[chimpgrrl]

Logfile of HijackThis v1.99.1
Scan saved at 5:57:58 PM, on 07/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\stchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\System32\atdon714.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\System32\??plorer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Debbie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {27C77820-C39C-E74C-949C-CF49126BC79A} - C:\WINDOWS\System32\wsveto.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [atdon714] C:\WINDOWS\System32\atdon714.exe
O4 - HKLM\..\Run: [WindowsUpdate] C
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe
O4 - HKCU\..\Run: [Zupwdgdu] C:\WINDOWS\System32\??plorer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://amazon.kodakg..._1/axofupld.cab
O16 - DPF: {71A1A7DD-D68A-4A17-94D2-71580711976D} (AdorUpload.ctlPhotosv2) - http://www.adoramapi.../AdorUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.36.42.210/...sCamControl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_2_3_0.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Advertisements]

Welcome chimpgrrl to Geeks to Go!

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder


Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!

***

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

stchost.exe

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

***

Open HijackThis to the misc tools section and click the Delete an NT Sevice button. Paste in

moto

and click OK.
Close HijackThis

***

Download: deldomains.
To use: right-click and select: Install (no need to restart)
Should the link above display the text instead of downloading the file, then copy & paste the text into notepad and save the file as DellDomains.inf
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

***

Download SmitRem
your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Please download the Killbox.
Unzip it to the desktop. Run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\stchost.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\System32\atdon714.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\vxh8jkdq7.exe[

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe

O2 - BHO: (no name) - {27C77820-C39C-E74C-949C-CF49126BC79A} - C:\WINDOWS\System32\wsveto.dll

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [atdon714] C:\WINDOWS\System32\atdon714.exe

O4 - HKLM\..\Run: [WindowsUpdate] C

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe

O4 - HKCU\..\Run: [Zupwdgdu] C:\WINDOWS\System32\??plorer.exe

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido.txt log file you saved by using Add Reply

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

[g2i2r4]

Welcome chimpgrrl to Geeks to Go!

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder


Please read these instructions carefully. You may want to print them. Copy the text to a Notepad file and save it to your desktop! We will need the file later.
Be sure to follow ALL instructions!

***

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

stchost.exe

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

***

Open HijackThis to the misc tools section and click the Delete an NT Sevice button. Paste in

moto

and click OK.
Close HijackThis

***

Download: deldomains.
To use: right-click and select: Install (no need to restart)
Should the link above display the text instead of downloading the file, then copy & paste the text into notepad and save the file as DellDomains.inf
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

***

Download SmitRem
your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

Please download the trial version of ewido security suite.Install ewido security suite
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

Launch ewido, there should be an icon on your desktop double-click it.
The program will prompt you to update click the OK button

The program will now go to the main screen
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update
Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido for now.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Please download the Killbox.
Unzip it to the desktop. Run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\stchost.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\System32\atdon714.exe
C:\Program Files\rdso\eetu.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\vxh8jkdq7.exe[

Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe

O2 - BHO: (no name) - {27C77820-C39C-E74C-949C-CF49126BC79A} - C:\WINDOWS\System32\wsveto.dll

O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [atdon714] C:\WINDOWS\System32\atdon714.exe

O4 - HKLM\..\Run: [WindowsUpdate] C

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe

O4 - HKCU\..\Run: [Zupwdgdu] C:\WINDOWS\System32\??plorer.exe

O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spys...rCabInstall.cab

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your machine and post back a new HJT log and the ewido.txt log file you saved by using Add Reply

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

[chimpgrrl]

Logfile of HijackThis v1.99.1
Scan saved at 10:53:10 AM, on 07/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://amazon.kodakg..._1/axofupld.cab
O16 - DPF: {71A1A7DD-D68A-4A17-94D2-71580711976D} (AdorUpload.ctlPhotosv2) - http://www.adoramapi.../AdorUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.36.42.210/...sCamControl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_2_3_0.cab
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:33:49 AM, 07/12/2005
+ Report-Checksum: 4A74861E

+ Scan result:

C:\Documents and Settings\Debbie\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\George\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089389.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089390.exe -> Trojan.LowZones.y : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089404.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089405.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089406.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089414.exe -> TrojanDropper.Small.wv : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089433.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089458.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089484.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089501.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089538.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089549.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089550.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089551.exe -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP890\A0089633.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP891\A0089655.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP896\A0089747.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP900\A0089808.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP900\A0089827.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0089996.exe -> TrojanDownloader.Small.azt : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090062.exe -> TrojanDownloader.Small.azt : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090063.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090064.exe -> Spyware.WeirWeb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090065.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090067.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090085.exe -> Spyware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090466.dll -> Spyware.TopSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090467.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090468.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090469.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\ehle3ogj.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\SYSTEM\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\SYSTEM\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\SYSTEM32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\SYSTEM32\jdvuf0jl.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\maxd.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\thn32.dll -> TrojanProxy.Small.bk : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgame1.exe -> TrojanDropper.Small.wv : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgame3.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgame4.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgamet1.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgamet2.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINDOWS\SYSTEM32\web.exe -> TrojanDownloader.Small.aqu : Cleaned with backup


::Report End

[chimpgrrl]

Here is my latest Hijack This Log followed by the Panda ActiveScan, smitfiles.txt and Ewido logs. So far I have been able to get rid of the annoying blue desktop screen and warning message from Spy Sheriff. However, the Panda ActiveScan showed that only 2 of 23 infected files were disinfected. Please let me know what else I may need to do! Thank you so much.



HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 12:21:46 PM, on 07/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX5200" /O6 "USB001" /M "Stylus CX5200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://amazon.kodakg..._1/axofupld.cab
O16 - DPF: {71A1A7DD-D68A-4A17-94D2-71580711976D} (AdorUpload.ctlPhotosv2) - http://www.adoramapi.../AdorUpload.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.36.42.210/...sCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_2_3_0.cab
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: stchost.exe (moto) - Unknown owner - C:\WINDOWS\stchost.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe






PANDA ACTIVESCAN LOG:

Incident Status Location

Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\System32\SahImages
Adware:Adware/CWS No disinfected C:\Documents and Settings\Debbie\Favorites\Health
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/Adsmart No disinfected C:\WINDOWS\System32\vxgame?.exe
Adware:Adware/Weirdontheweb No disinfected C:\Program Files\WeirdOnTheWeb
Adware:Adware/Oemji No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Debbie\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Debbie\Application Data\Sskknwrd.dll
Adware:Adware/Weirdontheweb No disinfected C:\Documents and Settings\Debbie\Favorites\WeirdOnTheWeb.url
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Debbie\Local Settings\Temporary Internet Files\Ssk.log
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\webservice[1].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\UNQFQL2R\webservice[1].htm
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\George\Local Settings\Temporary Internet Files\Content.IE5\Z8PFBPCE\webservice[1].htm
Adware:Adware/BrilliantDigitalNo disinfected C:\Program Files\Kazaa\bdcore.dll
Virus:Trj/Shellbot.B Disinfected C:\WINDOWS\SYSTEM\svchost.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\Shex.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\SYSTEM32\vx.tll
Virus:Trj/Agent.YL Disinfected C:\WINDOWS\SYSTEM32\vxgame6.exe
Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\SYSTEM32\vxh8jkdq1.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\SYSTEM32\vxh8jkdq5.exe
Adware:Adware/CWS.Yexe No disinfected C:\WINDOWS\SYSTEM32\vxh8jkdq8.exe
Adware:Adware/Weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe




SMITFILES.TXT LOG:

Pre-run Files Present


~~~ Program Files ~~~

SpySheriff


~~~ Shortcuts ~~~

Install.dat


~~~ system32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~

winstall.exe


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ system32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

Not Infected!




EWIDO LOG:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:33:49 AM, 07/12/2005
+ Report-Checksum: 4A74861E

+ Scan result:

C:\Documents and Settings\Debbie\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Debbie\Cookies\debbie@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\George\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089389.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089390.exe -> Trojan.LowZones.y : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089404.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089405.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089406.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089414.exe -> TrojanDropper.Small.wv : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089433.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089458.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089484.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089501.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089538.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089549.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089550.dll -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP889\A0089551.exe -> Spyware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP890\A0089633.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP891\A0089655.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP896\A0089747.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP900\A0089808.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP900\A0089827.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0089996.exe -> TrojanDownloader.Small.azt : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090062.exe -> TrojanDownloader.Small.azt : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090063.exe -> TrojanDownloader.Small.aqu : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090064.exe -> Spyware.WeirWeb : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090065.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP907\A0090067.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090085.exe -> Spyware.AlexaBar : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090466.dll -> Spyware.TopSearch : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090467.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090468.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP908\A0090469.exe -> Not-A-Virus.Hoax.Renos.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\ehle3ogj.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\SYSTEM\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\SYSTEM\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\SYSTEM32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\SYSTEM32\jdvuf0jl.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\maxd.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\thn32.dll -> TrojanProxy.Small.bk : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgame1.exe -> TrojanDropper.Small.wv : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgame3.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgame4.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgamet1.exe -> TrojanDownloader.Small.aqt : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgamet2.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINDOWS\SYSTEM32\web.exe -> TrojanDownloader.Small.aqu : Cleaned with backup


::Report End

[g2i2r4]

Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

stchost.exe

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows.

***

Open HijackThis to the misc tools section and click the Delete an NT Sevice button. Paste in

moto

and click OK.
Close HijackThis

***

Download: deldomains.
To use: right-click and select: Install (no need to restart)
Should the link above display the text instead of downloading the file, then copy & paste the text into notepad and save the file as DellDomains.inf
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

***

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each
C:\WINDOWS\System32\SahImages
C:\Documents and Settings\Debbie\Favorites\Health
C:\Program Files\WeirdOnTheWeb
C:\Documents and Settings\Debbie\Application Data\Sskknwrd.dll
C:\Documents and Settings\Debbie\Application Data\Sskcwrd.dll
C:\Documents and Settings\Debbie\Favorites\WeirdOnTheWeb.url
C:\Program Files\Kazaa\bdcore.dll
C:\WINDOWS\SYSTEM32\Shex.exe
C:\WINDOWS\SYSTEM32\vx.tll
C:\WINDOWS\SYSTEM32\vxh8jkdq1.exe
C:\WINDOWS\SYSTEM32\vxh8jkdq5.exe
C:\WINDOWS\SYSTEM32\vxh8jkdq8.exe
C:\WINDOWS\weirdontheweb_topc.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Scan local drives for temporary files
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

***

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

Post back here with Antispyware.log and a HijackThis log please.

[chimpgrrl]

As requested, here are my Antispyware and HijackThis logs.....


Antispyware:


Started Scanning
Internet Cookies
Found 'questionmarket.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\KaZaA Media Desktop\Settings'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found 'LastSearchHash' in 'Software\Kazaa'
Found 'ScanFolder' in 'Software\Kazaa\Advanced'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\Search'
Found 'adult_filter_level' in 'Software\Kazaa\ResultsFilter'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'CacheDiscoveryTime' in 'Software\Kazaa\Transfer'
Found 'CacheHost' in 'Software\Kazaa\Transfer'
Found 'CachePort' in 'Software\Kazaa\Transfer'
Found 'CountryCode' in 'Software\Kazaa\UserDetails'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'DlDir0' in 'Software\Kazaa\Transfer'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'AutoConnected' in 'Software\Kazaa\UserDetails'
Found 'firewall_filter' in 'Software\Kazaa\ResultsFilter'
Found 'SkinsDir' in 'Software\Kazaa\Skins'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'UserName' in 'Software\Kazaa\UserDetails'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'Interface\{4781DAA6-4DE5-47A1-B02A-945F0D017A9E}'
Found '' in 'SOFTWARE\Classes\Interface\{4781DAA6-4DE5-47A1-B02A-945F0D017A9E}'
Found '' in 'Interface\{3517FB25-305D-4012-B531-186E3851E7ED}'
Found '' in 'SOFTWARE\Classes\Interface\{3517FB25-305D-4012-B531-186E3851E7ED}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\uninstall\weirdontheweb'
Found '' in 'SOFTWARE\WeirdOnTheWeb'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Debbie\Favorites\Health'
Found '' in 'C:\Program Files\Kazaa'
Found 'broadband.gif' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\Help'
Found 'arrow_sml.gif' in 'C:\Program Files\Kazaa\Help'
Found 'background.gif' in 'C:\Program Files\Kazaa\Help'
Found 'h_mykazaa.gif' in 'C:\Program Files\Kazaa\Help'
Found 'h_myMedia.gif' in 'C:\Program Files\Kazaa\Help'
Found 'h_myplaylists.gif' in 'C:\Program Files\Kazaa\Help'
Found 'mykazaa.css' in 'C:\Program Files\Kazaa\Help'
Found 'kazaa.exe' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found '' in 'C:\Program Files\Kazaa\Promotions'
Found '' in 'C:\Program Files\WeirdOnTheWeb'
Found 'wnsintsv.exe' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health' in shortcut areas.
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health' in startup areas.
Cleaning 'C:\Documents and Settings\Debbie\Favorites\Health'
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\EPA Ground Water & Drinking Water Publications Lead In Your Drinking Water.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\EPA Ground Water & Drinking Water Publications Lead In Your Drinking Water.url' in startup areas.
Cleaning 'C:\Documents and Settings\Debbie\Favorites\Health\EPA Ground Water & Drinking Water Publications Lead In Your Drinking Water.url'
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\FEMA Individual and Family Grant Program for Air Purifiers and Filters, HEPA Vacuums, Air Conditioner Repair - Replacemen.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\FEMA Individual and Family Grant Program for Air Purifiers and Filters, HEPA Vacuums, Air Conditioner Repair - Replacemen.url' in startup areas.
Cleaning 'C:\Documents and Settings\Debbie\Favorites\Health\FEMA Individual and Family Grant Program for Air Purifiers and Filters, HEPA Vacuums, Air Conditioner Repair - Replacemen.url'
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\Lead in Drinking Water and Water Testing.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\Lead in Drinking Water and Water Testing.url' in startup areas.
Cleaning 'C:\Documents and Settings\Debbie\Favorites\Health\Lead in Drinking Water and Water Testing.url'
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\The Clean Air Program.url' in shortcut areas.
Checking for 'C:\Documents and Settings\Debbie\Favorites\Health\The Clean Air Program.url' in startup areas.
Cleaning 'C:\Documents and Settings\Debbie\Favorites\Health\The Clean Air Program.url'
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\bdupd.dll' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\bdupd.dll' in startup areas.
Cleaning 'C:\Program Files\Kazaa\bdupd.dll'
Checking for 'C:\Program Files\Kazaa\broadband.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\broadband.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\broadband.gif'
Checking for 'C:\Program Files\Kazaa\cloudload.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\cloudload.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\cloudload.dat'
Checking for 'C:\Program Files\Kazaa\Db\bb.db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\bb.db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\bb.db'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\gr_Debbie.current' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\gr_Debbie.current' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\gr_Debbie.current'
Checking for 'C:\Program Files\Kazaa\Db\gr_George.current' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\gr_George.current' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\gr_George.current'
Checking for 'C:\Program Files\Kazaa\Db\gr_George.previous' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\gr_George.previous' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\gr_George.previous'
Checking for 'C:\Program Files\Kazaa\Help\arrow.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\arrow.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\arrow.gif'
Checking for 'C:\Program Files\Kazaa\Help\arrow_sml.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\arrow_sml.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\arrow_sml.gif'
Checking for 'C:\Program Files\Kazaa\Help\background.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\background.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\background.gif'
Checking for 'C:\Program Files\Kazaa\Help\h_mykazaa.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\h_mykazaa.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\h_mykazaa.gif'
Checking for 'C:\Program Files\Kazaa\Help\h_myMedia.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\h_myMedia.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\h_myMedia.gif'
Checking for 'C:\Program Files\Kazaa\Help\h_myplaylists.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\h_myplaylists.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\h_myplaylists.gif'
Checking for 'C:\Program Files\Kazaa\Help\mykazaa.css' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\mykazaa.css' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\mykazaa.css'
Checking for 'C:\Program Files\Kazaa\Help\mykazaa.htm' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\mykazaa.htm' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\mykazaa.htm'
Checking for 'C:\Program Files\Kazaa\Help\mymedia.htm' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\mymedia.htm' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\mymedia.htm'
Checking for 'C:\Program Files\Kazaa\Help\myplaylists.htm' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\myplaylists.htm' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\myplaylists.htm'
Checking for 'C:\Program Files\Kazaa\Help\spacer.gif' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Help\spacer.gif' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Help\spacer.gif'
Checking for 'C:\Program Files\Kazaa\kazaa.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\kazaa.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\kazaa.exe'
Checking for 'C:\Program Files\Kazaa\Kazaa.url' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Kazaa.url' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Kazaa.url'
Checking for 'C:\Program Files\Kazaa\kzscan.dll' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\kzscan.dll' in startup areas.
Cleaning 'C:\Program Files\Kazaa\kzscan.dll'
Checking for 'C:\Program Files\Kazaa\libfn.dll' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\libfn.dll' in startup areas.
Cleaning 'C:\Program Files\Kazaa\libfn.dll'
Checking for 'C:\Program Files\Kazaa\linksfolder.ico' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\linksfolder.ico' in startup areas.
Cleaning 'C:\Program Files\Kazaa\linksfolder.ico'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Bob Dylan - CNN Interview 1993.mp3' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Bob Dylan - CNN Interview 1993.mp3' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\Bob Dylan - CNN Interview 1993.mp3'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Early Dylan - Interview.mp3' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Early Dylan - Interview.mp3' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\Early Dylan - Interview.mp3'
Checking for 'C:\Program Files\Kazaa\Promotions\DirectTV.url' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Promotions\DirectTV.url' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Promotions\DirectTV.url'
Checking for 'C:\Program Files\Kazaa\Promotions\Earn Money.url' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Promotions\Earn Money.url' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Promotions\Earn Money.url'
Checking for 'C:\Program Files\Kazaa\Promotions\Get Access with Tiscali.url' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Promotions\Get Access with Tiscali.url' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Promotions\Get Access with Tiscali.url'
Checking for 'C:\Program Files\Kazaa\Promotions\Netflix.url' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Promotions\Netflix.url' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Promotions\Netflix.url'
Checking for 'C:\Program Files\Kazaa\Promotions\readme.lnk' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Promotions\readme.lnk' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Promotions\readme.lnk'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_mykazaa_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_search_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_shop_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_start_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_tell_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_theatre_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mainbar_traffic_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_addtoplay_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_next_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_pause_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_play_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_prev_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_slider.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_slider.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_slider.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_sliderThumb_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_stop_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mediabar_volume_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_delete_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_folders_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_importfold_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_moreinfo_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\mykazaabar_share_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_download_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_messageuser_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_newsearch_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_searchuser_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\searchbar_showsearch_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\skin.xml' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\skin.xml' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\skin.xml'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_back_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_fwd_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_dis.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_dis.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_dis.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_over.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_over.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_over.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_sel.bmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_sel.bmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Skins\Ceramic Biscuit\startbar_home_sel.bmp'
Checking for 'C:\Program Files\Kazaa\Skins\Cer

[g2i2r4]

Looks like KaZaa is the biggest problem. I advise you to uninstall it.

[chimpgrrl]

I tried to delete Kazaa Media Desktop 2.0.2 using the "Add or Remove Programs" function, but I keep getting the following error message:

Error loading C:\WINDOWS\System32\cd_clint.dll
The specified module could not be found.

Any suggestions?

Thanks!

[g2i2r4]

Try removing it in safe mode.

[chimpgrrl]

Hi again,

I tried removing it in safe mode but encountered the same error message. Any other suggestions?

Thanks.

[g2i2r4]

Please download and unzip this dummy file.
Unzip it to your windows\system32 folder.

Then reboot and uninstall KaZaa again.

[chimpgrrl]

Okay. I downloaded and unzipped/expanded the dummy file to my C:\WINDOWS\System32 folder. The following files appeared:

cd_clint.cpp
cd_clint.def
cd_clint.txt
cd_clint.dll

After I rebooted and tried to uninstall Kazaa I got the following error message:

Error in C:\WINDOWS\System32\cd_clint.dll
Missing entry: ServiceRunDll

Am I doing something wrong????

[g2i2r4]

no I'm sorry. I should register the file so the system knows it's there.

Go to Start->Run and copy and paste
regsvr32 cd_clint.dll

Reboot and try again please.

[chimpgrrl]

Thanks. I followed your instructions but then I got the following error message:

cd_clint.dll was loaded but the DllRegister Server entry point was not found. This file cannot be registered.

[g2i2r4]

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.