co...umbee-en_US.cab
backup-20080731-175523-893 O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.co...tooth-en_US.cab
backup-20080731-175523-967 O16 - DPF: Stellar Sweeper by pogo - http://game3.pogo.co...eeper-en_US.cab
backup-20080731-175523-990 O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...peaks-en_US.cab
backup-20080731-175524-102 O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.co...ories-en_US.cab
backup-20080731-175524-125 O16 - DPF: Vaults of Atlantis Slots by pogo - http://game3.pogo.co...slots-en_US.cab
backup-20080731-175524-171 O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.co...rbo21-en_US.cab
backup-20080731-175524-747 O16 - DPF: Word Search Daily by pogo - http://game3.pogo.co...earch-en_US.cab
backup-20080731-175524-931 O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.co...rbo22-en_US.cab
backup-20080731-175524-940 O16 - DPF: Word Craft by pogo - http://game1.pogo.co...abble-en_US.cab
backup-20080731-175525-438 O16 - DPF: World Class Solitaire by pogo - http://game3.pogo.co...class-en_US.cab
backup-20080731-175525-606 O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ARLENE~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
backup-20080731-175525-717 O16 - DPF: Word Whomp Whackdown by pogo - http://game3.pogo.co...kdown-en_US.cab
backup-20080731-175525-737 O16 - DPF: Word Whomp by pogo - http://game1.pogo.co...homp2-en_US.cab
backup-20080731-175525-925 O16 - DPF: WordJong by pogo - http://game3.pogo.co...djong-en_US.cab

-- File Associations -----------------------------------------------------------

.txt - txtfile - shell\open\command - Notepad.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 sprtsvc_dellsupportcenter (SupportSoft Sprocket Service (dellsupportcenter)) - c:\program files\dell support center\bin\sprtsvc.exe /service /p dellsupportcenter


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-31 18:29:39 646 --a----c- C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Arlene Giardiello.job


-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-01 17:52:57 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\Uniblue
2008-07-29 22:15:12 0 d------c- C:\PollManager
2008-07-29 21:03:48 0 d------c- C:\Program Files\Windows Sidebar
2008-07-29 21:01:09 0 d------c- C:\Program Files\Norton Internet Security
2008-07-29 20:33:20 0 d------c- C:\Program Files\Spyware Doctor
2008-07-29 20:33:20 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\PC Tools
2008-07-29 19:43:25 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-29 19:43:04 0 d------c- C:\Program Files\SUPERAntiSpyware
2008-07-29 19:43:04 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\SUPERAntiSpyware.com
2008-07-29 19:42:23 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 18:35:04 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\Malwarebytes
2008-07-29 18:34:39 0 d------c- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:34:39 0 d------c- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 18:34:20 0 d------c- C:\Program Files\Common Files\Download Manager
2008-07-28 22:37:19 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\HouseCall 6.6
2008-07-28 21:26:16 0 d------c- C:\Documents and Settings\Arlene Giardiello\.housecall6.6
2008-07-28 20:34:51 0 dr-h---c- C:\Documents and Settings\Arlene Giardiello\Recent
2008-07-28 19:17:13 0 d------c- C:\Program Files\Panda Security
2008-07-28 19:09:51 0 d------c- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-27 23:05:09 0 d------c- C:\Program Files\CCleaner
2008-07-25 18:19:47 0 d------c- C:\Program Files\ZAR
2008-07-25 18:06:44 44544 --a----c- C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-07-24 22:00:03 0 d------c- C:\Program Files\The Undelete Company
2008-07-15 19:45:35 0 d------c- C:\Documents and Settings\All Users\Application Data\SpinTop Games


-- Find3M Report ---------------------------------------------------------------

2008-08-02 11:31:20 0 d------c- C:\Program Files\Common Files\Symantec Shared
2008-08-01 20:24:38 0 d------c- C:\Program Files\Oberon Media
2008-07-30 18:56:09 0 d------c- C:\Program Files\Common Files
2008-07-29 21:10:56 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\Symantec
2008-07-29 21:06:05 0 d------c- C:\Program Files\Symantec
2008-07-29 19:13:07 0 d------c- C:\Program Files\Trend Micro
2008-07-28 21:24:27 0 d------c- C:\Program Files\Java
2008-07-28 20:12:46 0 d------c- C:\Program Files\Picasa2
2008-07-28 19:09:51 0 d------c- C:\Program Files\Google
2008-07-28 00:08:35 0 d------c- C:\Program Files\Norton AntiVirus
2008-07-22 21:00:08 0 d------c- C:\Documents and Settings\Arlene Giardiello\Application Data\AdobeUM
2008-07-21 12:23:23 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-06-20 21:25:33 0 d------c- C:\Program Files\RadarSync


