There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
access audio avg avg 8 bios blue screen boot browser bsod computer crash css dell desktop driver drivers dvd email error excel explorer firefox firefox 3 freeze gimp graphics hard drive hardware help please hijackthis hjt hjt log install internet internet explorer itunes javascript keyboard laptop log malware monitor network networking openoffice outlook outlook 2003 outlook express password popups problem router seo slow sound sp3 spyware startup trojan usb video virtumonde virus vista vundo windows windows xp winxp wireless youtube
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Microsoft error reports/blue screen


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 2 of 4 < 1 2 34 >
 
Thread Tools
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-May-2008, 12:57 PM #16
Is your system XP Pro or Home?
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 03:02 PM #17
Home
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-May-2008, 04:48 PM #18
You will need to get this hotfix from Microsoft to fix the Application Management errors:

http://support.microsoft.com/kb/328213


Please run it for a day and then check the Event Viewer again and post any new errors that have occurred since running chkdsk.

If you haven't yet gotten the MS hotfix, there's no need to post the Applicattion Management errors (event id: 7023) as they will keep occurring over and over again until the fix is applied.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 06:22 PM #19
So basically you are saying I'm screwed until I get this so called fixed from Microsoft which naturally wont be free?
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-May-2008, 06:33 PM #20
No, not at all. This error is not what's causing your problems. But it's a nuisance. It is free though. MS provides the hotfix without charge. Just be sure you mention that up front.
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 07:06 PM #21
I'm trying to contact microsoft to see if they will give me the hotfix. In the meantime, what else can i do to solve my problem(s)?

Thank you.
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
01-May-2008, 07:13 PM #22
As I mentioned, run it for a day and then post any new errors that have occurred since chkdsk was run.

Also, let's do a couple of scans.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


Please run Kaspersky online virus scan Kaspersky Online Scanner.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from the SuperAntiSpyware and Kaspersky scans.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 09:22 PM #23
Ran Superantispyware.

It found several hundred cookie type adwares. Nothing else. Than after rebooting, it acted like yesterday when I went through the Scan Disk except faster this time. I dont know if thats related to Superantispyware or not. I wrote as much of that screen down as I could before it finished:

CHKDSK
Deleting corrupt file record segment 59420
Deleting corrupt atribute record (16,0) from file record segment 78195
Deleting corrupt record segment 78195
There were a few other lines but came and went too quick for me to manually copy.

Than after putting in my P/W for windows, this error came up:
Svchost.exe Application Error
The intruction at "0x77e93362" referenced memory at "0x00000400, the memory could not be read....1st time I've seen that.

After clicking to terminate, it booted to desktop. It allowed me to open Superantispyware, but wouldnt let me see the log. I couldnt get into internet explorer or restart system in normal way. Basically it was frozen which had not happened before. So I did a cold reboot. This time after putting in windows password at log-in prompt, it would not load my desktop settings. I cold rebooted again and went into safe mode. There I was able to read superantispyware log. The problem is I cant get into IE to paste it for you since it keeps saying microsoft IE has seen an error and is shutting down.

I will keep trying to send you the log and than try Kasperky. I wanted to get this info to you before I forgot anything important.
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 09:33 PM #24
After the 5 minutes it took to post last message, I was than able to boot up troubled machine in normal mode with only one error message:

runtime error

Program Superantispyware. This application has requested the runtime to terminate it in an unusual way. Contact application support team for more information.

Heres the Superantispyware log in two pieces:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/01/2008 at 08:13 PM

Application Version : 4.0.1154

Core Rules Database Version : 3451
Trace Rules Database Version: 1443

Scan type : Complete Scan
Total Scan Time : 00:34:41

Memory items scanned : 334
Memory threats detected : 0
Registry items scanned : 6285
Registry threats detected : 0
File items scanned : 122293
File threats detected : 472

Adware.Tracking Cookie
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@msnportal.112.2o7[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@msnportalbeetsearchapr2007.112.2o7[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@advertising[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@ads.pointroll[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@ad.yieldmanager[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@specificclick[2].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@doubleclick[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@ads.techguy[1].txt
C:\Documents and Settings\Cliff.TIGER.000\Cookies\cliff@atdmt[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@468.rbcmedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@a.findarticles[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@a.websponsors[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@account.live[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.abum[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.adocean[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.adocean[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.bb[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.cibleclick[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.creafi[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.jjang0u[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.nifty[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.reunion[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.tradingcharts[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.tv2[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.wanderlist[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.webreseau[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad.zanox[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad1.bb[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad2.fotki[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad2.ip[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ad2.pl.mediainter[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adecn[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adinterax[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adinterax[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adknowledge[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adlegend[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adopt.euroclick[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adopt.hbmediapro[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adopt.specificclick[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adopt.specificclick[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adopt.specificclick[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.addesktop[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.adsonar[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.adultswim[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.associatedcontent[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.associatedcontent[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.belointeractive[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.cc214142[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.cdfreaks[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.cnn[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.cnn[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.cnn[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.contactmusic[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.evtv1[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.jackpot[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.lunamedia.com[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.mediainteractive.e-planning[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.monster[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.ookla[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.ookla[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.ookla[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.people.com[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.pricescan[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.primeinteractive[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.realtechnetwork[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.revsci[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.revsci[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.revsci[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.searchextreme[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.stileproject[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[6].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.techguy[7].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.uncoverthenet[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.us.e-planning[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.veoh[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.videomaker[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads.worldgolf[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads2.net2day[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ads3.blastro[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adsrevenue[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adult-youtube-8[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adult-youtube-8[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adult.dvdempire[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adult.secure.worldgroups[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adult.www.worldgroups[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultactioncam[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultadworld[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultadworld[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultcheck[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultdvddaily[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultdvdtalk[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultfilmdatabase[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultfriendfinder[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultmanilaonline[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultrealitypass[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adultswim[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adulttoychest[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adv.alice[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adv.surinter[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adv.virgilio[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adv.webmd[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@advert.savvy[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@advert.seekwellness[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adverticum[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@adverts.digitalspy.co[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@allabout-penis-enlargement[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@allcountrytabs[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@allrealityxxxpass[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@amsterdamlivexxx[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ank-porn[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@apmebf[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@app.insightgrit[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ath.belnk[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@atwola[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@atwola[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@audit.median[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@azjmp[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@banner.monacogoldcasino[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@banners.guns[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@bannerspace[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@bdsmforall[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@bdsmlibrary[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@belnk[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@blueslyrics.tripod[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@bravenet[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@businessandmedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@c3.gostats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@caselaw.lp.findlaw[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@centralmediaserver[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@centralmediaserver[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@centralmediaserver[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@centralmediaserver[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@centralmediaserver[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@chokertraffic[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@click.cashengines[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@click.netpondcash[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@clickaider[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@clickaider[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@clickaider[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@clickntrack[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@clicksor[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@clicksor[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@cnt1.millioncounter[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@cnt2.millioncounter[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@cnt3.millioncounter[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@collective-media[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@collective-media[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@collective-media[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@collective-media[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@collective-media[6].txt
C:\Documents and Settings\Cliff\Cookies\cliff@collective-media[7].txt
C:\Documents and Settings\Cliff\Cookies\cliff@consumergain[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@coolsavings[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@count.rbc[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@counter.credo[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@counter.hatena.ne[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@counter.plugin[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@counter.surfcounters[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@counter[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@cracker.com[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@dhdmedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@directtrack[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@discountrealitysites[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@dist.belnk[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@dmtracker[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@drivecleaner[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@eas.apm.emediate[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@eas.apm.emediate[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@eas.apm.emediate[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@eboz[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ecnext.advertserve[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ecnext.advertserve[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@emarketmakers[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@empornium[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@endi.advertserve[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@evolnetmedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@exitexchange[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@exitexchange[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@exitexchange[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@eyewonder[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ez-tracks[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@ffxcam.cracker.com[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@find.yuku[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@findarticles[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@findinternettv[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@findlaw[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@findmidis[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@flightstats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@floridacountiesmap[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@focalex[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@forum.adultdvdtalk[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@forums.govteen[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@forums.sexyandfunny[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@free-sex-stories.pacrimnetcom[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@freesexparty[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@galleries.teentopanga[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@getrightporn[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@go.drivecleaner[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@hentaicounter[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@herfirstlesbiansex[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@hits.clickandtrack[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@honoluluadvertiser[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@hornymatches[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@hurricanetrack[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@i.screensavers[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@icc.intellisrv[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpressai[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpressai[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpressai[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpressai[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpressai[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpresserdd[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightexpress[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@insightfirst[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@interclick[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@interclick[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@interclick[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@interclick[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@interclick[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@interracialporno[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@itxt.vibrantmedia[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@jdc3.clicktracks[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kanoodle[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kontera[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kontera[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kontera[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kontera[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kontera[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@kontera[6].txt
C:\Documents and Settings\Cliff\Cookies\cliff@lyricsfind[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@m1.webstats.motigo[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mcmads.mediacapital[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@medbanner.advertserve[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media-general[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media.adrevolver[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media.intelia[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media.myfoxatlanta[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media.myfoxchicago[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media.myfoxtampabay[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media.myfoxtampabay[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media6degrees[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@media6degrees[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediabistro[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediabistro[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediabistro[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediacollege[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediamatters[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediamatters[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediaonenetwork[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediaonenetwork[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mediavillage[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@metareward[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mobileentertainment.directtrack[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@monstersandcritics.advertserve[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mtrcs.bizrate[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@myadultsite[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@mymedia.myfoxtampabay[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@nakedarcade[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@newzfind[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@nextag[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@niteflirt.directtrack[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@oneclickchicks[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@oneclickchicks[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@optimost[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@orgysexparties[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@partner2profit[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@partner2profit[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@partners.adultadworld[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@partypoker.touchclarity[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pcstats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@penisadvantage[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@penisbigsize[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@penishealth[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pinellascounty[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@porn.naughtyfiles[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pornhost[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pornomula[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pornotube20008[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pornotube20008[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@precisionclick[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@pt.crossmediaservices[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@qnsr[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@r-kimedia.co[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@realteenpictureclub[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@revsci[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@richmedia.yahoo[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@richmedia.yahoo[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@richmedia.yahoo[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@richmedia.yahoo[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@richmedia.yahoo[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@rightmedia[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@rotabanner234.utro[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sales.liveperson[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sales.liveperson[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sales.liveperson[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@secure.w3track[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@server.cpmstar[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@server.iad.liveperson[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sex-superstore[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexandsubmission[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexinsex[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexstoriespost[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexual-desire[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexual.healingmindn[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexuality.about[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexuality.about[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexygames[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sexyteengalls[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sitestat.mayoclinic[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sitestat.mayoclinic[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sitestat.mayoclinic[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sixapart.adbureau[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@smileycentral[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@softclick.com[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@sources.sourcetool[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@specificclick[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@specificclick[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@specificclick[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stat.almamedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stat.www[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@statcounter[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats-tracking[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats.channel4[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats.drivecleaner[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats.gamestop[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats.liutilities[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats2.clicktracks[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stats[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@stopzilla[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@store.sex-superstore[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@strippers.inadult[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@superstats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tacoda[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tds.bdsmfetish[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@te.kontera[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@te.s1.trafficdivision[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@techtracker[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@teenforums.student[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@teenhitchhikers[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@teenmovies.student[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@teensforcash[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@teenskirtz[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@therichmedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@timesofindia.indiatimes[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@toplist[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@toseeka[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tour.splash.sexsearch[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@track.bestbuy[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@track.cbs[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@track.oainternetservices[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tracker.affistats[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tracking.foxnews[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tracking.foxnews[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tracking.foxnews[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tracking[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tracking[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@traffic.index[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@trafficdashboard[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@trafficgate[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@trafficpushers[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@traffic[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tremor.adbureau[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tremor.adbureau[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tremor.adbureau[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tremor.adbureau[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@tremor.adbureau[6].txt
C:\Documents and Settings\Cliff\Cookies\cliff@usenext[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@vhost.oddcast[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@warlog[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@windowsmedia[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@worldlingomedia[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.1xxxpics[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.3dstats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.abcs-of-penis-enlargement[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.addfreestats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.adultsexgirls[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.adulttoychest[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.bettersexmall[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.burstbeacon[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.celebsxxx.host[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.clickmanage[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.clickwwwsearch[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.clickxchange[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.clubworldsex[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.counters[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.discountofficesupplies[2].txt
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 09:34 PM #25
Rest of log:

C:\Documents and Settings\Cliff\Cookies\cliff@www.drivecleaner[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.erotiqsex[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.ez-tracks[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.femalecelebrities[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.femalefirst.co[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.findanylyrics[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.findarticles[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.****-love[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.god****ingdamnit[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.goodcounter[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[3].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[4].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[5].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[6].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[7].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[8].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.googleadservices[9].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.hillsboroughcounty[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.hornyanddrunk[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.hornyanddrunk[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.hornymatches[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.lyricsexpert[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.lyricsfind[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.magicporntube[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.medialine[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.mediavillage[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.nakedarcade[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.nielsenmedia[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.penishealth[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.porninspector[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.premiumsexsites[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.qsstats[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.qsstats[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.roiconversiontracker[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.rude****[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.screensavers[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.sexboards[2].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.sexcamsworldwide[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.sextelevision[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.sexydesktop.co[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.sexyvip[1].txt
C:\Documents and Settings\Cliff\Cookies\cliff@www.statssheet[1].txt
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
01-May-2008, 11:55 PM #26
Kaspersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 01, 2008 11:53:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/05/2008
Kaspersky Anti-Virus database records: 735173
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 124187
Number of viruses found: 6
Number of infected objects: 27
Number of suspicious objects: 5
Duration of the scan process: 01:31:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Cliff\Desktop\Hijack logs\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Cliff\Desktop\Hijack logs\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Cliff\Desktop\Hijack logs\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Cliff\Desktop\Hijack logs\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Cliff\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx/[From "service@paypal.com" <service@paypal.com>][Date Wed, 01 Jun 2005 12:15:53 +0300]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Cliff\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx/[From "service@paypal.com" <service@paypal.com>][Date Wed, 01 Jun 2005 12:15:53 +0300]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Cliff\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: suspicious - 2 skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Administrator <Postmaster@chello.nl>][Date Sat, 11 Sep 2004 12:01:07 +0200]/UNNAMED/UNNAMED/[From goldfingerpg2@hotmail.com][Date Sat, 11 Sep 2004 12:01:02 +0200]/data.zip/document.txt .exe Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Administrator <Postmaster@chello.nl>][Date Sat, 11 Sep 2004 12:01:07 +0200]/UNNAMED/UNNAMED/[From goldfingerpg2@hotmail.com][Date Sat, 11 Sep 2004 12:01:02 +0200]/data.zip Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Administrator <Postmaster@chello.nl>][Date Sat, 11 Sep 2004 12:01:07 +0200]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Administrator <Postmaster@chello.nl>][Date Sat, 11 Sep 2004 12:01:07 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From MAILER-DAEMON (Mail Delivery System)][Date Tue, 14 Sep 2004 19:56:02 +0000 (UCT)]/UNNAMED/UNNAMED/[From goldfingerpg2@hotmail.com][Date Tue, 14 Sep 2004 21:55:47 +0200]/Informations.zip/Informations.txt .exe Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From MAILER-DAEMON (Mail Delivery System)][Date Tue, 14 Sep 2004 19:56:02 +0000 (UCT)]/UNNAMED/UNNAMED/[From goldfingerpg2@hotmail.com][Date Tue, 14 Sep 2004 21:55:47 +0200]/Informations.zip Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From MAILER-DAEMON (Mail Delivery System)][Date Tue, 14 Sep 2004 19:56:02 +0000 (UCT)]/UNNAMED/UNNAMED Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From MAILER-DAEMON (Mail Delivery System)][Date Tue, 14 Sep 2004 19:56:02 +0000 (UCT)]/UNNAMED Infected: Email-Worm.Win32.NetSky.aa skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From resbella@tin.it][Date Mon, 20 Sep 2004 12:02:45 +0200]/UNNAMED/file.txt Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From resbella@tin.it][Date Mon, 20 Sep 2004 12:02:45 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From chusnavarro@eresmas.net][Date Tue, 21 Sep 2004 08:45:01 +0200]/UNNAMED/data.doc Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From chusnavarro@eresmas.net][Date Tue, 21 Sep 2004 08:45:01 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From <jurgensmet@yahoo.com>][Date Tue, 21 Sep 2004 20:16:29 +0100]/UNNAMED/photo.zip/photo.jpg .scr Infected: Email-Worm.Win32.Mabutu.a skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From <jurgensmet@yahoo.com>][Date Tue, 21 Sep 2004 20:16:29 +0100]/UNNAMED/photo.zip Infected: Email-Worm.Win32.Mabutu.a skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From <jurgensmet@yahoo.com>][Date Tue, 21 Sep 2004 20:16:29 +0100]/UNNAMED Infected: Email-Worm.Win32.Mabutu.a skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From jenoecker@aol.com][Date Wed, 22 Sep 2004 23:40:11 -0400]/UNNAMED/data_goldfingerpg2.txt.pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From jenoecker@aol.com][Date Wed, 22 Sep 2004 23:40:11 -0400]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@equotoscana.org>][Date Sat, 25 Sep 2004 00:08:09 +0200]/UNNAMED/[From root@localhost]/UNNAMED/[From goldfingerpg2@hotmail.com][Date Sat, 25 Sep 2004 00:03:29 +0200]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@equotoscana.org>][Date Sat, 25 Sep 2004 00:08:09 +0200]/UNNAMED/[From root@localhost]/UNNAMED/[From goldfingerpg2@hotmail.com][Date Sat, 25 Sep 2004 00:03:29 +0200]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@equotoscana.org>][Date Sat, 25 Sep 2004 00:08:09 +0200]/UNNAMED/[From root@localhost]/UNNAMED/[From goldfingerpg2@hotmail.com][Date Sat, 25 Sep 2004 00:03:29 +0200]/message.scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@equotoscana.org>][Date Sat, 25 Sep 2004 00:08:09 +0200]/UNNAMED/[From root@localhost]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From Mail Delivery Subsystem <MAILER-DAEMON@equotoscana.org>][Date Sat, 25 Sep 2004 00:08:09 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From support@stb.com][Date Sat, 25 Sep 2004 00:09:03 +0200]/UNNAMED/application.txt Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx/[From support@stb.com][Date Sat, 25 Sep 2004 00:09:03 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.q skipped
C:\Documents and Settings\Cliff\My Documents\Misc\mail backup\Hotmail - Deleted Items.dbx MailMSOutlook5: infected - 22, suspicious - 2 skipped
C:\Documents and Settings\Cliff.TIGER.000\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\History\History.IE5\MSHist012008050120080502\index.dat Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Temp\AVP1378.tmp Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Temp\AVP1379.tmp Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cliff.TIGER.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP60\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Hijackthis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:03 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Cliff.TIGER.000\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://142.179.159.11:7080/chat/data...ie/msichat.ocx
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/Visi.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7231 bytes
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
02-May-2008, 10:59 AM #27
Kasperky found some old infected e-mails that you need to locate and delete:

Outlook Express inbox:

[From "service@paypal.com" <service@paypal.com>][Date Wed, 01 Jun 2005 12:15:53 +0300]

Hotmail - Deleted items:

/[From Mail Administrator <Postmaster@chello.nl>][Date Sat, 11 Sep 2004 12:01:07 +0200]
/[From MAILER-DAEMON (Mail Delivery System)][Date Tue, 14 Sep 2004 19:56:02 +0000 (UCT)]
/[From resbella@tin.it][Date Mon, 20 Sep 2004 12:02:45 +0200]
/[From chusnavarro@eresmas.net][Date Tue, 21 Sep 2004 08:45:01 +0200]
/[From <jurgensmet@yahoo.com>][Date Tue, 21 Sep 2004 20:16:29 +0100]
/[From jenoecker@aol.com][Date Wed, 22 Sep 2004 23:40:11 -0400]
/[From Mail Delivery Subsystem <MAILER-DAEMON@equotoscana.org>][Date Sat, 25 Sep 2004 00:08:09 +0200]
/[From support@stb.com][Date Sat, 25 Sep 2004 00:09:03 +0200]


Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click fix checked.

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE


Are there any new errors today?
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
Goldfinger's Avatar
Member with 64 posts.
  
Join Date: Feb 2006
Experience: Beginner
02-May-2008, 01:07 PM #28
Unfortunately today things have gotten worse. I havent been able to get into windows at all today, even safe mode. I keep getting this BLUE screen:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Disable or uninstall any anti-virus, disk defragmentation or back-up utiltities. Check your hard drive configuration, and check for any updated drivers. Run CHKDSK/F to check for hard drive corruption and than restart your computer.

Technical information:

*** STOP: 0x00000024 ( 0x00190203, 0x86EEF248, 0xC0000102, 0x00000000 )

----------------------------

You think my internal Hard drive is about to crash or maybe has already? Its strange it wants me to scan disk F drive when my internal hard drive is C. I do have an external HD with the F drive letter but havent had it hooked up or powered on since problems started. Maybe the drive letters somehow got switched?

Is there a way I can get past the current blue screen and hopefully get back to windows? Than I can try and find those emails and use hijackthis to delete that one file for ya.

I wonder if some of my new error/warning messages have to do with not having any windows security updates any more. I used to have 30 plus until I lost my desktop plus other settings. Everything acts like I just bought new computer in that it wants me to install programs such as Jason's photo shop and windows media, for example, when clicking on a .jpg or .mpeg file.

Just my two cents....

Are you going to be on this weekend? I sure hope so.
Cookiegal's Avatar
Administrator with 51,861 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
02-May-2008, 04:01 PM #29
Have you tried booting to Last Known Good Configuration? That is the first thing to try.

If not, see if you can boot to safe mode or safe mode with command prompt.