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
06/30/2008 01:44 PM 349552 --a--c--- C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
07/29/2008 09:03 PM 116088 --a--c--- C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [06/30/2008 01:44 PM 349552]

[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/16/2004 07:03 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [06/16/2004 07:03 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 09:36 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [03/09/2003 04:30 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/06/2003 03:04 AM]
"BCMSMMSG"="BCMSMMSG.exe" [08/29/2003 04:59 AM C:\WINDOWS\BCMSMMSG.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/30/2003 02:17 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [02/01/2008 12:55 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 09:47 PM]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [02/07/2008 02:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 12:09 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/14/2007 08:13 PM]
"Stickies"="C:\Program Files\Bret Taylor\Stickies\Stickies.exe" [03/14/2007 01:35 PM]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [11/15/2007 10:23 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\Arlene Giardiello\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 11:00:00 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [6/13/2004 9:17:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/13/2008 10:13 AM 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Creating Keepsakes Scrapbook Designer Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Creating Keepsakes Scrapbook Designer Event Reminder.lnk
backup=C:\WINDOWS\pss\Creating Keepsakes Scrapbook Designer Event Reminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arlene Giardiello^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Arlene Giardiello\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Arlene Giardiello^Start Menu^Programs^Startup^Picaboo.lnk]
path=C:\Documents and Settings\Arlene Giardiello\Start Menu\Programs\Startup\Picaboo.lnk
backup=C:\WINDOWS\pss\Picaboo.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-08-02 11:33:55 ------------

Edited by arlenelg, 02 August 2008 - 09:56 AM.

  • 0

#10
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 1277.98 MiB / 698.81 MiB
Pagefile Memory (total/avail): 2411.01 MiB / 1779.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.39 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 38.25 GiB total, 16.33 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (FAT32) - 298.02 GiB total, 293.2 GiB free.

\\.\PHYSICALDRIVE0 - Maxtor 6E040L0 - 38.29 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 38.25 GiB - C:

\\.\PHYSICALDRIVE1 - WD 3200AAK External USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Unknown - 298.09 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.5.0.23 (Symantec Corporation)
AV: Norton Internet Security v15.5.0.23 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe:*:Disabled:hpgs2wnf Module"
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"="C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Disabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Arlene Giardiello\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ARLENE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Arlene Giardiello
ITEMID=dj-22741-6
LANG=1033
LOGONSERVER=\\ARLENE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=winXPH
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONID=1097213234293wuws07-l3a1ec6:ff7700a82d:245b
SESSIONNAME=Console
SWUTVER=1.0.1.1
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ARLENE~1\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\ARLENE~1\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\ARLENE~1\LOCALS~1\Temp\radE9E17.tmp
USERDOMAIN=ARLENE
USERNAME=Arlene Giardiello
USERPROFILE=C:\Documents and Settings\Arlene Giardiello
VERSION=3.0.2.97
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Arlene Giardiello (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A00000000001}
Adobe Reader eBook and Accessibility Package 6.0.2 --> MsiExec.exe /I{AC76BA86-7AD7-EF45-EB65-7E8A45A00001}
Adobe Reader Multimedia Package --> MsiExec.exe /I{AC76BA86-7AD7-EF45-47A7-7E8A45A00001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
Amazon MP3 Downloader 1.0.3 --> C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Pictures Tools (version 10.6.0.8) --> C:\Program Files\AOL Pictures\10_6_0_8a\aolpInstaller.exe /u
AOL Uninstaller --> C:\Program Files\Common Files\AOL\uninstaller.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Bazooka Scanner --> "C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"
BCM V.92 56K Modem --> C:\WINDOWS\BCMSMU.exe quiet
Build-a-Lot 2 --> "C:\Program Files\Oberon Media\Build-a-Lot 2\Uninstall.exe" "C:\Program Files\Oberon Media\Build-a-Lot 2\install.log"
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Deluxe Menu --> C:\Program Files\Microsoft VM\uninstall.exe
Dream Day Wedding Married in Manhattan --> "C:\Program Files\Oberon Media\Dream Day Wedding Married in Manhattan\Uninstall.exe" "C:\Program Files\Oberon Media\Dream Day Wedding Married in Manhattan\install.log"
DS21Patch --> MsiExec.exe /I{9B79DCB0-AAD7-456B-8D07-433C936FA24B}
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Free Word Excel Password Wizard --> MsiExec.exe /I{2EB44B16-05EF-42FD-9300-A85CDEF60864}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Uploader --> "C:\Program Files\Google Video\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Arlene Giardiello\Application Data\HouseCall 6.6\uninstaller.exe"
hp deskjet 5100 --> msiexec /x{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - Deskjet Series --> MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
HP Photo Printing Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
hp print screen utility --> C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l9
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Intellex Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68E9A0DF-ED47-11D5-A3F2-00A0CC5DF8D2}\Setup.exe" -l0x9 anything -removeonly
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Magellan POI File Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{104A059B-CD20-4632-A8F6-D8C80E14782D}\Setup.exe" -l0x9
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Web Client for Win32 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
MLB.com Playball --> "C:\Program Files\MLB.com\Playball\Uninstall.exe"
MLB.com Shuffle (remove only) --> "C:\Program Files\MLB.com Shuffle\Uninstall.exe"
MLB.com Shuffle 07 (remove only) --> "C:\Program Files\MLB.com Shuffle 07\Uninstall.exe"
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealOne Player --> C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Stickies --> MsiExec.exe /I{0A770EE2-905F-4DBD-8963-2E4F0FAFD66F}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Sims™ Castaway Stories --> C:\Program Files\Electronic Arts\The Sims Castaway Stories\EAUninstall.exe
The Sims™ Pet Stories --> C:\Program Files\Electronic Arts\The Sims Pet Stories\EAUninstall.exe
TurboTax Deluxe 2004 --> C:\Program Files\TurboTax\Deluxe 2004\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2004\Uninstall.log" -NoGui
TurboTax Deluxe 2005 --> C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
Zoo Tycoon 2 - Zookeeper Collection --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1647 / Error
Event Submitted/Written: 08/02/2008 11:32:49 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type1646 / Error
Event Submitted/Written: 08/02/2008 11:32:34 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type1645 / Error
Event Submitted/Written: 08/02/2008 11:32:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1644 / Error
Event Submitted/Written: 08/02/2008 11:32:16 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type1643 / Error
Event Submitted/Written: 08/02/2008 11:32:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7912 / Warning
Event Submitted/Written: 08/02/2008 11:20:52 AM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF18DB009. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type7754 / Error
Event Submitted/Written: 07/30/2008 07:24:50 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type7709 / Warning
Event Submitted/Written: 07/30/2008 11:55:58 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type7653 / Warning
Event Submitted/Written: 07/29/2008 10:16:36 PM
Event ID/Source: 2506 / Server
Event Description:
The value named AutoShareWks in the server's registry key LanmanServer\Parameters was not valid, and was ignored.
If you want to change the value, change it to one that is the correct type and is
within the acceptable range, or delete the value to use the default. This value
might have been set up by an older program that did not use the correct boundaries.

Event Record #/Type7624 / Warning
Event Submitted/Written: 07/29/2008 09:55:04 PM
Event ID/Source: 2506 / Server
Event Description:
The value named AutoShareWks in the server's registry key LanmanServer\Parameters was not valid, and was ignored.
If you want to change the value, change it to one that is the correct type and is
within the acceptable range, or delete the value to use the default. This value
might have been set up by an older program that did not use the correct boundaries.



-- End of Deckard's System Scanner: finished at 2008-08-02 11:33:55 ------------

thanks again!
Arlene

Edited by arlenelg, 02 August 2008 - 09:58 AM.

  • 0

Advertisements


#11
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

I'm still pretty sure your Norton is causing this, so temporary uninstall Norton (+all related Symantec references) via software > add&remove programs.

* To fully remove Norton AntiVirus or other Symantec related products, select the product you want to uninstall from this list in order to download the removal tool.
Please read the instructions first before you use it.

For older versions of Norton (2000, 2001, 2002), choose this link.

Also read the next article in case you're having problems with uninstalling Norton if above instructions didn't work, or noticed problems after uninstalling Norton: http://basconotw.mvps.org/SymRem.htm

This is the only way to troubleshoot properly.. Because as I said, Norton is a possible cause here and we can only figure this out if you temporary uninstall it. Disabling is not enough, because many components will still be loaded then. That's why you should uninstall it.
  • 0

#12
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ok, should i run another decker scan after i uninstall?
  • 0

#13
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Not needed. Just tell me if that solved your issue.
  • 0

#14
arlenelg

arlenelg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
ok i have uninstalled norton. and immediately, i noticed faster startup etc.

Is there another antivirus program that is preferable to norton? i think i can return the nortons.

Edited by arlenelg, 02 August 2008 - 04:43 PM.

  • 0

#15
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Good to hear that really improved system speed.
Take a look in my signature below under Antivirus for the ones I recommend. I personally recommend Avira since it's for free and is great in detection. The premium version (not for free, but really cheap) does detect spyware/adware as well.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP